Happy family group boarding a Kytrix Travel minibus for a day trip from the Isle of Wight
Privacy policy

How we look after your data.

What information we collect, how we use it, and how you can control your privacy.

Isle of Wight basedFerry timings built inSmall groups

Privacy Policy

We're a small, UK-based operator in pre-launch. We only collect the information we actually need to build Kytrix Travel, stay in touch with you and run the business safely.

Last updated: 8 December 2025
Full Text

1. Who we are and how to contact us

This website is operated by Kytrix Travel Limited (company number 16778869), a company registered in England and Wales.

Registered office:Building 41, Newport Road
Cowes, Isle of Wight, PO31 8BX
United Kingdom

For the purposes of the UK General Data Protection Regulation (UK GDPR) and related laws, Kytrix Travel Limited is the data controller for the personal data described in this notice.

You can contact us about privacy or data issues via our contact page or by writing to our registered office marked "Data Protection".

2. What this policy covers

This policy explains how we handle personal data when you:

  • browse or use our website;
  • join the Insider Circle waitlist or other early lists;
  • vote on routes or complete surveys and forms;
  • contact us with questions or feedback; or
  • interact with us on social media where we direct you back to this site.

This notice doesn't yet cover full booking data at scale, because we're in pre-launch. When regular day trips, transfers and private hire go live, we expect to publish additional detail about booking-related data and payment information.

3. The personal data we collect

The information we collect depends on how you use the site and interact with us. It may include:

Information you give us directly

  • Contact details – your name, email address, and (optionally) phone number or organisation name.
  • Form responses – information you provide when joining the Insider Circle, voting on routes, making an enquiry or giving feedback (for example, typical travel patterns, postcodes, interests in certain trips).
  • Message content – anything you choose to write in free-text boxes, emails or messages.
  • Consent information – whether you chose to receive marketing emails, when and how you gave that consent, and which policy version applied at the time.

Information we collect automatically

Like most websites, we may collect some limited technical and usage information when you browse the site, such as:

  • IP address and general location (at city/region level, where available);
  • device and browser type;
  • pages viewed, buttons clicked, time spent on pages; and
  • referral information (for example, if you arrived from a social link or email).

We use this to understand how people use the site and to keep things secure. Where we use cookies or similar technologies that are not strictly necessary, we'll ask for your consent – see our Cookie & Tracking Policy once available.

Information from third parties

We may receive limited information about you from other sources, for example:

  • if you click through from an email or social media post (for example, campaign tags or referral codes);
  • if someone gives us your details when enquiring on behalf of a group or family; or
  • basic details from suppliers we use to manage emails, surveys or booking tools.

4. How and why we use your personal data

We will only use your personal data where we have a legal basis to do so under UK GDPR. The main uses are:

a) To run the website and respond to you

We use your data to:

  • operate, maintain and improve the website and its security;
  • respond to questions, enquiries and feedback you send us;
  • manage early-access features such as the Insider Circle waitlist; and
  • understand what kinds of trips and routes people are interested in.

Legal basis: our legitimate interests in running and improving our business, and in some cases where you ask us to do something (for example, respond to a contact form) – steps taken at your request before entering into a contract.

b) To send you updates and marketing (with consent)

If you tick the relevant box when joining the Insider Circle or completing another form, we'll use your contact details to:

  • send email updates about our progress towards launch, new routes and offers;
  • invite you to vote on trips or features; and
  • occasionally ask for feedback or research input.

Legal basis: your consent to receive marketing by email. We keep a record of when and how you gave consent, along with the policy/version in force (currently 2025-09-18) and allow you to withdraw at any time.

c) To comply with legal and regulatory obligations

As we move towards operating licensed passenger services, we may need to process and retain some data to:

  • demonstrate compliance with DVSA/Traffic Commissioner;
  • respond to lawful requests from regulators or law enforcement; and
  • keep appropriate business and tax records.

Legal basis: compliance with legal obligations and our legitimate interests in operating a regulated transport business.

5. Marketing choices and your PECR rights

If you're in the UK, the Privacy and Electronic Communications Regulations (PECR) sit alongside UK GDPR and govern marketing by email and SMS.

Our approach is straightforward:

  • email marketing is opt-in only – boxes are left unticked by default;
  • we only send marketing emails where you've actively consented, or where the law allows a “soft opt-in” following a sale (which doesn't apply yet while we're pre-launch); and
  • every marketing email will include a clear unsubscribe option.

You can withdraw consent at any time by using the unsubscribe link in emails or by contacting us via the contact page. This won't affect the lawfulness of any use of your data up to that point.

6. Children and young people

Our website is not designed for children, but young people may be part of groups we ultimately carry. For digital services, the UK's minimum age to give consent directly is 13.

Where we rely on consent (for example, for marketing emails), our forms ask you to confirm you are 13 or over. If we learn that we have collected personal data from someone under 13 without suitable consent, we'll delete it where reasonably possible.

7. Who we share your data with

We do not sell your data. We may share it with:

  • Service providers who help us run the website, forms, waitlists, analytics and emails (for example, email delivery, web hosting, form processing and security providers);
  • Professional advisers such as accountants, legal advisers or consultants, where reasonably necessary;
  • Regulators or law enforcement if we're required to by law, or to protect our rights or those of others; and
  • another organisation in the event of business restructuring, merger or sale, in which case we'll take steps to ensure your data is handled safely.

Where we use third-party processors, we aim to ensure they only process your data on our instructions, keep it secure and comply with UK data protection law.

8. International transfers

Some of our service providers may be based outside the UK, including in countries which do not have the same level of data protection as the UK.

Where we transfer personal data outside the UK, we will:

  • use providers in countries covered by a UK adequacy decision; or
  • put in place appropriate safeguards, such as standard contractual clauses, approved for use in the UK.

9. How long we keep your data

We keep personal data only for as long as we reasonably need it for the purposes set out in this policy, including to meet legal, accounting or reporting requirements.

Broadly speaking:

  • contact and waitlist data is kept while the relationship is active and for a reasonable period afterwards, or until you unsubscribe or ask us to delete it;
  • consent logs and minimal audit records may be kept longer so we can demonstrate compliance with UK GDPR and PECR; and
  • technical logs may be kept for shorter periods to help us maintain security and performance.

If you exercise your right to erasure, we will usually remove or anonymise your data, but may retain limited information (for example, a record that you unsubscribed) so we can honour your request going forward.

10. Your rights under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

  • Access – to ask for a copy of the personal data we hold about you.
  • Rectification – to have inaccurate or incomplete data corrected.
  • Erasure – in some circumstances, to ask us to delete your data.
  • Restriction – to ask us to limit how we use your data in certain situations.
  • Objection – to object to certain types of processing, including direct marketing.
  • Data portability – in some cases, to receive your data in a structured, commonly used format and to have it transferred to another organisation.
  • Withdraw consent – where we rely on consent (for example, for marketing), you can withdraw it at any time.

You can make a request using the details in the Who we are and how to contact us section, or by visiting Manage Your Data once that page is live.

Your right to complain

If you're unhappy with how we use your data, we'd always prefer you talk to us first so we can try to put things right. You also have the right to complain to the UK data protection regulator:

Information Commissioner's Office (ICO)www.ico.org.uk

11. Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • using HTTPS and modern security practices on the site;
  • limiting access to systems and data to people who need it;
  • using reputable third-party providers for infrastructure, email and analytics; and
  • keeping software updated and monitoring for unusual activity where practical.

No system can be completely secure. If we become aware of a serious incident affecting your data, we'll follow legal requirements for notification and take steps to reduce harm.

12. Cookies and tracking technologies

Cookies are small text files stored on your device. We use them and similar technologies to:

  • keep the site functioning securely and reliably;
  • remember some of your choices; and
  • understand how people use the site so we can improve it.

Some cookies are essential for the site to work. Others (for example, analytics) are optional and we'll ask for your consent before using them where required by law.

For more detail, see our Cookie & Tracking Policy once available.

13. Links to other websites

Our website may link to other websites (for example ferry operators, attractions or partners). Those sites have their own privacy policies and we're not responsible for how they handle your data.

We recommend you read the privacy information on each site you visit.

14. Changes to this policy

We may update this privacy policy from time to time, for example if our services change or the law is updated. When we do, we'll update the Last updated date at the top.

If changes are significant and you're on the Insider Circle or have an active relationship with us, we may also let you know by email or a notice on the website.

15. Questions or concerns

If you have any questions about this policy, how we use your data, or would like to exercise any of your rights, please contact us via the contact page or by post to our registered office.

We aim to respond in a reasonable timeframe and in plain English – we're building Kytrix to feel human, and that includes how we handle your data.