Rome2rio and the GDPR

Published May 24, 2018

Today, the European Union’s new General Data Protection Regulation (GDPR) comes into effect. We’ve been asked by some of you whether we are compliant. The good news is, yes we are. However, we’ve had to make a few changes to get there. In this blog post, I will describe these changes. If you want further details, please refer to our easy-to-read Privacy Policy.


If you are just browsing our site (for example, reading our travel guides or searching for information on how to get somewhere) then you’ll be happy to know that we don’t store or process your personal information. We store your full IP address for a short period in order to detect abusive behaviour (for example, to detect somebody trying to hack into our servers). After this short period, we mask your IP address making it impossible to link back to you. All further processing (for example, to detect what features you like and use on the site) is done anonymously. We can detect general patterns, but we cannot attribute any specific actions to you.

We store a User ID (UID) cookie in your browser to detect if you are a return user. There is no personal information linked to your UID cookie. We also don’t share this cookie with anyone else. If you want to be forgotten, simply clear the cookies in your browser.

Booking tickets

We obviously need to store and process your personal information if you purchase a ticket on our site. We need to be able to contact you if there are any changes to your itinerary. We also send reminder emails before you travel and may even follow up with a post-travel questionnaire to ask you how it all went. Adding to this list, we also share your personal details with our booking partner (for example, the train operator) otherwise they wouldn’t be expecting you! Finally, we share your details with third party fraud detection and payment services. When buying a ticket on Rome2rio, we ensure there is unambiguous consent from you for all these steps.

User accounts

When creating a user account, you are given the option to subscribe to marketing materials from us. This has always been an opt-in process. You can unsubscribe any time by simply clicking a link at the bottom of the marketing email or by contacting us.

Affiliate links

We have affiliate relationships with partners that pay us commission if you book something on their site. For example, if you click on a link that goes to a hotel booking site, and you end up booking a hotel, we may earn some commission. In order for this to work, we send some tracking information to our partner (as part of the link). This tracking information does not contain anything personally identifiable. For example, the UID is never shared. Our partners provide us with a monthly report that shows aggregated information only (for example, how many people booked a hotel and the total value of these bookings). [1]


We show advertising on Rome2rio. There are two kinds of ads, contextual and personalised. Contextual ads show you products or sites you might be interested in based on what you are searching for on Rome2rio. These ads have no idea who you are, and have no access to your personal information. Personalised ads use your IP address and browser cookies to show you ads that are tailored to you. Rome2rio shows both of these ads. However, in order to display the personalised ads, we now need to get your consent.

We are committed to showing you the most relevant information to help plan your trip. We are not in the business of showing bad advertising to maximise our revenue.

Your rights

Under the GDPR, you have the right to be forgotten. This means you can ask us to delete all records related to you. If you have ever booked a ticket on Rome2rio, this will erase your purchase history. If you have created a user account with us, then this will delete your account and all associated information. If you have never booked a ticket with us, then we have no personal information. Clearing your browser cookie will clear the UID and you will show up as a new user on Rome2rio.

You also have the right to request an electronic copy of all your information we have on file. If you have only browsed our site, we have no information about you. If you have booked a ticket, we store only your purchase history (and associated tickets). If you have an account, we hold only the searches that you have saved on our site or in the Rome2rio app. As previously outlined, if you have subscribed to our newsletter, you can unsubscribe at any time by clicking on the link at the bottom of the email.


We think that the GDPR is a positive step for the internet. Even though it technically only impacts citizens of the European Union, we have decided to extend these rights to all our users – your privacy is important to us regardless of where you are from.

If you have any questions, concerns or want to exercise your rights, please don’t hesitate to contact us.


[1] Correction: Some of our partners send us anonymous individual booking records. There is no way to associate each booking with a specific user.

Written by
Co-founder & Chief Architect
Rome2rio, based in Melbourne, Australia, is organising the world’s transport information. We offer a multi-modal, door-to-door travel search engine that returns itineraries for air, train, coach, ferry, mass transit and driving options to and from any location. Discover the possibilities at