Privacy Policy

A2 TICKETS LTD

A company registered in England and Wales

Website: www.lyriaa.com

Last Updated: February 3, 2026

Introduction

A2 TICKETS LTD (trading as “Lyria”, and referred to as “Company”, “we”, “us”, “our”) is committed to protecting and respecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We process your personal data when you interact with us on our website www.lyriaa.com and any future mobile applications (together, the “Platform”), use services offered by us or transportation carriers (“Carriers”) through the Platform, or otherwise engage with us. This Privacy Policy sets out the basis and terms upon which we process your personal data.

Data Controller: A2 TICKETS LTD is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

The data protection laws of certain countries and regions require us to provide you with additional information about our processing activities. If you reside in the European Economic Area (EEA), please also see our supplemental EEA privacy statement under Section 12(A). If you reside in the United States, please also see our supplemental U.S. privacy statement under Section 12(B).

Please read this Privacy Policy carefully. Any questions regarding this Privacy Policy may be directed to info@lyriaa.com.

Collection of Personal Data
Types of Personal Data
Use of Personal Data
Sharing of Personal Data
Marketing
Data Security
International Transfer of Data
Data Retention
Cookies
Your Rights
Links to Third Party Websites
Region Specific Privacy Statements
Updates to the Privacy Policy
Contact Us

1. Collection of Personal Data

1.1 How We Collect Personal Data

We collect personal data from you directly in the following circumstances:

(a) When you visit the Platform;
(b) When you create an account on the Platform;
(c) When you search for, book, or purchase transportation tickets;
(d) When you contact our customer support;
(e) When you subscribe to our newsletters or marketing communications;
(f) When you participate in surveys or provide feedback.

1.2 Personal Data from Third Parties

We may also collect personal data about you from third parties, including:

Transportation Carriers with whom you have booked travel;
Payment service providers.

1.3 Other Individuals’ Data

If you provide us with personal data about other individuals (e.g., when you make bookings for other passengers), you must obtain all requisite consent from such individuals and ensure they are aware of, understand, and accept this Privacy Policy prior to providing their personal data to us.

1.4 Children’s Data

We do not knowingly collect personal data from children under 16 years of age. We only process personal data of minors if such data is provided by a parent or guardian, for example, when a parent books travel for their child.

2. Types of Personal Data

Depending on how you access and use the Platform, we may collect and process some or all of the following personal data:

2.1 Identification and Contact Information

Full name (as appears on travel documents)
Date of birth
Email address
Phone number
Postal address
Country of residence
Gender (where required by Carriers)

2.2 Booking and Travel Information

Passport information (number, expiry date, issuing country)
Nationality
Government-issued identification numbers
Vehicle registration and details (for ferry bookings with vehicles)
Driver’s license information
Travel dates and routes
Passenger preferences and special requirements
Previous booking history

2.3 Payment Information

Credit/debit card details
Billing address
Bank account information (for refunds)
Transaction history

2.4 Health Information (Where Necessary)

In limited circumstances, we may collect health-related information such as:

Mobility requirements or disabilities
Medical conditions relevant to travel
Special assistance needs

We will only collect such information where necessary to facilitate your travel or where required by the Carrier.

2.5 Communications

Correspondence between you and our customer support team
Feedback and reviews
Survey responses

2.6 Device and Technical Data

IP address
Browser type and version
Device type and operating system
Unique device identifiers
Clickstream data and page interactions
Timestamps
Cookie identifiers
Referring/exit pages

2.7 Location Data

Country/region inferred from IP address
Language preferences
Time zone

3. Use of Personal Data

We process your personal data for the following purposes:

3.1 To Provide Our Services

Processing and fulfilling your ticket bookings
Sending booking confirmations, e-tickets, and travel reminders
Managing your user account
Providing customer support and responding to inquiries
Processing payments and refunds
Communicating booking changes or cancellations

3.2 To Verify Your Identity

Verifying your identity in connection with bookings
Fraud prevention and detection
Compliance with legal requirements

3.3 For Marketing Purposes

Sending promotional offers, deals, and newsletters (with your consent)
Personalizing content and recommendations
Analyzing your preferences to improve our offerings

3.4 For Research and Improvement

Conducting surveys and collecting feedback
Improving the Platform and our services
Analyzing usage patterns and trends
Testing new features and functionalities

3.5 For Legal and Administrative Purposes

Complying with legal obligations
Processing payments and maintaining financial records
Audit and accounting purposes
Establishing, exercising, or defending legal claims
Preventing fraud, money laundering, and other unlawful activities

3.6 Legal Basis for Processing

Under UK GDPR and EU GDPR, we process your personal data based on the following legal grounds:

Purpose	Legal Basis
Processing bookings and providing services	Contract performance
Sending booking confirmations and updates	Contract performance
Customer support	Contract performance / Legitimate interest
Marketing communications	Consent
Fraud prevention	Legitimate interest
Legal compliance	Legal obligation
Platform improvement and analytics	Legitimate interest
Health-related data processing	Explicit consent

4. Sharing of Personal Data

We share your personal data with third parties in the following circumstances:

4.1 Transportation Carriers

We share your personal data with ferry operators, shipping companies, and other transportation providers (“Carriers”) to:

Complete your booking and issue tickets
Facilitate check-in and boarding
Comply with Carrier requirements and regulations
Enable special assistance arrangements

4.2 Payment Processors

We use Paddle.com as our authorized Merchant of Record and payment processor. When you make a purchase on our Platform, your payment information is collected and processed directly by Paddle. Paddle is responsible for the security of your payment data and maintains full PCI-DSS compliance.

We do not store your full credit card details on our servers. Paddle shares certain transaction-related information with us (such as your name, billing address, and transaction ID) to allow us to confirm your booking and provide customer support. You can find more information about how Paddle handles your data in the Paddle Privacy Policy.

4.3 Service Providers

We engage third-party service providers who process personal data on our behalf, including:

Web hosting providers
Cloud storage providers
Email service providers
Customer support platforms
Analytics providers
Marketing and advertising partners

4.4 Government and Regulatory Bodies

We may disclose personal data to:

Law enforcement agencies
Customs and immigration authorities
Port authorities
Regulatory bodies
Courts and legal advisors

when required by law or to protect our legal rights.

4.5 Corporate Transactions

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity as part of the business transaction.

4.6 With Your Consent

We may share your personal data with other third parties where you have provided your explicit consent.

We do not sell your personal data for monetary consideration.

5. Marketing

5.1 Direct Marketing

With your consent, we may use your personal data for direct marketing purposes, including:

Promotional emails about new routes and destinations
Special offers and discounts
Travel tips and updates
Newsletter communications

5.2 Opt-Out Rights

You may withdraw your consent to marketing communications at any time by:

Clicking the “unsubscribe” link in any marketing email
Updating your preferences in your account settings
Contacting us at info@lyriaa.com

5.3 Targeted Advertising

We may use advertising services provided by third parties (such as Google, Meta) to display relevant advertisements to you on other websites and platforms. You can manage your advertising preferences through:

Your browser cookie settings
Our cookie consent tool on the Platform
Platform-specific ad preference settings (e.g., Google Ad Settings)

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

SSL/TLS encryption for data in transit
Encryption of sensitive data at rest
Secure payment processing (PCI-DSS compliant)
Access controls and authentication
Regular security assessments and testing
Employee training on data protection

6.2 Your Responsibilities

You are responsible for:

Keeping your account credentials confidential
Using strong, unique passwords
Notifying us immediately of any unauthorized access
Logging out from shared devices

6.3 Data Breach Response

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

7. International Transfer of Data

7.1 Transfers Outside the UK and EEA

Your personal data may be transferred to, stored, and processed outside of the United Kingdom and European Economic Area, including countries that may not provide an equivalent level of data protection.

7.2 Safeguards

When transferring personal data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner’s Office
UK International Data Transfer Agreement (IDTA) where applicable
Adequacy decisions where the destination country has been deemed to provide adequate protection
Binding Corporate Rules where applicable

7.3 Carrier Transfers

Transportation Carriers may transfer your personal data to countries where they operate. Such transfers are necessary to perform the contract for your transportation services.

8. Data Retention

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Category	Retention Period
Booking and transaction records	7 years from booking date (for legal/tax purposes)
Account information	Duration of account plus 3 years
Marketing preferences	Until consent is withdrawn
Customer support communications	3 years from resolution
Website analytics data	26 months
Cookie data	As specified in our Cookie Policy

8.2 Deletion

When personal data is no longer required, we will securely delete or anonymize it. You may also request deletion of your personal data (see Section 10).

9. Cookies

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit the Platform. We use cookies and similar technologies to:

Ensure the Platform functions correctly
Remember your preferences
Analyze how you use the Platform
Deliver relevant advertisements

9.2 Types of Cookies We Use

Cookie Type	Purpose
Strictly Necessary	Essential for Platform functionality; cannot be disabled
Performance/Analytics	Help us understand how visitors interact with the Platform
Functional	Remember your preferences and settings
Marketing/Advertising	Deliver relevant advertisements and track campaign effectiveness

9.3 Managing Cookies

You can manage your cookie preferences through:

Our cookie consent banner when you first visit the Platform
Your browser settings
Third-party opt-out tools

Please note that disabling certain cookies may affect Platform functionality.

9.4 Third-Party Cookies

Third parties such as Google Analytics, payment providers, and advertising partners may also place cookies on your device. Please refer to their respective privacy policies for more information.

10. Your Rights

Under applicable data protection laws, you have the following rights regarding your personal data:

10.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (“Right to be Forgotten”)

In certain circumstances, you have the right to request deletion of your personal data, including where:

The data is no longer necessary for the purposes for which it was collected
You withdraw consent (where processing is based on consent)
You object to processing and there are no overriding legitimate grounds

10.4 Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

10.6 Right to Object

You have the right to object to:

Processing based on legitimate interests
Direct marketing (including profiling for marketing purposes)

10.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you, except where necessary for contract performance or based on your explicit consent.

10.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@lyriaa.com
Subject line: “Data Subject Rights Request”

We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, and we will inform you of any extension.

We do not charge a fee for processing your request unless it is manifestly unfounded or excessive.

10.10 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

For UK residents:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113

For EEA residents:
The data protection authority in your country of residence.

11. Links to Third Party Websites

The Platform may contain links to third-party websites, including Carrier websites, payment provider portals, and partner sites. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

12. Region Specific Privacy Statements

A. European Economic Area (EEA)

This section applies if you are based in the European Economic Area during your interaction with us.

Special Categories of Personal Data

We collect special categories of personal data (such as health-related information) only where necessary and with your explicit consent in accordance with the GDPR.

Data Controller

For EEA residents, A2 TICKETS LTD is the data controller responsible for your personal data.

Legal Bases for Processing

Please see Section 3.6 for details on the legal bases for our processing activities.

Transfers Outside the EEA

Your personal data may be transferred outside the EEA. We ensure appropriate safeguards are in place as described in Section 7.

Your Rights

EEA residents have the same rights as set out in Section 10 of this Privacy Policy. For any questions about exercising your rights, please contact us at info@lyriaa.com.

Lodging a Complaint

You may lodge a complaint with your local data protection authority or the UK Information Commissioner’s Office.

B. United States

This section applies if you reside in the United States during your interaction with us.

Notice for U.S. Residents

Please refer to:

Sections 1 and 2 for categories of personal data we collect
Section 3 for purposes of processing
Section 4 for categories of third parties with whom we share personal data

State Privacy Rights

Depending on your state of residence, you may have additional privacy rights under state laws such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state laws.

These rights may include:

Right to Know: Request information about the personal data we collect and how we use it
Right to Delete: Request deletion of your personal data
Right to Correct: Request correction of inaccurate personal data
Right to Opt-Out: Opt out of the sale or sharing of personal data for targeted advertising
Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

California Residents (CCPA Notice)

Categories of Personal Information Collected:

Category	Collected	Source
Identifiers (name, email, phone, IP address)	Yes	Directly from you
Customer records (payment info, address)	Yes	Directly from you
Commercial information (booking history)	Yes	From your transactions
Internet activity (browsing, clicks)	Yes	Automatically collected
Geolocation data (country/region)	Yes	From your device
Inferences (preferences, trends)	Yes	Derived from other data

Sale and Sharing of Personal Information:

We do not “sell” personal information for monetary consideration. However, we may share certain information (such as identifiers and internet activity) with advertising partners for targeted advertising purposes, which may constitute “sharing” under the CCPA.

To opt out of such sharing, please contact us at info@lyriaa.com or use the cookie preference settings on our Platform.

Sensitive Personal Information:

We may collect sensitive personal information such as passport numbers for the purpose of completing your travel bookings. We use this information only for purposes necessary to provide our services and do not use it for any other purpose.

How to Exercise Your Rights:

To submit a request, please email info@lyriaa.com. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

13. Updates to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the “Last Updated” date at the top of this Policy
Post a notice on the Platform
Where appropriate, notify you by email

We encourage you to review this Privacy Policy periodically.

The English language version of this Privacy Policy is the authoritative version. Any translations are provided for convenience only.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Company registered in England and Wales

Brand Name: Lyria
Legal Entity: A2 TICKETS LTD
Company Registration Number: 16987046

Email: support@lyriaa.com

Website: www.lyriaa.com

Registered Address: 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, UNITED KINGDOM

Trading Address: First Floor Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UNITED KINGDOM

For data protection inquiries, please include “Privacy” or “Data Protection” in the subject line of your email.