Privacy Policy
A2 TICKETS LTD (trading as “Lyria”)
A company registered in England and Wales (Company No. 16987046)
Website: https://www.lyriaa.com
Last updated: 4 April 2026
Introduction
A2 TICKETS LTD (trading as “Lyria”, and referred to as “Company”, “we”, “us”, “our”) is committed to protecting and respecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Lyria acts as a disclosed booking agent for third-party Carriers. We process personal data as a controller under the UK GDPR and the Data Protection Act 2018 in connection with operating the Platform and facilitating bookings.
We process your personal data when you interact with us on our website https://www.lyriaa.com and any future mobile applications (together, the “Platform”), use services offered by us or transportation carriers (“Carriers”) through the Platform, or otherwise engage with us. This Privacy Policy sets out the basis and terms upon which we process your personal data.
Data Controller: A2 TICKETS LTD is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data. Correspondence may be directed to the contacts in Section 14.
The data protection laws of certain countries and regions require us to provide you with additional information about our processing activities. If you reside in the European Economic Area (EEA), please also see our supplemental EEA privacy statement under Section 12(A). If you reside in the United States, please also see our supplemental U.S. privacy statement under Section 12(B).
Please read this Privacy Policy carefully. Any questions regarding this Privacy Policy may be directed to info@lyriaa.com.
Table of Contents
Collection of Personal Data
Types of Personal Data
Use of Personal Data
Sharing of Personal Data
Marketing
Data Security
International Transfer of Data
Data Retention
Cookies
Your Rights
Links to Third Party Websites
Region Specific Privacy Statements
Updates to the Privacy Policy
Contact Us
1. Collection of Personal Data
1.1 How We Collect Personal Data
We collect personal data from you directly in the following circumstances:
(a) When you visit the Platform;
(b) When you provide your details during checkout (Guest Checkout);
(c) When you search for, book, or purchase transportation tickets;
(d) When you contact our customer support;
(e) When you subscribe to our newsletters or marketing communications;
(f) When you participate in surveys or provide feedback.
1.2 Personal Data from Third Parties
We may also collect personal data about you from third parties, including:
Transportation Carriers with whom you have booked travel;
Payment Service Providers (PSPs) in connection with payment status, fraud screening, and transaction records;
Authorised B2B booking channels (for example distribution or aggregation platforms) where relevant to fulfilling your booking.
1.3 Other Individuals’ Data
If you provide us with personal data about other individuals (e.g., when you make bookings for other passengers), you must obtain all requisite consent from such individuals and ensure they are aware of, understand, and accept this Privacy Policy prior to providing their personal data to us.
1.4 Children’s Data
We do not knowingly collect personal data from children under 16 years of age. We only process personal data of minors if such data is provided by a parent or guardian, for example, when a parent books travel for their child.
2. Types of Personal Data
Depending on how you access and use the Platform, we may collect and process some or all of the following personal data:
2.1 Identification and Contact Information
Full name (as appears on travel documents)
Date of birth
Email address
Phone number
Postal address
Country of residence
Gender (where required by Carriers)
2.2 Booking and Travel Information
Passport information (number, expiry date, issuing country)
Nationality
Government-issued identification numbers
Vehicle registration and details (for ferry bookings with vehicles)
Driver’s license information
Travel dates and routes
Passenger preferences and special requirements
Previous booking history
2.3 Payment Information
Card payments are processed by our PSP; you enter card details in the PSP’s secure checkout where applicable. We do not store full payment card numbers on our servers. We may receive limited payment metadata (for example last four digits, transaction IDs, payment status, billing address as provided to the PSP, and bank/account details where required for refunds). Transaction history may be retained as described in Section 8.
2.4 Health Information (Where Necessary)
In limited circumstances, we may collect health-related information such as:
Mobility requirements or disabilities
Medical conditions relevant to travel
Special assistance needs
We will only collect such information where necessary to facilitate your travel or where required by the Carrier, and only where permitted under UK GDPR (including, where applicable, explicit consent or other lawful bases for special category data).
2.5 Communications
Correspondence between you and our customer support team
Feedback and reviews
Survey responses
2.6 Device and Technical Data
IP address
Browser type and version
Device type and operating system
Unique device identifiers
Clickstream data and page interactions
Timestamps
Cookie identifiers
Referring/exit pages
2.7 Location Data
Country/region inferred from IP address
Language preferences
Time zone
3. Use of Personal Data
We process your personal data for the following purposes:
3.1 To Provide Our Services
Processing and fulfilling your ticket bookings
Sending booking confirmations, e-tickets, and travel reminders
Managing your bookings and delivering electronic tickets
Providing customer support and responding to inquiries
Processing payments and refunds via PSPs
Communicating booking changes or cancellations
3.2 To Verify Your Identity
Verifying your identity in connection with bookings
Fraud prevention and detection
Compliance with legal requirements
3.3 For Marketing Purposes
Sending promotional offers, deals, and newsletters (with your consent)
Personalizing content and recommendations
Analyzing your preferences to improve our offerings
3.4 For Research and Improvement
Conducting surveys and collecting feedback
Improving the Platform and our services
Analyzing usage patterns and trends
Testing new features and functionalities
3.5 For Legal and Administrative Purposes
Complying with legal obligations
Processing payments and maintaining financial records
Audit and accounting purposes
Establishing, exercising, or defending legal claims
Preventing fraud, money laundering, and other unlawful activities
3.6 Legal Basis for Processing
Purpose | Legal Basis |
|---|---|
Processing bookings and providing services | Contract performance (Article 6(1)(b) UK GDPR) |
Sending booking confirmations and updates | Contract performance |
Customer support | Contract performance / Legitimate interests |
Marketing communications | Consent (where required) |
Fraud prevention | Legitimate interests / Legal obligation (where applicable) |
Legal compliance | Legal obligation |
Platform improvement and analytics | Legitimate interests |
Health-related data processing | Explicit consent or other lawful basis under UK GDPR Article 9 |
Where we rely on legitimate interests, you may object as described in Section 10.
4. Sharing of Personal Data
4.1 Transportation Carriers
We share your personal data with ferry operators, shipping companies, and other transportation providers (“Carriers”) to complete your booking and issue tickets.
4.2 Payment Service Providers (PSPs)
We use PSP(s) to process card payments securely. The PSP processes payment card data in accordance with its own terms and PCI DSS requirements. We do not store full card numbers on our servers.
4.3 B2B booking channels
We may share personal data with authorised independent B2B booking channels (commercial distribution, aggregation, or connectivity platforms) that we use from time to time to place bookings with Carriers, solely to the extent necessary to fulfill your booking.
4.4 Service Providers
We engage third-party service providers who process personal data on our behalf (processors), including web hosting, email delivery, security monitoring, and analytics. We implement appropriate contractual safeguards (including Article 28 UK GDPR processing terms) where required.
4.5 Government and Regulatory Bodies
We may disclose personal data to law enforcement or regulatory bodies when required by law.
4.6 Corporate Transactions
In the event of a merger or sale, your personal data may be transferred to the new entity, subject to applicable law.
4.7 With Your Consent
We may share your data with other third parties where you have provided explicit consent.
5. Marketing
5.1 Direct Marketing
With your consent, we may use your personal data for direct marketing purposes, including promotional emails.
5.2 Opt-Out Rights
You may withdraw your consent to marketing communications at any time by clicking the “unsubscribe” link.
5.3 Targeted Advertising
We may use advertising services provided by third parties to display relevant advertisements to you, where permitted by your consent settings and applicable law.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including SSL/TLS encryption for the Platform and secure handling of credentials. Payment card data is processed by our PSP under PCI DSS standards; we do not store full card numbers on our servers.
7. International Transfer of Data
Your personal data may be transferred to and processed outside the UK (for example where a Carrier, PSP, hosting provider, or B2B booking channel is located in a country that does not benefit from a UK adequacy decision). Transfers may include countries in Asia (such as Japan, Singapore, Indonesia, Thailand, and Malaysia) where Carriers and B2B booking channels operate.
Where we transfer personal data outside the UK, we rely on one or more of the following safeguards permitted under UK GDPR:
UK adequacy regulations — where the Secretary of State has determined the destination country provides an adequate level of data protection;
UK International Data Transfer Agreement (IDTA) / Addendum or standard contractual clauses approved by the ICO — where we have entered into appropriate contractual arrangements with the recipient;
Article 49(1)(b) UK GDPR — where the transfer is necessary for the performance of a contract between you and us (for example, transmitting your passenger details to a Carrier or B2B booking channel to fulfil your booking). We rely on this derogation only to the extent strictly necessary for booking fulfilment and only for the personal data required by the Carrier or channel to issue your ticket.
For further information about the safeguards applied to any specific transfer, contact us at info@lyriaa.com.
8. Data Retention
Data Category | Retention Period |
|---|---|
Booking and transaction records | Typically up to 7 years from the date of booking or last activity (for accounting, tax, and legal claims), unless a longer period is required by law |
Marketing preferences | Until consent is withdrawn |
Support tickets | For a reasonable period to resolve issues and defend claims |
9. Cookies
We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies (where used) will be placed in line with your consent choices and applicable law.
10. Your Rights
Under UK GDPR, you may have the right to:
Access your personal data
Rectify inaccurate data
Erase data in certain circumstances
Restrict processing in certain circumstances
Object to processing based on legitimate interests
Data portability (where applicable)
Withdraw consent for consent-based processing (where processing is based on consent)
Lodge a complaint with the ICO (Information Commissioner’s Office): https://www.ico.org.uk
To exercise rights, contact info@lyriaa.com (subject: “Data Protection Request”) or support@lyriaa.com.
11. Links to Third Party Websites
We are not responsible for the privacy practices of third-party websites linked on our Platform. Please read their policies. Carrier websites are independent of Lyria.
12. Region Specific Privacy Statements
A. European Economic Area (EEA)
EEA residents may have specific rights and protections under the EU GDPR as implemented in their member state, in addition to the rights described above. Where we process personal data of individuals in the EEA, we will comply with applicable requirements, including in respect of transfers outside the EEA using appropriate safeguards.
B. United States
Specific notices for U.S. residents regarding state-specific privacy laws may apply. For California residents, our processing of personal information is described in this Policy in line with the California Consumer Privacy Act (CCPA) as amended. You may have additional rights under applicable state law; contact us using the details in Section 14.
13. Updates to the Privacy Policy
We may update this Privacy Policy from time to time. Please check the “Last updated” date. Significant changes may be notified on the Platform or by email where appropriate.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
Legal Entity: A2 TICKETS LTD (Trading as Lyria)
Company Registration Number: 16987046
Phone: +44 20 4628 1830
Email: support@lyriaa.com / info@lyriaa.com
Website: https://www.lyriaa.com
Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Trading Address: First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW, United Kingdom
Operating Hours: Monday – Sunday: 10:00 – 19:00 (GMT)
This Privacy Policy is governed by the laws of England and Wales, without prejudice to mandatory protections that apply in your country of residence.
© 2026 A2 TICKETS LTD (trading as Lyria). All rights reserved.