← Back to Site

Legal

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how NORTH EAST OPERATOR LTD (trading as N.E.O — North East Operator) ("N.E.O", "we", "us") collects, uses and protects your personal information when you use this website or make an enquiry with us.

We are committed to handling your data with the same discretion we bring to every journey. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller: NORTH EAST OPERATOR LTD (trading as N.E.O — North East Operator)

Company Number: 17163527 (Registered in England & Wales)

Registered address: Suite Ra01, 195–197 Wood Street, London, E17 3NU

Contact: omar@rideneo.co.uk · 07599 769672

ICO Registration: N.E.O is in the process of registering with the Information Commissioner's Office as a data controller. Our ICO registration number will be published here upon confirmation. In the meantime, any data subject rights requests (see Section 8) will be responded to within 30 days.

2. What Data We Collect

Depending on how you interact with this website, we may collect the following categories of personal data:

Booking enquiries

Account registration

We do not collect payment card data. No payment is taken through this website.

3. How We Use Your Data

We use your personal data only for the purpose for which it was provided:

Booking enquiry data is used to respond to your enquiry and, once N.E.O commences trading, to confirm your journey, communicate with you before, during and after travel, and maintain operational records.

Legal basis: Contract performance (Article 6(1)(b) UK GDPR) — processing is necessary to take steps at your request prior to entering a contract and to perform that contract.

Account registration data is used to maintain your secure client account, give you access to the N.E.O members area, and to enable Omar to contact you personally when N.E.O goes live. We will not use your details for any other purpose without your consent.

Legal basis: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) — maintaining the client relationship you have requested.

4. How Your Data Is Stored and Transmitted

Account registration data (name, email, phone, journey history) is stored securely in Supabase, a cloud database platform. Data is encrypted at rest and in transit. Supabase infrastructure is hosted within the EU (EU West region). You can view Supabase's privacy and security documentation at supabase.com/privacy.

Journey enquiries submitted via WhatsApp or email are received directly into our secure inbox at omar@rideneo.co.uk and are not processed by any third-party form delivery service.

5. Third-Party Services Used on This Website

6. Data Retention

Account data is retained for the duration of your account and for up to 12 months following account deletion or the end of the client relationship, after which it is permanently deleted.

Booking and journey data is retained for no longer than 2 years from the date of the journey for operational and legal compliance purposes.

You may delete your account and all associated personal data at any time via the My Account page — no request to us required. See Section 8 for details.

7. Data Sharing and International Transfers

We do not sell, rent or share your personal data with third parties for marketing purposes.

Your account data is stored by Supabase in EU-region infrastructure. This means your data is held within the European Economic Area and is subject to GDPR-equivalent protections. No international transfer to third countries occurs in the ordinary course of your use of this website.

We will disclose personal data to law enforcement or regulatory authorities only where required by law.

8. Your Rights and Account Deletion

Under UK GDPR you have the right to:

Self-service account deletion: You can delete your account and all stored personal data directly from your My Account dashboard at any time. Your profile information (name, phone) is removed immediately. Your login credentials are fully removed within 24 hours, and Omar will confirm by WhatsApp or email once complete.

To exercise any other rights, or if you need assistance, contact us at omar@rideneo.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Cookies and Local Storage

This website does not use tracking cookies or advertising cookies. A service worker is used to cache website files for offline use and faster loading — this is a functional mechanism and does not track your behaviour or identity.

Your login session is maintained using browser local storage (a standard browser feature). This stores a secure authentication token locally on your device so you remain signed in between visits. This token contains no personal data and is cleared when you sign out or delete your account.

10. Changes to This Policy

We may update this policy from time to time. The date at the top of this page will always reflect the most recent version. Continued use of the website after any update constitutes acceptance of the revised policy.

Data Controller Contact

Omar Ahmed — N.E.O North East Operator

omar@rideneo.co.uk

07599 769672