Skip to main content

Privacy notice

The purpose of this policy is to make you aware of how we will manage your personal data, under UK law and GDPR (General Data Protection Regulation).

Who we are

The Rail Delivery Group (RDG) website is owned by the Rail Delivery Group, which brings together the companies that run Britain’s railway into a single team with one goal - to deliver a better railway for you and your community.

ATOC Ltd is the name of our legal entity and the data controller for all the personal data that you provide. ATOC Ltd.’s address is 200 Aldersgate Street, London EC1A 4HD.

The purpose of this policy is to make you aware of how we will manage your personal data.

Our lawful basis for collecting your data

We do not collect personal data that identifies you when you use the main RDG website.

If you have access to our secure Members Area, we collect and store some personal data to interact with you, and to provide your logon access.

What data we collect

We collect general website usage data through cookies, to monitor the number of users over time and, collectively, how they interact with the web content. Please review the cookie policy for more details.

Sharing information with third parties

We do not share statistical data outside of the Rail Delivery Group, neither do we sell data to a third party.

We use Google Analytics to process anonymous statistical data.

Keeping it safe

We protect your privacy by ensuring we have the appropriate security measures in place. We ensure that our suppliers process your data in an appropriate, lawful, and safe manner, and within the European Union only.

What we do with your data

We do not for the general website capture any personal data. The capturing of Personal data is only necessary if have access to the members area on the website.

Storage and retention of your data

The general website only collects statistical information for analysis. Our cookie policy explains the types of cookie we collect and their retention. For more information about cookies, please visit Your Online Choices at

Subject access request

You have the right to request that we give you a copy of the data we hold about you, this is a ‘Data Subject Access Request’. To process any request, we will need to verify your identity before any information can be changed, restricted, removed, or released to you.

Right to deletion

You have the right to request that we delete any data that we hold on you.

Right to restrict processing

You have the right to request that we restrict processing of your information:

  • if you believe the information that we hold is incorrect, or
  • if you can show that our processing is unlawful, or
  • if you want us to stop processing your data but you do not want us to erase it (for example, you may wish us to hold it for legal reasons, to defend a legal claim).

Right to rectification

If your details are incorrect, incomplete or have changed, you can contact us to request that we update your information.

How to contact us

To exercise any of your rights, please either write to us at:

The Data Protection Lead,
Rail Delivery Group, 200 Aldersgate Street, London EC1A 4HD.

Or email us at: RDG Privacy.

Right to complain

You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner via