The purpose of this policy is to make you aware of how we will manage your personal data, under UK law and GDPR (General Data Protection Regulation).
Who we are
The Rail Delivery Group (RDG) website is owned by the Rail Delivery Group, which brings together the companies that run Britain’s railway into a single team with one goal - to deliver a better railway for you and your community.
ATOC Ltd is the name of our legal entity and the data controller for all the personal data that you provide. ATOC Ltd.’s address is 200 Aldersgate Street, London EC1A 4HD.
The purpose of this policy is to make you aware of how we will manage your personal data.
Our lawful basis for collecting your data
We do not collect personal data that identifies you when you use the main RDG website.
If you have access to our secure Members Area, we collect and store some personal data to interact with you, and to provide your logon access.
What data we collect
Sharing information with third parties
We do not share statistical data outside of the Rail Delivery Group, neither do we sell data to a third party.
We use Google Analytics to process anonymous statistical data.
Keeping it safe
We protect your privacy by ensuring we have the appropriate security measures in place. We ensure that our suppliers process your data in an appropriate, lawful, and safe manner, and within the European Union only.
What we do with your data
We do not for the general website capture any personal data. The capturing of personal data is only necessary if you have access to the members area on the website.
Storage and retention of your data
Subject access request
You have the right to request that we give you a copy of the data we hold about you, this is a ‘Data Subject Access Request’. To process any request, we will need to verify your identity before any information can be changed, restricted, removed, or released to you.
Right to deletion
You have the right to request that we delete any data that we hold on you.
Right to restrict processing
You have the right to request that we restrict processing of your information:
- if you believe the information that we hold is incorrect, or
- if you can show that our processing is unlawful, or
- if you want us to stop processing your data but you do not want us to erase it (for example, you may wish us to hold it for legal reasons, to defend a legal claim).
Right to rectification
If your details are incorrect, incomplete or have changed, you can contact us to request that we update your information.
How to contact us
To exercise any of your rights, please either write to us at:
The Data Protection Lead,
Rail Delivery Group, 200 Aldersgate Street, London EC1A 4HD.
Or email us at: RDG Privacy.
Right to complain
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner via https://ico.org.uk/make-a-complaint/.