The purpose of this policy is to make you aware of how we will manage your personal data, under UK law and GDPR (General Data Protection Regulation).
Who we are
The Rail Delivery Group (RDG) website is owned by the Rail Delivery Group, which brings together the companies that run Britain’s railway into a single team with one goal - to deliver a better railway for you and your community.
ATOC Ltd is the name of our legal entity and the data controller for all the personal data that you provide. ATOC Ltd's address is 200 Aldersgate Street, London EC1A 4HD.
Our lawful basis for collecting your data
We do not collect personal data from you that identifies you when you use the RDG website.
If you have been given access to our secure Members Area, we need to collect and store your data for us to interact with you
We collect general website usage data through cookies (see below), to monitor the number of users over time and, collectively, how they interact with the web content.
We will treat your data in an appropriate and lawful manner, in accordance with data protection laws.
What data we collect
We capture aggregated and anonymous statistical data through cookies. Cookies collect information about your activity on the site, that is processed to allow anonymised statistical analysis.
The data types collected include: language; location (to city level); new vs returning visitor; time spent on the site; browser, operating system and network used; model of the device used to access the website; how you arrived on the website; your journey through our site; pages viewed and documents downloaded.
If you have access to our secure Members Area, we collect: your name; email address.
Sharing information with other data processors
Any information about your activity on the RDG website will only be used within Rail Delivery Group. It will also be processed by our suppliers, WebxSolution who host our website. We do not share statistical data for its own purpose, nor for the purpose of selling it to a third party.
The website usage data collected through cookies is processed by Google Analytics. No personal data is forwarded to Google.
Keeping it safe
We protect your privacy by ensuring we have the appropriate security measures in place. We ensure that our suppliers process your data in an appropriate, lawful and safe manner, and within the EU only.
What we do with your data
The data we have collected to maintain your access to the secure Members Area will be kept securely whilst your email remains correct. This will allow us to inform you about any changes to the service.
If you have not logged into your account for two years, we will delete your account and any associated information.
Subject access request
You have the right to request that we give you a copy of the data we hold about you. This is called a ‘Subject Access Request’.
Right to deletion
Right to restrict processing
You have the right to request that we restrict processing of your information:
- if you believe the information that we hold is incorrect, or
- if you can show that our processing is unlawful, or
- if you want us to stop processing your data but you do not want us to erase it (for example, you may wish us to hold it for legal reasons, to defend a legal claim).
Right to rectification
Right to complain
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner. Find out more at https://ico.org.uk/concerns/handling/
Privacy statements for our specific services
We have a number of other customer-facing websites that have their own privacy statements, relating to the services provided. Please use the links below to read them:
If you wish, you can usually block cookies using the settings in your web browser.
For more information about cookies, please visit Your Online Choices at http://www.youronlinechoices.com/uk/