DigiRail (Company 12958212) a company registered in England and Wales
(“DigiRail”) with trading names including DigiRail & DigiRail Limited.
C/- Sable International 13Th Floor, One Croydon, 12-16 Addiscombe Road, Croydon CR0 0XT
Nature of business:
DigiRail is a London-based software development company focused on digital transformation technology solutions for clients.
We do not knowingly attempt to solicit or receive information from children.
We do not require, nor do we collect any sensitive personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, unique biometric data, data concerning health or sexual orientation, as defined under GDPR.
Under this Policy, unless the circumstances require otherwise, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.
As a data controller, it is our responsibility to ensure that we have the technical measures, processes and controls in place to ensure we will collect your Personal Data only with your consent, only for the purposes described, and stored only for as long as is necessary, and additionally, that your rights with respect to your Personal Data under the GDPR can be exercised and enforced.
Personal Data can be defined as data that can be used to uniquely identify you as an individual. This includes your name, surname and identification number, but also extends to location data such as machine IP addresses from which your identity can be inferred. Personal Data can only be collected with your explicit consent.
Data subject is defined as the subject of the Personal Data.
Personal Data Collection
Provided that you give us your consent to do so, we will collect your Personal Data in the following ways:
Personal Data you supply to us
This is information about you that you give us by filling in forms on our Site or ThirdParty Email Marketing platforms or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, sign up for any of our events, campaigns or surveys, subscribe to our newsletters, search for a service or product, request any additional information or report a problem with our Site.
The information you give us may include:
- Identity Data: your full name, address, e-mail address, phone number
- Location information: City, Country
- Employment Information: Job title, company or organization, company size
- Consent Data: Your consent for us to collect your personal data defined above. You have the right to withdraw consent at any time.
The information we collect about you
Data we collect automatically Provided that you give your consent to do so, we will automatically collect the following types of data based on each of your visits to our Site
- Technical Data: the Internet protocol (IP) address used to connect your computer to the Internet. This is defined as Personal Data under the GDPR.
- Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs, YouTube videos watched from site) and methods used to browse away from the page.
Our website is hosted with Rail Business Daily which has servers in the UK. Rail Business Daily is compliant with the GDPR, ensuring that when you supply Personal Data to us, your data privacy rights under the GDPR will always be protected, with your data used only with your explicit consent, and for the purposes described.
What are Cookies used for?
Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site.
Using your Personal Data
We will only use your Personal Data for the purposes it was collected, except when required or instructed by law to do differently.
We use your data mainly for the following reasons:
- To respond to your queries and to provide you with the information you request from us in relation to our products or services.
- To record your consent and preference with regards to any DigiRail communication with you
- To measure or understand the effectiveness of advertising we serve to you and, where applicable, to deliver relevant advertising to you.
- To manage our relationship with you, with regards to those products, services, training and events that we believe will be of most value to you and your organization, provided that you have given consent for us to do so.
- To participate in surveys aimed at improving our offerings to you.
For any further clarification on how we use your data, please contact us at firstname.lastname@example.org
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
Keeping your Personal Data
We will only retain your Personal Data for as long as it is deemed necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information about our data retention policies please contact us at firstname.lastname@example.org.
Disclosure of your Personal Data
We are not in the business of selling your Personal Data. We consider this information to be a vital part of our relationship with you. Therefore, we will not sell your Personal Data to third parties, including third party advertisers. There are, however, certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties without further notice to you. These include:
- Analytics and search engine providers that assist us in the improvement and optimization of our Site.
- If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or to apply our Terms of Service and other agreements.
- To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organizations for the maintenance and security of the Site and Services.
Transferring your Personal Data outside the EU
Personal Data may be transferred to our trusted partners and service providers who maintain their servers outside of the European Economic Area (“EEA”), where the privacy and data protection laws may not be as protective as those in your jurisdiction. This is only for the purposes of providing, and to the extent necessary to provide, the Services to you. There are special requirements set out under Chapter V of the GDPR (with which we would comply) to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer. For more information about this and the safeguards in place relating to the transfer, please contact us by email at email@example.com
External email marketing providers
Some of our communications may be sent to you by email using external email marketing service providers. Some of their servers may be located in countries outside of the EU so if you choose to receive marketing communications from us by email, this means that your personal data may be transferred to, stored, or processed in countries outside of the EU and you consent to the transfer, storing and processing of your personal data in this way.
We use OnePageCRM to manage all qualified sales leads and to manage our sales process. Should you express specific interest in engaging with any of DigiRail’s service or product offerings, your Personal Data will be transferred to OnePage CRM in order for us to effectively manage the sales engagement with you. OnePageCRM is a company incorporated in Ireland. You can review their commitment to the GDPR in their Privacy Notice.
Security Measures for the protection of your Personal Data
We take our security responsibilities seriously, using the most appropriate physical and technical measures and require our hosting partner to use the same standard of care. Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. For more information on our information security policies and Procedures, send an email to firstname.lastname@example.org
Your Personal Data and Your Rights
Accessing your Personal Data
You may at any time request access to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to email@example.com. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.
Right of Restriction
You may restrict us from processing your personal data in any of the following circumstances:
- You have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
- The processing of your personal data is unlawful and you request the restriction of the use of personal data instead of its erasure;
- We no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or
- Where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.
Your Right to be Forgotten (Erasure)
If we hold Personal Data concerning you, which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your Personal Data, you can request the deletion of this Personal Data.
To do so at any time, please contact us by email at firstname.lastname@example.org
This right, however, will not apply where we are required to process Personal Data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health.
Your Right to Rectification (Corrections)
If the Personal Data we hold about you is inaccurate, you may request to have your Personal Data updated and corrected. To do so at any time, please contact us by email at email@example.com
Your Right to Object
You have the right to object to the processing of your Personal Data at any time:
- For direct marketing purposes
- For profiling, to the extent it relates to direct marketing
- Where we process your Personal Data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights, and freedoms or in connection with the enforcement or defence of a legal claim.
To exercise your right to object at any time, please email firstname.lastname@example.org. Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above. For more information about our marketing practices, please see the Marketing Communications section below.
Where we process your Personal Data by automated means (that is, not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller. To request a copy of your data in machine readable format, please email email@example.com.
You have the right to withdraw your consent for us to use your Personal Data at any time, where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you should this be case at the time you withdraw your consent.
Automated decision making (including profiling)
Automated (individual) decision-making is defined as making a decision solely by automated means without any human involvement
Profiling is defined as automated processing of Personal Data to evaluate certain things about an individual. In this definition, profiling could be of an automated decision-making process
You have the right to not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, unless,
- It is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- It is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- You have given your explicit consent to do so.
Requests for your Personal Data
The rights described in this section are personal rights and are exercisable only by the data subject concerned. If we receive any such request or communication directly regarding your Personal Data from any external party, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter, unless required by law to do differently This will be described in more detail in the relevant contract between us.
We will not use your Personal Data to send marketing communications relating to products, services, training and events that may be of interest to you, unless we have your explicit consent to do so.
We make use of email marketing service providers including MailChimp, EventBrite and Pardot, to send information to you from time to time by email about products, services, training and events that may be of interest to you, as well as to invite participation in surveys aimed at improving our offering to you.
You have the right to object to the processing of your personal data for our marketing purposes. To object or opt-out, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at firstname.lastname@example.org.
You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
Third Party Material
Changes to this policy
Any changes made to this Policy from time to time will be published on the Site. Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data will be notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (for example, to withdraw consent or to object to the processing) as you see fit.
Questions or Complaints
C/- Sable International 13Th Floor, One Croydon, 12-16 Addiscombe Road, Croydon CR0 0XT
We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.
Effective Date of this Policy: 27th May 2022