Privacy Policy
This privacy policy sets out how Edinburgh Rail Limited (E-Rail) handles, stores, uses and shares your personal information.
When E-Rail processes your personal data, it is acting as a ‘data controller’.
What information we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use and store different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes (first name, last name, username or similar identifier, marital status, title, date of birth and gender)
- Contact Data includes (billing address, other office address, personal residence address, email and telephone numbers)
- Financial Data includes (bank account and payment card details)
- Transaction Data includes (details about payments to and from you and other details of products and services you have purchased from us).
- Usage Data includes information about you when you browse pages or access resources on this site. We also collect anonymous usage statistics when anyone accesses our website. This data is held by Google or other third parties. We do not have access to any personally identifiable information
If you open emails from us or click on links in those emails we may record this.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We do not sell personal information to anyone and only share it with third parties who are delivering our services.
What we use your information for
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where we are contracted by a third party to perform a contract, we are about to enter into or have entered into with a third party.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- To respond more effectively if you contact us.
Generally, we do not rely on consent as a legal basis for processing your personal data where it is in connection with our legitimate business interests.
How we protect your information
We implement a variety of security measures to maintain the safety of your personal information when you enter into a contract with us, enter, submit, or access your personal information.
Our website is hosted with a reputable, UK-based provider, who has invested significantly to keep everyone’s data safe and secure. We actively maintain our website systems to protect against security risks.
We use a reputable UK based company to actively manage our information technology systems, including robust antivirus and Mimecast filters.
How long will we hold your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual obligation, legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
OR
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data. Contact us for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
What are cookies and how do we use them
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.
How we share your personal information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
Changes to our Privacy Policy
We keep our privacy policy under regular review and we will place any updates on this web page.
Access to your information and correction
You have the following rights to your personal information:
- right to request access to your personal information and information relating to our use and processing of your personal information
- right to request that we restrict our use of your personal information
- right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller
- right to object to the processing of your personal information for certain purposes such as direct marketing and profiling
- right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected
- right to withdraw your consent to the use of your personal information where the processing of your data is based on consent
You can make these requests or withdraw your consent by sending an email or writing to us at the below address.
We may make a small charge for this service. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
How to contact us
If you have any questions about our privacy policy or information we hold about you please contact us by email or by post: Edinburgh Rail Limited, Dentons, 1 George Square, Glasgow G2 1AL, United Kingdom