For the purpose of the Data Protection Act 1998 (the Act), the data controller is Rail Safety & Systems Assurance of Charlotte House, Stanier Way, Derby, DE21 6BF, United Kingdom.
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site [or on other websites that we operate or from other services that we provide]. Users may be asked for, as appropriate, name, email address, mailing address, phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, however this may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include: Technical information, such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version,time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL),clickstream to, through and from our site (including date and time), products you viewed or searched for’, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Web browser cookies
Cookies are small pieces of information, stored in simple text files, placed on your computer or device by a website. Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can “remember” you on your return visit. Generally speaking, cookies do not contain personal information from which you can be identified, unless you have furnished such information to the website. Cookies do not in any way compromise the security of your computer.
Cookies we use
Session cookies – these are temporary and are deleted as soon as you close your internet browser. If you wish to restrict or block the cookies which are set by any website – including the Rail Safety & Systems Assurance website, you should do this through the browser settings for each browser you use, on each computer or device you use to access the internet. Please be aware that some of our services may not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.
You may wish to visit www.allaboutcookies.org which contains comprehensive information on how to do this on a wider variety of browsers including mobile internet browsers.
How we use collected information
We may collect and use Users personal information for the following purposes:
To improve customer service Information you provide helps us respond to your customer service requests and support needs more efficiently.
To personalise user experience We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
To improve our Site We may use feedback you provide to improve our products and services.
To process payments We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
To send periodic emails We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.
Disclosure of your information
You agree that we have the right to share your personal information with: Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you; advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience analytics and search engine providers that assist us in the improvement and optimisation of our site; credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties: In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If Rail Safety & Systems Assurance or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Our Site is in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for Users.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.