This Policy outlines how we collect store and use information about individuals and organisations. It will be continuously assessed against new technologies, business practices and the changing needs of everyone we deal with.
We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
Our policy complies with UK law (Data Protection Act 1988) accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR 2018) and recognises two kinds of personal data that require different levels of protection:
1) Personally Identifiable Information includes, for example, e-mail addresses, billing information, employment status and ‘click stream’ data that tracks visitor activity on a Web site or online service.
2) Sensitive Data involves additional safeguards. Sensitive Data includes, by way of example: Individuals’ home telephone numbers, Bank Account, Income Tax and National Insurance numbers, interview notes, CV’s, etc.
Our ICO registration number is ZA651026.
We are committed to protecting and maintaining your privacy. As part of our normal operations we may collect your information with the direct consent of the person.
This statement is designed to tell you as much as possible about how we use and manage personal information provided to or collected by us. We believe you should be made aware of our practices so you can make informed decisions about how you allow us to use your information. It is in our best interest to ensure that Hastec Rail Ltd are up to date with the current regulations and enforcing those practices.
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.
If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
1. Information we process if we have any obligation to you
When you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
- verify your identity for security purposes
- sell products to you
- provide you with our services
- provide you with suggestions and advice on products and services.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2. What kind of personal information do we collect and how do we collect it?
We collect personal information in a variety of ways in the course of conducting our day to day business. We collect this information so you can subscribe to newsletters, request a product or service from us, complete a survey or questionnaire, seek employment, or communicate with us by email, telephone or in writing.
3. How we use Personal Information
In certain circumstances, we may use personal information for promotional or direct marketing purposes. However, we will contact you beforehand and only if you consent to this, we will directly send you information. After this you may at any time request us not to use your personal information for sending direct marketing material to you. Such a request can be made by contacting us either in writing, by e-mail or by telephone at the contact details below. There is no fee for making such a request.
In many cases where we ask you to provide us with information about yourself, if you do not provide us with that information, we will not be able to provide you with the relevant product or service.
4. Links to Third Party Websites from our Website
To the extent that our Website contain links to sites operated by third parties and not related to our products or services (“Linked Websites”), the Linked Websites are not controlled by us and we are not responsible for the privacy practices of those companies. Before disclosing your personal information to Linked Websites, we advise you to examine their privacy policies.
5. Information relating to your method of payment
Payment information is never taken by us or transferred to us either through our website or otherwise. Our employees and contractors never have access to it.
6. Disclosure of personal information
We respect the privacy of personal information and we will take reasonable steps to keep it strictly confidential.
We sometimes hire third parties to provide limited services on our behalf, including packaging, mailing and delivering items, sending postal mail, providing technical support, and other new services. We provide those companies only the information they need to deliver the service, and they are prohibited from using that information for any other purpose.
We may also disclose your personal information if required to do so by law or in the good faith belief that such action is necessary in connection with a sale, merger, transfer, exchange or other disposition (whether of assets, stock or otherwise) of all or a portion of a business of our company and/or our subsidiaries or to (i) conform to legal requirements or comply with legal process served on us or the Website; (ii) protect and defend our rights or property and the Website; (iii) enforce our agreements with you, or (iv) act in urgent circumstances to protect personal safety or the public.
Under no circumstances we will sell personal information. Hastec Rail Ltd will not transfer your data to countries outside the European Economic Area or to organisations who do not comply with the US Privacy Shield or equivalent Data Protection standards.
7. Job application and employment
If you send us information in connection with a job application, we may keep it for the period of time for which you are successfully moving through our recruitment process.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. Your personal data and employment history will be stored for a legitimate period of time as required by law under the current data protection legislation.
8. Cookies policy
We use the term “cookies” to refer to cookies and other similar technologies covered by the current legislative terminology on privacy in electronic communications.
- What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
- How do I reject and delete cookies?
- Strictly necessary cookies are required to operate our website or payment services and to protect the security of our services. They enable you to log into secure areas of our website or help us prevent and detect fraudulent transactions and other violations of our terms.
- Analytics cookies allow us to recognise and count the number of visitors and to see how visitors move around our website. Some of the tools we use provide us only with information about trends and aggregate user behaviour.
- Functionality cookies are used to recognise you when you return to our services and to personalise our content for you, for example, by remembering your preferences.
- Advertising cookies record your visit to our website, the pages you visit and the links you follow. We use this information to make the advertising we show you more relevant to your interests. We may also share information with third parties for this purpose.
- Social media cookies are placed when you use a social media sharing or “like” button on our website and keep track of the way visitors engage with and share our content. The social network will record that you have done this. This information may be linked to targeting or advertising activities.
9. Your rights as a data subject
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request.
- require the organisation to change incorrect or incomplete data.
- request the organisation to delete or stop processing your data, when the data is no longer necessary for the purposes of processing.
If you would like to exercise any of these rights, please contact Hastec Rail Ltd’s Data Protection Administrator by e-mail at: firstname.lastname@example.org
If you believe that Hastec Rail Ltd has not complied with your data protection rights, you can complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/handling/
We will take all reasonable steps to ensure that all personal information held by us is secure from any unauthorised access or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for the purposes for which we are authorised to use it.
10. Management and security of personal information
To make sure your personal information is secure, we communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the company.
11. Accessing personal information
You may request to access your personal information held by us. Such a request must be made in writing to the address below. First, we will require you to verify your identity and specify what information you require. We will grant you access to your personal information as soon as possible, subject to the circumstances of the request.
In the same way, a request may be made to delete personal information, and all reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in Hastec Rail Ltd being unable to provide you with information about certain transactions, other content, services or product information, upcoming promotion, and/or provide you with certain content, goods or services.
We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
We will retain your personal information for the period necessary to fulfil the purposes. Hastec Rail Ltd normally holds data for seven years after performance. Data held by Hastec Rail Ltd is securely destroyed at the end of the retention period.
12. Updating Personal Information
We endeavour to ensure that the personal information we hold is accurate, complete and up to date. We encourage you to contact us as soon as possible in order to update any personal information we hold about you.
Our contact details are set out below.
13. Use of site by children
We do not sell products or provide services for purchase by children, nor do we market to children.
If you are under 18, you may use our website only with consent from a parent or guardian.
14. Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
16. Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
17. Data Protection Administrator