This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your sensitive information and how we will deal with it. For the purposes of the Data Protection Act 2018 (‘the DPA’) and the EU General Data Protection Regulation (‘the GDPR’), sensitive information includes what is defined as your ‘personal data’.
By visiting https://www.raildiary.com (the ‘Website’) or https://app.raildiary.com (the ‘Platform’); collectively known as ‘our Platform’, you accept and consent to the practices described in this Privacy Notice including the processing of your personal data under this lawful basis.
In this Privacy Notice, we seek to abide by the letter and spirit of the guidelines laid out by the UK Information Commissioner’s Office on its webpage on the ‘Right to be Informed’.
Who We Are
More formally, Raildiary is Rail Diary Ltd. We are a company registered in England and Wales with Company number 10215108. Our registered office is at 53 King Street, Manchester, UK, M2 4LQ.
We are registered with the Information Commissioners Office under registration number ZA555233 and you can view more details about our registration by following the link to the ICO website here.
For the purposes of the DPA and in-line with the GDPR, Rail Diary Ltd is the Data Controller.
If you have any concerns about the way we use your information or any questions about this Privacy Notice, please let us know. We can be contacted via email at support[at]raildiary.com.
What We Do With Your Information
We will use your information to:
Deliver our newsletters to you and to send you information about the services that we offer, and other industry-related topics
Allow you use our Platform, should you subscribe to our services.
Provide our platform-related training and support services to you; and
Send you information and updates about Raildiary and how our Platform changes.
We compile statistics about user trends on our Website and our Platform, which are used by third-party organisations to understand how users interact with businesses, brands and one another online and to advise about these things. These statistics are drawn from a dataset which does not contain any information from which you can be identified.
Information We Collect From You
We will collect and process the following information about you:
Information you give us – this is information about you that you give us by filling in forms on our Website, one of our partner websites, customer feedback forms or by corresponding with us by phone, email or otherwise. We only request from you the minimum data required for you to use our service.
The only information we require from you to sign up to our mailing list is your email address, but you may also want to provide us with your first and last names should you wish.
We may also interact with you using our Social Media account’s which we manage through Hubspot. You can find out more about Hubspot or how we interact with Facebook, Twitter, Instagram and LinkedIn by clicking the hyperlinks in the names.
Information we collect about you - Whenever you visit our Website or our Platform we will automatically collect the following information:
Technical information – including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, operating system and platform;
Information about your visit – this includes the full Uniform Resource Locators (URL), clickstream to, through and from our Platform’s pages you have visited, page response times, download errors, length of visits to a certain page and page interaction information (such as scrolling, clicks, and mouse events).
Information we receive from other sources – This is the information we receive about you if you use any of the other websites we use or have mutual associations with. In this case, we will inform you when we collect data if we intend to share that data internally and/or combine it with data collected within our Platform. We will also tell you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
Where We Store And What We Do With Your Information
The information and content held on our Platform is deployed from London, United Kingdom. All information that could identify individuals within the UK and European Union is processed within the UK. We will never share your user information with third parties for promotional purposes. We remain responsible at all times for the security of your information.
We store personal information held within our Platform on Amazon Web Services (AWS), who are contracted by us for the provision of hosting services. Their privacy policies are available here.
Our SMS and inbound telephone systems are powered by Twilio and Sakari, some personal information is stored with these services, who are contracted by us to provide communications services. Their respective privacy information is available here and here.
We hold some personal data with Google Drive, who is contracted by us for the provision of technical services. If you want to know more about Google’s privacy, you can view their policies here.
Our newsletter and other emails are delivered to you using Active Campaign and Hubspot, you can read more about how Active Campaign and Hubspot handles your personal data by visiting their websites here and here.
We store some personal data with Microsoft 365 (aka Office 365) and you can view its policies online here.
Our customer relationship management system (CRM) is Hubspot, and we use Asana and Atlassian for project management tools.
Our customers have access to a shared space for collaboration and contract negotiation via Planhat. Our platform shares minimal personal information and user activities with Planhat, to help our customer success team better their services.
We hold financial data with Xero. At no point do we store or have access to your full payment details.
We may also disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice. If changes do occur to the structure of our business in a way that affects this notice, we will tell you; either directly or by revising this policy.
What We Do To Ensure Your Data Is Secure
We take the security of your personal data very seriously. Our approach to information security is constantly evolving and continually reviewed.
We adopt industry best practices from both technological and business process perspectives in order to make the security of your data a key part of the way we do business.
We have policies and practices in place that not only ensure our compliance under the DPA but also the GDPR, including training and adequate procedures put in place for any staff that handle or have access to sensitive information.
Our platform is protected by Sqreen, we monitor both traffic and user activity to prevent malicious software and bad actors.
Your Rights Regarding Personal Information
We may contact you via email with updates about the services that we offer or any changes that we have made to our Platform.
You can opt-in, or out at any time by clicking the ‘Unsubscribe’ link in our emails.
Our Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which our service may be advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we are not responsible or liable for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
You have the right to find out about what information we hold about you. You can exercise that right by contacting us and we will send you any request for information in a suitable electronic form within 20 working days. We reserve the right to extend this period to up to three months if the request is complex, or if you have submitted a high number of requests for information. If we are unable to complete your request within 20 working days we will inform you.
To file a request for information please email support[at]raildiary.com.
If your personal data is incorrect then you have the right to rectify this information and ensure that it is accurate and up to date. If your data is incorrect then please contact us at the email address above and a member of the team will rectify this on your behalf.
You have the right ‘to be forgotten’ and to have your personally identifiable information permanently deleted from our systems. If you would like to exercise this right then please contact us. There will be no charge made for reasonable electronic access to your information, your right to rectification or for your right to be forgotten from our systems. Please note that your request for personal information to be permanently removed from our systems may impact our ability to provide our Platform services to you.
How Long We Hold Information For
At Rail Diary Ltd we regularly review what personal data we hold every twelve months. We keep data for no longer than is necessary for the purposes for which it is being processed. There may be some circumstances where personal data is stored for longer periods as part of our customer's contractual arrangements.
Of course, you have the right to forgotten at any point, please refer to our ‘Your rights regarding personal information’ section.
Changes To This policy
We reserve the right to make changes to this policy notice at any time. Any changes we may make to our Privacy Notice in the future will be posted on this page and you will be notified of any changes made.
A cookie is a small text file that we store in your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred between your computer’s hard drive and our Platform.
The following cookies are used by our Platform
We use Google Analytics to understand general trends about our content and traffic sources; for example, where users come from, which pages are most popular, which sites provide most traffic, how our marketing efforts impact the amount of visits we receive.
Google’s statement about privacy can be found here.
Hubspot and Active Campaign
We use Hubspot tracking to help identify an individual's journey from emails that we send out to them, through to interactions with our Platform. So that we are able to track if our communications are being delivered, and read.
Hubspot’s privacy statement can be found here.
Active Campaign's privacy statement can be found here.
We use LogRocket to collect information about user behaviour within the Platform. This helps us quickly identify issues related to training, user error and bugs, and improve our overall customer service.
LogRocket's privacy statement can be found here.
Contact Us If There Is A Problem
If you think there is a problem or something that we have not addressed in this policy, you can email us on [email protected].