Last updated: 01 May 2019
RailAction is committed to protecting the privacy of its users.
Our Site is dedicated to companies but when using the services offered (eg: registering an account, posting an ad, using the contact form), the legal representative can provide certain personal data, such as first name and last name, email address, phone, etc. Also, given that the website is an online application, it could also be accessed by individuals.
This page informs You of our policies regarding the collection, use, and disclosure of personal data when You use our Service and the choices you have associated with that data.
We use your data to provide and improve our Service. By using our Site, you consent to our collection and use of your Information as described in this Policy.
The role of this Policy is to inform you about:
- The processing activities carried out by our website, with regard to your personal data, and it applies in our activities and in order to achieve the object of the activity;
- Security and confidentiality of processing activities of personal data.
We will use the collected information in accordance with the permissions granted by you and in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
Our Site may include links to other websites managed by other legal entities which are not related to the activity of us and for which we are not liable. Furthermore, we may include links to other websites operated by other companies, which apply distinct privacy policies. If you access these websites through our own Site, you should read the privacy policies of these websites in order to understand how they collect, use and reveal your information.
Please note that this Policy only applies to the use of information collected via our Site or during your communications with us. Our Policy does not apply to the privacy practices of any third party websites linked from our Site, or to your communications with any other third party.
<RailAction, Site> – refers to our websites (e.g. https://www.railaction.com domain and/or its subdomains) and its administrators or operators;
<Service> – refers to the services that we provide, including our Site itself;
<User> – refers to any person who uses our Service, including general visitors to our Site;
<personal data> – means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
<consent> – means any freely given of the data subject, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
<processing> – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
<restriction of processing> – means the marking of stored personal data with the aim of limiting their processing in the future;
<pseudonymisation> – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
<GDPR> – General Data Protection Regulation.
Personal data collection and use
By using our Site we assume that You agree to this Policy.
We collect several different types of information for various purposes to provide and improve our Service to You. Any information we have is most likely provided by you.
The refusal to provide personal data may determine the impossibility of us to provide the Service and/or to fulfill the other processing purposes.
We mention that RailAction does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Therefore, the User is forbidden to provide such information on the Site.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (personal data).
There are certain processing purposes for which our Site is required by law to obtain your consent. We will obtain this consent through our Site (online). The consent given in this way may be withdrawn at any time, and we will respect your preferences.
Registration on the Site
If you register on our Site, we store your chosen username, first name and last name, phone number, your email address, social networks and any additional personal information added by yourself to your User profile. We would like to mention that only a username and email address is required to create an account on our Site. Providing other information is optional, a User can decide on this opportunity.
By accessing your dashboard, you can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.
Only the data you explicitly provided is sent to our website.
Registration on the Site through social networks
In order to register as a user with us, you may have the option to sign in using your Facebook, Google, Twitter or other social media website login.
If you register on our Site through social networks, your user account will be created automatically and will contain some necessary data taken from your social network. We will not be able to control this data transfer between accounts. Therefore, since it is possible that automatically retrieved data is not compatible with your purpose on our Site, it is necessary to edit the user profile data immediately after logging in. For this, You have to go into your dashboard on our Site. We would like to mention that only a username and email address is required to create an account on our Site. Providing other information is optional, a User can decide on this opportunity.
By accessing your dashboard, you can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.
Only the data you explicitly provided is sent to our Site.
Free & Paid Membership with Recurring Payment
Membership packages may be free or paid depending on your needs. Membership packages are available on the “Pricing” page or can also be found on the “User Dashboard” where, on the “Upgrade Plan” section, you can choose the appropriate package.
The free membership package only requires creating an account (see steps above).
If you have chosen a paid membership package, we will ask you to provide information on billing details such as first name, last name, company name (optional), country, street address, postcode/ZIP, town/city, phone, email address and other additional information (optional). This information is required and will be stored and processed by us in order to be able to offer your services in accordance with your request. For the offered membership packages we use the WooCommerce plugin. We collect information about you during the checkout process on our store.
While you visit our site, we may track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed;
- Location, IP address, and browser type: we’ll use this for purposes like estimating taxes and shipping;
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order;
We’ll use this information for purposes, such as, to:
- Send you information about your account and order;
- Respond to your requests, including refunds and complaints;
- Process payments and prevent fraud;
- Set up your account for our store;
- Comply with any legal obligations we have, such as calculating taxes;
- Improve our store offerings;
- Send you marketing messages, if you choose to receive them.
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it.
We accept payments through PayPal (third party payment processors). When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
Please note that we never ask for credit card numbers or other information associated with them. We have a variety of security measures when a user enters the data, submits, or accesses the website like encryption via Secure Socket Layer (SSL) technology. Your payments for our Service are made through PayPal and they have their own security measures. PayPal is number 1 worldwide in online transactions, concerning security and confidentiality of its transactions.
You can always ask us (through Contact page) to delete the membership packages information, but this will result in the loss of the features they offer on our Site.
If you send us a message using the contact form available on the site’s “Contact” page, we store the data you provide, such as your first and last name, your phone number, your email address, the message content, and your consent on storing and processing the data through this Site. The transmitted data will be stored for up to one year. We also store information about your subscription acceptance for marketing purposes (newsletter).
By contacting a User using the standard contact form available on our Site, You will fully assume that your personal information will be forwarded to that person. We have no control over the messages You send to a User by using the contact form. In other words, we do not store this information. For any action on the transmitted information, you must contact the User to whom it was sent, being the only person to store and control this information. We mention that we assume no liability for your actions in relation to any User registered on our Site.
As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Service, we may collect certain information automatically from your device. We may collect information on how the services are accessed and used (usage data). This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, internet service provider (ISP), the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. By providing this information, a User cannot be identified directly. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Service, about the functionality of our Service, frequency of visits, and other information related to your interactions with our Service. Please see the “Cookies” section below.
If you upload images to the Site, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the Site can download and extract any location data from images on the website.
Data on search engines
Our Site is optimized for the best SEO practices to get you noticed on the most popular search engines. So, You must know and assume you that the information provided on our Site may be visible in search engines globally. When we say visible we refer to the data entered for the registration of a User account on the Site (first name and last name, phone number, website, company name, social networks, your email address and any additional personal information added by yourself to your User profile) and the data entered in the ads posted on our Site.
If you are a simple visitor
Please read the next section on using cookies.
To make this Site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the website. It enables the Site to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the Site or browse from one page to another.
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
- Your actions, for online behavioral advertising or security purposes;
- Your authentification details thus you do not have to re-enter it;
- Information about your locations;
- Statistical information about usage by users;
Cookies can also be used for online behavioral target advertising and to show adverts relevant to something that the user searched for in the past.
Also, some videos, embedded in our pages, use a cookie to anonymously gather statistics on how you got there and what videos you visited.
Enabling these cookies is not strictly necessary for the website to work but, it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that, some features of this Site may not work as intended.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here. Cookies are text files saved on the website visitor’s computer, allowing the recognition of an anonymous user.
Cookies can expire at the end of a browser session (from the moment a user opens the browser window until they exit the browser) or they can be stored for a longer period.
A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:
- Session cookie which is erased when the user closes the browser or
- Persistent cookie which remains on the user’s computer/device for a pre-defined period of time.
As for the domain to which it belongs, there are either:
- First-party cookies which are set by the web server of the visited page and share the same domain;
Our Site applies the following types of cookies:
- First‑party session cookies – are temporary cookies which allow websites to link the actions of a user during a browser session. We use session cookies to carry information across pages of our site and avoid you having to re-enter information each time you enter a new page. These session cookies expire after a browser session, so they would not be stored on a longer term. For this reason, session cookies may sometimes be considered less privacy intrusive than persistent cookies;
- First‑party persistent cookies – are stored on a user’s device between browser sessions which allow the preferences or actions of the user across a website to be remembered. This type of cookies remain in the cookie file of your browser even after the browser is closed and the length of time depends on its lifespan. Persistent cookies may be used for a variety of purposes including the security of the website, increasing the speed of accessing pages, statistical evaluation, remembering users information and settings when using a website or to target advertising;
The website cookies and their duration can be consulted by following these steps:
- Load the Site;
- Left-click on the symbol (closed padlock – “Connection is secured”) in the bottom bar of your browser window;
- Navigate to the “Cookies” and left-click;
- Check “Cookies in use”;
- Navigate through the entire Site and features following the procedure described above.
If you need any more information or you have any comments about our cookies, please write to us by email through our Contact page.
How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most of the browsers to prevent them from being placed. However, if you do this, You may have to manually adjust some preferences each time you visit a site but, some services and functionalities may not work.
Security and privacy issues
Generally speaking, browsers have built-in privacy settings providing different levels of cookie acceptance, validity, and automatic deletion after users have visited a particular site.
Users must ensure that the browser is always up-to-date. Many of the cookies-based cyber-attacks are caused by exploiting weaknesses of old browsers versions. With a clear understanding on how cookies work and on their benefits, Users can take the necessary security measures so they can navigate with confidence on the Internet.
Social Media Plugins
We integrate social media application program interfaces or plug-ins (“Plug-ins”) from social networks, including Facebook, Google, LinkedIn, Xing, Twitter, Instagram, Youtube, Tumblr, Pinterest and/or possibly other companies, into the Site. In order to register as a user with us, you may have the option to sign in using your Facebook, Google, Twitter or other social media site (“SMS”) login.
For example, when you visit our Site, the plugin creates a direct connection between your browser and the Facebook server. This allows Facebook to receive information about your visit to our Site with your IP address. If you click the Facebook “Like” button while You are logged on to your Facebook account, You can link the contents of our Site to your Facebook profile. This allows Facebook to assign your visit to our Site to your user account. Please note that as the provider of the Site, we receive no notification about the contents of the transmitted data or their use by Facebook. If you do not want Facebook to assign your visit to our Site to your Facebook user account, please log out of your Facebook user account.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Use of data
We may use your information and data to:
- Enhance or improve user experience, our Site, or our Service;
- Ensure that the content on our Site is presented in the most effective manner for You and your device;
- Enable You to use the functionality of our Site, including posting ads;
- Send e-mails about our Site or respond to inquiries;
- Provide services and information that you have requested;
- Provide customer support;
- Monitor the usage of the Service;
- Provide analysis or valuable information so that we can improve the Service;
- Contact You for market research or marketing purposes where You have given us permission to do so. You may opt out of these emails at any time;
- Detect, prevent and address technical issues;
- Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Site or Service.
Access to your data
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. If you are a client with a registered account, your personal information can be accessed by our helpdesk and technical staff in order to provide you support.
We do not sell, trade or otherwise transfer to outside parties any personally-identifiable information. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us.
Transfer of data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the European Union and choose to provide information to us, please note that we transfer the data, including Personal Data, to the European Union and process it there.
Visitor comments may be checked through an automated spam detection service.
Disclosure of data
RailAction may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation;
- To protect and defend the rights or property of our company;
- To prevent or investigate possible wrongdoing in connection with the Service;
- To protect the personal safety of users of the Service or the public;
- To protect against legal liability.
Security of data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your personal data is very important to us and we want to ensure the appropriate security of the data during the processing operations. In this respect, RailAction implements technical and organizational measures for protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
We use the SSL/HTTPS protocol throughout our Site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
We have implemented a number of security measures on the Site. The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 180 days. Also, this Site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with the services providers.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the official Google Privacy & Terms web page.
Links to other sites
All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties unless you explicitly click on them.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party websites or services.
How long we retain your data
In order to fulfill the processing purposes, the Site may process personal data during the provision of the Service, as well as thereafter, in order to comply with its legal obligations.
When you submit an email to us, the transmitted data will be stored for up to one year.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our Site (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
You can ask us (through Contact page) to delete the membership packages information, but this will result in the loss of the features they offer on our Site.
Customer purchase records will be stored in accordance with the applicable law.
What rights you have over your data
Under these policies, You have the following rights:
- The right to be informed, respectively the right to receive details regarding the processing activities of the Site, as described herein;
- The right to access the personal data, respectively the right to obtain confirmation from the Site regarding the processing of personal data, as well as details regarding the processing activities;
- The right to request rectification, respectively the right to obtain rectification from the Site of personal data if it is inaccurate, as well as completing incomplete data;
- The right to erasure of data (”right to be forgotten”), subject to certain conditions provided by law – but it is possible that, following a request to delete the data, the Site may render the data anonymous (thus depriving it of a personal nature), and in these conditions to continue processing for statistical purposes;
- The right to restrict the processing to the extent that the conditions provided by law are met;
- The right to data portability, respectively: (i) the right to receive the personal data in a structured, commonly used and machine-readable format as well as (ii) the right to have the data transmitted by the Site to another controller to the extent that the conditions provided by law are met;
- The right to object – in what concerns the processing activities for direct marketing purposes, including profiling activities. The right to object may be exercised at any time by submitting a request as indicated below;
- The right not to be subject to an automatic individual decision, respectively the right not to be subject to a decision based solely on automated processing;
- The right to address the National Supervisory Authority For Personal Data Processing or the competent courts, in case you consider it necessary.
If you have an account on this Site, agreed to use this Policy, You can request to receive an exported file (in a standard format) of the personal data we hold about You, including any data You have provided to us. A request in this regard can be sent through the page created for you https://www.railaction.com/gdpr-compliance/. Through this page, You can also request that we erase any personal data we hold about you.
This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In short, we cannot erase the data that is vital to You being an active customer (e.g. basic account information like an email address).
Basically, in the circumstances where you created an account on our Site, as a user, you can perform any intervention on your own and anytime on any given data. All you have to do is enter the user’s dashboard and edit as you like all the data provided (except the username).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related Service to you. We also do not assume the cessation of publishing your ads on the Site.
Our Service does not address anyone under the age of 18 (Children).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children, we take steps to remove that information from our servers.
- Directly by email: email@example.com
- By visiting this page on our website: https://www.railaction.com/contact/