EUROPEAN RAIL INFRASTRUCTURE MANAGERS

Privacy

Privacy Policy 


1. GENERAL

1.1 This privacy policy (“Privacy Policy”) governs the processing of your personal data as part of your use of our website (http://www.eimrail.org/ (the “Website”)). This processing is undertaken by EIM (“Company”, “we”, “us”, “our”) in compliance with applicable data protection legislation.
1.2 By using the website, you acknowledge that you have read this Privacy Policy carefully and that you agree with it without reservation.  We reserve the right to modify, change or amend the Privacy Policy at our own discretion and from time to time. Such modification, change or amendment shall be communicated via the Website. By ticking the box stating “I declare that I have fully read, fully understood and without reservation consented to the privacy policy. I give my consent to process my personal data as set out in this privacy policy.”, you declare that you have read and without reservation agree to this Privacy Policy. You declare that you understand the purpose(s) for which your personal data are processed. You agree that your continued use will be understood as continued consent. You can withdraw your consent at any time by sending an email sent to the company (privacy) email address. Please note that as part of the website we may use so-called cookies or similar technologies.
1.3 Cookies are small text files that are stored on a device’s hard drive and contain certain information and sometimes personal data. For more information on the way we use cookies, please consult our cookie policy (Link to Cookie Policy: http://www.eimrail.org/pages/cookies).
1.4 This Privacy Policy was last updated on September 25, 2018.


2. WHAT & WHY WE PROCESS

2.1 When using the website, we process personal data pertaining to you. Such personal data include:

From What Details Purpose Legal basis
Contact via email Your contact data; Communication content; Any other personal data you choose to provide to us. Name
Email
Phone
Address
Country of residence
establish a contact with potential new members Data subject consent given by the data subject for one or more specific purposes

 

2.2 In principle we obtain the above-mentioned personal data directly from you. In addition to the purposes mentioned above, we may process your personal data:
2.2.1 To provide you in a personalized and efficient way with the information, products and services you request, either via the Website, e-mail, telephone or social media channels. For direct marketing purposes, i.e. to be able to provide you with targeted communications, promotions, offerings and other advertisements from us or our selected partners. Note, however, that we will obtain your prior consent before doing so.
2.2.2 To perform statistical analyses so that we may improve our website, or to develop new products and/or services.
2.2.3 To transfer to the financial institution or payment service provider to allow your financial institution and the payment service provider to comply with their legal obligations. 
2.2.4 To transfer to the police or the judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the website.
2.2.5 For informing any third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside EEA.
2.3 If and when your registration with or use of the website can be considered (a) a violation of the terms or the intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of the Services, (c) a danger to the website or any of our or our subcontractors’ underlying systems due to viruses, Trojan horses, spyware, malware or any other form of malicious code, or (d) in any way hateful, obscene, discriminating, racist, slanderous, spiteful, hurtful or in some other way inappropriate or illegal, we may process your personal data for the preservation of the legitimate interest of us, our partners or a third party.

3. TO WHOM WE SEND

3.1 We do not send your personal data in an identifiable manner to any third party if not required to provide you the Services, without your explicit permission to do so. We may rely on third party processors to provide you the website. We will ensure that third party processors are only allowed to process your personal data on behalf of us upon written instruction of us. We warrant that all third-party processors are selected with due care and are trained to be aware of the safety and integrity of your personal data.
3.2 We may send anonymized and/or aggregated data to other organizations that may use those data for improving products and services as well as tailor the marketing, displaying and selling of those goods and services.

4. WHERE WE PROCESS

4.1  We and our third-party processors will only process your identifiable personal data in the EEA. We may transfer your anonymized and/or aggregated data to organizations outside of the EEA. Should such transfer take place, we will ensure that there are appropriate safeguards in place to ensure the safety and integrity of your personal data as well as all rights with respect to personal data you might enjoy under applicable mandatory law.

5. HOW WE PROCESS

5.1 We will do our utmost best to process only those personal data which are necessary to achieve the purposes listed in this Privacy Policy. We will process your personal data in a lawful, fair and transparent manner. We will do our utmost best to keep the personal data accurate and up to date.
5.2 Your personal data are only processed for as long as needed to achieve the purposes listed in this Privacy Policy or up until such time where you withdraw your consent for processing them. Note that withdrawal of consent may imply that you can no longer you the whole or part of the website. If you have registered with our website, we will delete your personal data if you delete your profile, unless a legal or regulatory obligation or a judicial or administrative order prevents us to do so.
5.3 We will take the appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by our personnel or personnel of our third party processors will only be on a ‘need-to-know’ basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only which can never be guaranteed.

6. YOUR RIGHTS

6.1 You have the right to request access to all personal data processed by us pertaining to you. Subsequent requests for access addressed to us that are manifestly submitted for causing nuisance or harm to us, will not be dealt with.
6.2 You have the right to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. If you have registered with our website, you can correct a lot of these data yourself via your profile. If a request for correction is submitted, such request shall be accompanied of proof of the flawed nature of the data for which correction is asked.
6.3 You have the right to withdraw your earlier given consent for processing your personal data. You can withdraw your consent at any time by sending an email sent to the company (privacy) email address.
6.4 You have the right to request that personal data pertaining to you be deleted if they are no longer required in light of the purposes outlined in this Privacy Policy or if you withdraw your consent for processing them. However, you need to keep in mind that a request for deletion will be evaluated by us against legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
6.5 Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes listed but you need them to defend yourself in judicial proceedings.
6.6 You have the right to oppose the processing of personal data if you are able to proof that there are serious and justified reasons connected with his particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification.
6.7 If you wish to submit a request to exercise one or more of the rights listed above, you can send an e-mail to info@eimrail.org. Such request should clearly state which right you wish to exercise and the reasons for it if such is required. It should also be dated, signed and accompanied by a digitally scanned copy of your valid identity card proving your identity.
6.8 We will promptly inform you of having received this request. If the request proves valid, we shall honour it as soon as reasonably possible and at the latest thirty (30) days after having received the request.
6.9 If you have any complaint regarding the processing of your personal data by us, you may always contact us via the e-mail address info@eimrail.org. If you remain unsatisfied with our response, you are free to file a complaint with the competent data protection authority (List of DPA per country: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).
6.10 Where your personal data is processes based on consent or on a contract and the processing is carried out by automated means, you will have the right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and, where technically feasible, you will have the right to directly transmit those data to another service provider.