Your privacy and trust are important to us. This Privacy Notice (“Notice”) provides important information about how RailNetEurope (“RNE,” “we,” or “us”) handle personal information. This Notice applies to any RNE website, application, product, software, or service that links to it (collectively, our “Services”). It is based on the terminology used by the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Bundesgesetz über den Schutz personenbezogener Daten (Datenschutzgesetz 2000 – DSG 2000).
We want to be clear about our privacy practices so that you can make informed choices about the use of your information. Please read this Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices. It is important that you check back often for updates to this Notice. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other means of communication such as sending an email message.
As it is a living document we may revise this Notice from time-to-time, and your comments and contributions are welcome. The revised version will apply from the date of the publication of the revised notice on our website. Please check the RNE website regularly to ensure you are familiar with the current version.
This Notice was last updated on 23 March 2020.
RNE is committed to the responsible handling and protection of personal information. Personal information means any information relating to an identified or identifiable natural person.
We collect, use, disclose and store personal information when needed to provide our Services and for our operational and business purposes as described in this Notice.
The types of personal information we collect
We collect personal information from you, for example, if you register in our IT tools, register for an event (e.g. meeting, conference, etc.), request information, or request user support. We may ask you to provide information such as your name, email address, phone number, user name and password. In addition, as we offer strictly professional railway-related IT systems in Europe we may ask information about the name and the type of your employer (e.g. infrastructure manager (IM), railway undertaking (RU), terminal operator, etc.) and your language preferences. Not all of the personal information RNE holds about you will always come directly from you. It may, for example, come from our members (IMs, Allocation Bodies, Rail Freight Corridors), your employer (e.g. IM, RU, terminal), other organizations, bodies and authorities we are in cooperation with (associations from the railway sector, European Commission, etc.). In addition, our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.
We may provide the possibility to upload your portrait picture in some of our IT systems (e.g. CMS). We may also need to publish your pictures taken on some of our events. You will be explicitly asked to consent to this and with the submission of your registration we consider you agree and give an explicit consent on the above usage of your pictures in our systems and website/s.
For the sole purpose of taking coherent minutes of meetings we may record some of our groups’ and decision-making bodies’ (i.e. Managing Board and General Assembly) meetings when they are held online (e.g. via Skype for Business/Microsoft Teams) The recording will be subject to the participants’ explicit prior consent and kept in RNE JO until the minutes of the meeting are approved. The participants concerned may request to access the recording.
We do not collect and process any data that may be considered sensitive personal information (e.g. racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, other medical information including biometric and genetic data, sexual life, etc.)
How we use personal information
We process personal information for these Service- and business-related purposes:
- Account setup and administration: We use personal information such as your name, email address, phone number, and information about your employer to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and Service information.
- IT System-related notifications: We use your email address to send messages relating to newsletters, new deployments, versions, specific system functionalities, etc.
- Events: We use personal information to deliver event communications to you across various platforms, such as email, telephone, and online. If we send you such email (e.g. invitation for event registration), it will include instructions on how to opt out of receiving these emails in the future. Please note that even if you opt out of receiving invitation emails, we may still send you important Service information related to your account in particular IT system.
- Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide will only be used internally and not for marketing or market research purposes.
- Pilots: We may use your personal information for our pilot projects (e.g. test account) and to improve and test the features and functions of our IT systems.
- Content management: Some of our Services provide content management and document storage as an integral part of the software product (e.g. RNE CMS). Documents and data stored by us in the RNE Joint Office (JO) and our members in RNE CMS may contain personal information. Any information stored by or on behalf of our members and users is controlled and managed by and only made accessible to those members and users. Our access to this information is limited to the RNE JO personnel with a critical business reason, such as technical support or invoicing.
- Legal obligations: We may be required to use and retain personal information for legal and compliance reasons (e.g. rail regulatory body inquiry). We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable laws in Austria; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
When we share personal information
RNE shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. Below are the parties with whom we may share personal information and why.
- Within RNE Joint Office: Personal information will be made available to the JO employees if necessary for the provision of Services, invoicing, customer and technical support, and project management, for instance. All our employees are required to follow our data privacy and security policies when handling personal information.
- Our members: We partner with our members to manage projects, events and meetings (e.g. General Assembly meeting, working groups meetings, etc.). As part of these arrangements, we and our members may collect and share information about you.
- Our business partners: We occasionally partner with other organizations to manage projects, or to host trainings, events and conferences. As part of these arrangements, you may be a partner of both RNE and our partners, and we and our partners may collect and share information about you. RNE will handle personal information in accordance with this Notice, and we encourage you to review the privacy Notices of our partners to learn more about how they collect, use, and share personal information.
- Our third-party working groups and project leaders: We have chairpersons and project and task force leaders from our members and third parties. All of them are required to follow our data privacy and security policies when handling personal information processed by RNE they have been entrusted with.
- Our third-party IT service providers: We partner with and are supported by IT service providers around Europe. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as software, system, and platform support; cloud hosting services; data analytics. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
- Third parties for legal reasons: We will share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities.
- To protect our rights, users, systems, and Services.
Where we process and store information
All your personal data is collected and stored on secure servers located in Vienna, Austria.
How we secure personal information
RNE takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
How long we keep personal information
We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, RNE takes into consideration Austrian laws, contractual obligations, and the expectations and requirements of our members and users. When we no longer need personal information, we securely delete or destroy it.
Your right to access and correct your personal information
In principle, you have the rights to information, access, correction, deletion, restriction, data portability and objection in regard to your personal data. We respect your rights, and we will respond to your requests for information and, where applicable, will correct, amend, or delete your personal information.
- Access to personal information: If you request access to your personal information, we will comply, subject to any relevant legal requirements, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data for you in all our IT systems.
- Correction and deletion: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors (e.g. in PCS).
- Filing a complaint: If you are not satisfied with how RNE manages your personal data, you have the right to make a complaint to a data protection regulator in Austria:
Connecting via social networks
Our Services do not include social networking features, so you cannot use your own social networking logins from, for example, Facebook or LinkedIn, to log into some of our IT systems.
Links and connections to third-party services
In general, our Services do not contain links to third-party apps, services, tools, and websites that are not affiliated with, controlled, or managed by us. However, if this is the case the privacy practices of these third parties will be governed by the parties’ own Privacy Notices (e.g. Common Interface installed on license holder’s premises). We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy Notices or policies applicable to these third-party services.
RNE provides information solutions for professionals only, and our Services are not aimed in whatever way at children.
How to contact us
We understand that you may have questions or concerns about this Notice or our privacy practices. Please feel free to contact us in one of the following ways:
RNE Data Protection Officer:
Attn: Data Protection Officer
The RNE maintains all its websites to enhance public access to information about its activities and initiatives in general. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will try to correct them.
The RNE reserves the right not to be responsible or liable for the topicality, correctness, completeness or quality of the information provided. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. We will not be liable in respect of any business losses, any loss of or damage to profits, income, revenue, or anticipated savings, any loss of production, any loss of management time or office time, any loss of business, contracts, commercial opportunities or goodwill, any loss or corruption of any data, database or software, any special, indirect or consequential loss or damage, any losses arising out of a force major event. You accept that the RNE is an association under Austrian law and there is a legitimate interest in limiting the liability of its members, managers and employees. Having regard to that interest, you agree that you will not bring any claim personally against any managers or employees in the Joint Office in respect of any losses that you may suffer in connection with the downloads from our websites.
All documents on the RNE websites are not-binding and without obligation. Nothing on RNE websites should be interpret or treated as legal advice. If you need specific advice, you should always consult a suitably qualified professional.
RNE website contains links to other independent websites upon which RNE exercises no control. Such links do not imply any endorsement or responsibility for the content or use of that website. The author is not responsible for any contents linked or referred to from his pages. If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the one who has linked to these pages. Furthermore the author is not liable for any postings or messages published somehow by unauthorized users or intruders on his websites.
Parts of the websites or the complete publication including all materials and information might be extended, updated, changed or partly or completely deleted by the RNE without separate announcement.
3. Copyright and trade mark notice
The RNE as author owns and retains the copyrights in the materials found in the RNE websites. The copyright for any material created by the author is reserved.
Reproduction is authorized, provided the source is acknowledged, save where otherwise stated. The websites content is free of use including, but not limited to the RNE`s members, rail freight corridors` organizations, railway organizations, bodies and authorities and individuals and legal entities with relevant interest in the field of railway infrastructure management and rail industry in principle. The RNE IT tools usage is a matter of particular agreement between the RNE and the concerned third party.
Any duplication or use of objects such as images, diagrams, sounds or texts in other electronic or printed publications is permitted with the explicitly reference to the RNE as author and holder of the copyright.
Where prior permission must be obtained for the reproduction or use of textual and multimedia information (sound, images, software, etc.), such permission shall cancel the above-mentioned general permission and shall clearly indicate any restrictions on use. The RNE intended not to use any copyrighted material for the publication or, if not possible, to indicate the copyright of the respective object.
The RNE as an association owns the word trade mark with the name `RNE-RailNetEurope` and number 002770162 from the European Union`s Office for harmonization in the internal market (OHIM) with seat in Alicante, Spain. Any unauthorized use may violate trademark laws.
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
Cookies are used to constantly adapt this website to our user’s needs, by accepting the disclaimer you are agreeing on the usage of cookies.
Cookies are used on a permanent basis. All usage data is stored anonymized at google analytics. RNE is the only party accessing the usage data. No third parties access usage data of RNE’s websites.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
5. Use of the RNE logo and RNE IT systems logos by third parties
Downloading the logos from RNE websites is free. There is a need to ask for written permission by the RNE Joint Office for any kind of usage of RNE logo and RNE IT systems logos. Any unauthorized use of the logos may violate copyright laws, trademark laws, the laws of privacy and publicity, and communications regulations and statutes.
6. Final provisions
This legal notice is to be regarded as part of the internet publication which you were referred from. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.
We may revise this legal notice from time-to-time. The revised version will apply to the use of our websites from the date of the publication of the revised notice on our websites. Please check RNE websites regularly to ensure you are familiar with the current version.
This notice will be governed by and construed in accordance with Austrian law, and any disputes relating to it will be subject to the exclusive jurisdiction of the courts of Austria.