1.

INTRODUCTION

Women in Rail (“we”, “us” and “our”) is a private company limited by guarantee registered in England and Wales (Registration no. 09859710), whose registered office is at 123 Victoria Street, London SW1E 6DE.

We are a “data controller” for the purposes of the General Data Protection Regulation 2016/679 (“GDPR”). We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the GDPR.

In the course of our activities we may need to gather and use “Personal Data” about you, by which we mean any information about you from which you can be identified, such as your name and contact details. The purpose of this privacy policy (“Privacy Policy”) is to inform you of how we will process your Personal Data and the measures and processes we have put in place to ensure its adequate protection.

In using our website/receiving our services/contracting with us you consent to the collection, use, disclosure and transfer of your Personal Data as set out in this Privacy Policy.

2.

FAIR AND LAWFUL PROCESSING

We will process your Personal Data only, where:

(a)

you have given your consent to such processing (which you may withdraw at any time, as detailed at section 9 below);

(b)

the processing is necessary to provide our services through this website;

(c)

the processing is necessary for compliance with our legal obligations; and/or

(d)

the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal data (as detailed in clauses 5 and 7 below).

By “processing”, we mean the collection, recording, storage, use, disclosure and any other form of operations or dealings with your Personal Data.

3.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU

3.1.

We typically process the following types of Personal Data about you:

(a)

Your name, work email address and other work contact details;

(b)

Your role, position and/or job title within your employment;

(c)

Details of your preferences for types of marketing events;

(d)

Details of your visits to our premises and events; and

(e)

Your career history, ambitions and aspirations.

3.2.

In certain circumstances it will be necessary for you to provide us with your Personal Data, to enable us to manage our operations, to provide services to you and/or your employer or to comply with our statutory obligations. In other circumstances, it will be at your discretion whether you provide us with Personal Data or not. However, failure to supply any of the Personal Data we request may mean that we are unable to maintain or provide services or products to you and/or your employer.

3.3.

We make every effort to maintain the accuracy and completeness of your Personal Data which we store and to ensure all of your Personal Data is up to date. However, you can assist us with this considerably by contacting us promptly if there are any changes to your Personal Data or if you become aware that we have inaccurate Personal Data relating to you (see section 9 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.

4.

HOW WE COLLECT PERSONAL DATA

We usually collect your Personal Data from the information you submit during the course of your relationship with us. This will typically be through you sending us emails and other correspondence, business cards, the forms and documents used when you sign up to our marketing or market data news lists, when you are named as an authorised person to trade on behalf of your employer, the sign up information you use to access any of our products or services either on your own behalf or on behalf of your employer.

5.

HOW WE USE PERSONAL DATA

We will process your Personal Data in connection with the management of our relationship with you for the following purposes:

(a)

for monitoring and assessing compliance with our policies and standards;

(b)

for promotional and marketing materials and activities, including photos and videos;

(c)

to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;

(d)

to provide you or your employer with requested products or services;

(e)

for administrative purposes in relation to the security and access of our systems, premises, platforms and secured websites and applications;

(f)

to contact you about the services and products we offer (where we have received your consent to do so, or we believe that you may be interested in the material as it relates to similar products or services you have previously acquired, or indicated your interest in acquiring, from us);

(g)

to invite you to participate in events, including those that may involve fundraising, that we organise;

(h)

if you participate in our personal mentoring scheme to provide your particulars to your partner mentor/mentee;

(i)

to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;

(j)

to comply with court orders and exercise and/or defend our legal rights;

(k)

for any other legitimate business purpose; and

(l)

as otherwise permitted or required by any applicable law or regulation.

6.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Personal Data we collect from you may be transferred to (including being accessed in or stored in) a country or territory outside the European Economic Area (“EEA”), including to countries whose laws may not offer levels of protection of Personal Data the same as are those enjoyed within the EEA. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR.

7.

WHEN WE MAY DISCLOSE YOUR PERSONAL DATA

We do not and will not sell, rent out or trade your Personal Data. We will disclose your Personal Data only in the ways set out in this policy and, in particular, to the following recipients:

(a)

to any of our group companies including Women in Rail Community Interest Company;

(b)

to third parties who process your Personal Data on our behalf (such as our systems providers including cloud providers);

(c)

if you participate in our personal mentoring scheme to your partner mentor/mentee;

(d)

to companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;

(e)

to any third party to whom we assign or novate any of our rights or obligations;

(f)

to any prospective buyer in the event we sell any part of our business or assets; and/or

(g)

to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.

8.

HOW WE PROTECT YOUR PERSONAL DATA

We are committed to safeguarding and protecting Personal Data and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any Personal Data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

9.

YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT

9.1.

If you wish to:

(a)

update, modify, delete or obtain a copy of the Personal Data that we hold on you;

(b)

restrict or stop us from using any of the Personal Data which we hold on you, including by withdrawing any consent you have previously given to the processing of such data; or

(c)

where any Personal Data has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such Personal Data in a suitable format.

you can request this by emailing us at the address set out in section 12 below. We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.

9.2.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
9.3.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your Personal Data, and for any additional copies of the Personal Data you request from us.
10.

FOR HOW LONG WE WILL HOLD YOUR PERSONAL DATA

We will retain your Personal Data only for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
11.
HOW WE UPDATE OR CHANGE THIS PRIVACY POLICY
11.1.
We may change or update parts of this Privacy Policy in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Privacy Policy on www.womeninrail.org. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Privacy Policy so you are fully aware of any changes or updates.
11.2.
This Privacy Policy was last updated on 11 May 2018.
12.

HOW YOU CAN CONTACT US

If you have any queries about the contents of this Privacy Policy, or wish to inform us of a change or correction to your Personal Data, would like a copy of the data we collect on you or would like to raise a complaint or comment, please contact us using the details set out below:

Email: wr@womeninrail.org

Post: Women in Rail Limited, 123 Victoria Street, London SW1E 6DE.

13.

HOW TO LODGE A COMPLAINT TO THE REGULATOR

You are entitled to lodge a complaint with our data protection regulator if you consider that we have breached your data protection rights. Our data protection regulator is the Information Commissioner’s Office, which can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.