Personal Data Protection - Privacy Notice

(Effective Date : March 10th, 2023)

Introduction

This Privacy Policy applies to the Website https://www.thesignallingcompany.com and all of its pages (hereafter : “Website”). It is an integral part of the conditions of use of this Website. Any links from our Website to other websites are governed by their own privacy notices and terms.

Acknowledging the importance of respecting the privacy of users (hereinafter “you”), we kindly request You to carefully read this Privacy Notice before you make use of the Website. This Privacy Notice gives You further information in the most transparent manner possible, about the data we obtained at the time you viewed the Website or registered to use it. This Privacy Notice complies with the regulations in force and in particular with (i) Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR), and repealing directive 95/46/CE, and (ii) the Belgian Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data

By using this Website, you expressly agree with this Privacy Notice. Please make sure to check this Privacy Notice periodically for changes.

 

1. Table of Contents

• Who are we?
• What does this privacy notice cover?
• What personal data do we collect about You?
• How and why do we use your personal data?
• How long do we keep your personal data?
• Who do we share your personal data with?
• What legal basis do we have for using your personal data?
• What happens if You do not provide us with the information we request or ask that we stop processing your information?
• Do we make automated decisions concerning You?
• Do we use Cookies to collect personal data on You?
• What about marketing?
• Where do we store your personal data? Do we transfer your personal data outside the EEA?
• How do we keep your personal data secure?
• What rights do you have in relation to the personal data we hold on you?
• How can you make a request to exercise your rights?
• How will we handle a request to exercise your rights?
• How can you contact us?

 

2. Who are we?

We are ‘The Signalling Company’ with registered offices at Rue des Deux Gares, 82, Building B, B-1070 Anderlecht (Brussels) (Belgium), registered with the RMP under number 0724.925.936. You can reach us at info@thesignallingcompany.com or by phone at +32(0)2 882 59 00. Our majority shareholder is Skoda Group.

We strive to ease the transition to safe, future proof and affordable onboard systems for railway operators. We are building a better ETCS onboard solution, to make the signalling system of the future cost-effective, flexible and future-proof. The Signalling Company initially is the result of a joint-venture between two Belgian companies: ERTMS Solutions, an industry leader in railway testing, maintenance and systems integration, and Lineas, the largest private rail freight operator in Europe.

We use your information as further explained in this Privacy Notice.

 

3. What does this Privacy Notice cover?

This notice:

• sets out the types of personal data that we collect about you;
• explains how and why we collect and use your personal data;
• explains how long we keep your personal data for;
• explains when, why and with who we will share your personal data;
• sets out the legal basis we have for using your personal data;
• explains the effect of refusing to provide the personal data requested;
• explains where we store your personal data and whether we transfer your data outside of the European Economic Area;
• explains the different rights and choices you have when it comes to your personal data; and
• explains how you can contact us.

 

4. What personal data do we collect about you?

We will collect certain personal information about you in the course of your relationship with us.

This information includes:

• Identification data (surname, first name, e-mail address, telephone number and profession, registered office, bank details number, VAT number)
• Technical identification data (IP address and geo-tracking, host name, Web browser)
• Online account identification (login name, password)

In exceptional cases we may also collect and process sensitive personal data about you, but only where we inform you in advance and you have given us your explicit consent.

 

5. How and why do we use your personal data?

We use your personal data for the following purposes:

• Engage in certain transactions with you;
• Process certain transactions with you;
• Respond to customer service requests;
• Respond to your questions and concerns;
• Send you requested product or service information;
• Improve our Website and marketing efforts;

We will not use your information for any other unrelated purposes unless we are required to do so by law.

 

6. How long do we keep your personal data?

How long we keep your information will depend on the purpose for which we use it.

We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Notice and to fulfill our legal obligations. We have internal rules that set out how long we retain information. What this means in practice will vary as between different types of information and service. When we consider our retention policy, we take into account any ongoing need for the information as well as our legal obligations, for example in relation to tax and potential or actual disputes or investigations.

 

7. Who do we share your personal data with?

We may share your information with third parties who provide services on our behalf to help with our business activities. We use other third parties such as an email service provider to send out emails on our behalf. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

We may disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your security or the security of others, investigate fraud, or respond to a government request and to any other third party with your prior consent to do so.

As We continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal information will be disclosed to such entity.

If any bankruptcy or reorganization proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible, they will be sold or transferred to third parties.

Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise, to protect the rights, property, safety, or security of third parties, visitors to our website, our business or the public.

No third party has access to your information unless we specifically say so in this Privacy Notice, or the law requires this.

 

8. What legal basis do we have for using your personal data?

We process your information:

• To keep you informed and communicate with you about our products and services;
• To the extent it is necessary for the performance of the contract with you for, or to take steps at your request prior to entering into this contract;
• To comply with our legal obligations;
• For each purpose for which there is a legitimate interest; these legitimate interests can be our own interests or that of third parties. They can include commercial interests, individual interests or broader societal interests. Each time we process personal data on this legal basis, we will:
• identify the legitimate interest;
• show that the processing is necessary to achieve it; and
• balance it against the individual’s interests, rights and freedoms
• For each purpose for which you have given your prior consent;

You have the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you, or to withdraw an earlier given consent. More information and how to exercise it is set out below.

 

9. What happens if you do not provide us with the information we request or ask that we stop processing your information?

We have statutory and contractual obligations that require us to process your information. If you don’t provide the information requested, we may not be able to fulfill our contract with you or perform our obligations to you or related others.

 

10. Do we make automated decisions concerning you?

No, we do not carry out automated decision making or automated profiling.

 

11. Do we use Cookies to collect personal data on you?

To provide better service to you on our Website, we and our service providers use cookies to collect your personal data when you browse. Cookies are small text files that are stored on the hard disk of the computer of the persons who visit the Website. They contain information such as the Web user’s language preference, so that they do not have to enter this information again the next time they visit the same Website. For technical reasons, we use cookies in order to:

• remember your username and password so you will not have to re-enter it each time,
• protect our Website,
• and manage the usage statistics of our Website (so we can determine which pages you find useful and which you do not).

The following cookies are used on our Website:

• Session cookies that store technical information as You navigate from one page to another on our Website. These cookies have a limited lifespan and expire when You close your browser.
• Feature-related cookies used in particular to recognise You at the time of your next visit to the Website and to personalise the site accordingly.
• Google Analytics audience measurement cookies: these cookies are used to anonymously collect information on website users. The information is used to produce reports and help us improve the Site. You can view Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=fr.

You can choose to accept or decline cookies. Although most browsers are initially set to accept cookies, You may reset your browser to notify You when You receive a cookie or to reject cookies generally if You prefer. Most browsers offer instructions on how to do so in the “Help” section of the toolbar.

Your browser can be configured to notify You each time cookies are created or to prevent their creation, in the following way:

• Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
• Chrome:http://support.google.com/chrome/bin/ansWer.py?hl=en-GB&hlrm=nl&ansWer=95647
• Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-Website-preferences
• Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

If your browser is not listed above, please refer to your browser’s “Settings” tab and to the “Options” or “Preferences” menu.

While You are not required to accept our cookies to access our Website, if You reject cookies, certain offerings, features, or resources of our Website may not work properly and You may experience some loss of convenience or functionality.

 

12. What about marketing?

We might want to contact You from time to time about our new similar products and promotional offers by email, text message, telephone, and mail.

If applicable: where we have already collected valid marketing permissions from You, You can always unsubscribe or opt out at any time by clicking the “Unsubscribe” link in any of our communication or by contacting us using the details at the end of this Privacy Notice.

 

13. Where do we store your personal data? Do we transfer your personal data outside the EEA?

We store your personal data safely at our premises, in contracted storage facilities, with our service providers, or on our servers within the country where we are based and otherwise within the European Economic Area (EEA). We strive to process Your information within the country where we collected it or within the EEA. If we or our service providers transfer personal data, where relevant, outside of the EEA, we will always require that appropriate safeguards are in place to protect the information that is transferred, such as Standard Contractual Clauses based on the European Commission’s recommendations. You can obtain a copy of the safeguards in place for such transfers by contacting us using the details at the end of this Privacy Notice.

 

14. How do we keep your personal data secure?

We make every effort to protect your Personal Data against any form of damage, loss, misappropriation, intrusion, disclosure, alteration or destruction, in particular by:

• the use of an entry control system, using name badges, at sensitive sites and premises, including computer rooms;
• the protection of sites and premises by an anti-intrusion alarm system, supported by a security guard during non-working hours and/or days;
• restricting administration of the Website and granting access to its data to authorised persons only;
• the use of passwords, encryption, firewalls, and other IT security measures ;
• the implementation of preventive and remedial security and control procedures for managing security incidents.

Our employees who, by reason of their job function, have access to your Personal Data are required to maintain the utmost confidentiality when processing your Personal Data.

 

15. What rights do you have in relation to the personal data we hold on you?

By law, You have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

– The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing You with the information in this Privacy Notice.

– The right of access: You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice). This is so You’re aware and can check that we’re using your information in accordance with data protection law.

– The right to rectification: You are entitled to have your information corrected if it’s inaccurate, not up to date or incomplete.

– The right to erasure: In simple terms, enables You to request the deletion of excessive or unnecessary or incorrectly processed data or deletion of data that has been processed with your consent. This is not a general right to erasure; there are exceptions.

– The right to oppose processing: You have rights to oppose against further use of your information.

– The right to data portability: You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if You decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

– The right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data with the Belgian Authority of Data Protection (https://www.dataprotectionauthority.be) or introduce a claim in front of the competent courts;

– The right to withdraw consent: If You have given your consent for processing of personal data, it can be withdrawn at any time (although if You do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

 

16. How can you make a request to exercise your rights?

To exercise any of the rights above, or to ask a question, contact us using the details set out in section 17 of this Privacy Notice.

The Personal Data communicated to You on the basis of an access request shall be transmitted personally and confidentially. As such, in order for your access request to be accepted, You must send all the necessary details required to confirm your identity, namely, a sworn written certificate that certifies that You are the owner of said Personal Data and a photocopy of an identity document.

We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to You and let You know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests and requests for further copies of the same information. Alternatively, the law may allow us to refuse to act on such requests.

 

17. How can you contact us?

If You have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact us here: The Signalling Company, Rue des Deux Gares, 82, Building B, B-1070 Anderlecht (Brussels, Belgium). Attention of: the data privacy officer. Email: info@thesignallingcompany.com. Please use the subject line: “Attention: Data Privacy Request”.