1. Who We Are
RailVision ("we", "us", "our") is an intelligent railway digital twin platform based in Derby, United Kingdom. We provide real-time operational intelligence, replay analytics, and fleet monitoring services to train operating companies (TOCs), infrastructure operators, and transport authorities across the UK rail network.
For the purposes of UK GDPR, RailVision is the data controller for personal data processed through our platform and website.
2. Data We Collect
We collect personal data only where necessary. The categories of data we may collect include:
| Category | Examples | Source |
|---|---|---|
| Identity | Name, job title, organisation | Contact form, account registration |
| Contact | Email address, phone number | Contact form, account registration |
| Usage | Pages visited, modules accessed, session duration | Automatically via platform logs |
| Technical | IP address, browser type, device type | Automatically via server logs |
| Professional | Role, organisation type, enquiry type | Contact form submissions |
We do not knowingly collect data from individuals outside the railway industry context, and our services are not directed at individuals under 18.
3. How We Use Your Data
We use the personal data we collect to:
- Respond to enquiries submitted via our contact form
- Provide, operate, and maintain the RailVision platform and its modules
- Authenticate and manage user accounts for platform access
- Monitor platform performance, diagnose issues, and improve reliability
- Send service-related communications (not marketing without consent)
- Comply with applicable legal and regulatory obligations
- Conduct internal analytics and product development
4. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
- Contract — where processing is necessary to fulfil a contract with your organisation for platform access
- Legitimate Interests — for enquiry handling, platform security, fraud prevention, and service improvement, where our interests are not overridden by your rights
- Legal Obligation — where processing is required by applicable law
- Consent — for optional communications such as product updates, which you can withdraw at any time
5. Sharing Your Data
We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:
- Service Providers — trusted third-party processors (e.g. hosting providers, email delivery) under strict data processing agreements
- Legal Compliance — to comply with legal obligations, court orders, or requests from regulatory authorities
- Business Transfers — in the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations
6. Data Retention
We retain personal data only as long as necessary for the purposes it was collected, or as required by law:
- Contact form enquiries — up to 2 years from last contact
- Platform account data — duration of contract plus 12 months
- Usage and access logs — up to 90 days rolling
- Legal and compliance records — as required by applicable law (typically 6 years)
After applicable retention periods, data is securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your data where there is no legitimate reason to retain it
- Restriction — request that we restrict processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw Consent — withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us using the details in Section 11. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
Our website and platform use cookies and similar technologies to ensure functionality and improve performance. We use:
- Essential cookies — required for platform operation, authentication, and session management
- Analytics cookies — to understand how the platform is used and identify improvements (enabled only with your consent)
You can manage cookie preferences via your browser settings. Disabling essential cookies may affect platform functionality.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Encrypted data transmission (TLS/HTTPS) across all platform interfaces
- Access controls and role-based permissions for platform users
- Regular security assessments and infrastructure monitoring
- Internal data handling policies for all staff with platform access
In the event of a personal data breach that is likely to affect your rights or freedoms, we will notify you and the ICO in accordance with our obligations under UK GDPR.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify affected users directly.
We encourage you to review this policy periodically. Continued use of the RailVision platform following any changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or the data we hold about you, please contact us:
- Post: RailVision, Derby, United Kingdom
- Email: [email protected]
- Response time: We aim to respond within 2 working days
Have a question about your data?
Our team is here to help with any privacy-related enquiries.