This Data Protection Policy (hereinafter, “Policy”) applies to all activities of RAILWAY Project with respect to the protection of personal data that we collect, process and store in the course of our business activities, including through our websites and applications (or “apps”), as well as other electronic interfaces with data subjects that we operate.
For any questions regarding the collection, processing or use of your personal data (as explained below) please contact App@righttoprivacy.foundation
A. General principles
RAILWAY may revise this Policy from time to time, and such changes shall come into effect from the moment we notify you of such changes and/or updates, either on the websites, apps or in some other reasonable and transparent manner.
1.1 Lawfulness, Fairness and Transparency
Your personal data is collected and stored lawfully, fairly and transparently by RAILWAY. In processing your data, we act in good faith, in a proportionate manner, and with the appropriate technical and organisational measures in line with the industry best practices. The collection, processing and use of personal data may also be carried out by external data processors on our behalf, in the course of RAILWAY’s business and supply of services. We require them to comply with relevant legal data protection rules and legislation applicable to the services they provide us, within the framework of our contracts with such external processors.
1.2 Data Minimisation
RAILWAY will ensure that the data stored about you is adequate, relevant and limited to what is necessary.
1.3 Storage Limitation
Your personal data will not be stored for longer than is strictly necessary for providing our services to you.
1.4 Data Accuracy
RAILWAY will take all reasonable efforts to ensure that the personal data stored is up-to-date and accurate.
1.5 Purpose Limitation
RAILWAY will only process data which has been specified for a particular purpose in the Consent Procedure.
When balances are SHIELDED, RAILWAY removes identifying data from transactions. Sender and recipient cannot be determined with any reasonable degree of certainty.
RAILWAY will have appropriate security measures, in accordance with best industry practice, to ensure the protection of your personal data.
B. Lawful Basis for Processing
We will only process your personal data if we can rely on a valid lawful basis:
We will only process personal data if you have explicitly consented to such processing. This consent will be gained through a clear, affirmative action of clicking ‘I agree’ on the Consent Procedure. Your data will be used solely for the purposes stated in the Consent Procedure.
1.2 Legal Obligation
If we are required to process your data, following a court order, governmental action or change of legislation, we will do so notwithstanding your consent.
C. Data Subject Rights
1. Your rights as a data subject
1.1 Right to Access
You are entitled to receive from RAILWAY, upon request, a copy of the data we have collected from you in a commonly-used and machine-readable form, subject to technical feasibility and lawfulness considerations. Please forward your access request to our Data Protection Officer App@righttoprivacy.foundation.
1.2 Right to Data Portability
You have a right to receive a copy of your personal data and / or to have your personal data transmitted from RAILWAY, without hinderance, to another data controller if such a transmission is technically feasible. RAILWAY are not required to carry out this transmission if it involves adapting or changing processing systems.
1.3 Right to Rectification
You have a right to rectify any inaccurate personal data RAILWAY holds on you. This should be carried out by notifying our Data Protection Officer directly in writing at App@righttoprivacy.foundation. RAILWAY will respond to this request within 30 days.
1.4 Right to Restrict / Object to Processing
You may revoke or withdraw your consent at any time by notifying our Data Protection Officer directly using this Consent Revocation Form and sending it here App@righttoprivacy.foundation. Upon receipt of your Form, we may continue to store your data but will not use your data unless we are legally obliged or authorised to carry on using it.
1.5 Right to be Informed
You are entitled to receive from RAILWAY, upon request, information about the type of data RAILWAY is processing about you. This will include information about the purpose for which your personal data is being processed, the retention period of the data and which third-parties the data will be shared with. This information will be provided in plain, clear language, in a transparent and easily accessible format.
1.6 Right to Erasure
You may request the deletion of all or part of your personal data held by RAILWAY. Upon receiving your request to our Data Protection Officer using this Data Deletion or Correction Form, we will delete your personal data from all of our records, as soon as reasonably possible and when technically feasible, unless there is an overriding legal interest or other legal basis for the continuation of the data processing. Please understand that in the event of deletion or correction of personal data upon your request, RAILWAY may not be able to further provide services via the websites, apps and other interfaces in whole or in part. In requesting data deletion, you irrevocably agree and waive any claim against RAILWAY’s inability to provide said services, or any interruption or malfunction resulting therefrom. Note that your request for deletion may also be rejected by RAILWAY for lack of relevant or accurate information provided by you, because it is manifestly unfounded, excessive or because of inadequate verification of your identity.
1.7 Automated decision-making on the basis of your personal data
RAILWAY does not intentionally take any potentially-damaging decision concerning you based on automated processing operations without human intervention; and commits to giving you the opportunity to obtain human intervention in such a decision, express your point of view, and obtain an explanation of the decision. Please send your request regarding automated decision-making with this Automated Decision-making Form to our Data Protection Officer App@righttoprivacy.foundation
Personal data relating to children and minors – RAILWAY does not knowingly collect or process personal data relating to children and minors under the age of 16 years, unless we are legally obliged to do so. If we become aware that personal data was transferred to us or collected by us relating to children and minors under the age of 16 years, or under the age of 13 without the informed consent of a parent or legal guardian, we will delete such personal data without undue delay. Please forward your request with this Children and Minors Data Deletion Form to our Data Protection Officer App@righttoprivacy.foundation. In the implementation of these data protection rights, RAILWAY is committed to providing a timely, transparent and appropriate response to your requests.
2. Why RAILWAY uses your personal data
We use your personal data to provide the business services requested by you and to process your requests and inquiries, including those that include payment-related data, where applicable.
Your personal data is also used for the cookies and tracking utilised in the websites and apps to distinguish you from other users, to improve your use of these interfaces, and to ensure that content in the websites, apps and other relevant interfaces is presented in the most effective manner for you.
3. The types of personal data we collect and how we use it
The personal data collected and used by RAILWAY is limited strictly to the data necessary for us to provide you with services we supply in the course of our ongoing business, while operating under the relevant data protection and other regulatory obligations.
The data collected and processed is both general in nature, (for example, for technical purposes) and may include, depending on the services you select and utilize, personal data such as your name, identifying numbers, your IP address and internet service provider, browser type, software identification, as well as the websites you have visited before being transferred to RAILWAY websites and apps, including keywords used for searches and the sites from which you have been transferred (e.g., search engine or linked content)
Some automatic processing of your personal data may occur. As is true of most organisations operating websites and apps, RAILWAY gathers certain information automatically and stores it in log files. This information includes but is not limited to IP addresses, browser type, internet service provider, referral pages, operating systems, a date/time stamp and clickstream data. We may use this information to analyse trends, to administer the website and apps, to track users’ movements through them and to gather information about our user base as a whole. RAILWAY may link this automatically-collected data to personal information for legitimate business purposes, such as to detect and prevent fraudulent activity; and for other legally-authorized purposes.
When you receive services from RAILWAY through the websites, apps and other electronic interfaces, you may also be directed to third-party processors such as payment service providers, including credit card or online payment providers. When we use such third-party payment processors, we do not store credit card details, but instead rely on the third-party service provider to process personal data in order to provide these services. We contractually require such third-party payment processors to comply with the data protection and other laws and regulations applicable to their payment processing services. Please check the respective service provider’s relevant data protection terms and compliance with applicable laws prior to usage of any such processor’s services. The same applies to any links to and from websites of third-party networks, advertisers and affiliates. Such third-party websites are governed solely by such third parties’ data protection policies and you are advised to be careful and check any such third party’s privacy policies and compliance with laws, prior to supplying them with any of your personal data to them.
Please note that RAILWAY may also disclose your data to a third party if we are required to do so by applicable law, court order or governmental regulation; or if such disclosure is otherwise authorised and necessary in support of any criminal or legal investigation or proceeding in accordance with applicable laws and regulations.
RAILWAY will never share your information with third parties for commercial purposes.
RAILWAY may need to transfer the data submitted by you for the purposes described above to third parties in locations outside the country in which you are physically located. By accepting this Policy, you consent to such data transfer as described in this section.
If RAILWAY may need to transfer your data to a country without an adequate level of protection for your personal data. In this scenario, RAILWAY will provide you with relevant information about this transfer, such as the potential risks involved in making this transfer, and will require you to give your explicit and informed consent
4. RAILWAY’s protection of your personal data
We have taken all reasonable, industry-standard technical and organisational measures to protect your personal data against loss, alteration, theft or access by unauthorised third parties.
We will not sell, share, transfer or use the data we collect from you for purposes other than those purposes stated expressly herein above.
When you share a public address, you are giving data collection firms a means to track your data. SHIELDING prevents this information from being public. You can share your RAILGUN address but it will only ever be seen interacting with the RAILGUN smart contract.
We will delete your personal data where the business purpose for which the data was being collected or processed ceases to apply, or if applicable data protection rules require us to delete such personal data.
The above notwithstanding, RAILWAY will not be liable or responsible for any damage or loss resulting from the improper use or any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data.
7. Any questions?