Privacy Statement

Website Privacy Statement

This Privacy Statement tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

By using this website and by disclosing your data to us, you consent to the collection, storage, processing, use and disclosure of your data as described in this Privacy Statement. If you do not agree with or are not comfortable with any aspect of this Privacy Statement your only remedy is to discontinue to use this website.

WHO WE ARE

We are the Commission for Railway Regulation (“CRR”)  The CRR was formally established on 1st January 2006 in accordance with the provisions of the Railway Safety Act 2005 (as amended). In the context of the Railway Safety Directive (European Directive 2004/49/EC), as reflected in S.I. No.444 of 2013, the CRR is the National Safety Authority for the railway sector in the Republic of Ireland.

Our contact details are set our hereunder:

  • Address : Temple House, Temple Road, Blackrock, Co. Dublin
  • Email:  info@crr.ie
  • Phone:  01-2068110

The CRR is committed to protecting and respecting your privacy.

WHAT INFORMATION IS COLLECTED ABOUT YOU?

The personal information that the CRR collects and holds about you may include the following:

  • Contact information that you have submitted to us through the Contact Form on our website ( www.crr.ie ), or which has been received by us through email, telephone or other communication from you. This information may include:
    • Name
    • Address
    • Email address
    • Phone Number
    • Any other details which you submit to us in your enquiry.
  • Like most websites, when you access our website, your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer.

WHY WE COLLECT THIS INFORMATION

  • In order to carry out its functions, the CRR collects personal data of those who make contact with the CRR through its website, by email, phone or by post.
  • We will process the personal data you submit to us through the Contact Form on our website for the following purposes:
    • To respond to any enquiry or complaint you submit to us and to communicate with you in relation your enquiry or complaint.
    • We may use your data to comply with any legal obligations.
  • Where you have submitted a representation to the CRR by email, phone or by post, the CRR will process your personal data in order to investigate the representation made by you.
  • Where you have submitted a Request for Information to the CRR by email, phone or by post, the CRR will process your personal data in order to respond to your request for information.
  • The CRR collects other information through cookies so that we may enhance the content of our services and improve website navigation.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We fully respect your right to privacy and will only collect or process your personal data where required for one of the following purposes:

  • To Comply with our legal obligations:  Where it is our legal obligation under applicable law (to include the Railway Safety Act 2005 (as amended)) and regulatory requirements to use your personal information in order to comply with legal requirements imposed on us, we will do so.

  • To Perform a task carried out in the public interest : Your personal data will be processed where it is necessary for the performance of a task to be carried out by the CRR in the public interest.

  • Where you have given us your permission: Where you have submitted a query or a representation to the CRR, you are consenting to the CRR processing your personal data in accordance with this Privacy Statement.

    Where we have sought to rely on your consent to process your personal data, which can be withdrawn (in certain circumstances) we will process your enquiry or representation based on the consent which you have provided.

  • To protect your Vital Interests:  Occasionally it may be necessary for the CRR to process personal data in order to protect the vital interests of an individual(s).

  • To run our organisation on a day to day basis, which may include:
    • Compiling and processing your personal data for audit, statistical, reporting or research purposes in order to help us understand railway safety trends and to provide information to assist our regulatory functions.
    • Protect our organisation, reputation, resources and equipment and mange the CRR network systems and information.
    • Provide security and prevent and detect crime using CCTV in the car park at our premises.
  • Legitimate Interests: As a Public Authority, the CRR may rely on legitimate interests in very limited circumstances and only where the processing will fall outside the tasks of the CRR.

    When we rely on legitimate interests as a legal justification for processing your personal data, we must consider whether those legitimate interests are overridden by your interests, fundamental rights and freedoms. We have considered these matters and we believe that our legitimate interests are not overridden by your interests, fundamental rights and freedoms. If this were to change and if we think that there is a risk that one or more of your interests, fundamental rights and freedoms may be affected, then we will not use your personal data unless there is another legal basis for us to do so (for example by obtaining your consent). 

The CRR will only process your personal data for the purposes for which it was originally collected and it will only be processed further for the following purposes:

  • Transferring your personal data to archive
  • Conducting internal audits and investigations
  • Implementing business controls
  • Conducting tactical analysis or research;
  • Preparing for or engaging in dispute resolution
  • Using legal or business consulting services or
  • What Happens if You Do Not Want to Provide us with Your Personal Data:  If you do not want us to process your personal data or if you request (see your rights below) that we stop processing your personal data, then we cannot respond to queries that you raise through our website.

COOKIES

When you visit the CRR’s website, some browsing related information on your device is likely to be recorded in files called “cookies” and stored on your device. Cookies help us to improve the quality of your browsing experience when visiting our website and help us to learn about visitor patterns and behaviours on our website. This information is then used to continually improve and develop our website. Some cookies used are essential for the operation of the website. For more information please see our Cookie Policy.

DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

  • In order to consider and reply to your enquiry, your personal data may be shared with members/employees of the CRR and statutory /regulatory bodies

  • Where you have made a representation to the CRR your personal data may be shared with members/employees of the CRR and statutory /regulatory bodies

  • Where you have made a request for information to the CRR, your personal data may be shared with members/employees of the CRR and statutory /regulatory bodies

  • Your personal data may also be disclosed to our IT, cloud and email service providers.

  • Where the CRR discloses your personal data to third parties we ensure where necessary that we have an appropriate contract in place that will protect your personal information and complies with our data protection obligations.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR

The CRR will retain your information only for as long as necessary in the context of the relevant purposes described in this Privacy Statement. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will also retain your personal data to comply with statutory retention periods.

SECURITY OF YOUR PERSONAL DATA

The CRR is committed to protecting the security of your personal data. Your personal data is held on secure servers hosted by our IT service providers in Ireland.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted on our website. Any submission of personal data is at your own risk.

LINKS TO OTHER WEBSITES

  • As a resource to visitors of the CRR website, the CRR provides links to other websites. The CRR is not involved in any way in operating the third party web and has no liability or responsibility for the content of these third party web sites.
  • The CRR does not endorse, sponsor, recommend or make any representations, warranties or undertakings about any of the information contained on such third party web sites (including without limitation, their accuracy, their completeness, non-infringement of proprietary or intellectual property rights) or that such third party web sites or the servers on which they are hosted are free from computer viruses or other harmful programs or software.

  • The CRR does not take responsibility for the data policies, procedures, terms and conditions or the content of such linked web sites and in particular the CRR is not responsible for non-compliance by the web site users of any such data policies, procedures or terms and conditions.

YOUR RIGHTS

As an individual under EU law you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below:

  1. The right to access data relating to you.
  2. The right to rectify/correct data relating to you.
  3. The right to object to processing of data relating to you.
  4. The right to restrict the processing of data relating to you.
  5. The right to erase/delete data relating to you.
  6. The right to port certain data relating to you from one organisation to another.
  7. The right to withdraw your consent to the use of your data.
  8. The right to lodge a complaint with the Data Protection Commission and you can do so by mail to info@dataprotection.ie or by phone on (076) 1104800.

These rights will not apply in certain circumstances, for example, where exemptions are applicable.

CONTACT US

If you wish to contact us with regard to any of the rights set out above please email us at info@crr.ie or on 01-2068110.

CHANGES TO THIS PRIVACY STATEMENT

We reserve our right to change this Privacy Statement from time to time. If changes are made they will be posted on the CRR website (www.CRR.ie) Dated: 25 th May 2018