Austria
Hungary
Bosnia-Herzegovina
Bulgaria
China
Germany
Greece
Italy
Croatia
The Netherlands
Poland
Romania
Russia
Serbia
Slovakia
Slovenia
Czech Republic
Turkey
1. General
The Rail Cargo Group (“RCG” or “we”) – Rail Cargo Austria AG, 1100 Vienna, Am Hauptbahnhof 2, FN 248731g and its subsidiaries – takes the protection of your personal data and the processing of this data in compliance with data protection regulations very seriously. In this data privacy statement, we explain how we as the data controller collect, potentially pass on and use personal data about you and how you can exercise your rights as a data subject.
1.1 If you have any questions regarding the use of your personal data by us, please contact us via our data protection officer at datenschutz@railcargo.com or by post to “Rail Cargo Austria AG, Legal Affairs, Attn: Data Protection Officer, Am Hauptbahnhof 2, 1100 Vienna”.
2. Types of personal data and purposes of processing
2.1 Personal data which you provided to us on a voluntary basis
Types of personal data
Contact details
such as title, including academic and/or professional title(s), name, address, telephone number, e-mail-address, function, relevant company/authority, department
Purpose of collection
- to answer, respectively to process, any of your notifications, complaints or service requests or notifications of lost cargo, which you have sent to us
- to provide you with important information, e.g. new products
- to invite you to any of our events, e.g. public events, exibitions
- to organise any of our events
- to invite you to participate in raffles
- to conduct customer and other surveys on a voluntary basis
Legal Basis
- Legitimate interest according to Art 6 (1) (f) GDPR
Customer details,
which you have provided to us or which We require for the invoicing of our services, such as title, including academic and/or professional title(s), name, address, telephone number, e-mail-address, name of the company of the contact person specified by the customer, customer number, order data and data relating to the use of services, payment details of the customer
- to initiate and manage a business relationship
- to invoice our services
- to invite you to customer events
- to provide you with important information about our services
- Pre-contractual measures or fulfilment of the contract according to Art 6 (1) (b) GDPR
- Legitimate interest according to Art 6 (1) (f) GDPR
Supplier details,
which you have provided to us as our contract partner in the course of the procurement process and the management of the contractual relationship, such as title, including academic and/or professional title(s), name, address, telephone number, e-mail-address, name of the company of the contact person specified by the supplier, payment details of the supplier
- to initiate and manage a business relationship.
- Pre-contractual measures or fulfilment of the contract according to Art 6 (1) (b) GDPR
- Legitimate interest according to Art 6 (1) (f) GDPR
2.1.1 If we require any further personal data, we will inform you accordingly about the types and respective purposes of processing upon collection of such data
2.2 Personal data which we collect automatically, cookies and similar technolog
2.2.1 Please refer to our terms of use for our website regarding personal data, which we may collect in the course of your visit of our website or the use of cookies and similar technology.
2.2.2 The systems made available to your customers and business partners by RCG record system and application logs to the extent customary and only for the performance of any error analysis. Relevant personal data include the IP-address and, depending on the used system, the user’s browser, if applicable. The legal basis for the processing of such personal data is RCG’s legitimate interest in ensuring network and data security as well as the functioning of the systems which is not overridden by the interests or any fundamental rights and freedoms of the data subject (Art 6 para 1 lit f General Data Protection Regulation (“GDPR”).
2.3 Personal data obtained from external sources
2.3.1 From time to time, We may obtain personal data from external sources (such as personal data from publicly available registers, e.g. the business or land register, from any information published on your company’s or organisation’s website, or if you contact one of ÖBB’s group companies with any request/complaint forwarded to us by the respective group company). In this regard We will review whether such third parties have obtained your consent or are lawfully entitled or legally required to disclose any such personal data.
2.3.2 The types of personal data collected by us include personal data disclosed in public registers or your contact details obtained from other publicly available sources such as company websites. We will use the personal data received from such third parties for the following purposes:
- to maintain and improve the accuracy of our records of your personal data,
- to process any request/complaint relating to us.
3. Recipients of personal data
3.1 We may disclose personal data relating to you to the following categories of recipients:
3.1.1 to other group companies, processors and business partners performing data processing services on behalf of RCG or processing personal data in any other manner in connection with the purposes specified in this privacy notice, or any purposes notified to you at the time We collect your personal data. ÖBB-Business Competence Center GmbH, Erdberger Lände 40-48, 1030 Vienna, business register number FN 248730 f, a group company of ÖBB, is our main processor for IT-technology related services (e.g. operation of IT-systems, technical maintenance and troubleshooting). A list of the most important ÖBB group companies is provided under konzern.oebb.at/en/about-the-group/organization
3.1.2 to a competent enforcement authority, supervisory authority or public authority, a court or any other third party if the disclosure is required due (i) to applicable legal provisions, (ii) to exercise, protect or defend our legal rights, or (iii) to protect your or a third party’s material interests;
3.1.3 to a potential buyer (and its representatives and advisors) in connection with the intended acquisition, merger or takeover of our company (or a part thereof) subject to our notification of the purchaser that it shall only use your personal data in accordance with the purposes specified in this privacy notice.
3.1.4 to any other third party subject to your consent.
4. Legal basis for the processing of personal data
4.1 The legal basis for collecting and processing personal data depends on the specific context in which we collect it.
4.2 As a rule, we will only process your personal data if we have your consent to do so (Article 6 (1) (a) GDPR), if we need the personal data to fulfil a contract with you (Article 6 (1) (b) GDPR) or if we have a legitimate interest in processing it that is not overridden by your data protection interests or fundamental rights and freedoms (Article 6 (1) (f) GDPR). In some cases, it may be necessary to process your personal data in order to fulfil a legal obligation to which we are bound (Article 6 (1) (c) GDPR), such as statutory retention obligations. A more detailed description of which data will be processed for which purpose and on which legal basis can be found in the table under point 2.1 of this Data Privacy Statement.
4.3 If we process your personal data on the basis of other legitimate interests not mentioned above (or those of a third party), we will inform you of these legitimate interests at the appropriate time.
5. Retention of personal data
5.1 We will store the personal “contact data” referred to in point 2.1 for as long as this is required and necessary to fulfil the purposes mentioned there.
5.2 We will store the personal “customer data” referred to in point 2.1 for as long as this is necessary for providing our service and performing our pre-contractual measures, for as long as RCA has a legitimate interest or for as long as this is necessary for the pursuit or defence of legal claims or for the fulfilment of statutory retention obligations.
5.3 We will store the personal “supplier data” referred to in point 2.1 for as long as this is necessary for providing our service and performing our pre-contractual measures or for as long as this is necessary for the pursuit or defence of legal claims or for the fulfilment of statutory retention obligations.
5.4 Once there are no legitimate purposes for the further storage of personal data, it will either be deleted or anonymised. If this is not possible (because your personal data has been stored in backup archives, for example), we will store your personal data securely and not make it accessible for further processing until deletion is possible.
6. Rights of data subjects
6.1 In accordance with the statutory provisions, you have the right to be informed about the data concerning you, have it rectified or erased, restrict its processing or object to its processing, to have it provided on a portable data carrier and to lodge a complaint with a supervisory authority. The data protection authority responsible for this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, which you can contact at +43 1 52152 0 or by e-mail at dsb@dsb.gv.at.
6.2 If we process your personal data on the basis of your consent, you may withdraw your consent at any time. The withdrawal of your consent will have no effect on the lawfulness of the processing prior to your withdrawal.
6.3 If personal data is processed for direct marketing purposes not based on your consent, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
6.4 To exercise these rights, please write to us at datenschutz@railcargo.com or by post to “Rail Cargo Austria AG, Legal Affairs Attn Data Protection Officer, Am Hauptbahnhof 2, 1100 Wien”. We will check your enquiry and respond accordingly.
6.5 You may also unsubscribe from any marketing communications that we send you. To do so, please click on the unsubscribe link in the marketing e-mails that we send you or unsubscribe from this mailing list by sending an e-mail to the e-mail address provided in the respective marketing e-mail. To unsubscribe from other types of marketing communication (e.g., by post or telephone), please contact us by post at “Rail Cargo Austria AG, Legal Affairs Attn Data Protection Officer, Am Hauptbahnhof 2, 1100 Vienna”.
7. Amendments of this Data protection declaration
7.1 We may update this Data protection declaration from time to time in light of legal, technical or business developments. Whenever we update our Data protection declaration, we will take appropriate measures to inform you depending on the importance of the changes made. We will obtain your consent for any substantial change we make to the Data protection declaration if and to the extent required by applicable data protection laws.