Privacy Policy

Last Updated: July 2022

Introduction

SilverRail Technologies Inc. (“SilverRail” or “we,” “our” and “us”) is committed to protecting and securing any personal information you give us. SilverRail facilitates the planning and booking of travel via rail. This Privacy Policy relates to our processing of any personal information we collect from you via our online services, including our Website, or give us in any other way (the “Services”).

Please review this Privacy Policy in full to ensure you are completely informed of how your personal information is handled. If you have any questions or concerns about our use of your personal information, then please contact us via the details in the “Contact Us” section at the bottom of this policy.

External links

If any part of this website links you to other websites, those websites do not operate under this Privacy Policy. We recommend you examine the privacy statements posted on those other websites to understand their procedures for collecting, using, and disclosing personal information.

What personal information do we collect and why?

The personal information that we may collect about you broadly falls into the following categories:

Information that you provide directly to us

We may ask you to provide personal information directly to us. For example, we may ask you to provide your contact details such as full name, telephone number and email address in order to:

– provide the services and information you request;

– subscribe you to our marketing communications or newsletters; and/or

– submit enquiries to us.

You may also be required to provide additional information if you participate in a survey or questionnaire.

Your personal information may also be linked to Cookies to enable the proper operation of our Online Services and collect information on how you used our Online Services.

Cookies and other technologies

Cookies are small data text files and can be stored on your computer’s hard drive (if your web browser permits). This website uses cookies for the following general purposes:

– To help us recognise your browser as a previous visitor and save and remember any preferences that may have been set while your browser was visiting our site.

– To help measure and research the effectiveness of website features and offerings, advertisements, and email communications (by determining which emails you open and act upon).

The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

This site may also use web beacons (also known as clear gifs, pixel tags or Web bugs), which are tiny graphics with a unique identifier, similar in function to cookies, that are placed in the code of a web page. We use web beacons to monitor the traffic patterns of users from one page within our sites to another, to deliver or communicate with cookies, to understand whether you have come to our site from an online advertisement displayed on a third-party website, and to improve site performance. We also may allow our service providers to use web beacons to track the visitor traffic and actions on our site. This helps us measure the effectiveness of our content and other offerings.

If you have any questions about our use of cookies or other technologies, please contact us by emailing at marketing@silverrailtech.com.

Who do we share your personal information with?

We may disclose your personal information to the following categories of recipients:

Third party services providers who provide data processing services to us (for example, to support the delivery of; provide functionality on; or help to enhance the security of our Online Services), or who otherwise process personal information for purposes such as credit card processing, business analytics, customer service, marketing, distribution of surveys or sweepstakes programs, to facilitate the delivery of online advertising tailored to your interests and fraud prevention. Where third-party service providers have access to data they will only collect information as needed to perform their functions. They are not permitted to share or use the information for any other purpose.

Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your interests or those of any other person;

When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company or this website, our customers, or others; and in connection with our Terms of Service and other agreements;

In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy. In the case of any acquisition, we will inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy; or

Any other person with your consent to the disclosure.

We are not able to list every specific recipient in this Privacy Policy due to the volume of recipients and frequency of changes to this information. The categories of recipients are explained in more detail in the sub paragraphs of this section above, for example, travel suppliers such as hotels, airlines, car rental companies and activity providers, who enable us to fulfil your booking. If you have any questions about third-party data sharing, please contact us at the information provided at the bottom of this Privacy Policy.

We also may share aggregate or anonymous information with third parties, including advertisers and investors. This information does not contain any personal information and is used to develop content and services we hope you will find of interest.

How do we use your information?

We use the information we collect to fulfil the transactions that you make or request; provide you with information you request; verify your identity for fraud prevention purpose; communicate with you in general; provide customer services related to your request; administer and operate our Services; measure interest in and improve our products, services, and website functionality; otherwise customise your experience with this website; obtain information from you, including through feedback you give or surveys you complete; carry out statistical analysis about the use of our website and the services we offer to improve each aspect of what we do; protect our rights as a company including our intellectual property, for example; resolve disputes or troubleshoot problems; prevent potentially prohibited or illegal activities; and enforce our Terms of Use and other agreements as otherwise described to you at the point of collection.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at the information provided at the bottom of this Privacy Policy.

How do we protect your personal information?

We want you to feel confident about using our Online Services to make travel arrangements, and we are committed to protecting the information we collect. While no Online Services can guarantee absolute security, we have implemented appropriate technical and organisational measures to protect the personal information that we collect and process about you. For example, we use encryption when transmitting your sensitive personal information between your system and ours, and we employ firewalls and intrusion detection systems to help prevent unauthorised persons from gaining access to your information. In addition, only authorised employees are permitted to access personal information, and they may only do so for permitted business functions.

International data transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident and outside of the EEA. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, the servers of our Online Services are located in the US, and our group companies and third party service providers operate around the world. This means that when we collect your personal information we may process it in any of these countries.

We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy when transferred outside of the EEA. Any data transfers between our group companies are governed by our intergroup agreement which incorporates strict data transfer terms approved by the European Commission (known as Standard Contractual Clauses) and requires all group companies to protect the personal information they process from the EEA in accordance with European Union data protection law.

We ensure that any of our third party service providers to whom a data transfer is made has appropriate safeguards in place to protection your personal information. The adequacy mechanism may be (i) adequate country status, i.e., based in a country that the European Commission has deemed “adequate” since its data protection standards are similar to the European Union; (ii) Standard Contractual Clauses; or (iii) the EU-US and Swiss-US Privacy Shield.

We will only process personal information in ways that are compatible with the purposes outlined above in this Privacy Policy (or those you later authorize). Before using your personal information for materially different purposes or disclosing it to independent third parties, we will provide you with the opportunity to opt out. Further choices and means you have for limiting the use and disclosure of your personal information are set out in the “Your information rights” section below.

As explained in this Privacy Policy, we may provide your personal information to third parties who perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third party agent or service provider and they process your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain liable under the Privacy Shield unless we can prove we are not responsible for the event giving rise to the damage.

Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

You may have the right to access personal information that we hold about you and request that we correct, amend or delete it if it is inaccurate or processed in violation of the Privacy Shields.

If you have any inquiries or complaints about our handling of your personal information under the Privacy Shields, you should first contact us at privacy@silverrailtech.com and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner in the resolution of any Privacy Shield complaints. Individuals may also have the opportunity under certain conditions to invoke binding arbitration for complaints regarding the Privacy Shield not resolved by the above mechanisms. See here for additional information about binding arbitration.

For purposes of enforcing compliance with the Privacy Shield frameworks, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission.

Data Retention

We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise the data or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

We will anonymise or aggregate your data if we intend to use it for analytical purposes or trend analysis over longer periods.

Your information rights

You can access, update and review your personal information. If you make such a request, we are entitled to request appropriate identification before servicing such a request.

To delete your personal information, please contact us at the information in the “Contact Us” section at bottom of this Privacy Policy.

You may receive communications from us related to our Services, including service announcements, administrative messages and surveys relating either to your experience or transactions on this Site, without offering you the opportunity to opt out of receiving them.

You have the right to opt-out of marketing communications we send you at any time.You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. We reserve the right to email you with respect to important notices, even if you have requested not to receive emails from us.

Please also note that we may retain certain information associated with you, including for analytical purposes as well as for record-keeping integrity.

Your data protection rights (for EEA residents)

If you are a resident of the European Economic Area, you additionally have the following data protection rights:

If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us through the information found in the “Contact Us” section at bottom of this Privacy Policy.

If you request access to your personal information, we will confirm whether we hold your information and provide you with a copy, explaining how we process it and why, how long we store it for and your rights associated with it.

If you request deletion of your personal information, we will erase it. Please do note that we will need to retain any information that we require to fulfil our legal obligations or to establish, exercise or defend a legal claim.

You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us through the information found in the “Contact Us” section at bottom of this Privacy Policy.

Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time.Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here).

Please submit your request to us is through information in the “Contact Us” section at bottom of this Privacy Policy.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Children’s Privacy

This is a general audience site and does not offer services directed to children. Should a child whom we know to be under 13 send personal information to us, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personal information.

Changes to This Notice and How to Contact Us

Updates to this Privacy Policy

Changes to this Privacy Policy will be made when required in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

If you have any questions about changes to this Privacy Policy, please contact us through the Customer Services Portal or the contact details found below.

How you can contact us

If you have questions about this Privacy Policy, please contact us by emailing privacy@silverrailtech.com.

Train