1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Disclose to Us
During your visit and use of our Website and services, we collect certain data that you provide to us when you fill out opt-in forms, contact forms, and surveys, when you purchase products and/or services, and when you enter your information for giveaways and/or competitions.
The personal information that you provide to us can be your name, email address, location, and occupation. Moreover, if you are purchasing products, then you are also providing us with payment and address information. (However, your payment information is not stored in our system because purchases are processed through payment processors.) Therefore, should you have any questions about payment activities and/or information, contact the specific payment processor directly.
Outside of the European Union (“EU”)
If you are outside of the EU and enter your information to receive a freebie, make a purchase, respond to a survey, register for free training, or participate in a webinar, then we will automatically enroll you to receive our newsletter and updates.
If you do not wish to receive any communications from us, you can opt-out by clicking on the unsubscribe link located at the bottom of the emails.
In the European Union
If you are in the EU and opt to receive a freebie or participate in free training, register for a webinar or live event, or purchase a product, your email address will not be added to the email list to receive our newsletter and updates unless you affirmatively consent to it.
If you change your mind at any point and do not want to receive electronic communication, simply unsubscribe.
If you have trouble unsubscribing by clicking the link at the bottom of the email, simply email us at [email protected] and request to be unsubscribed from future emails.
Visitors’ Rights Under GDPR
As someone who resides in the European Union, you are entitled to exercise certain rights that you are given under the General Data Protection Regulation (GDPR).
Any information or data that you chose to provide us will be kept with Raleigh Rail Ltd until one of these happens: (1) you ask Raleigh Rail Ltd to DELETE the information and/or data; (2) Raleigh Rail Ltd decides to STOP USING the existing data processors, or (3) Raleigh Rail Ltd decides that the cost of retaining the data outweighs the value in retaining it.
As a consumer and/or visitor on our Site who is located in the European Union region, you have the right to request access to your data that Raleigh Rail Ltd collected on you and stores it.
You are within your rights to demand to know exactly what data and information Raleigh Rail Ltd has collected on you. Keep in mind that some parts of this data was provided by you personally, while others were gathered through cookies and pixels.
You have the right to withdraw consent on data that you previously gave us consent to collect and process. The right to withdraw consent applies to any future processing of that data. However, any data that has been collected and processed previously based on valid consent is lawful and not subject to liability based on any legal grounds.
You also have the right to request erasure of your data and all your information from Raleigh Rail Ltd’s data storage. Once you request that your data be erased from Raleigh Rail Ltd’s databases, we have thirty (30) days to comply with your request. If it’s impossible to comply within 30 days, then Raleigh Rail Ltd will respond to the Visitor’s request and let them know about the issue and also give them a reasonable time as to when their request for deletion will be honored.
Aside from rights such as a request to access, request to delete and rectify, an EU user also has the right to place restrictions on the data processing itself. This means a user can limit certain things that Raleigh Rail Ltd can and cannot do with their data. You can choose to limit the transfer of your data to third-party businesses (unless it’s essential for Raleigh Rail Ltd’s basic functions).
You further have the right to file a complaint with a supervisory authority that oversees and handles issues related to the GDPR.
Lastly, it’s Raleigh Rail Ltd’s duty to inform you that we only require information that is reasonably necessary to enter into a contract with you. We do not collect any unnecessary data, and any information we acquire is used for legitimate business purposes such as growing and scaling our business or being able to provide satisfactory customer service to you and other users.
- BRAZILIAN DATA PROTECTION LAW (LGPD)
The Brazilian Data Protection Law or the LGPD, is derived from its Portuguese name. The LGPD is Brazil’s law on online privacy requirements and certain rights and privileges given to data subjects.
Under the LGPD, “processing” is defined as collection, production, reproduction, transmission, receipt, use, classification, filing, storage, control or evaluation of data, deletion, dissemination, extraction, modification, and communication. The LGPD applies to “personal data” that is defined as any information related to an identified or identifiable natural person. Moreover, sensitive data such as political opinion, racial or ethnic origin, religion, health, sex and more as they relate to a natural person.
Under the LGDP, the data subjects are given the following rights relating to their personal data:
- Awareness and confirmation of the existence of data processing;
- Anonymization or pseudonymization or removal of pieces of data that have been collected or processed without compliance with the LGPD;
- Access to personal data;
- Correction of inaccurate data;
- Right to request deletion;
- Right to revocation of consent;
- Right to request disclosure of any third parties with whom personal data is shared;
- Access to the customer policy information and consent revocation terms and conditions.
The data subject has the right to exercise these rights with our business Raleigh Rail Ltd anytime free of charge.
As a business, we can only process personal data if there are any legal basis for processing that data. The LGPD provides approximately ten (10) legal basis for processing data. The ten grounds are:
- The data subject gives express consent to process the data.
- Data processing is necessary to comply with a legal obligation.
- Processing is essential to protect the life or physical safety of the data subject or another third party.
- Necessary to execute a contract or contract related procedures that the data subject is a party of at the request of the data subject.
- Necessary to process to fulfill the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail.
- Necessary to process in order to protect credit (refers to a credit score).
- You need to process to protect the health in relation to activities of health professionals or health entities.
- Necessary to process to carry out studies by research entities that ensure, when possible, the anonymization of personal data.
- Necessary to process to exercise rights in judicial, arbitration and administrative procedures.
- Necessary to process to execute public policies provided in laws or regulations, or those that are based on contracts, policies, agreements or similar binding instruments.