1. The Personal Information TFR Collects
The personal information that we collect will depend on how you are using our services:
- To enable your access to our services, we may collect personal information concerning your personal or your company’s internet protocol address or other authentication methods.
- In connection with the Contact Form, we collect your name and surname, telephone number, email address, and the message to the recipient.
- In connection with the customer interaction centre, we collect your email address and any other personal information you may provide.
- In connection with your creation of a Rail On-line account, we collect your identity number, name and surname, contact details (telephone number, cell phone number, fax number and email address) company information, postal address, username and password, account number, as well as other information you may provide.
- We may collect certain non-personal information, such as the type of browser you are using (e.g. Google Chrome, Internet Explorer etc.), the type of operating system you are using (e.g. Windows, Mac), and the domain name of your internet service provider.
- We may collect personal information through correspondence you send to us through optional surveys and in connection with statements you may post on any TFR-related page on social media networking sites (e.g. Facebook, Twitter etc.)
- We don’t knowingly collect personal information from anyone under the age of 18. If it is discovered that we have collected personal information from someone under the age of 18, we shall promptly de-identify that information.
2. Data Integrity and Use of Personal Information
We use the personal information collected in ways that are compatible with the purposes for which it was intended to be used: to enable your use of our services; to respond to your inquiries; for system administration, customer support, and troubleshooting purposes; for new services announcements and service updates; for service announcements; for sending newsletters; to improve the design of our website; to enable us to enforce our disclaimer; and in aggregate form, to track and analyse site usage.
Further, we may use your photograph, name and surname, any comment and affiliation in conference presentations, newsletters, and marketing and announcement materials where we have obtained your permission. We shall take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. If you wish to opt out of our use of your personal information, see the "Your Consent; Opting Out" section below.
3. Use of Cookies and Behavioural Targeting
We make use of "cookie" technology. Cookies are small pieces of text that are stored on your computer and act as a tool for controlling certain system variables and storing system configuration information in the world-wide web environment. We use cookies to store user preferences for viewing and printing, regional and geographical information connected to an IP address, and to store authentication information.
We do not use cookies to identify what other sites you have visited, however, we do use certain tools to understand the flow of traffic to and from our website. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. Third party service providers may use cookies to make it easier for you to navigate our site, but those cookies are not covered by our Statement. We do not have access or control over these cookies, if used. Different cookies serve different purposes. While some cookies are used to control basic functions of the site, some cookies store basic user information in certain ways. Some cookies that are essential to your use of our website have already been set. You may delete and block all cookies from the site, but certain sites may not work without cookies.
TFR uses the following types of cookies:
Authentication and Security |
These cookies are used when a user is seeking to access content or create or log into a user account. The cookies are also used to prevent fraudulent use of login credentials and ensure security of user data. These cookies contain information regarding the user's institution through which the user has access and/or the user's IP address including regional geographic information connected to such IP address. |
Preferences |
These cookies contain information concerning features of our website to allow users to customise the way they interact with such site. For example, when a user account has an option to save the user's login information for future use as well as other dynamic website features. |
Analytics with Third Party Cookies |
These cookies are used to collect information about how users interact with the TFR website. This information is also used to compile reports to assist us to improve the website, including reports on the number of visitors to the site, where the visitors have come from, and what pages the users visit on the site. Third party cookies may also be used to assist users with support and diagnose identified issues with our website. |
4. Other Tracking Technologies and Automated-Decision Making Practices
As with most websites, we gather certain information automatically and stores it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We link this automatically collected data to other personal information we collect about you.
Through this Statement, we will notify individuals of any automated-decision making practices we may engage in regarding personal information, including the logic involved, and the significance of the decision as well as the consequences for you. We also will ensure that you may opt out of such automated-decision making practices.
5. Widgets
Our website includes Social Media Features, such as access to our Facebook page, LinkedIn, Twitter, YouTube etc. and widgets such as the Email This Page button or interactive mini-programs that run on our website ("Features"). These Features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the Features to function properly. Features are either hosted by a third party or hosted directly on our site. Your interactions with these Features are governed by the Privacy Policy/Statement of the company providing the relevant Feature.
6. Onward Transfer of Information
We may work with other organisations that provide specific services for us, such as banking. We shall provide only the personal information necessary for the third party to provide these services for us. These organisations may not use personal information except for the purpose of providing these services.
We may also transfer personal information to third parties, including third parties located internationally, such as other rail companies who can better assist with your inquiries, to facilitate order fulfilment, and to enable them to inform users of services provided by us and/or the third parties' products and services that may be of interest. We require that these parties agree to process such information based on our instructions and in compliance with this Statement, and any other appropriate security measures. In addition, when transferring personal information that is subject to the GDPR, we require a GDPR-approved transfer mechanism to be in place, such as Binding Corporate Rules or Privacy Shield Certification.
We do not sell or share personal information about the rail service history of our customers, except as set forth above and in the following circumstances:
• In certain situations, we may be required to disclose personal information in response to lawful requests made by public authorities, including to
meet national security or law enforcement requirements. If required to do so by law;or if we believe in good faith that such action is necessary to
or if we believe in good faith that such action is necessary to comply with the law or a legal proceeding; or to protect against violations of our
Disclaimer;or to protect and defend our rights and property of rights holders whose content is made available through our website; or with service
providers with whom we have entered into agreements to assist us with our business operations; such personal information may be disclosed.
• If we are involved in a merger, acquisition, or sale of all or a significant portion of its assets, you will be notified via email and/or a prominent notice
on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal
information.
In addition, we may share general usage data in aggregated form so that no personal information is identifiable to participating institutions, content providers, researchers, and the general public. We shall provide you with all of your retained personal information provided at registration (where applicable) on request.
7. Your Consent; Opting Out
By using our services, you consent to the collection and use, in accordance with this Statement, of the information you provide to us. We shall remove you and your personal information from our records or refrain from using your personal information in connection with certain services on request if you contact us with your requests by utilising the Contact Us mechanisms on our website. Please note that this may prevent you from accessing our services if we require this information in order to perform in terms of our agreement/s we have with you.
You may choose to stop receiving any of our communications or marketing emails by utilising the Contact Us mechanisms on our website.
8. Security
We protect your personal information from unauthorised access and disclosure through the use of account numbers, passwords, physical security measures, and managerial measures. We nonetheless recognise that third parties may obtain access to information through unlawful actions, and thus do not promise that your information will always remain private, despite our best efforts and the importance we place on maintaining your privacy. In addition, we do not claim any responsibility for information collected by or from website or mobile applications linking to or from our website or mobile applications.
In the event that we discover or are notified of a security breach where personal information is at risk, we will notify you electronically if we have your email address. If you do not wish to be notified via email in the event of a breach, please contact us by utilising the contact mechanisms on our website.
9. Access, Erasure, and Correction
Upon request, we shall provide you with information about whether we hold any of your personal information. If you would like to review, delete or update your information, you may contact us utilising the Contact Us mechanisms on our website. We shall permit you to correct, amend, or delete information that is demonstrated to be inaccurate. We shall respond to your request within a reasonable timeframe. Please note, because of the way we maintain certain services, after you delete or amend your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.
You will need to provide sufficient identifying information, such as your name and email address and possible additional identifying information as a security precaution.
10. Data Retention
We will retain your personal information for as long as your account is active, or as needed to provide you with our services, or required by law. If you wish to cancel your account or request that we no longer use your personal information to provide you with services, contact us by utilising the Contact Us mechanisms on our website. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11. Enforcement and Dispute Resolution
We engage in periodic self-assessment to ensure compliance with this Statement. We verify that the Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and where applicable, in conformity with the GDPR and POPIA. We encourage interested persons to raise any concerns with us utilising the contact mechanisms on our website. We shall investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Statement.
If you have an unresolved privacy or data concern that we have not addressed satisfactorily, European Union data subjects may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Information on how to file such a complaint is available here:
For South African data subjects, information on how to file a complaint in relation to POPIA, or to contact the Information Regulator, is available here: http://www.justice.gov.za/inforeg/.
12. Notification of Privacy Statement Changes
We may update this Statement to reflect changes to our information practices. If we make any change in how we use your personal information, we shall notify you by way of a communication on our website. We encourage you to periodically review this Statement for the latest information on our privacy practices.
13. Contact us
If you have any inquiries about this Statement or its implementation, you may contact us by utilising the Contact Us mechanisms on our website.