Privacy Policy

The Norfolk Orbital Railway website is managed by the Melton Constable Trust (also referred to as “we” or “our” or “us”) and we are committed to protecting and respecting your privacy.

This policy (and any other documents referred to herein) sets out the basis on which any personal data that we collect from you via our website (https://norfolk-orbital-railway.co.uk) or that you provide to us by other means, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purposes of the Data Protection Act 1998 (the Act), and the General Data Protection Regulations (GDPR), from 25 May 2018, the data controller is the Melton Constable Trust. Our address is The Railway Institute, Melton Constable, Norfolk. NR24 2DA. Telephone 01263 740044 . Email info@norfolk-orbital-railway.co.uk

Information we may collect from you

We may collect and process the following data about you:

  1. Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.
  1. Date of birth and gender.
  1. Financial information, namely your bank details such as account name, number, and sort code. 
  1. To effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
  1. Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers). 
  1. Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website. 
  1. Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer using cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browser’s ‘help’ facility. 
  1. Information that you provide by filling in forms on our Website. This includes information provided at the time subscribing to our “Supporters and Friends” scheme. We may also ask you for information when you enter a competition or promotion sponsored by us and when you report a problem with our Website.
  1. If you contact us, we may keep a record of that correspondence.
  1. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  1. Details of transactions you may carry out through our Website.

Data Collected to Manage Your Membership

At checkout, we will collect your name, email address, username, and password. This information is used to setup your account for our site. If you are redirected to an offsite payment gateway to complete your payment, we may store this information in a temporary session variable to setup your account when you return to our site.

At checkout, we may also collect your billing address and phone number. This information is used to confirm your credit card. The billing address and phone number are saved by our site to prepopulate the checkout form for future purchases and so we can get in touch with you if needed to discuss your order.

At checkout, we may also collect your credit card number, expiration date, and security code. This information is passed to our payment gateway to process your purchase. The last 4 digits of your credit card number and the expiration date are saved by our site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

When logged in, we use cookies to track some of your activity on our site including logins, visits, and page views.

IP addresses and cookies

We may collect information about your device, including where available your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your usage of our Website by using a cookie which is stored on the hard drive of your device. Cookies are used to make our Website work and to deliver a better and more personalised service. They enable us:

  1. To estimate our audience size and usage pattern.
  1. To store information about your preferences, and so allow us to customise our Website according to your individual interests.
  1. To speed up your searches.
  1. To recognise you when you return to our Website.

As our website evolves the cookies we use may change. We will regularly update the cookie information as the need arises. The cookies currently used on our Website are: BIGipServerZebedee and TS01237438. These cookies are set by the hosting company’s server. They are set when you move from the homepage to another page in the site. Both are classed as “strictly necessary” for the functioning of the site, and as such they are exempt from the normal requirement of user consent for the use of cookies.

Neither of the two cookies stores personally identifiable information, and both (as “session cookies”) should be deleted when you close your browser session.

This privacy policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

We may embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your device once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube’s embedding videos information page: https://www.google.com/support/youtube/bin/answer.py?hl=en-GB&answer=171780.

We may display either (or both) of the following widgets:

a. Feed widgets (widgets that display a feed from our social network page). These widgets do not create a cookie.

b. Sharing widgets (widgets such as Facebook Like, Twitter Share or AddThis) which enable you to share content of http:// norfolk-orbital-railway.co.uk to your friends or followers. By default, these do not create a cookie until you have clicked on the graphic or icon representing the sharing network you would like to use. By clicking the graphic or icon you consent to transmitting data to the respective social network.

Please refer to Facebook’s and Twitter’s privacy policy on social plugins, cookies and information sharing:  https://www.facebook.com/about/privacy/your-info-on-other#socialplugin. https://twitter.com/privacy.

Payments 

Our payments are processed using PayPal

Where we store your personal data

As the servers we use are in the United Kingdom, the data that we collect from you is obtained, processed, stored, and transmitted in compliance with data protection legislation. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk. Once we have received your information, we will use the best procedures and security features available to us to try to prevent unauthorised access.

Purpose and legal basis for the processing of your data and retention periods

We use information held about you in the following ways:

  1. To ensure that content from our Website is presented in the most effective manner for you and for your device. 
  1. To provide you with information, products, or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes. 
  1. To carry out our obligations arising from any contracts entered into through our Website, in particular the “Supporters and Friends” scheme and the purchase of merchandise.
  1. To allow you to participate in interactive features of our service, where you have chosen to do so.
  1. To regularly update you about the status and progress of the Norfolk Orbital Railway via Newsletters.

We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these by email, text, post or telephone.

Where we permit our affiliates to use your data, we (or they) will contact you only if you have consented to this.

We will not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 100 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in NR26). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.

Our lawful bases for processing personal data:

  1. Viewing our Website and sending us enquiries – Necessary for the legitimate interests pursued by us in providing the service.
  1. Orders for merchandise from the website – Necessary for the performance of a contract.
  1. Marketing/Newsletters – Consent.

Our retention periods for your personal data:

  1. Operational Database records will be deleted after 24 months of last use, e.g. purchasing merchandise
  1. eMarketing Database records will be deleted after 24 months of last use, e.g. an email being sent.

Disclosure of your information

We may disclose your personal information to third parties:

  1. If we sell or buy any business or assets; in which case, we may disclose your personal data to the prospective seller or buyer of such business or assets.
  1. If we or substantially all our assets are acquired by a third party; in which case, personal data held by us about you as “Supporters and Friends” may be one of the transferred assets.
  1. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, confidential information or safety of our Website, “Supporters and Friends”, affiliates or others, and in particular if we are required to prevent any fraud or fraudulent transactions. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  1. Regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction but only as is necessary for compliance with our legal obligations.

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We operate an optional choice for receiving marketing communications. You can exercise your right to prevent such processing at any time by using the unsubscribe function on a received marketing email or by contacting us at Melton Constable Trust. The Railway Institute, Melton Constable, Norfolk. NR24 2DA. Telephone 01263 740044 or by Emailing info@norfolk-orbital-railway.co.uk

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. A reasonable Subject Access Request (SAR) can be made without a fee being charged. It will be carried out within one month. As part of a SAR, you may request that your personal data is corrected or deleted. The result of a deletion request may be affected by any outstanding orders of any merchandise in progress.

You may withdraw your consent if consent was the lawful basis for processing. If you withdraw consent, we may not be able to assist with any queries you have regarding your “Supporters and Friends” status and it could affect the efficiency in which your “Supporters and Friends”  status is managed.

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exemptions apply.

If you are not satisfied with our response you may contact the UK supervisory authority, the Information Commissioner’s Office, https://ico.org.uk to report your concern. Our registration number with the Information Commissioner’s Office is A8744163

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contact

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to Melton Constable Trust. The Railway Institute, Melton Constable, Norfolk. NR24 2DA. Telephone 01263 740044 . or by Emailing info@norfolk-orbital-railway.co.uk