At Network Rail we aim to handle personal information in a fair, accountable and safe way, in line with the GDPR (General Data Protection Regulation) and the UK Data Protection Act 2018.
We will collect adequate and relevant personal information to support our activity, and will make sure the information we hold is accurate and up to date. We won’t keep your information for longer than is necessary and will use appropriate security measures to protect it.
The GDPR provides you, the data subject, with the following rights:
You have the right to be informed about the collection and use of your personal information. Our privacy notice will guide you through what information we collect and how we use it.
You can also download our internal privacy notice below.
You have the right to request access to your personal information, commonly known as a subject access request.
Requests carry no cost unless they are found to be excessive or repetitive. So, we ask that you are specific in what information you wish to access. Our interactive subject access request form will guide you through this. You can also download a printable version below.
If you believe that Network Rail is processing inaccurate information about you please complete our interactive right to rectification form. You can also download a printable version below.
We will take all reasonable steps to satisfy you that the personal information we hold is accurate and to rectify the data if necessary.
Also known as ‘the right to be forgotten’ this right is not absolute and only applies in certain circumstances. If you believe your personal information may be eligible, our interactive right to erasure form will guide you through the process. You can also download a printable version below.
You have the right to request a restriction on how Network Rail processes your personal information.
This right is not absolute and only applies in certain circumstances. If you believe that we are processing your personal information and you would like to restrict this, please write to the data protection officer.
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
There are limited circumstances where this right could be applied within Network Rail systems. Please contact the data protection officer for further information.
You have the right to object to the processing of personal information that you feel falls into the categories of marketing, profiling or scientific/historical research and statistics.
To do so, please contact the data protection officer.
You have the right to not to be subject to a decision based solely on automated processing, including profiling, which you believe could lead to a significant impact to you.
Please contact the data protection officer for further information.
Law enforcement disclosure requests
If you wish to make a request for personal data on behalf of a law enforcement agency, please use the form below and contact the relevant Network Rail function or email the data protection officer.
Data protection officer
1st Floor Willen,