1. Introduction

Rail Shine Ltd is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights under UK data protection law.

We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

• Company Name: Rail Shine Ltd
  

• Company Number: 16192614
  

• Registered Address: 15 Southbourne Road, Lymington, England, SO41 9JB
  

• Email Contact: j.hayward@railshine.co.uk
  

• Data Protection Lead: Jack Hayward
  

We act as a data controller, meaning we determine how and why your data is processed.

3. What Personal Data We Collect

We may collect and process the following categories of personal information:

a) From Website Visitors

• Name, email address, and contact number (if submitted via contact form)
  

• IP address, browser type, and website usage data (via analytics tools)

b) From Customers and Clients

• Business name, contact details, billing and invoicing information
  

• Site access documentation (e.g. for industrial cleaning access control)
  

• Communication records (e.g. emails, phone calls)

c) From Suppliers and Contractors

• Name, company contact info, payment details
  

• Performance and compliance records (e.g. adherence to site safety rules)

4. How We Use Your Data

We use personal data for the following purposes:

• To respond to enquiries and provide requested services
  

• To manage contracts and deliver industrial cleaning services
  

• To issue invoices, manage payments, and meet financial obligations
  

• To maintain site safety logs and access records (if applicable)
  

• To improve our services and monitor website usage
  

• To meet legal or regulatory obligations
  

We do not use your data for profiling or automated decision-making.

5. Our Lawful Basis for Processing

We only process personal data where we have a lawful basis to do so:

• Contractual necessity – e.g. fulfilling service agreements
  

• Legal obligation – e.g. tax and accounting compliance
  

• Legitimate interests – e.g. responding to enquiries, improving services
  

• Consent – where required, such as for marketing (opt-in only)

6. How Long We Keep Your Data

We keep personal data only as long as necessary. Typical retention periods:

• Enquiries with no further engagement: 12 months
  

• Customer records: 7 years (for financial/tax purposes)
  

• Supplier/contractor records: 7 years
  

• Access logs or incident records: as required by law or contract
  

Full details are available in our Data Retention Schedule (on request).

7. Sharing Your Data

We do not sell your data.

We may share your data with trusted third parties where necessary, such as:

• Professional services (e.g. accountants, legal advisors)
  

• IT and cloud service providers (e.g. Google Workspace, 1Password)
  

• Site access platforms (e.g. Sentinel) for compliance and security
  

• Law enforcement or regulators if required by law
  

All third parties are subject to appropriate data processing agreements.

8. International Transfers

We primarily store data within the UK or EEA. If data is transferred outside the UK/EEA (e.g. Google services), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses
  

• Provider participation in international compliance frameworks (e.g. EU–US Data Privacy Framework)

9. Your Rights

Under the UK GDPR, you have the right to:

• Access – request a copy of your data
  

• Rectification – correct inaccuracies
  

• Erasure – request deletion where appropriate
  

• Restriction – limit how your data is used
  

• Portability – transfer your data to another provider
  

• Object – to certain types of processing
  

• Complain – to the Information Commissioner’s Office (ICO)
  

To exercise your rights, contact us at j.hayward@railshine.co.uk.

10. Cookies and Analytics

We use basic website analytics (e.g. Google Analytics) to understand how our site is used. These tools may collect:

• IP addresses
  

• Browser/device info
  

• Pages visited and time spent on site
  

You can control cookies through your browser settings. We do not use advertising cookies or tracking pixels.

11. Data Security

We take your data seriously and implement strong technical and organisational controls, including:

• Two-factor authentication for all admin systems
  

• VPN usage and device encryption
  

• Secure password management via 1Password
  

• Access control and audit logs
  

Details are available in our internal IT Security and GDPR Policy documents.

12. Changes to This Policy

We may update this Privacy Policy from time to time. You can find the latest version on our website or request a copy at any time.

13. Contact Us

If you have questions, concerns, or want to exercise your data rights, please contact:

Jack Hayward
Data Protection Lead
📧 j.hayward@railshine.co.uk
📞 07832 138 268

If you're unhappy with how we handle your data, you can also lodge a complaint with the ICO at https://ico.org.uk.