Last modified: 23 Oct 2024
Privacy Policy for the Website
Below we explain how we handle your personal data when you visit our website.
Details of the person responsible
The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR) and United Kingdom General Data Protection Regulation (UK GDPR), is
Beacon Rail Leasing Limited
4 Matthew Parker Street
SW1H 9NP London
United Kingdom
Telephone: +44 (0)20 3983 0898 / 0895
Email: rail@beaconrail.com
Details of the data protection officer (DPO)
We have appointed a data protection officer:
c/o activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Potsdamer Straße 3, 80802 Munich Germany
+49 89 919294-900
beacon-uk@activemind.legal
- Rights of data subjects
Your rights as a data subject
You can exercise the following rights at any time using the contact details provided:
- Information about your data stored by us and its processing activity (Art. 15 GDPR),
- Rectification of inaccurate personal data (Art. 16 GDPR),
- Deletion of your data stored by us (Art. 17 GDPR),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Objection to the processing activity of your data with us (Art. 21 GDPR) and
- Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future. You can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority in the federal state of your place of residence or with the authority responsible for us as the controller.
You can find a list of supervisory authorities (for the non-public sector) with addresses at: www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
For the UK the Information Commissioner´s Office is the relevant supervisory authority: https://ico.org.uk/make-a-complaint/
- Processing activities on the website
Making contact
Type and purpose of processing activity:
It is also possible to contact us via the email addresses provided. In this case, the user’s personal data transmitted with the email will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.
You can also contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call.
Regardless of the type of communication selected, we collect the content of your enquiry. Your data will be stored for the purpose of personalised communication with you.
Legal basis:
The processing activity of the data entered in the contact form is based on a legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest in the processing activity of your data is to enable you to contact us in an uncomplicated manner.
If you contact us to request a quote, the data entered in the contact form will be processed for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR).
Recipients:
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our website.
Third country transfer:
The data collected may be transferred to the following third countries:
Beacon subsidiaries sitting in the European Union (EU) or the European Economic Area (EEA) in order for the relevant subsidiary to process your enquiry further.
The following data protection guarantees are in place:
Adequacy decision
Storage duration:
Data will be deleted no later than 6 months after the enquiry has been processed.
If there is a contractual relationship, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.
Provision prescribed or required:
The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with the required data and the reason for the enquiry.
Objection:
Please read the information on your right to object in accordance with Art. 21 GDPR below.
Server log files
Collection of general information when visiting our website
Type and purpose of processing activity:
When you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.
They are processed for the following purposes in particular:
– Ensuring a smooth connection to the website
– Ensuring the smooth use of our website
– Ensuring and evaluating system security and stability, in particular for the detection of misuse
– Ensuring the technically error-free presentation and optimisation of our website
We do not use your data to draw conclusions about your person. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
Legal basis and legitimate interest:
The processing activity is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and detecting misuse.
Recipients:
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our website.
Storage period:
Data is stored in server log files in a form that enables the identification of the data subjects for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).
In the event of such an incident, server log files are stored until the security-relevant incident has been eliminated and fully clarified
.
Provision prescribed or required:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.
Objection:
Please read the information on your right to object in accordance with Art. 21 GDPR below.
Cookies
A cookie is a small data record that is created when you visit a website and is temporarily stored on the website user’s system. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server.
The server can analyse the information received through this process. In particular, cookies can make it easier to navigate a website.
Deleting cookies:
You can delete individual cookies or the entire cookie inventory. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:
– Mozilla Firefox: support.mozilla.org/en/kb/cookies-loeschen-daten-vonwebsites-entfernen
– Internet Explorer: support.microsoft.com/en-de/help/17442/windows-internet-explorer-delete-manage-cookies
– Google Chrome: support.google.com/accounts/answer/61416?hl=en
– Opera: www.opera.com/de/help
– Safari: support.apple.com/kb/PH17191?locale=en_DE&viewlocale=en_DE
In addition, you can prevent the loading of so-called scripts by default. NoScript only allows JavaScript, Java and other plugins to be executed on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox: addons.mozilla.org/en/firefox/addon/noscript/).
Technically necessary cookies
Nature and purpose of the processing activity:
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.
We require cookies for the following applications:
– Consent Management
An overview of the cookies used can be found below.
_ga_* | .beaconrail.com | Google Analytics sets this cookie to store and count page views. | 1 year 1 month 4 days. | Analytics |
_ga | .beaconrail.com | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 1 year 1 month 4 days. | Analytics |
__cf_bm | .vimeo.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | Necessary |
_cfuvid | .vimeo.com | Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services | session | Necessary |
Legal basis and legitimate interest:
In this respect, data processing is carried out solely on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent in accordance with Art. 6 (1) (f) GDPR.
Recipients:
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our website.
We use a consent management tool to obtain, manage and document your consent in accordance with the law. Further information on the processing of our consent management tool can be found here: [https://www.cookieyes.com/]
Storage period:
The data will be deleted after 365 days.
Provision required or necessary:
The provision of the aforementioned personal data is neither required by law nor by contract. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.
Objection:
Please read the information on your right to object in accordance with Art. 21 GDPR below.
Technically unnecessary cookies
Type and purpose of processing activity:
We also use cookies that enable us to analyse the surfing behaviour of users. These cookies are used to make the use of the website more efficient and attractive.
Detailed information on the subject of cookies and which cookies are used on this website (after consent) and information can be found in the cookie settings.
Legal basis:
The storage of information on your end device or access to information that is already stored in the end device is voluntary, solely on the basis of your consent. If personal data is also processed, the provision of your data is also voluntary, solely on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
Recipients:
Recipients of the data may be technical service providers who act as data processors for the operation and maintenance of our website.
Further recipients can be found in the cookie settings.
Storage duration:
For information on this, please refer to the cookie settings.
Mandatory or required provision:
The provision of your data is voluntary, solely on the basis of your consent. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
Revocation of consent:
You can revoke your consent for the future in the cookie settings.
Tracking and analysis tools
Use of Google Analytics
Type and purpose of processing activity:
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics uses cookies that enable your use of the website to be analysed. The information collected is usually transferred to a Google server in the USA and stored there.
During your visit to our website, your user behaviour is recorded in the form of so-called events, such as –
Page views
– Start of a session
– Length of stay
– User engagement
– First visit to a website
– Scrolls (when a visitor scrolls 90% to the bottom of the page)
– Clicks on external links
– Ads viewed or clicked on
– Internal searches
– Interaction with video content
– Downloads Language settings
The following information is also recorded: –
Your approximate location (region)
– Your IP address (in abbreviated form)
– Technical information such as browser, internet provider, end device and screen resolution
– Source of origin (referrer URL) of your visit (i.e. via which website or advertising medium you came to us)
You can find more information on terms of use and data protection at (www.google.com/analytics/terms/de.html) and at (policies.google.com/?hl=en.).
On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
Legal basis:
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR.
Recipients:
We use technical service providers who act as our data processors to operate and maintain our website and to analyse cookies.
Other recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.
Third country transfer:
As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. As a result, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. To establish an appropriate level of data protection, we have concluded EU standard contractual clauses with Google, which can be viewed here: business.safety.google/adscontrollerterms/sccs/c2c/
Storage duration:
The recorded data is stored together with the randomly generated user ID to enable pseudonymous user profiles to be analysed. This user-related data is automatically deleted after 400 days. Other data remains stored in aggregated form indefinitely.
Revocation of consent:
You can revoke your consent for the future at any time in the cookie settings.
You can also prevent tracking by Google Analytics on our website by clicking on
this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future as long as the cookie remains installed in your browser.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: Browser Add On to deactivate Google Analytics.
Use of Google Maps
Type and purpose of processing activity:
On this website, we use Google Maps, an Internet map service operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”). By integrating Google Maps, we can provide you with the most important information about our locations.
If you give your consent, information about your use of our website (such as your IP address) will be transmitted to Google servers and stored there when you access the subpages on which Google Maps is integrated. In addition, at least one cookie (Nama: NID) is set in your browser by Google. When this data is collected and stored, it may also be transmitted to the servers of Google LLC. in the USA.
When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be assigned to your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles (even for users who are not logged in) and uses them for the purposes of advertising, market research and/or customising its websites. In particular, you have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
You can find more information about data processing by Google in the Google data protection information: policies.google.com/privacy. You can also change your personal data protection settings there in the data protection centre.
You can access
Google’s terms of use at www.google.de/intl/de/policies/terms/regional.html and the additional terms of use for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps/.
Legal basis:
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR.
Recipients:
We use technical service providers who act as our data processors to operate and maintain our website and to analyse cookies.
Other recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.
Third country transfer:
As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. An adequacy decision by the European Commission exists for the USA, under which all companies certified under the Privacy Shield Framework do not have to provide any additional guarantees. Google LLC is a certified service provider.
Storage duration:
Information on the storage duration of the cookies set can be found in the cookie settings. In some cases, Google anonymises information (e.g. advertising data) in server logs. For this purpose, part of the IP address and cookie information is deleted after 9 or 18 months.
Revocation of consent:
You can revoke your consent for the future at any time in the cookie settings.
Use of Google Tag Manager
Nature and purpose of the processing activity:
Google Tag Manager (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) is a tag management system that can be used to place, update and manage tracking codes and associated code fragments on the website. The Google Tag Manager tool, which is used to implement the tags, sets and loads cookies via the googletagmanager.com domain. No personal data is collected. Google Tag Manager only triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. The service itself does not collect any personal data.
Data protection, privacy information and unsubscribe option
https://www.google.com/tagmanager/faq.html
https://www.google.com/tagmanager/use-policy.html
https://safety.google/privacy/privacy-controls
The data processed are:
Google Tag Manager HTTP data
This is log data that is generated for technical reasons when using the Google Tag Manager tool used on the website via the Hypertext Transfer Protocol Secure (HTTPS). This includes the IP address, type and version of your Internet browser, the operating system used, the page accessed, the previously visited page (referrer URL) and the date and time of access.
Legal basis:
The legal basis for the processing activity is Article 6 (1) (a) GDPR (consent), for the reliable control of cookies.
The data is provided automatically by the user’s browser.
Recipient:
The recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) as part of the data processor.
Third country transfer:
Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America) as a service provider.
Automated decision-making takes place with regard to “technically necessary cookies” when you use the website.
Revocation of consent:
You can revoke your consent for the future at any time in the cookie settings.
Use of Vimeo videos
Nature and purpose of the processing activity:
We embed videos on our website with the help of Vimeo. The provider of the Vimeo platform is
Vimeo, LLC, 555 West 18th Street, New York, NY 10011, USA.
The aim of our website is to provide you with the best possible content. Vimeo gives us the opportunity to present you with high-quality content directly on our website. This expands our service and makes it easier for you to access interesting content.
The content of these videos is stored directly on the platform and embedded on our website. If you call up such a video, the IP address, technical information such as browser, operating system and basic device information as well as the website you have visited will be communicated.
Personal data is only transferred when you call up a video. Only then is a server connection to Vimeo established and a corresponding cookie set, which is used to save your settings.
You will be informed again before you access a video. If you have an account with the provider of the video service, they may be able to identify you. You can avoid this by logging out of your account before playing a video.
Legal basis:
The legal basis for the activation of these videos is your consent in accordance with Art. 6 (1) (a) GDPR.
Third country transfer:
When using Vimeo, a US third country transfer takes place.
Vimeo uses so-called standard contractual clauses as the basis for processing activities. These are model clauses provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries.
Recipient:
Further information on data protection at Vimeo can be found here:
https://livestream.com/legal/cookie-preferences.
You can prevent the processing activity of data by Vimeo in various ways: On the one hand, you can completely prevent the storage of cookies in your browser. However, this may mean that you will no longer be able to use some functions of our website. Secondly, you can activate the “Do-not-track” setting in your browser.
- Data security
TLS encryption
In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. TLS) via HTTPS.
- Information about your right to object in accordance with Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing activity which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Recipients of an objection
The objection can be made informally with the subject “Objection”, stating your name, address or other identifying features to:
c/o External Data Protection Officer of Beacon Rail Leasing Limited
E-mail: beacon-uk@activemind.legal
Telephone: +49 89 919294-900
- Changes to our privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
Questions about data protection
If you have any questions about data protection, please send us an email to:
beacon-uk@activemind.legal
Privacy Policy for Contact with Beacon Rail Leasing Limited
Information according to Art. 13 and 21 of the United Kingdom General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR)
With the following information, we would like to give you an overview of how your personal data is processed by us and your rights according to data protection law. Which specific data are processed and how they are used depends largely on the requested or agreed-upon services. Therefore, not all sections of this information will apply to you.
Furthermore, this data protection information may be updated periodically. You’ll find the latest version on this page at any time.
Responsible party
Responsible parties for the processing is :
Beacon Rail Leasing Limited
4 Matthew Parker Street
SW1H 9NP London
United Kingdom
Telephone: +44 (0)20 3983 0898 / 0895
Email: rail@beaconrail.com
You can reach our data protection officer at:
c/o activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Potsdamer Straße 3, 80802 Munich Germany
+49 89 919294-900
We process your data for the following purposes and on the following legal basis:
We process personal data in accordance with the applicable data protection laws:
To fulfil contractual obligations (Art. 6 (1) (b) GDPR)
Processing is necessary for the performance of a contract with you. This also includes sending out the invoices, which is a contractual service.
The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our services.
Due to statutory requirements (Art. 6 (1) (c) GDPR)
We are subject to various legal obligations that result in data processing. These include, for example, tax laws, as well as the respective statutory accounting, responding to inquiries and meeting the requirements of supervisory or law enforcement authorities and compliance with tax audits and reporting obligations.
In addition, the disclosure of personal data within the context of administrative/judicial measures may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.
Within the scope of a balancing of interests (Art. 6 (1) (f) GDPR)
If required, we process your data beyond actual contractual compliance for the protection of our legitimate interests or those of third parties. Examples of such cases are:
• If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of individual communication with you,
• Enforcement of legal claims and defence in legal disputes, and
• Saving additional contacts in the CRM system for communication.
Who receives your data?
In our company, employees receive your data in order to contact you and for contractual collaboration (including the implementation of pre-contractual measures).
Your data will only be forwarded to service providers (data processors) when necessary to perform our contractual duties (e.g. support/ EDP maintenance /IT applications, accounting, data erasure). All service providers are obliged to handle your data confidentially pursuant to a commissioned processing contract.
With regard to the data transfer to recipients outside of our company, it should be noted that we only forward required personal data in compliance with the applicable data protection regulations.
Subject to these conditions, recipients of personal data may be:
• public bodies and institutions (e.g. tax authorities, law enforcement authorities) when presented with a statutory or regulatory obligation,
• credit and financial services institutions (processing payment transactions)
• tax consultants, certified public accountants and income/corporate tax auditors (statutory audit mandate)
• companies in the Beacon group
Is data transferred to a third country or to an international organisation?
Your data will only be processed within the United Kingdom, European Union and states within the European Economic Area (EEA). Any data transferred between these countries is done so on the basis of mutual adequacy decisions.
How long will your data be stored?
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, these are deleted on a regular basis.
Exceptions to the above-mentioned deletion criteria are for:
• Data required to fulfil the statutory retention requirements.
• Data for maintaining evidence in accordance with the legal statute of limitations.
If the data processing takes place in our legitimate interest of that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions also apply here.
Which data protection rights do you have?
Every data subject has the right of access pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 19 GDPR, right to object from Art. 21 GDPR as well as the right to data portability from Art. 20 GDPR.
In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). A list of the supervisory authorities (for the non-public sector) with ia available at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Am I obligated to provide data?
Under the terms of the contractual relationship, you may provide the personal information necessary to initiate, carry out and terminate the contractual relationship and to fulfil the respective contractual obligations or those that we are required to collect by law. Without this data, we will not be able to contact you, enter into a contract with you or perform the services detailed therein.
Information on your right to object according to Art. 21 (1) GDPR
Case-specific right to object
You have the right to object to the processing of your personal data by us at any time for reasons arising from your particular situation, provided that this objection was filed in accordance with Art. 6 (1) (f) GDPR (data processing based on a weighing of interests).
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, carrying out or defending legal claims.
Recipient of an objection
The objection can be made without any formal requirements with ‘Objection’ in the subject line, your name, and e-mail address and should be addressed to:
c/o activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Potsdamer Straße 3, 80802 Munich Germany
+49 89 919294-900