Signature Rail Ltd
Privacy and Cookie Notice
Last updated: June 2026
1. Who We Are
Signature Rail Limited is a software company specialising in planning and scheduling solutions for the rail industry. We are the data controller for personal data collected through this website.
Registered office: Jervaulx House, 6 St Mary's Court, Blossom Street, York YO24 1AH. Company number: 02484158.
Data protection contact: dataprivacy@signaturerail.com
2. Scope
This notice explains how we collect and use personal data when you visit signaturerail.com and use our contact form. It is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
This website is intended for business users. We do not knowingly collect personal data from children.
3. Personal Data We Collect and Why
| Data | Purpose | Lawful basis | Retention |
|---|---|---|---|
| Name, company, business email, telephone (optional), enquiry content — submitted via contact form | To respond to your enquiry and maintain records of correspondence | Legitimate interests | 3 years from last contact |
| IP address, browser type, pages visited, date and time of visit | Website security and performance monitoring | Legitimate interests | 90 days |
| Cookie data (see Section 6) | Website functionality and analytics | Consent (non-essential) or Legitimate interests (essential) | See Section 6 |
Contact form data is passed to HubSpot, our CRM platform, which acts as a data processor on our behalf.
4. Who We Share Data With
We do not sell personal data. We may share it with:
- HubSpot Inc (CRM platform) — European Union (data stored in Germany). No transfer outside the UK/EEA.
- Nettl (website hosting) — United Kingdom
- Modaxo / Volaris Group (parent company) — Canada and United States, where there is a legitimate business need
- Regulatory or law enforcement authorities, where required by law
Where data is transferred outside the UK we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable. Modaxo and Volaris group transfers are subject to intra-group data sharing arrangements.
5. Security
We apply appropriate technical and organisational security measures to protect personal data, including access controls, encryption in transit, and staff training. Signature Rail is currently working towards ISO 27001:2022 certification. No method of transmission over the internet is completely secure and we cannot guarantee absolute security.
6. Cookies
We use cookies on this website. Essential cookies are required for the website to function and are set on the basis of our legitimate interests. Non-essential cookies (analytics and functional) require your consent and are only set if you accept them via the cookie banner when you first visit.
| Type | Purpose | Consent required? |
|---|---|---|
| Essential | Website functionality and security | No |
| Analytics | Understanding how visitors use the site so we can improve it | Yes |
| Functional | Remembering your preferences | Yes |
You can change your cookie preferences at any time using the cookie settings link in the website footer.
7. Your Rights
Under UK GDPR you have the right to: access your personal data; have inaccurate data corrected; have data deleted in certain circumstances; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time where we rely on it.
To exercise any of these rights, contact us at dataprivacy@signaturerail.com. We will respond within one month. There is no fee for normal requests.
8. Complaints
If you have a concern about how we have handled your personal data, please contact us directly in the first instance:
dataprivacy@signaturerail.com
Jervaulx House, 6 St Mary's Court, Blossom Street, York YO24 1AH
We will acknowledge your complaint within 30 days. If you remain dissatisfied, you may raise a complaint with the Information Commissioner's Office: ico.org.uk/concerns | 0303 123 1113.
9. Changes to This Notice
We review this notice periodically. The current version is always on our website. This notice was last updated in June 2026.