Privacy Policy

Greener Railways (Network Rail) Privacy Policy

This Privacy Policy explains how we collect, use, share and protect personal data when you use this Greener Railway website. It applies to information submitted via our contact form and to other interactions with it. We also operate the main Network Rail website and this privacy policy supplements our user privacy policy on the main Network Rail website. For guidance on your rights and data protection principles, see the Information Commissioner’s Office (ICO) guidance.

About this Privacy Policy

  • References to weus or our means Network Rail Infrastructure Limited.
  • References to you or your means the person accessing and using the website and all individuals and business related contacts interacting with us (as defined below).
  • References to the website means the Greener Railway website found at greener.networkrail.co.uk.

Who is responsible for the personal information that we collect about you?

We are the controller for the purpose of UK data protection law, in respect of your personal data collected or obtained as outlined with this privacy notice. This is because we dictate the purpose for which your personal data is used and how we use your personal information.

If you have any questions regarding this privacy notice or the way we use your personal data, you can contact our Data Protection Officer.

What we collect

“Personal data” is information (in any format) relating to a living person who can be identified from that information, either on its own or when it is combined with other information held by us. It includes “personally identifiable information”. A person’s name, email address, location data, on-line identifier and data gathered from website cookies are all capable of being personal data. 

  • Contact form data: name; email address; message; relationship to us and any related account/ log in details (whether you are one of our employees, , an external supplier, or a member of the public) and details you provide in your query, comment or request to us in your message.
  • Technical and usage data: basic technical information such as IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform, device type and ID and other technology your device uses to access our website), information about how you use our website and your cookie preferences, are collected automatically to help run and improve the site.
  • Cookies: we use cookies as described in our separate Cookie Policy. Please read that page for details about types of cookies, purposes and how to control them.
  • Special category personal data and criminal offence data: we do not collect special category or criminal offence data when you browse our website. We ask that you do not share any of this kind of information with us when you contact us via the website, send us emails or otherwise correspond with us.

Sources of personal data

We will gather this information from you (or your device) when you visit our website or from cookies placed on your browser.

How we use your personal data

  • To respond to your enquiries submitted to us via the website contact form and to provide the information or services you request.
  • To communicate with you about your message, including follow-up questions and replies
  • To manage and improve our website and services including by analysing how the site is used, testing its performance, for market and/or statistical research, keeping records and fixing problems.
  • To comply with legal obligations, including court orders and requests from governmental or law enforcement authorities, dealing with requests from you to exercise your rights under data protection laws and to establish, defend, enforce or protect our legal rights where necessary.
  • To manage the proposed sale, restructuring, transfer or merging of any or all parts of our business, including to respond to queries from the prospective buyer, merging organization, financial institution or their professional advisers.
  • To better understand public interest, concerns, ideas and preferences related to  sustainability issues and the railway, including by anonymising and aggregating personal data, to understand key issues, themes, trends and changes.

Lawful basis for processing

We are required by law to always have a permitted reason or justification (“lawful basis”) for processing your personal information. There are six such permitted lawful bases for processing personal data, of which the most relevant to website visitors are set out below.

We rely on one or more of the following lawful bases when processing your personal data:

  • Consent, where you have explicitly agreed to communications from us or to enable us to collect information about your device or its use on our website though the use of cookies;
  • Legal obligation, where we must process personal data to comply with a statutory requirementimposed on us;
  • Contract, where processing is required to enter into a contract with you at your request or to meet an obligation under a contract with you; or
  • Legitimate interests, where processing is necessary for running and improving our site, helping to develop a Greener Railway, and responding to your request or enquiries, provided this does not override your rights.

Sharing and disclosure

  • We do not sell or rent your personal data.
  • We may share your personal data with third-party service providers who process such data on our behalf (for example: hosting providers, email delivery services, analytics providers). These providers are contractually required to keep data secure and only process it for specified purposes set by us.
  • We may share relevant personal data with other Network Rail companies where your message, query, comment of request is relevant to them  or we need their input to help deal with it.
  • We may disclose personal data if required by law (e.g. with HMRC or other regulators, and/or police) or to protect our legal rights.

Data retention

  • We retain personal data in accordance with our internal retention policies from time to time.  We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. Generally, personal data will be kept for a period of two years
  • We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a likelihood of litigation in respect to our relationship with you.

Security

We take the security of information we hold very seriously. We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. For more information, please see here: https://www.networkrail.co.uk/footer/privacy-notice/#protect

No internet transmission is completely secure; absolute security cannot be guaranteed.

Your rights

You have rights under the data protection laws. They do not apply in all circumstances. These are the right to:

  • Access the personal data we hold about you and obtain certain information about how and why we process it;
  • Rectify inaccurate or incomplete data;
  • Erase your personal data (in certain circumstances);
  • Object to future processing in certain circumstances (e.g. if we process your personal data for the purpose of our legitimate interests);
  • Restrict processing in certain circumstances and for certain periods (e.g. if you have contested the accuracy of the data we hold);
  • Withdraw consent at any time where processing is based on consent;
  • Move, copy or transfer your personal data(“data portability”) where applicable.

To exercise any right, contact us using the details below. We will respond within statutory timeframes.

Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not engage in automated decision-making in relation to our uses of your personal data collected through this website and we will update this privacy policy if our position on this changes and affects processing in future.

International transfers

Your personal data may be transferred to locations outside of the United Kingdom, for example to our service providers if they or their servers are based in the US or other locations.

If we transfer your personal data outside the UK or European Economic Area we will do so only where adequate safeguards which have been approved under the UK data protection laws are in place (for example, by using the UK Addendum to the EU standard contractual clauses, the UK International Data Transfer Agreement or other approved transfer mechanisms).

Contact

If you have questions about this policy, wish to exercise your rights (including to withdraw your consent to our processing of your personal data) or want details of our retention periods or data processors, please contact our Data Protection Officer.

Data Protection Officer
Network Rail
The Quadrant, Elder Gate
Milton Keynes
MK9 1EN

Changes to this policy

We may update this Privacy Policy from time to time. The date of the latest revision is: 5th January 2026. When updates are made, the updated Policy will be posted on this page. Please check back frequently to see any updates or changes to our Policy.

Latest Updates

Latest Case Studies

Latest Environment Bulletins