RailSmart Developed by 3Squared - Software Development Specialists
GDPR General Data Protection Policy

Platform and Service Privacy Notice

At 3Squared we are committed to respecting and protecting the privacy of your personal data and the personal data of your employee’s. This policy explains why we collect personal data, what we use it for and how we keep it safe when you are using our products, platform, and services.

What Data do we collect and why do we collect it?

To restrict access to the data held in our applications to authorised individuals, we require some of your personal details such as your name, email address and a password.

Any personal data that you provide is only used for the purpose that it was provided, we do not share this data with any third party without your permission.

Data we collect falls into these categories:

  • Application Health Monitoring: Insight into how applications are performing to improve service quality
  • Application Usage and Analytics: Insight into how applications are used, informing future development.
  • User Account Information: Information held within our applications for the purpose of providing a service.
  • User Support: Application usage and customer details when raising a support case

How do we keep your data safe?

To help protect your data, the RailSmart system uses the following security controls:

  • User authentication using at least a username and password to help prevent unauthorised access
  • User roles and permissions to allow control over who can access what information
  • Minimum strength requirements for passwords to prevent weak passwords
  • Encryption of data when it is being sent to and from our servers to ensure it cannot be intercepted and read by an unauthorised person
  • Server logging to provide information on who has accessed the application at certain times
  • Backup and recovery procedures to prevent your data and files from being lost or damaged irreversibly

Do we share our data with anyone?

The data held in our applications will not be shared with any other third party without your authority or knowledge. Should we need to share your data with a third party, we will use appropriate security measures to protect it whilst it is in transit and gain your agreement and authorisation to send it.

To best support our applications, we do use a few third-party systems to gather analytics data. These gather information on who is using the system at a certain time, what version of the application they are using, their location and what actions they are performing within the system. It does not however, record or store any information on the specific data they are viewing or adding to the system. We have checked each of these third parties to ensure that they meet the requirements of GDPR (General Data Protection Regulation). Below is a list of the third parties we currently use to provide our services. These may be subject to change:

  • RayGun: Application Usage/Analytics Data
  • Google: Application Usage/Analytics Data
  • Apple: Application Usage/Analytics Data
  • Fabric.io: Application Usage/Analytics Data
  • Microsoft: Application Usage/Analytics Data, Application Health Monitoring
  • Rackspace: Application Health Monitoring
  • BugFender: Application Usage/Analytics Data, Application Health Monitoring
  • Zendesk: User Support

What information do these third parties collect and how is it stored?

Although there will be slight differences between RailSmart applications, the following analytics and usage information is captured:

  • Platform information such as:
    • Device type, make and model
    • Browser type and version
    • Operating system and version
  • Location - to city level
  • IP Address
  • Application usage data such as:
    • Pages visited and the date and time of the visit
    • Page response times
    • Errors, including stack traces and the full Uniform Resource Locators (URL) of the page the error occurred on
    • Length of visits to certain pages
    • Page interaction information (such as scrolling, clicks, and mouse-overs)
  • Any contact information such as; Email address, name and telephone number, used to call our support team

In order to provide application support for your users, we will collect the following information from anyone who contacts our support team with an application query or problem:

  • Full name
  • Contact information such as email address and telephone number
  • Username
  • Platform information such as:
    • Device Type, make and model
    • Browser type and version
    • Operating system and version
  • An overview of the issue the individual is experiencing which may include information on another Data Subject.

This will be stored by our third-party suppliers in their own systems. Some of this data will be stored outside the European Economic Area (EEA) in the US. This will be covered by the US:EU Privacy Shield. We have ensured that we have agreements in place with these suppliers that meet the GDPR requirements.

How do we process this data?

We use the data we collect in the following ways:

  • To administer and support our site and for internal operations, including troubleshooting and testing purposes
  • To improve our site to ensure that content is presented in the most effective manner for the user and their computer
  • For the purposes of providing end user support

How long do we retain the data for?

If you have a contract with us, we will retain the data in line with our contractual obligations. If you no longer have a contract with us, we will permanently delete your data within 6 months of the contract end date.

Each third-party integration or supplier we use have their own data retention period:

  • RayGun: Usage and performance data - 180 Days
  • Google Analytics: Analytics Data - 14 months
  • Fabric.io:
    • Crash Logs - 90 Days
    • Answers (Analytics) - 180 days
  • Microsoft Azure - Application Insights: Application Usage/Analytics Data, Application Health Monitoring - 365 Days
  • BugFender: 7 days
  • ZenDesk: We will remove tickets 6 months after your contract has ended with us. Tickets are then permanently deleted by Zendesk after 40 days of the deletion date

Rights of the individual

Should you require information from us in order to comply with a request from one of your Data Subjects (such as a data access or an erasure request) please contact our Data Protection Team at: dataprotectionadmin@3squared.com

Notification of Changes

In the event of a notable change to our Privacy Policy notifications will be sent to administrative contacts within all client organisations for onward distribution. >

Require Further Information?

If you require any additional information regarding how we process your data, please contact us at the following email address: dataprotectionadmin@3squared.com

3Squared - Software Development Specialists