I. What Kind of Data Do We Collect?

1. Automatically Generated Website Visitor Information

When you visit RailMonsters.com or Rail Monsters Apps (iOS / Android), our servers automatically record information sent by your browser. This data may include your IP address, browser type and version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

2. Data Provided by You / User Accounts

When you create an account or book a ticket on RailMonsters.com, we collect information you provide, such as your name, passport details (in some cases), email address, physical address, phone number, and payment information. This information is necessary to process your transactions and provide our services.

3. Logging in with Facebook Connect

If you choose to log in to RailMonsters.com using Facebook Connect, we will receive your public profile information, including your name and email address, as permitted by your Facebook profile settings.

4. Newsletter and Marketing Emails

If you subscribe to our newsletter or marketing emails, we collect your email address to send you promotional materials. We only send these communications to users who have explicitly opted in through an unticked checkbox or a separate form. You can opt-out at any time by using the unsubscribe link in these emails.

5. Cookies, Web Beacons, and Similar Technology

We use cookies and similar tracking technologies to track activity on our Site and hold certain information. Cookies are files with a small amount of data, which may include an anonymous unique identifier.

We use a GDPR-compliant cookie banner to allow you to accept, reject, or customize your cookie preferences before any non-essential cookies are used.

6. Retargeting

We use retargeting services to advertise on third-party websites after you visited our Service. We and our third-party vendors use cookies to inform, optimize, and serve ads based on your past visits to our Service.

We do not perform profiling that has legal or significant effects on users without human intervention.

7. Conversion Tracking

We utilize conversion tracking to measure and improve the effectiveness of our advertising campaigns. This involves tracking actions you take after clicking on our advertisements. Consent for conversion tracking cookies is obtained through our cookie banner.

8. Web Analytics and Statistics / Google Analytics

Our website uses multiple analytics and tracking tools to help us understand user behavior and improve our Service. These tools may collect data such as IP address, device and browser information, pages visited, and actions taken.

We currently use:

• Google Analytics

• Yandex Metrica (Yandex Analytics)

• Facebook Pixel

• Google Tag Manager

• Other marketing and retargeting pixels as needed

These tools may place cookies on your device to track interactions, personalize ads, and generate performance statistics. No personal data (such as your name or email) is shared directly with these tools.

Tracking and analytics cookies are only activated after you provide explicit consent through our cookie banner or you accept to continue using our service and website. You can change or withdraw your cookie preferences at any time using your browser.

9. Social Plugins

Our website includes social media features, such as the Facebook Like button and Widgets. These features may collect your IP address and which page you are visiting on our Site, and may set a cookie to enable the feature to function properly.

10. Data Breaches

In the event of a data breach, we will take immediate steps to mitigate the breach’s impact and will notify you and any applicable regulators as required by law.

II. RailMonsters.com App

1. Additional Use of App-Specific Data

Our mobile applications for Android and iOS may collect additional data to enhance your user experience. This includes geolocation data (if granted permission) to provide location-specific services and push notifications for updates and promotions (if opted-in).

2. Statistics and Analytics

We use analytics tools in our apps to gather data on app usage patterns, feature popularity, and app performance. This helps us improve app functionality and user experience.

3. Push Messages

Users who opt-in for push notifications will receive updates, alerts, and promotional messages. You can manage your push notification preferences in the app settings.

4. Retargeting in Apps

Similar to our website, we use retargeting tools within our apps to show personalized advertisements based on your app usage.

III. With Whom Do We Share Your Data?

1. Data Processing by Our Subsidiaries

We may share your information with our subsidiaries for operational purposes. This sharing is governed by the same security and privacy standards as RailMonsters.com.

2. Data Transmission Related to Bookings

When you make a booking, we share relevant information with:

• Transportation Providers: To fulfill your travel arrangements.

• Payment Providers: To process your payments securely.

• Accommodation Providers: If your booking includes accommodation.

We ensure that these third parties only receive the data necessary for the intended purpose and that they are bound by Data Processing Agreements (DPAs) where required.

3. Other Service Providers

We may employ third-party companies and individuals for facilitating our Service (e.g., maintenance, analysis, audit, marketing).

All service providers that process data on our behalf are required to sign Data Processing Agreements (DPAs) in accordance with Article 28 of the GDPR.

4. Recipients Outside of the EU

We transfer personal data outside the EU in compliance with international data protection laws, ensuring that your privacy rights continue to be protected.

We use Standard Contractual Clauses (SCCs) and other approved mechanisms for international transfers, where required.

IV. Purposes and Legal Basis of Data Processing

We process your personal data for various purposes such as fulfilling service requests, improving our platform, and complying with legal obligations. The legal bases for our data processing are as follows:

V. Rights of the Data Subject, Right to Lodge Complaints, Right to Object; Changes to This Policy

As a data subject, you have rights regarding your personal data, including the right to access, correct, delete, and restrict its processing. You also have the right to lodge complaints with a data protection authority and to object to certain types of processing.

You may exercise these rights by logging into your account settings or by contacting us at [email protected].

VI. Data Security and Storage

1. Security Measures

We implement robust security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, firewalls, and secure server facilities. Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure.

2. Data Retention

Your personal data is retained only for as long as necessary to fulfill the purposes for which it is collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For example, booking data is retained for up to 5 years due to accounting obligations. Inactive user accounts may be anonymized or deleted after 18 months of inactivity.

After this period, your data will be anonymized or securely deleted.

VII. International Data Transfers

1. Transfer Mechanisms

Your information may be transferred to, and maintained on, computers located outside of your jurisdiction where the data protection laws may differ from those in your jurisdiction. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

2. Safeguards

In cases of international data transfer, we apply suitable safeguards such as standard contractual clauses approved by the European Commission or other relevant authorities to ensure the protection of your personal data.

VIII. Children’s Privacy

1. Age Limitations

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

2. Parental Consent

If you are a parent or guardian and you are aware that your child has provided us with Personal Data without your consent, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

IX. Your Privacy Rights

1. Access and Control

You have the right to access the personal information we hold about you and to request that we correct, update, or delete it.

2. Deletion and Portability

You may also have the right to request the portability of your personal data and to ask for its deletion, except where we are required to retain it by law or for legitimate business purposes.

3. Opt-out and Unsubscribe

You can opt-out of marketing communications at any time by using the unsubscribe links in the emails or updating your preferences in your account settings.

X. Consent and Withdrawal

1. Granting Consent

By using our Services, you consent to our collection, use, and sharing of your data as outlined in this Privacy Policy.

2. Withdrawal of Consent

You have the right to withdraw your consent at any time, but this will not affect the lawfulness of the processing based on consent before its withdrawal.

You may withdraw consent by visiting your account settings or by contacting [email protected].

XI. Legal Compliance and Cooperation with Authorities

1. Law Enforcement Requests

We may disclose your information to law enforcement, government officials, or other third parties if compelled to do so by court order, legal process, or as required by law.

2. Legal Obligations

We comply with legal obligations related to data retention and cooperate with authorities in accordance with applicable law.

XII. Updates to the Privacy Policy

1. Notification of Changes

We reserve the right to update or change our Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page and/or by updating the “effective date” of the new Privacy Policy.

For significant changes, we may notify you directly via email or in-app messages.

2. Review and Acknowledgment

You are advised to review this Privacy Policy periodically for any changes. Your continued use of the Service after the posting of any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

XIII. Contact Information

1. Contact Details

For any questions about this Privacy Policy, please contact us at [email protected]

XIV. Consent to Data Processing in Third Countries

By using our Service, you acknowledge and consent to the transfer of your information to data processing facilities in countries outside of your home country, which may have different data protection rules than in your country.

We apply appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data remains protected.

XV. Data Protection Officer Contact Details

We have appointed a Data Protection Officer to oversee compliance with data protection laws. For any questions related to privacy, you can contact the Data Protection Officer at [email protected].

XVI. Complaints and Concerns

If you have concerns or complaints about your privacy or data use, you may contact our Data Protection Officer. You also have the right to lodge a complaint with a data protection authority in your country or region.

XVII. Automated Decision-Making and Profiling

We do not use automated decision-making processes, including profiling, which would have legal effects or similarly significantly affect you, without human intervention.

XVIII. Acknowledgment and Consent

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

We encourage all users to review this policy regularly to stay informed of how we protect their data.

XIX. Queries and Requests

For any further queries or requests related to your personal data, please contact us using the contact information provided on our website or directly send an email to [email protected].