Last updated April 2026

RTS Infrastructure Services Limited is committed to protecting and respecting your privacy. 

This Privacy Policy (together with our Website Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

 

By visiting https://www.rtsinfrastructure.com or providing your information in the circumstances described below, you are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Laws, the data controller is RTS Infrastructure Services Limited, Leeds Holbeck Railway Station, Nineveh Road, Leeds, LS11 9QG. Registered in England, Reg. No. 07292956.

1.    What personal data do we collect? 

​

•    Information provided by you.

​

•    You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, address, e-mail address and phone number, financial information, personal description and photograph, 

​

•    Examples of Information we collect about you but not limited to: 

​

•    Your Name
•    Address
•    Telephone Number
•    E-mail

​

Regarding each of your visits to https://www.rtsinfrastructure.com we may automatically collect:

•    Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, time zone setting, browser plug-in types and versions, and platform.
•    Device: what type of device you are using (TV, smartphone, laptop, desktop)
•    OS (Operating system): what operating system your device has (iOS, Android, Windows, Linux, Mac OS)
•    Browser & browser version: which web browser you are using (Internet Explorer/Edge, Opera, Chrome, Firefox, Safari)
•    If you visit one of our physical locations, CCTV is in use at all locations for the purposes of safety and security.

​

•    Information we receive from other sources 

​

We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. 

•    Sensitive personal data

We will not intentionally or systematically seek to collect, store or otherwise use information about you classed as ‘special categories of data' or 'sensitive data' (for example, information relating to any trade union membership, ethnic origin or health).

•    Cookies 

We do not currently use tracking or marketing cookies on our website. Only strictly necessary cookies may be used, and these do not identify users personally or track their activity.

2. How do we use your personal data and what is the legal basis for such processing? 

The collection of the personal data described above is usually mandatory and, if such personal data is not provided, we will not be able to provide the information, products and services to you. Where the collection of any personal data is not mandatory, we will inform you of this prior to collection, as well as the consequences of failing to provide the relevant personal data.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. 

However, we will normally process your personal information only:

•    where we have your consent to do so; 
•    where the processing is necessary to perform our contract with you; or,
•    where the processing is in our legitimate interests or those of a third party and such interests are not overridden by your data protection interests or fundamental rights and freedoms; and,
•    where we have a legal obligation to process your personal information.

Information provided by you. We use your personal information as follows:

 

• ​Recruitment

​

Purpose of processing

​

For pre-appointment assessment for either job vacancies, apprenticeships, placements or our graduate training program.

​

Legal basis for processing 

​

Processing of the personal information is necessary for the performance of a contract to which the individuals are, or have sited their intent to be, a party to.

​

• Subject Access Request​

​

Purpose of processing

​

To process and investigate any complaint, subject access request and other general requests under the General Data Protection Regulation.

​

Legal basis for processing 

​

Consent provided by you. Legal obligation to process your personal information - General Data Protection Regulation (GDPR).

​​

• Visitors

​​

Purpose of processing

​

To enable visitors to gain entry/access into RTS Infrastructure locations.​

​

Legal basis for processing 

​

Legitimate interest.

​

• Accidents, Incidents, Assaults or Dangerous Occurrences

​

Purpose of processing

​

To meet our statutory obligations for the reporting of accidents, incidents, assaults or dangerous occurrences

​

Legal basis for processing 

​

The processing of the personal information is necessary for compliance with a legal obligation set by Office of Rail and Road Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR).

​

• Safety claims

​

Purpose of processing

​

To handle your claim in accordance with Claim Allocation and Handling Agreement (CAHA) for losses, property damage or personal injury

​

Legal basis for processing 

​

Necessary for the performance of the contract. Licence obligations of the Office Rail and Road – Claim Allocation and Handling Agreement (CAHA).

​

• CCTV

​

Purpose of processing

​

CCTV is in place at RTS Infrastructure locations for security and safety purposes

​

Legal basis for processing 

​

Legitimate interest.

​

​

Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

​

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Questions about this Privacy Notice” heading below.

​

3. Sharing Your Information

​

We may disclose your personal data to the following categories of recipient for the purposes described in this Privacy Notice:

​

• third party service providers who will process personal data on our behalf (such as IT service providers, communications service providers and analytics providers)

​

We may also disclose your personal data to any competent law enforcement body, regulator, government agency or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend or legal rights; or (iii) to protect your vital interests or those of any other person;

​

We may also transfer your personal data to a buyer or potential buyer (and its agents and advisers) in connection with any reorganisation, restructuring, merger or sale, or other transferring of assets provided that we inform any receiving party it must use your personal information only for the purposes disclosed in this Privacy Notice.

​

Finally, we may disclose your data to any other person to whom you request us to make disclosure or if you consent to such disclosure.

​

4. Data Retention

​

We will retain your personal data for no longer than is necessary to fulfil the purposes for which we collected that personal information, unless the law permits or requires that we retain it for longer.

​

5. Information Security

​

We apply appropriate administrative, technical and organisational security measures to protect your personal data that is under our control from unauthorised access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers. We are part of the Arriva plc Group, which trains its employees regarding our data privacy policies and procedures and permit authorised employees to access personal data on a need-to-know basis, as required for their role. We also take steps to ensure that any service provider that we engage to process personal data on our behalf takes appropriate technical and organisational measures to safeguard such personal data.

​

6. Transferring Information Internationally

​

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of the U.K.

​

This means that, when we collect your personal information, it may be processed in these countries. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Notice. These safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our third-party service providers and further details can be provided upon request.

​

7. Updates to this Privacy Notice

​

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

​

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

​

8. Your Data Protection Rights

​

You have the following data protection rights:

​

• If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us at RTSdataprotection@arrivatrains.co.uk.
   

• In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us at RTSdataprotection@arrivatrains.co.uk.
   

• If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

​

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

​

9. Questions about this Privacy Notice

​

If you have any question, concerns or complaints about this Privacy notice or our handling of your personal data, you can contact us by email at RTSdataprotection@arrivatrains.co.uk or by post to the following address:

​

Compliance and Risk Manager

​

RTS Infrastructure Services Limited

​

2 Cranham Court

Arden Square

Crewe

Cheshire

CW1 6HA

United Kingdom

​

If you are unsatisfied with the response, you can contact Arriva plc's Data Protection Officer at data.protection@arriva.co.uk

​

You have the right to complain to a data protection authority about our collection and use of your personal information. If you are based in the European Economic Area, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available on the EU Commission's website via the following link): http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm)