Terms and Policies
Signalbox's terms and policies, including privacy, terms of service, API terms, security etc.
Privacy Policy
Effective date: 28 June 2022
This Privacy Policy describes how Signalbox collects, uses and discloses information and what choices you have with respect to that information.
Applicability of this Privacy Policy
This Privacy Policy applies when Signalbox acts as a data controller; that is when we decide the purposes and means of processing the Personal Data of our users. In this role, we may share your data with third parties to improve your experience of using our service, as outlined below.
This Privacy Policy applies to Signalbox.io (our “Website”), all tools therein and Signalbox API (collectively the “Services”), and other interactions (e.g. customer or developer support enquiries, etc.) you may have with Signalbox. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Signalbox’s business.
This Privacy Policy does not apply to any third-party applications or software that integrate with the Services via the Signalbox API (“Third-Party Services”).
Definitions
In this policy, "we", "us", "our" and “Signalbox” refer to the company Signalbox Technologies Ltd (formerly Superlocal Ltd).
References to “you”, “your” or “user”, refers to any individual or professionals who use our Services.
“Service(s)” means any tools and services that we offer via our Website and via our API, including matching a device’s location with live rail data or other geospatial queries.
“Data Sources” refers to several external sources of rail data, GPS and device location data supplied by third parties to Signalbox. We aggregate, process and analyse this data to provide our Service.
“Website” means https://signalbox.io and any subdomains e.g. https://www.map.signalbox.io/ that are hosted and linked to from that domain.
“Third-Party Services” means any third-party application, website or software that is integrated with Signalbox to access our Services via an API.
Information we collect and receive
We collect and receive information, including limited “Personal Data”, in various ways when you use our Service, and “Other Information” to supply, analyse and improve our Service:
“Personal Data” means any information which, either in isolation or in combination with other information, identifies you as an individual. For example:
Contact information: Personal Data such as your name and e-mail address, that is supplied when you sign up for our newsletter or send us a support query.
“Other Information” means information or data that cannot be used in isolation to identify you as an individual. However, used in conjunction with other data, it may be possible to associate it with an identifiable individual:
Location data: anonymised geospatial information is collected by Signalbox API when users interact with our Services. Location information from devices is collected in accordance with the consent/permissions mechanism provided by your device.
Services metadata and machine-learning: Signalbox collects and analyses metadata and other information that is generated when users interact with our Services. This data provides additional context for our Services and helps to improve our performance via machine learning.
Log data: Like most websites and online tools, Signalbox automatically collects information when you access or use our Website or Services and record it in log files. This data may include your Internet Protocol (IP) address, the referring domain, browser type and configuration including preferences and plugins, the date and time the Services were used.
Device information: Signalbox may collect information about devices accessing the Services, including device type, operating system, settings, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
“Cookie information” refers to information gathered via small text files (“Cookies”), unique to your browser or app, that are sent between Signalbox and your computer or mobile device. Cookies are commonly used on the Internet to allow a website to recognise a user’s device and, for instance, to remember your preferences or previous use of the Service. Signalbox may collect Personal Data and Other Information automatically through the use of cookies and similar technologies to provide our Service. Please refer to our Cookies policy for more information on our use of this and other similar technology.
“Third-Party Services” means any third party that uses Signalbox Services on behalf of its users, for example by connecting to our API. You should check the privacy settings and notices of any Third-Party Services that you use to understand what data, if any, may be disclosed to Signalbox.
How we use information
We use Personal Data for the following purposes, which are in our legitimate interests of operating our Service:
To communicate with you when you contact us, for example by replying to support emails and technical queries, new business enquiries or to respond to feedback.
To send service and other administrative emails e.g. maintenance/status updates to inform you about changes in our Service and important notices such as security and fraud. These communications are considered part of our Service and you may not opt-out of them.
To send marketing emails. From time to time, we send emails about new product features and other news to users who are subscribed to our mailing list. These are marketing messages and you can control whether you receive them by adjusting your preferences from the footer of any marketing email we send.
We use Other Information in the pursuit of our legitimate interests in operating our Services, Websites and business. More specifically, Signalbox uses Other Information:
To provide, update, maintain and protect our Services, Websites and business. This includes the use of Other Information to support the delivery of the Services under a Customer Agreement (API Agreement); to test and prevent or address errors and bugs, security or technical issues; to monitor, analyse and improve the performance of our Services.
To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information such as log data to investigate and respond to your query.
For billing and other administrative reasons. Signalbox may contact you for invoicing, account management and similar purposes, such as for the management of your contract (including any free trial), billing and payments.
As required by applicable law, legal process or regulation.
To investigate and help prevent security issues and abuse.
Data storage and retention
This section sets out our data retention policies and procedure, which are maintained to ensure that we comply with our obligations in relation to the retention and deletion of Personal Data.
In general, we will collect and retain your Personal Data and Other Information as follows:
When you sign up for our newsletter, we retain any Personal Data you supply, such as name and email address, indefinitely unless you ask us to delete it.
When you contact us in relation to a new business enquiry, or to obtain technical or customer support, we retain any Personal Data you supply indefinitely unless you ask us to delete it.
Session and log data including geospatial queries, device location and associated transport data is retained for a maximum of 12 months in order that it can be used for troubleshooting, ongoing analysis and performance improvement.
If information is aggregated or anonymised (de-identified) so that it is no longer reasonably associated with an identifiable individual, Signalbox may retain it indefinitely and use it for any business purpose. For example, anonymised data may be used in aggregate to monitor, analyse and improve our Services.
How we share and disclose information
Personal Data: Signalbox does not share any Personal Data with any third party.
Other Information: Other Information may be shared if your use of our Services via an approved Third-Party Service. For example, if you access our Service via an application or software other than Signalbox, we may send and receive Other Information via an API connection to our Service. We require each Third-Party Service to obtain and disclose all permissions for information submitted via an API connection to Signalbox, but we do not guarantee that they do so. You should check the privacy settings and notices of any Third-Party Services that you use in order to understand and approve what data, if any, may be disclosed to Signalbox.
Corporate affiliates: Signalbox may share Other Information with its corporate affiliates, parents and/or subsidiaries.
Changes to our business: If Signalbox engages in discussion about the acquisition of all or a portion of our business, a similar transaction (merger, reorganisation etc), sale of some or all of its assets; bankruptcy, dissolution, some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
To comply with laws: If we receive a lawful request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
Security
Signalbox takes the security of your Personal Data very seriously. We do our utmost to preserve your Personal Data and prevent it from being stolen, damaged or misrepresented.
We use strict procedures and security features to try to prevent unauthorised access to Personal Data. Unfortunately, the transmission of information via the internet is never completely secure.
In the event of a breach of Personal Data, Signalbox will comply with its obligations to notify the relevant supervisory authority for our processing activities and inform affected individuals without undue delay (if required by applicable data protection law).
Changes to this Privacy Policy
Signalbox may make changes to this Privacy Policy from time to time. Changes may be in necessary in response to evolving laws, regulations and industry standards, or as we make changes to our services or business.
Changes will appear on this page, with previous versions available on request. We encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, we will notify active users via email or through the Services. If you disagree with any changes to this Privacy Policy, you should cease to use our Services.
Your rights
Users who are located within the European Economic Area and the UK have statutory rights in relation to their personal data. This includes the right to request access to information, and seek to update, delete or correct mistakes in the information we hold.
To the extent that our processing of your Personal Data is subject to the General Data Protection Regulation, Signalbox relies on its legitimate interests, described above, to process your data. Where we process Other Information that constitutes your Personal Data for the purpose of direct marketing, you have a right to object or opt-out of our use of your Personal Data for this purpose at any time.
Objection
It is not possible for Signalbox to provide its primary Service, matching a device’s location with live rail data, without processing Other Information as outlined in the policy. If you object to the collection and use of your data for these purposes, as part of Signalbox’s legitimate interests, you should not use our Service either directly or via a third party.
Withdrawal of consent
You can unsubscribe from any marketing emails you receive from Signalbox by clicking the link in the footer of any such marketing communications. This will prevent all future communications of that type to the recipient’s email address.
Deletion
Should you wish to request the deletion of your Personal Data, you can do so by contacting the Data Protection Officer via the details set out above. Your Personal Data will be removed within 30 days unless we have a legitimate reason to retain your Personal Data.
We may retain some Personal Data after 30 days if deemed necessary for compliance with a legal obligation to which we are subject, for example for financial reporting or to conduct audits, comply with (and demonstrate compliance with) legal obligations or resolve disputes, or in order to protect your vital interests or the vital interests of another person.
Transfer
You can ask us to transfer or port your Personal Data to another party in certain limited circumstances.
Information Commissioner’s Office
Subject to applicable law, you also have the right to (i) request the erasure of any Other Information that may constitute Personal Data held by Signalbox and (ii) lodge a complaint with your local data protection authority or the UK’s Data Protection Commissioner, which is the lead supervisory authority in the European Union.
If you are a resident of the European Economic Area and believe we fail to maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
Data Protection Officer and Contact details
If you have any concerns about the use of your Personal Data or to communicate with our Data Protection Officer, please email admin@signalbox.io.
You can contact us if you have questions about this Privacy Policy or procedures, or if you are seeking to exercise any of your statutory rights (and are unable to perform such action yourself for example by unsubscribing from our mailing list).
To communicate with our Data Protection Officer, please send us an email "for the attention of the Data Protection Officer" to admin@signalbox.io.
Signalbox is a registered data controller with the Information Commissioner’s office (certificate no. A8719078).
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: +44 (0)303 123 1113
Live chat
https://ico.org.uk/make-a-complaint/
Cookies Policy
An HTTP cookie is a small piece of data, unique to your account or browser, sent as a text file from a website or application. It’s stored on the user's computer by the their web browser enabling software and services you interact online with to recognise a user’s device and, for instance, remember your preferences .
There are two types of cookies, “session” and “persistent”. Session-based cookies are stored only while you browse our Website or use our Services. They are automatically deleted when you close your browser or end your session. For example, Signalbox uses session-based cookies to detect your device’s location while you’re using our Service and build a picture of your complete train journey.
Persistent cookies last until you delete them or they expire. For example, Signalbox uses persistent cookies to determine if you’re a repeat visitor to our Website or if you’ve used our Service before.
Both types of cookie allows us to improve the quality of our Service and for example increase the accuracy of predicting which train you are travelling on. Although we use cookies to identify a user's device, we do not use cookies to store any personal information, such as name or email address.
Licensing Information
Signalbox contains Information of Network Rail Infrastructure Limited, licensed under the following licence. Powered by National Rail Enquiries.