Privacy Policy

Last updated: Dec 2025

The MORANE‑2 website (www.fp2morane2.eu) is committed to protecting your privacy and ensuring that your personal data is processed transparently, securely, and in full compliance with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and protect personal data when you access or use this website.

1. Data Controller

The organisation responsible for processing your personal data (“Data Controller”) is:

UIC – International Union of Railways
16 rue Jean Rey
F‑75015 Paris, France
Email: mandoc@uic.org

If you have questions regarding this policy or your data, you may contact us at the email above.

2. What Personal Data We Collect

We only collect personal data that you voluntarily provide through the contact form or data that is automatically generated by your interaction with the website.

2.1 Data You Provide Voluntarily

When you use the contact form, we may process the following data:

  • Name
  • Email address
  • Organisation (if provided)
  • Message content
  • Any other information you choose to include
2.2 Data Collected Automatically

When you visit the website, standard technical information may be collected automatically, such as:

  • IP address (anonymized where possible)
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring website
  • Basic cookie data (see Section 7)

This data is collected to improve website performance and ensure security.

3. Purpose and Legal Basis for Processing

Your data is processed only for the following purposes:

3.1 Responding to Enquiries

If you contact us through the contact form, we process your data to respond to your request.
Legal basis: GDPR Art. 6(1)(f) — legitimate interest.

3.2 Website Operation and Security

We process technical data to ensure the proper functioning, stability, and security of the website.
Legal basis: GDPR Art. 6(1)(f) — legitimate interest.

3.3 Compliance With EU Obligations

As an EU‑funded project, certain anonymised statistics may be used for reporting purposes.
Legal basis: GDPR Art. 6(1)(c) — legal obligation.

We do not sell, share, or use personal data for marketing or commercial profiling.

4. Data Retention

Your personal data is stored only for as long as necessary:

  • Contact form submissions: up to 12 months after the enquiry is processed
  • Technical logs: up to 6 months unless required for security investigations
  • Cookies: see cookie-specific retention periods in the Cookies Policy

After these periods, your data will be deleted or anonymised.

5. Data Recipients

Your data may be accessed by:

  • Authorised team members of the MORANE‑2 project
  • UIC staff responsible for managing communication and enquiries
  • Technical service providers hosting or maintaining the website (under strict confidentiality obligations)

We do not transfer personal data outside the EU/EEA unless adequate safeguards are in place.

6. Your Rights Under the GDPR

You have the following rights:

  • Right of access – Know what data we hold about you
  • Right to rectification – Correct inaccurate or incomplete data
  • Right to erasure – Request deletion of your personal data
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent, if processing is based on consent
  • Right to lodge a complaint with your national Data Protection Authority

To exercise your rights, contact: mandoc@uic.org

7. Cookies

This website uses strictly necessary and analytical cookies to ensure functionality and improve user experience.

A detailed explanation of the cookies used can be found in the Cookies Policy page.
(If you want, I can generate this too.)

You may control cookies using your browser settings or the cookie banner on the site.

8. Links to External Websites

The website may contain links to external resources, including project partners or the Europe’s Rail Joint Undertaking.
We are not responsible for the privacy practices of external websites.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against:

  • Loss
  • Misuse
  • Unauthorised access
  • Alteration
  • Destruction

This includes secure hosting, encrypted communications (HTTPS), and restricted access protocols.

10. Changes to This Privacy Policy

This policy may be updated periodically to reflect changes in regulations or project operations.
The latest version will always be available on this page with the “Last updated” date displayed.

11. Contact

For questions regarding this Privacy Policy or your personal data, please contact:

mandoc@uic.org