privacy policy

This Customer Privacy Policy is effective from 1st July 2024.

Introduction

This Privacy Policy applies to all products, services, websites, social media and apps and offered by Transdev Blazefield Limited (Company Number: 02605399), whose registered office is at Prospect Park, Broughton Way, Harrogate HG2 7NY and our subsidiaries (as defined in section 1159 of the UK Companies Act 2006) and listed below (“Transdev”) (“we”“us” or “our”).

Transdev and subsidiaries are registered as a data controllers with the Information Commissioner's Office (ICO) with the following registration references:

Trading Name

 

Limited Company

ICO Registration Number

Transdev

Transdev Blazefield Limited (Company Number: 02605399)

Z1804211

Coastliner

Yorkshire Coastliner Limited (Company Number: 02436687)

Z5803802

Flyer

Yorkshire Coastliner Limited (Company Number: 02436687)

Z5803802

Rosso

Rossendale Transport Limited (Company Number: 02004970)

Z8256420

Team Pennine

Team Pennine Limited (Company Number: 13274240)

ZB356104

The Blackburn Bus Company

Lancashire United Limited (Company Number: 02546070)

Z5387644

The Burnley Bus Company

Burnley and Pendle Travel Limited (Company Number: 01777430)

Z5387630

The Harrogate Bus Company

Harrogate and District Travel Limited (Company Number: 02327319)

Z5803816

The Keighley Bus Company

Keighley and District Travel Limited (Company Number: 02113404)

Z5814897

York City Sightseeing

Yorkshire Coastliner Limited (Company Number: 02436687)

Z5803802

 

This policy describes our practices in connection with information collected through all of our dealings with you and the services we provide across the UK including (but not limited to) provision of passenger transport services, advertising services, websites, applications, social media platforms, competitions, customer surveys, employer/employee relations and any other dealings with third-parties (collectively, the “Services”).

“You“, “Your”, “user“, “member” and “visitor” means anyone who may have dealings with us, including but not limited to our employees, anyone who uses our services, visits our offices, websites or apps, as the context requires.

In addition to our Privacy Policy, customers should familiarise themselves with the following: 

·      Transdev Terms and Conditions of Carriage

·      Transdev Vehicle Wi-FI Terms and Conditions

This Privacy Policy explains how and why we use your personal data in connection with your use of our services. We are committed to respecting your privacy and protecting your personal data and this policy will explain the types of personal data we collect and your rights regarding this data.

We have appointed a Data Information Officer. The Data Information Officer is  responsible for our approach to data protection and protecting your privacy. You can contact our Officer by email at [email protected] or by mail at:

Data Information Controller Transdev Blazefield Limited
Prospect Park, Broughton Way,
Harrogate
HG2 7NY

1. The Information We Collect

We collect your personal data in order to be able to provide you with our services.

We will only ever collect and process your personal data where we have a legal basis for doing so and we will only ever do this in compliance with the relevant Data Protection law.

To access some of our services, e.g. Mobile Ticketing in the Transdev GO APP, topping up a Period Card or viewing “Favourites”, you must register for an account and we will collect the Identity Data you provide to us when you create or update your account, such as:

  • your name;
  • contact details including your email address and phone number;
  • your username and password;
  • Your photograph; and
  • your date of birth.

We collect activity data about you whenever you interact with our services and will include data that is created during the use of our services and your use of the Transdev GO App, such as:

  • Transaction Data, which is information relating to the use of our services, including the types of services provided, journey date and times, amounts charged, distance travelled and payment method;
  • Technical Data, which is information about the device you use through the use of unique device identifiers - in particular to create a unique ID (for audit purposes and to allow us to associate a device/devices with a particular user) and to identify the operating system of the device through which you use the Transdev GO App (to ensure the effective operation of the app on your device). If you are using a mobile device, we also collect the Universally Unique Identifier (UUID) for that device;
  • Usage Date, which is information about the pages you visit on our websites, search queries etc, including originating IP addresses, internet service providers, files viewed, operating system versions, device type and time stamps, choice of language, pages you enter and exit on the website;
  • for Transdev GO App payments for non-subscription tickets (where you make a payment to Transdev Blazefield Ltd), we require you to provide your Contact Data, which includes your name, address and email address. Financial Data, which can include your card number, issue and expiry date, CVC number, account name and number and sort code are not stored by us and are processed by Stripe. You can find their privacy policy here https://stripe.com/gb/privacy;
  • for Transdev GO App payments for subscription tickets (where you make a payment to Transdev Blazefield Ltd), we require you to provide your name, address and email address. Financial details, which can include your card number, issue and expiry date, CVC number, account name and number and sort code are not stored by us and are processed by GoCardless. You can find their privacy policy here https://gocardless.com/privacy/;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Communication Data - we record all calls made and messages sent by email to our Customer Services Team (01422 533576) and use a suppression facility when bank card details are passed.

Some services make use of location data sent from a customer’s device. You can turn this functionality off at any time by turning off the Location Settings on your device.

We use third party tracking services that employ cookies to collect data about visitors to our websites and apps. Cookies are text files containing small amounts of information (relating to usage and user statistics) which are downloaded to your personal computer, mobile or other device when you visit a website. For more information please refer to our Cookies Policy

2. How We Use the Information We Collect

We only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform a contract we are about to enter into or have entered into with you;
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; or
  • Where we need to comply with a legal obligation or
  • Where you have given your consent for us to do so.

We have set out below a description of the ways in which we plan to use your personal data, and the lawful justification we rely upon when we do so. We may process your personal data for more than one lawful ground depending on the specific circumstances; where this is the case, you can contact us for further information on which legal ground we are relying on when processing your personal information.

Purposes for which we use your data and our lawful basis including basis of our legitimate interest:

  • To register you as a passenger with us and as a user of our Transdev GO App, which is necessary in order to perform a contract we have in place with you;
  • To process and take payments from you for services provided, which is necessary (1) in order to perform a contract we have in place with you and (2) for our legitimate interests (to recover payments which are due to us);
  • To send communications to you through the app in relation to journeys and the services provided to passengers and users, which is necessary for our legitimate interests (to provide effective services to passengers and end users);
  • To identify unsafe or fraudulent behaviour, which is necessary (1) in order comply with legal obligations to which we are subject; and (2) for our legitimate interests (to provide safe and reliable services to our passengers and end users and to ensure the safety of our staff);
  • To manage our relationship with you, which may include notifying you of changes to our privacy policy or terms of use/service, and asking you to take part in surveys, which is necessary in order to perform a contract we have in place with you;
  • To provide, maintain and improve our services, including developing new features, which is necessary for our legitimate interests (to better understand our customers and services, to keep our app and services updated and relevant, to develop our business and to inform our marketing strategy);
  • To perform internal operations and for internal record keeping purposes, including preventing fraud or abuse of our services, troubleshooting software bugs and operational problems, conducting data analysis, testing and research, and monitoring and analysing usage and activity trends, which is necessary (1) to comply with legal obligations to which we are subject; and (2) for our legitimate interests;
  • To make suggestions and recommendations to you about goods or services that may be of interest to you, which (1) is necessary for our legitimate interests (to develop our products/services and grow our business) where lawful to do so; or (2) may only be required where we have your consent to do so (and where your consent is required); and
  • To comply with requests for information raised with us by law enforcement authorities and regulatory bodies, which is necessary to comply with legal and regulatory obligations to which we are subject.

3. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Information Controller at [email protected]

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the data protection law, where this is required or permitted by law.

4. Information We Share

We share your data with certain third parties (listed below) for the purposes set out in the “How we use the information we collect” section above:

  • Third parties who provide the technology platforms through which we offer our services to you (e.g. Stripe, GoCardless);
  • Agents we engage to perform functions on our behalf or service providers (acting as Data Processors on our behalf) who provide IT and system administration services in connection with your use of our website and/or the Transdev GO app, including Rise Digital Media;
  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • Other bus operating companies where there is a formal data sharing agreement in place;

·       Other members of the Transdev group of companies, which may include our subsidiaries, our ultimate holding company Transdev plc (Company Number: 02749273) and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • We may disclose your personal data to the Police or any other law enforcement agency or court to the extent necessary for purposes including preventing, investigating, detecting, and prosecuting criminal offences; preventing threats to public security in accordance with applicable law; or validating a claim

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Trusted partners currently used are: Campaign Monitor, Facebook, Google, Instagram, Littlepay, GoCardless,  Worldpay, Icomera, Synectics, Ayden, Rise Digital Media, Stripe, X, You can view their Privacy Policies below:

Facebook

https://www.facebook.com/about/privacy

X / Twitter

https://twitter.com/en/privacy

Instagram

https://privacycenter.instagram.com/

Campaign Monitor

https://www.campaignmonitor.com/policies/#privacy-policy

Icomera

http://www.icomera.com/policies/

Stripe

https://stripe.com/gb/privacy

Rise Digital Media

https://www.risedm.com/privacy-policy/

Go Cardless

https://gocardless.com/privacy/

Littlepay

https://littlepay.com/privacy-policy/

 

Worldpay

https://www.worldpay.com/en-gb/privacy

Ayden

https://www.adyen.com/en_GB/privacy-policy

Cammax

https://www.cammaxlimited.co.uk/

Google

https://policies.google.com/privacy?hl=en

Synectics

https://synecticsglobal.com/privacy-policy 

 

We do not control these third party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy notice of the other websites you visit.

We provide a Staff Travel Scheme (commuter club) with employers, that enables employees to pay for their travel through their salary. Your employer will share with us with your details in order that we can manage your membership of the scheme.

We provide a Travel Scheme to some Colleges and Local Authorities, that enables them to provide discounted or sometimes free travel to Students. Your College or Local Authority will share with us your details and photograph in order that we can manage your membership of the scheme.

5. Transdev GO App

Transdev engages Rise Digital Media to act as processor for personal data gathered from the Transdev GO App. Transdev is the point of contact for data subjects.

6. Security

We take our responsibility to protect and secure your information seriously.

All personal data held by Transdev is securely stored within data centres in the United Kingdom.

In order to prevent unauthorised access or disclosure we have put in place physical, electronic and managerial procedures to safeguard and secure the information we collect online. Measures we take include placing confidentiality requirements on our staff members and service providers. We also destroy or permanently anonymise personal information if it is no longer needed for the purposes for which it was collected.

As the security of your information depends in part on the security of the device you use to communicate with us and the security you use to protect any usernames and passwords necessary to make use of our app, please take appropriate measures to protect this information.

We regularly review operating systems and browsers and implement new security measures as they are released. To ensure we can protect your data, we routinely stop supporting older browsers and operating systems and you should ensure you are using a supported version.

7. Transfers of Your Personal Data to Locations Outside the United Kingdom and European Economic Area (EEA)

Your data will not be transferred by Transdev outside of the United Kingdom or EEA.

8. Storing Your Personal Information

We retain data for as long as is reasonably necessary for the purpose for which it was collected, as explained in this notice.

Personal data is removed where possible or anonymised if the record entity is required (for example, for accounting purposes or trends analysis).

Data is securely erased and/or deleted, using approved software or collection services. This follows industry best practices, for example the use of paper shredding and computer file shredding software.

In specific circumstances, we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of litigation relating to your personal information.

Retention periods for key data we collect and process are outlined below:

Type of Data

Retention Period

Relating to an account on our digital services

Until you notify us you wish to close the account and use the “Forget me” function to delete it 

Period/Subscription Travel Card

2 years unless you notify us you no longer require the card

Customer Query or Complaint Details Submitted

3 years

On Bus CCTV

28 days before it is recorded over 

Downloaded CCTV

Personal injuries (adults) – 4 years

Personal injuries (under 16) – until their 21st birthday plus 3 months

Internal investigations and customer complaints – 3 months

Paper receipts for purchases in the Travel Centre

18 months 

Online transaction information

5 years from the end of the tax year to which the records relate

Telephone call recordings

12 months 

Information submitted through the website or apps feedback channels

2 years

Records relevant for tax purposes

8 years from the end of the tax year to which the records relate

On Bus Wi-Fi

12 months

 

9. Photography and Filming

We sometimes take photographs or undertake filming on and off our buses or in our bus stations and Travel Shops in order to market and promote the Company.

Where photography or filming is taking place, you must express to the photographer at the time you do not want to be included.

Where photography or filming is taking place with pre-arranged models or customers, a photography agreement must be completed, which will outline the purpose of the shoot, the intended use of the images or filming and the period for which they will be used and retained.

Our preferred photography agency uses a secure, online data storage facility to transmit their photographs and films to us.

10. Direct Marketing

We are subject to rules and privacy laws when marketing to our customers. For example, a Data Subject’s prior consent will be required for electronic direct marketing (for example, by email, text or automated calls).

The limited exception for existing customers known as “soft opt in” allows us to send marketing texts or emails if we have obtained contact details in the course of a sale to you (through the Transdev GO App or purchase of a Subscription card product), we are marketing similar products or services, and we give you the opportunity to opt out of marketing when first collecting the details and in every subsequent message.

You can opt out of receiving our marketing emails by pressing the Unsubscribe link included on all of our emails, or by contacting [email protected]  

Your objection to direct marketing will be promptly honoured and when a customer opts out at any time, their details will be supressed as soon as reasonably practicable. Suppression will involve retaining minimal information to ensure that marketing preferences are respected in the future.

11. On Bus Wi-Fi

Our on-bus Wi-Fi is provided by a third party, Icomera UK Limited.

Icomera collect and process personal data on our behalf as a data processor, in order to deliver internet connectivity to customers and other end users. To be able to provide the Wi-Fi service to you, it is necessary to process your Medium Access Control address (“MAC”)  (your device identification), train GPS position, IP address, timestamp and session ID. During the user login process, your device ID (MAC address) is used to authenticate the device after the Terms and Conditions have been accepted.  The MAC address is stored with associated timestamps, accounting and duration of the session, in order to offer functions such as throttling, auto-login and session termination.

12. CCTV

Transdev and subsidiaries have CCTV installed on the interior and exterior of all buses and within our Travel Centres, bus stations and depots and use the images for the following purposes:

  • Public and employee safety
  • Road traffic collision and accident investigation
  • The detection, prevention and investigation of crime
  • External complaints and internal reports of claims of irregularities
  • To ensure compliance with company policies and procedures
  • Performance management
  • Staff training

13. Your Rights 

Your legal rights

Under certain circumstances and subject to certain exemptions, you have rights under data protection laws in relation to your personal data. We may ask you for additional information to confirm your identity and for security purposes, before responding to a request you raise. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased. In the UK, the age of consent (when a child is required or able to give their consent for the processing of their own personal data) is 13 years old

You can exercise your rights by contacting us using the details below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.  We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of the source of your personal information, the purposes, legal basis and methods of processing and the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected,
  • you have withdrawn your consent (where our processing was based on your consent),
  • following a successful right to object (see details of your right to object below),
  • it has been processed unlawfully, or
  • to comply with a legal obligation to which we are subject.

We will not be required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

Right to restrict our processing of your personal data

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested and you allow us a reasonable time investigate to verify its accuracy,
  • the processing is unlawful, but you do not want it erased,
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims, or
  • you have exercised the right to object, and verification of overriding grounds is pending.

Right to transfer your personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where the processing is based on your consent or on the performance of a contract with you and the processing is carried out by automated means.

Right to object to our processing of your personal data or withdraw your consent

You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

14. Contact Us

You can contact us in connection with any and all issues arising from this privacy notice in the following ways:

  • Email us at [email protected]
  • Write to us at Data Information Officer, Transdev Blazefield Limited, Prospect Park, Broughton Way, Harrogate, HG2 7NY.

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

We try to respond to all legitimate requests within thirty days. Occasionally it could take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

15. How to Contact Regulatory Authorities

If you feel that we have not addressed your concern in a satisfactory manner, you have the right to report your concern to an appropriate regulatory authority. If you are located in the UK then you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (Information Commissioner's Office (ICO)).

16. Changes to This Policy

We may change this policy from time to time and will notify customers as soon as reasonably practicable through our website, social media channels and directly to customers electronically (where we have permission to do so) when such changes occur.

 

Click here to download a PDF of our Privacy Policy 2024