Beta intro
Mayor of London

Oyster card

If you hold a concessionary Oyster card, please refer to the privacy page which applies to your scheme.

Personal information we hold

Registration is optional for holders of 7-Day Travelcards or if you use pay as you go credit. Customers must register their Oyster card in order to load a monthly or longer period season ticket.  

For registered customers, the personal information we hold includes:

  • Name, address, email address, telephone number
  • Password / memorable information
  • Your marketing preferences
  • Your journey history

    We store the details of any payment cards used for auto top-up, to add pay as you go credit or to purchase season tickets. This information is encrypted and stored in line with payment card industry security standards.

    The TfL ticketing system records the location, date and time an Oyster card is used to validate a journey.

    If you telephone Customer services, your call will be recorded for training and quality purposes.

    If you sign in to your online account, we will collect the IP address used by your computer for the purpose of fraud prevention and detection.

    How we use personal information

    TfL and the companies that process personal information on our behalf use your personal information for customer services and administration, customer research, fraud prevention and to provide you with travel related information.

    We will only send you information about TfL’s offers and promotions if you choose to receive it and you can change your marketing preferences at any time. TfL will not pass your personal information to any other organisation for marketing purposes without your prior consent.

    Length of time we keep information

    We retain data about the individual journeys made using your Oyster card for eight weeks after the card is used. After eight weeks, the journey data in the ticketing system is disassociated from your card (ie anonymised).  This eight-week period is considered reasonable to enable customers to verify or make enquiries concerning their journeys (for example, for refund purposes).

    Customer names and contact information associated with a registered Oyster card will be retained for two years after the card was last used or had a season ticket or pay as you go credit added.

    Some journey information is also stored on the Oyster card itself; this comprises the last eight journeys and related charges, up to three season ticket products, (generally the most recent three tickets, including future dated), and the last two incomplete journeys. If you are an irregular user of your Oyster card, the data stored on the card may be older than eight weeks.

    Details of debit or credit cards used to pay the administration fee, to add pay as you go credit or season tickets are retained for a maximum of 18 months.

    IP addresses collected when you access your Oster online account are retained for 13 months.

    Keeping personal information secure

    We take the privacy of our customers very seriously and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with Oyster cards.

    Sharing personal information

    TfL has contracts with a number of third party service providers, which provide the majority of the administration and 'back office' services that ensure the efficient day-to-day operation of the Oyster card scheme. This includes the central ticketing system, and the customer relationship database.

    If you use your Oyster card on National Rail services, TfL may share your personal data with the relevant train operating companies for the purpose of fraud prevention and detection.

    Where you have agreed to receive marketing messages from train operating companies, we will pass them your contact details.

    In some circumstances, disclosures of personal data to the police (and other law enforcement agencies) are permitted by the Data Protection Act 1998 (DPA), if they relate to the prevention or detection of crime and/or the apprehension or prosecution of offenders. Before any such disclosure takes place, the police are required to demonstrate that the personal data concerned will assist them in this respect. Each police request to TfL is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with the DPA.

    Overseas processing

    TfL and its service providers do not currently process any personal information relating to Oyster outside the United Kingdom.

    Accessing your personal information

    You can see your journey history by signing into your TfL online account or you can request a copy by calling Customer Services. You can also view your last eight journeys and the transaction details at touch-screen ticket machines at Tube stations.

    For access to other personal information please see the section on Subject Access requests in Access your data.

    Oyster card Privacy Notice

    Transport for London (TfL), its subsidiaries and service providers, will use your personal information for the purposes of customer services and administration, the provision of travel related information, customer research and fraud prevention. If you use your Oyster card in connection with National Rail products or services, you will also be authorising TfL to share your personal information with relevant Train Operating Companies (TOCs) so that they can use it for the same purposes. Your personal information will be properly safeguarded and processed in accordance with the requirements of the Data Protection Act 1998.

    In certain circumstances, TfL and relevant TOCs may also share your personal information with the police and other law enforcement agencies for the purposes of the prevention or detection of crime.