60+ Oyster photocard
Personal information we hold
The personal information we hold about you includes:
- Name, address, email address, telephone number
- Date of birth
- Scanned image of your passport details page (which includes your photograph and passport number)
- Password and user name for your TfL web account
- Your marketing and contact preferences
- Your journey history
- Enquiries, complaints or other correspondence from you
If you sign in to your online account, TfL will collect the IP address used by your device for the purpose of fraud prevention and detection.
Legal basis for using your information
Under privacy and data protection legislation, TfL is only allowed to use personal information if we have a proper reason or 'legal basis' to do so. In the case of Oyster, there are a number of these 'legal grounds' we rely on, which are:
- Our statutory and public functions:
- to undertake activities to promote and encourage safe, integrated, efficient and economic transport facilities and services, and to deliver the Mayor's Transport Strategy
- Where you have given your consent to TfL, for example:
- where you have opted in to receive marketing messages from us; or
- you have asked the contact centre to resolve an issue or complaint for you
For the 'performance of a contract', for example:
- in connection with the terms and conditions of the 60+ Oyster photocard
- where you have created an online account so we can provide additional services to you
Obtaining and using your information
Most of the personal information we hold is provided by you when you apply for your 60+ Oyster photocard.
TfL and the companies that process personal information on our behalf use your information for customer services and to administer the 60+ Oyster photocard scheme.
For example, we will use your personal information to ensure that you are eligible (and continue to be eligible) for the particular scheme you have applied for, to issue your 60+ Oyster photocard and respond to queries if you contact us.
In June 2019, we introduced a new requirement that all applicants must supply a scanned image of their passport details page (the page with your photograph and passport number) as part of the online application process for a 60+ Oyster photocard. We did this in order to prevent and detect fraudulent applications, and to ensure that our concessionary travel schemes are only used by those people actually eligible to do so. We will not use your passport information for any other purpose.
If you contact Customer Services in connection 60+ Oyster photocard, we will create a record of this. If you phone us, your call may also be recorded for training and quality purposes.
TfL's ticketing system records the location, date and time an Oyster card is used to make a journey on TfL's network, affiliated National Rail services or London River Services on which Oyster cards are accepted.
If you sign up for an online account and provide your email address, from time to time we will send you travel related information by email. These will be messages that are useful to know in relation to your 60+ Oyster photocard or the services that you use, and might include:
- important changes to services you use
- new travel services
- travel disruption
- information about fares
- consultations on TfL's plans for transport in London
- changes to terms and conditions of travel
We appreciate that you don't always want to be contacted in this way, so all our emails will include a hyperlink so you can opt out from receiving future service messages at any time.
We will only send you messages about TfL's offers and promotions if you have chosen to receive them and you can change your marketing preferences at any time.
TfL will never pass your personal information to any other organisation for marketing purposes without your prior consent.
TfL will use aggregated or depersonalised Oyster journey information to carry out research and analysis, for example, to look at travel demand, provide customers with information on how busy stations are at particular times and to make improvements to our transport services. Individuals will not be identified using this information.
Length of time we keep information
TfL will retain personal information in line with its data retention policies. This means that we will not hold information for longer than is necessary for the purposes we obtained it for.
We retain data about the individual journeys made using your 60+ Oyster photocard for eight weeks after the card is used. After eight weeks, the journey data in the ticketing system is disassociated from your card (ie pseudonymised). This eight-week period is considered reasonable to enable customers to verify or make enquiries concerning their journeys (for example, for refund purposes).
Some journey information is also stored on the Oyster card itself; this comprises the last eight journeys and related charges, up to three season tickets (generally the most recent three tickets, including future dated), and the last two incomplete journeys, if any. If you don't use your Oyster card very often, the data stored on the card may be older than eight weeks. However, no other data is stored on the Oyster card itself (eg name or address).
The information we collect as part of the application process (including the scanned image of your passport details page) is kept for up to three years after the expiry date of your photo card.
IP addresses collected when you access your Oyster online account are retained for 13 months. This helps TfL monitor for things like online fraud, for example when people apply for online refunds.
Call recordings made when you contact Customer Services are kept for 6 months.
Keeping personal information secure
We take the privacy of our customers very seriously and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with Oyster data. This includes payment card data which is securely handled by a specialist payment processing company in accordance with the Payment Card Industry Data Security Standard ('PCI DSS').
Anyone with access to personal information held in TfL's systems is required to complete TfL's privacy and data protection training on an annual basis.
We also publish guidance on the steps you can also take to protect your personal information.
Automated processing and profiling
Under data protection legislation we have to let you know when we use your personal information to do something 'automatically' using our computers or other systems, or make an automated decision (without human intervention) that significantly affects you.
We use your journey history, travel patterns, or frequently used stations as the basis for sending service messages. For example if you regularly use the Central Line, we might use this information to help decide that messages about service alterations on that line would be helpful for you to know.
Similarly, we may use postcode information to decide that it would be useful for you to know about changes to travel services near where you live, such as a station or bus stop closure or a road closure or diversions.
The purpose of this type of profiling is to make sure that we send only information to people who will actually find it relevant and useful. You are able to opt out from receiving these kinds of messages at any time.
We analyse application data, journey patterns and transaction history to inform measures to protect TfL against fare evasion and fraudulent transactions. We use this data in different ways, including identifying 'hotspots' so we can deploy Revenue Inspectors in certain London Underground stations or on particular bus routes.
We may also use the outcome of our analysis to contact you with advice to touch in and out at the correct stages of a journey.
We may also suspend or withdraw concessionary Oyster photocards based on their initial purchases, or subsequent top ups and disable web accounts based on online activities.
Part of our statutory responsibilities includes a duty to do all we reasonably can to reduce crime and disorder on and around the transport system - and we work together with our local authority, policing, and other law enforcement partners as part of this.
We may use aggregated or depersonalised Oyster journey data to undertake intelligence, analysis and research activities to identify and inform responses to a number of issues including:
- Reducing all crime and anti-social behaviour on and around the public transport network
- Creating crime and anti social behaviour strategies
- Targeting crime and disruption hotspots to better coordinate and deploy policing resources
- Reducing fear of crime and improving public confidence in the safety of the journeys they make in the capital
Sharing personal information
TfL uses an external service provider to process your application, issue your photocard and operate the photocard scheme on a day to day basis, including Customer Services. TfL also uses external service providers to operate 'back office' technical services, secure payment processing and customer database management.
When you apply for your 60+ Oyster photocard, we check with London Councils (the body that issues Freedom Passes on behalf of the London Boroughs), to ensure that you do not already benefit from one of their concessionary travel schemes.
TfL may verify your continuing eligibility for your 60+ Oyster photocard by sharing personal information with, and receiving information from, relevant third party agencies, including London Councils, to ensure that you are not in receipt of the travel discount when you are no longer eligible. We may, for example, check that you still live in London, or whether hold another concessionary travel discount such as a Freedom Pass.
To ensure you continue to receive free travel in London after your 60+ Oyster photocard expires, TfL can provide your personal details to London Councils, so that they can offer you an Older Person's Freedom Pass. We will only ever do this where we have your consent to do so, and we ask for this at the time you apply for your 60+ Oyster photocard.
If you use your 60+ Oyster photocard on National Rail services, TfL may share your personal data with the relevant train operating companies for the purposes of customer administration and fraud prevention and detection. The same applies if you use your Oyster card on river services operated by other companies.
Where you have agreed to receive marketing messages from train operating companies, we will pass them your contact details.
If you appeal against a penalty fare notice issued on a National Rail service and you state that you used your Oyster card for that journey, the independent appeals body may verify the information you provide against journey data held in our ticketing systems. This is strictly for the purpose of assessing your appeal, and any information sharing is managed in accordance with relevant privacy and data protection legislation.
We have partnerships with a number of academic institutions in the UK and overseas (e.g. USA), who work with us to analyse journey patterns and undertake travel modelling to help us understand the way our customers travel so we can improve and plan our services for the future.
To do this we provide them with journey data derived from our Oyster ticketing systems that has been processed, replacing data, where required, with alternative identifiers (pseudonyms) so that it isn't possible to identify an individual customer.
All academic research is carried out in accordance with privacy and data protection legislation and protected by robust confidentiality agreements.
In some circumstances, disclosures of personal data to the police (and other law enforcement agencies) are permitted by data protection legislation, if they relate to the prevention or detection of crime and/or the apprehension or prosecution of offenders. Before any such disclosure takes place, the police are required to demonstrate that the personal data concerned will assist them in this respect. Each police request to TfL is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with data protection legislation.
TfL may also receive or disclose personal information about customers in relation to certain emergency situations or other incidents that require an immediate response. Such events may include those involving public health, public safety or national security matters, when access to personal information is necessary to manage the incident. In some situations, we may also be required by law to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests will be assessed on a case-by-case basis and take into account privacy considerations before a disclosure is made.
TfL, its service providers and academic research partners currently process personal information relating to Oyster within the UK, the European Economic Area (EEA) and the USA. Any such processing is subject to appropriate contractual safeguards and carried out in accordance with the requirements of UK and EU privacy legislation.
Your information rights
You can see your journey history by signing into your web account or you can request a copy by calling Customer Services. You can also use your Oyster card to view your last eight journeys and the transaction details at ticket machines at Tube stations.
You can also view and update the contact information we hold about you within your account; as well as your contact and marketing preferences. If you would like to close your Oyster Photocard web account, please contact Customer Services or contact our Privacy and Data Protection team.
For access to other personal information held by TfL about you please see Subject Access requests in Access your data.
If you would like to unsubscribe from service or marketing messages, please use the link we include at the end of every email. You can also update your contact preferences within your online account - or by emailing email@example.com at any time.
You also have a number of other information rights which include:
- The right to question any information we have about you that you think is wrong or incomplete
- The right to object to how we use your data or to ask us to delete or restrict how we use it
- In some cases, the right to receive a copy of your information in a format that you can easily re-use
- The right to complain to the regulator - the Information Commissioner's Office
The TfL Privacy and Data Protection team considers and coordinate responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies.
You can contact the Data Protection Officer by email at firstname.lastname@example.org
Changes to this page
It's likely that we'll need to update this statement from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions. This page was last updated in February 2020.