If you use an Oyster card for travel please see our Oyster privacy page.
Contactless payment methods can include bank/credit cards, mobile phone applications, key fobs, wristbands, payment stickers and tags. Please see What is a contactless payment card to find out more.
Personal information we hold
Signing up for a customer account is optional for all users of contactless payment for travel. If you are a registered customer and have an online account, the personal information we will hold includes:
- Name, billing address, email address, telephone number
- Password/memorable information
- The PAN (16 digit number) and expiry date of each contactless payment card registered
- Journey history (including journeys made on National Rail services that accept contactless payments)
- Your marketing and contact preferences
- Transaction information (including journeys and refunds)
- Enquiries, complaints or other correspondence from you
Where TfL asks for the three digit CVV or CSV code from the reverse of your card, this is for validation/verification purposes only and helps us to check with your card issuer the card has not been reported lost or stolen. The code is deleted immediately after this process is completed.
If you sign in to your online web account, TfL will collect the IP address used by your device for the purpose of fraud prevention and detection.
Legal basis for using your information
Under privacy and data protection legislation, TfL is only allowed to use personal information if we have a proper reason or 'legal basis' to do so. In the case of contactless, there are a number of these 'legal grounds' we rely on, which are:
- Our statutory and public functions:
- to undertake activities to promote and encourage safe, integrated, efficient and economic transport facilities and services, and to deliver the Mayor's Transport Strategy
- Where you have given your consent to TfL, for example:
- where you have opted in to receive marketing messages or in-app notifications from us; or
- you have asked the contact centre to resolve an issue or complaint for you
- For the 'performance of a contract', for example:
- in connection with paying for a journey
- where you have created an online account so we can provide additional services to you
Obtaining and using your personal information
The personal information we hold is provided by you when you create an online account via our website.
If you contact Customer Services in connection with your contactless payment card, we will create a record of this. If you phone TfL your call may also be recorded for training and quality purposes.
TfL's ticketing systems record the location, date and time a contactless card is used to make a journey on TfL's network, affiliated National Rail services or London River on services on which contactless cards are accepted.
If you sign up for an online account, from time to time we will send you travel related information by email. These will be messages that are useful to know in relation to the way you travel, and might include.
- important changes to services you use
- new travel services
- travel disruption
- information about fares
- consultations on TfL's plans for transport in London
- changes to terms and conditions of travel
We appreciate that you don't always want to be contacted in this way, so all our emails will include a hyperlink so you can opt out from receiving future service messages at any time.
We will only send you messages about TfL's offers and promotions (marketing messages) if you choose to receive them, and you can change your marketing preferences at any time.
TfL will never pass your personal information to any other organisation for marketing purposes without your prior consent.
TfL will use aggregated or depersonalised contactless journey information to carry out research and analysis, for example, to look at travel demand, provide customers with information on how busy stations are at particular times and to make improvements to our transport services. Individuals will not be identified using this information.
Choosing not to provide personal information
You can use your contactless payment card to travel at any time without providing any other personal information to TfL or creating an online account.
If you use contactless payment for travel in this way, we will still hold the payment card details and journey data in the same way; however, no other personal information (eg your name or address) will be linked to your transaction.
If you choose not to provide personal information to us, you will not be able to open an online account. It may also delay or prevent us from offering other services to you such as the resolution of complaints or concerns, or issuing you a refund.
Length of time we keep information
TfL will retain personal information in line with its data retention policies. This means that we will not hold information for longer than is necessary for the purposes we obtained it for.
We retain data about the individual journeys made using contactless payment for 13 months after the card is used. This is the case whether or not you have added the card to an online account. After this time, the journey data in the ticketing system is disassociated from your payment card (ie pseudonymised). This 13 month period is necessary because the details of your journey and payment cannot be separated and, like other retailers, TfL has to retain this transaction data in accordance with financial service industry regulations.
You have the option to disassociate a contactless payment card from your online account at any time. If you ask us to do this, details of the card will also be disassociated from your other personal information.
IP addresses collected when you access your online account are retained for 13 months. This helps TfL monitor for things like online fraud, for example when people apply for online refunds.
Call recordings made when you contact Customer Services are kept for 6 months.
Keeping personal information secure
We take the privacy of our customers very seriously, and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with contactless payment cards.
Anyone with access to personal information held in TfL's systems is required to complete TfL's privacy and data protection training on an annual basis.
This includes ensuring that your payment card data is handled in accordance with the Payment Card Industry Data Security Standard ('PCI DSS').
We also publish guidance on the steps you can also take to protect your personal information.
Automated processing and profiling
Under data protection legislation we have to let you know when we use your personal information to do something 'automatically' using our computers or other systems, or make an automated decision (without human intervention) that significantly affects you.
TfL calculates the fares you are charged using automated means - ie using the location where you start your journey (touch in) and, if travelling by train or tube, end your journey (touch out). If you use a pink card reader, that data will be used to confirm you took a particular route and charge you accordingly.
On some occasions, TfL may 'auto complete' a journey for you if you do not tap your payment card on a yellow reader at both ends of your journey. We do this by looking at other journeys you have made and making an assumption about the likely origin or destination of the incomplete journey.
If you are due a refund as a result of TfL auto completing your journey (eg if you were originally charged a maximum single fare), we will also automatically load the refund amount to your payment card.
We may also proactively issue you a refund if we can see from your journey history that you have been affected by a major disruption or incident that has severely impacted your travel.
If you believe you have been incorrectly charged, or not received a refund you were due, you can ask Customer Services to review those transactions.
We analyse journey patterns and transaction history to inform measures to protect TfL against fare evasion and fraudulent transactions. We use this data in different ways. For example, to identify 'hotspots' so we can deploy Revenue Inspectors in certain London Underground stations or on particular bus routes.
We may also use the outcome of our analysis to contact customers directly, with advice to touch in and out at the correct stages of a journey. In cases where we suspect fraud, we might invite you to attend a formal interview with us.
We may also disable online Oyster and contactless accounts based on online activities.
We use your journey history or travel patterns as the basis for sending service messages. For example if you regularly use the Central Line, we might use this information to help decide that messages about service alterations on that line would be helpful for you to know.
Similarly, we may use postcode information to decide that it would be useful for you to know about changes to travel services near where you live, such as a station or bus stop closure or a road closure or diversions.
The purpose of this type of profiling is to make sure that we send only information to people who will actually find it relevant and useful. You are able to opt out from receiving these kinds of messages at any time.
Part of our statutory responsibilities includes a duty to do all we reasonably can to reduce crime and disorder on and around the transport system - and we work together with our local authority, policing, and other law enforcement partners as part of this.
We may use aggregated or depersonalised contactless journey data to undertake intelligence, analysis and research activities to identify and inform responses to a number of issues including:
- Reducing all crime and anti-social behaviour on and around the public transport network
- Creating crime and anti-social behaviour strategies
- Targeting crime and disruption hotspots to better coordinate and deploy policing resources
- Reducing fear of crime and improving public confidence in the safety of the journeys they make in the capital
Sharing personal information
TfL has contracts with a number of third party service providers, who provide the majority of the administration and 'back office' services that ensure the efficient day-to-day operation of our electronic ticketing systems. This includes our electronic ticketing systems, some customer services support and the customer relationship database.
If you use your contactless payment card on National Rail services, we may share your personal data with the relevant train operating companies for the same purposes as TfL handles your data, ie customer services and administration, the provision of travel related information, customer research and fraud prevention. The same applies if you use your contactless card on river services operated by other companies.
Where you have agreed to receive marketing messages from train operating companies, we will pass them your contact details.
TfL will not share the details of individual journeys with your bank or credit card provider. These transactions will appear on your bank or credit card statement in the same way as any other purchase made using that card.
From time to time TfL or other organisations (such as your bank or credit card provider) may want to offer you the opportunity to participate in offers, promotions or fundraising initiatives linked to the use of contactless payment on TfL services. If this involves sharing information such as the details or cost of a journey you've made, TfL (or that other organisation) will always let you know and where appropriate seek your prior consent.
We have partnerships with a number of academic institutions in the UK and overseas (eg the USA), who work with us to analyse journey patterns and undertake travel modelling to help us understand the way our customers travel so we can improve and plan our services for the future.
To do this we provide them with journey data derived from our contactless systems that has been processed, replacing data, where required, with alternative identifiers (pseudonyms) so that it isn't possible to identify an individual customer. All academic research is carried out in accordance with privacy and data protection legislation and protected by robust confidentiality agreements.
In some circumstances, disclosures of personal data to the police (and other law enforcement agencies) are permitted by data protection legislation, if they relate to the prevention or detection of crime and/or the apprehension or prosecution of offenders. Before any such disclosure takes place, the police are required to demonstrate that the personal data concerned will assist them in this respect. Each police request to TfL is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with the data protection legislation.
TfL may also receive or disclose personal information about customers in relation to certain emergency situations or other incidents that require an immediate response. Such events may include those involving public health, public safety or national security matters, when access to personal information is necessary to manage the incident. In some situations, we may also be required by law to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests will be assessed on a case-by-case basis and take into account privacy considerations before a disclosure is made.
TfL, its service providers and academic research partners currently process personal information relating to contactless payment within the UK, the European Economic Area and the USA. Any such processing is subject to appropriate contractual safeguards and carried out in accordance with the requirements of UK and EU privacy legislation.
Using the ticketing app
If you download and use our mobile ticketing app, certain information may be collected automatically. This may include the type of mobile device you are using and its unique identifier (such as the device name or ID), Internet Protocol (IP) address, Media Access Control (MAC) address, and IMEI number.
We also use analytics (similar to cookies on websites) which are small files that capture data to help us improve the app's performance. We use them to collect information about your use of the app, such as what app content you access most frequently, or if you receive an error message when using the app.
If you opt in, we will also send you notifications via the app. You can change your mind at any time by amending the settings within your device.
Find out more in the ticketing app Terms and Conditions.
Your information rights
If you are a registered customer, you can see your journey history (for up to the last 13 months) and other transactions by signing into your TfL online account. You can also view and update the contact information we hold about you; as well as your contact preferences.
Unregistered contactless payment customers without an account can access the last seven days' journey history online. You will be required to enter your contactless payment card number, expiry date, card security code and billing address on each occasion you wish to access the last seven days of journey and charging data. TfL will use the information you provide to carry out an authorisation check with your card issuer and will not use or retain it for any other purpose.
You can also request a copy of your journey history by calling Customer services. You will be required to verify your card information and identity each time you access this service.
For access to other personal information held by TfL about you, please see our Access your data page on how to do this.
If you would like to unsubscribe from service or marketing messages, please use the link we include at the end of every email. You can also update your contact preferences within your online account - or by emailing email@example.com at any time.
You also have a number of other information rights which include:
- The right to question any information we have about you that you think is wrong or incomplete
- The right to object to how we use your data or to ask us to delete or restrict how we use it
- In some cases, the right to receive a copy of your information in a format that you can easily re-use
- The right to complain to the regulator - the Information Commissioner's Office
The TfL Privacy and Data Protection team considers and coordinate responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies. You can contact the Data Protection Officer by email at firstname.lastname@example.org
Changes to this page
It's likely that we'll need to update this statement from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions. This page was last updated in February 2020.