If you hold a concessionary Oyster card, please refer to the privacy page which applies to your scheme. If you use your contactless payment card (or other device) to travel please see our Contactless privacy page.
Personal information we hold
Some of the data listed below is only held if you have registered your Oyster card, for example by adding it to an online account. See the Obtaining and using your personal information section for more detail:
- Title, name, address, email address, telephone number (including mobile phone number)
- Customer ID
- Oyster card number
- Password/memorable information/telephone pin number
- Mobile device number (unique code used to identify a device where a customer has opted in to receiving notifications via the TfL Oyster and contactless app)
- Your marketing and contact preferences
- Your journey history
- Payment card information (including the 16 digit PAN, expiry date and CVV number) or bank account and sort code numbers
- Transaction information (for example when and where you topped up your balance or purchased a season ticket, or were issued with a refund, or set up Auto top-up)
- Enquiries, complaints or other correspondence from you
- Supporting evidence collected in relation to some types of refunds
If you sign in to your online account, we will collect the IP address used by your device for the purpose of fraud prevention and detection.
Legal basis for using your information
Under privacy and data protection legislation, we may only use personal information if we have a proper reason or 'legal basis' to do so. In the case of Oyster cards, there are a number of these 'legal grounds' we rely on, which are:
- Our statutory and public functions:
- to undertake activities to promote and encourage safe, integrated, efficient and economic transport facilities and services, and to deliver the Mayor's Transport Strategy
- Where you have given us your consent, for example:
- where you have opted in to receive marketing messages or in-app notifications from us; or
- you have asked our contact centre to resolve an issue or complaint for you
- For the 'performance of a contract', for example:
- in connection with topping up your pay as you go credit, or a season ticket
- where you have created an online account or downloaded the app so we can provide additional services to you
- For the 'purposes of legitimate interests':
- to enable train operators to plan and improve services. Train operators are companies providing National Rail services which accept the use of Oyster and contactless payment cards on their services
- to verify your identity when you contact us or log on to your account
- to process data for online account security monitoring purposes
Obtaining and using personal information
Using your online account
The personal information we hold is provided by you when you create an online account via our website or app and register your Oyster card, or use an Oyster card on the TfL network, and on other services on which Oyster cards are accepted. Depending on how you set up an account and attach an Oyster card to it, we will request only necessary information from you. For example, if you create an account via the app we do not require a security question and answer, or telephone pin number. If you set up the account via our website, or access your app account via our website, this additional information is required.
If you don't have an online account, but contact us in regard to your Oyster card (e.g. to arrange a refund, request a new card, transfer a balance from one card to another, etc) a record of this will be created in our back office system. If you set up an online account later some of these records may be accessible via that account. When this record is created we capture your name, address and email address. In some circumstances we may also capture a contact phone number. This information is then linked to your Oyster card, including any current and future journey history held. Any subsequent records made if you contact us again are also linked to your details.
When you contact TfL
If you contact Customer Services, we will need to collect information from you so that we can respond to your query or request. If you phone us we may record your call so we can train staff, review call quality and have access to a verbal record of what has been said in the event of a subsequent complaint. At the end of your contact with us, we may email you to take part in a customer satisfaction survey about your experience with Customer Services. This helps us monitor our performance, improve quality and plan for future services.
We sometimes also undertake analysis or research into the types of subjects that commonly cause customer concerns and complaints. For example we might look for key words or themes and this helps us improve and plan our services for the future. Pseudonymisation, or other appropriate data minimisation techniques are applied so that we can analyse the subject matter without needing to know the identity of the person themselves. This is a way of protecting people's privacy in line with the Information Commissioner's Anonymisation Code of Practice.
Contacting you by email
If you sign up for an online account via our website or app and provide your email address, from time to time we will send you travel related information by email. These service messages contain useful information in relation to the products you have bought or services that you use, and might include:
- important changes to services you use
- new travel services
- travel disruption
- information about fares
- consultations on TfL's plans for transport in London
- changes to terms and conditions of travel
We appreciate that you don't always want to be contacted in this way, so all our emails will include a hyperlink so you can opt out from receiving future service messages at any time.
We will only send you messages about TfL's offers and promotions (marketing messages) if you choose to receive them, and you can change your marketing preferences at any time.
On occasion we may also send you details of surveys for you to participate in. Some of these surveys are based on your use of TfL services (e.g. journey information, services used, frequency of use, etc). These emails will also include a hyperlink so you can opt out of future surveys.
There are some communications that we have to send you to fulfil our contractual obligations to you. These include emails regarding purchases or other financial transactions you've made (such as Auto top-up, pay as you go transactions or processing a refund) and important account updates where you have created an online account or downloaded the app.
We will never pass your personal information to any other organisation for marketing purposes without your prior consent.
Information about the journeys you take
Our ticketing systems record the location, date and time an Oyster card is used to make a journey on TfL's network, affiliated National Rail services or London River services.
Using journey information to plan and improve services
Understanding how our customers use the transport network allows TfL and Train Operating Companies to plan, manage and improve services. The information used for these purposes doesn't contain customers' personal data. We do not combine this data with CCTV or other sources of data that could identify individuals. This type of data is called pseudonymised journey information, and it allows organisations to carry out transport research without identifying individuals.
We use pseudonymised journey information to carry out research and analysis, for example, to look at travel demand, provide customers with information on how busy stations are at particular times and to make improvements to our transport services. This helps us meet our responsibilities under the Greater London Authority Act 1999; including the delivery of the Mayor's Transport Strategy and the promotion and encouragement of safe, integrated, efficient and economic transport facilities and services to, from and within Greater London. From time to time we may use this information in connection with our other statutory rights and obligations.
We use pseudonymised journey information to undertake intelligence, analysis and research activities to identify and inform responses to a number of safety issues including:
- Reducing all crime and anti-social behaviour on and around the public transport network
- Creating crime and anti-social behaviour strategies
- Targeting crime and disruption hotspots to better coordinate and deploy policing resources
- Reducing fear of crime and improving public confidence in the safety of the journeys they make in the capital
Pseudonymised information about journeys made using Oyster cards that have been taken entirely or partly on routes served by National Rail services is provided to National Rail train operating companies for the following purposes:
- To set prices with TfL;
- To predict future income, set fares and allocate revenue between train operating companies;
- To better understand passenger demand for business, leisure and commuting journeys, and predict how this may change in the future;
- To understand the scope and extent of flexible travel to inform initiatives to encourage passengers to travel outside of peak periods;
- To assess the benefits of proposed investments in infrastructure and to inform strategic long-term railway planning;
- To allow other train operating companies to bid to provide services
Pseudonymised information is processed on the basis of legitimate interests of Train Operating Companies and for the performance of a task carried out in the public interest, or the exercise of TfL's official authority. You have the right to object to use of personal data that is processed on this basis. See the Your information rights section for more detail.
Securing your online account
In 2023 we introduced multi-factor authentication (MFA) to strengthen the existing security measures for online accounts. Existing account holders are prompted to set up MFA when they sign in and for new account holders this is completed as part of the registration process. We request a mobile phone number which will be used each time you sign in to receive a text with a unique code to enter in the sign in screen. The phone number provided for MFA will only be used for the purposes of MFA, unless you have previously provided the number to TfL for a separate purpose (e.g. when liaising with Customer Services).
Choosing not to provide personal information
You can use your Oyster card to pay as you go at any time without providing your personal information to TfL. You can also add weekly and monthly season tickets to your Oyster card without needing to register your card or create an online account.
If you choose not to provide personal information to us, you will not be able to open an online account, add a season ticket to your card that is longer than a month or get a refund (for example if your card is lost or stolen). It may also delay or prevent us from offering other services to you such as the resolution of complaints or concerns.
See the Your information rights section for information about your rights, including accessing your information, raising an objection to the way it is used or requesting its deletion.
Length of time we keep information
We will retain personal information in line with our information disposal policies. This means that we will not hold information for longer than is necessary for the purposes we obtained it for.
We retain information about the individual journeys made using your Oyster card (including Freedom Passes) for between eight and nine weeks after the card is used. The journey data in the ticketing system is then disassociated from your card during the ninth week (ie pseudonymised). This period is considered reasonable to enable customers to verify or make enquiries concerning their journeys (for example, for refund purposes).
In certain limited cases, some information about individual journeys will be held for a longer period of time. An example of this is where we hold data as evidence in relation to TfL's revenue protection function (including the issue of penalty fares and prosecutions for fare evasion).
Some journey information is also stored on the Oyster card itself; this comprises the last eight journeys and related charges, up to three season ticket products, (generally the most recent three tickets, including future dated), and the last two incomplete journeys, if any. If you don't use your Oyster card very often, the data stored on the card may be older than eight weeks.
We hold some summary data relating to journeys made using Freedom Passes which is held for a longer period than the standard retention period described above. This data does not show any individual journeys made on a specific date or time, but it shows the number of journeys taken over a month, and for some cases, the stations travelled from and to during a particular month. This data is kept solely for the purpose of assessing the amount of money individual boroughs pay to TfL for the Freedom Pass scheme, it is not used to make any decisions directly about Freedom Pass holders.
Call recordings made when you contact Customer Services are kept for 6 months.
Keeping personal information secure
We take the privacy of our customers very seriously, and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with Oyster data. This includes payment card data which is handled in accordance with the Payment Card Industry Data Security Standard ('PCI DSS').
Anyone with access to personal information held in TfL's systems is required to complete TfL's privacy and data protection training on an annual basis.
In 2023 we introduced multi-factor authentication (MFA) to strengthen the existing security measures for online accounts - whether accessed via our website or app. MFA is an additional layer of security to the account sign in process, helping to confirm you are who you say you are each time you sign into your account. You may be prompted with a subsequent MFA request in certain circumstances.
Alongside account holders being prompted to complete an MFA request, account sign-ins are subjected to automated fraud and security monitoring to identify suspicious activity and further protect accounts and the information within them. This includes monitoring login activity at the point of sign in and over time (e.g. IP address, browser, geographic location determined by IP address, identity information, known compromised credentials, previous login behaviour, etc).
We also publish guidance on the steps you can also take to protect your personal information.
Automated processing and profiling
Under data protection legislation we have to let you know when we use your personal information to make an automated decision (without human intervention) that significantly affects you.
If you are a pay as you go customer, we calculate the fares you are charged using automated means - ie using the location where you start your journey (touch in) and, if travelling by train or tube, end your journey (touch out). If you use a pink card reader, that data will be used to confirm you took a particular route and charge you accordingly.
On some occasions, we may 'auto complete' a journey for you if you do not tap your Oyster card on a yellow reader at both ends of your journey. We do this based on other journeys you have made to estimate the likely origin or destination of the incomplete journey.
If you are due a refund as a result of us auto completing your journey (eg if you were originally charged a maximum single fare), we will also automatically load the refund amount to your Oyster card.
We may also automatically issue you a refund if your journey history indicates that you have been affected by a major disruption or an incident that has severely impacted your travel.
If you believe you have been incorrectly charged, or not received a refund you were due, you can ask our Customer Service team to review those transactions.
We analyse journey patterns and transaction history to inform measures to protect against fare evasion and fraudulent transactions. We use this data in different ways. For example, to identify 'hotspots' so we can deploy Revenue Inspectors in certain London Underground stations or on particular bus routes.
We may also use the outcome of our analysis to contact Oyster card holders directly, with advice to touch in and out at the correct stages of a journey. In cases where we suspect fraud, we might invite you to attend a formal interview with us.
We may also suspend Oyster cards based on their initial purchases, subsequent top ups and disable online Oyster accounts based on online activities.
We also use your journey history, travel patterns, or frequently used stations as the basis for sending service and marketing messages. For example if you regularly use the Central Line, we might use this information to help decide that messages about service alterations on that line would be helpful for you to know. We may also use this information to send you relevant surveys from time to time.
Similarly, if you have provided us with your address, we may use postcode information to decide that it would be useful for you to know about changes to travel services near where you live, such as a station or bus stop closure or a road closure or diversions.
The purpose of this type of profiling is to make sure that we send only information to people who will actually find it relevant and useful. You are able to opt out from receiving these kinds of messages at any time.
We have a statutory duty to do all we reasonably can to reduce crime and disorder on and around the transport system - and we work together with our local authority, policing, and other law enforcement partners as part of this. Journey patterns may also be used to inform police deployments to prevent and deter crime on the transport network. We use automated systems to prevent and detect fraud and protect the safety and security of our online services.
If you have an online account we will use automated processes to support the protection of the account - such as presenting MFA requests each time you sign in and subsequently once signed in in certain circumstances, and to implement fraud and security monitoring to identify suspicious activity at the point of sign in and over time. The purpose of this type of profiling is to further protect accounts and the information within them.
If you have any difficulties accessing your account you can contact Customer Services for support.
Sharing personal information
We have contracts with a number of service providers, who provide the majority of the administration and 'back office' services that ensure the efficient day-to-day operation of the Oyster card scheme. This includes the ticketing systems, some customer services and the customer relationship database.
If you use your Oyster card on National Rail services or river services, we may share your personal data with the companies operating these services for the same purposes as TfL handles your data - that is customer services and administration, the provision of travel related information, customer research and fraud prevention. Information about sharing pseudonymised journey data is provided in the Obtaining and using your personal information section of this webpage.
Where you have agreed to receive marketing messages from train operating companies, we will pass them your contact details.
If you appeal against a penalty fare notice issued on a National Rail service and you state that you used your Oyster card for that journey, the independent appeals body may verify the information you provide against journey data held in our ticketing systems. This is strictly for the purpose of assessing your appeal, and any information sharing is managed in accordance with relevant privacy and data protection legislation.
We have partnerships with a number of academic institutions in the UK, who work with us to analyse journey patterns and undertake travel modelling to help us understand the way our customers travel so we can improve and plan our services for the future.
Pseudonymisation, or other appropriate data minimisation techniques are applied and all academic research using this information is carried out in accordance with privacy and data protection legislation and protected by robust confidentiality agreements.
In some circumstances, disclosures of personal data to the police (and other law enforcement agencies) are permitted by data protection legislation, if they relate to the prevention or detection of crime and/or the apprehension or prosecution of offenders. Before any such disclosure takes place, the police are required to demonstrate that the personal data concerned will assist them in this respect. Each police request to TfL is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with data protection legislation.
We may also receive or disclose personal information about customers in relation to certain emergency situations or other incidents that require an immediate response. Such events may include those involving public health, public safety or national security matters, when access to personal information is necessary to manage the incident. In some situations, we may also be required by law to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests will be assessed on a case-by-case basis and take into account privacy considerations before a disclosure is made.
TfL, its service providers and academic research partners currently process personal information relating to Oyster within the UK and the European Economic Area. Any such processing is subject to appropriate contractual safeguards and carried out in accordance with the requirements of UK and EU privacy legislation.
Using the TfL Oyster and contactless app
If you download and use our mobile TfL Oyster and contactless app, certain information may be collected automatically. This may include the type of mobile device you are using and its unique identifier (such as the device name or ID), Internet Protocol (IP) address, Media Access Control (MAC) address, and IMEI number.
We also use analytics (similar to cookies on websites) which are small files that capture data to help us improve the app's performance. We use them to collect information about your use of the app, such as what app content you access most frequently, or if you receive an error message when using the app.
If you opt in, we will also send you notifications via the app. You can change your mind at any time by amending the settings within your device.
Find out more in the TfL Oyster and contactless app terms and conditions.
Your information rights
You can see your journey history by signing into your TfL online account, via the TfL Oyster and contactless app or you can request a copy by calling Customer Services on 0343 222 1234 (TfL call charges). You can also use your Oyster card to view your last eight journeys and the transaction details at ticket machines at Tube stations.
If you have an online account, you can also view and update the contact information we hold about you; as well as your contact preferences.
For access to other personal information we hold about you, please see our Access your data page on how to do this. If you would like to unsubscribe from service or marketing messages, please use the link we include at the end of every email. You can also update your contact preferences within your online account - or by emailing firstname.lastname@example.org at any time.
You also have a number of other information rights which include:
- The right to question any information we have about you that you think is wrong or incomplete
- The right to object to how we use your data or to ask us to delete or restrict how we use it
- The right to complain to the regulator - the Information Commissioner's Office
Our Privacy and Data Protection team considers and coordinate responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies.
You can contact the Data Protection Officer by email at email@example.com.
Changes to this page
It's likely that we'll need to update this statement from time to time, so check back here regularly to find out more. This page was last updated in November 2023 to clarify the length of time we retain information about the individual journeys made using your Oyster card.