Last updated: 26 Nov 2019
Who we are
The Bus Open Digital Data Service (BODDS) is a service for bus operators across England, and local transport authorities or agents working with operators, to publish data about local bus services. It is a legal requirement for bus operators across England to publish this data, so that application developers and other data consumers can use this data without restrictions. The service is provided by the Department for Transport.
What data we collect from you
Our main purpose is ensuring data about local bus services across England is in the public domain. This data is provided by bus operators and anybody can sign up to use it.
The personal data we collect from you includes:
- your questions, queries or feedback and email address if you contact GOV.UK
- your email address and subscription preferences when you sign up to our email alerts
- how you use our emails - for example whether you open them and which links you click on
- your Internet Protocol (IP) address, and web browser version
- information on how you use the site, using cookies and page tagging
Why we need your data
We want to build an accurate database for local bus services across England. So, we need to be able to monitor how the data is being used from time to time. We also collect information through Google Analytics to see how you use this service so that we can make it better.
We also collect data in order to:
- reply to any feedback you send us, if you’ve asked us to
- send email alerts to users who request them
- allow you to access government services and make transactions
- provide you with information about local services
- monitor use of the site to identify security threats
What we do with your data
We use your data to occasionally check your activity when using the service.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
We use user emails and Google Analytics for research purposes to support continuous improvement of the service and derive user satisfaction metrics.
We use Google Analytics software to collect information about how you use GOV.UK. This includes IP addresses. The data is anonymised before being used for analytics processing. Google Analytics processes anonymised information about:
- the pages you visit on GOV.UK
- how long you spend on each GOV.UK page
- how you got to the site
- what you click on while you’re visiting the site
We do not store your personal information through Google Analytics (for example your name or address).
We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.
We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.
How long we keep your data for
We will retain your data for as long as you have a BODS account. However, if you use an institutional email account and depending on what you choose for your account name, this may not include any personally identifiable information.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
Your personal data will not be transferred outside of the European Economic Area (EEA).
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. To prevent unauthorised access or disclosure we have put in place technical and organisational procedures to secure the data we collect about you – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.
Children’s privacy protection
We understand the importance of protecting children’s privacy online. Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.
What are your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.
Changes to this notice
We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data.
Contact us or make a complaint
Contact the GDS Privacy Team if you either:
- have any questions about anything in this document
- think your personal data has been misused or mishandled
GDS Privacy Team firstname.lastname@example.org
You can also contact the Cabinet Office Data Protection Officer.
Data Protection Officer
Data Protection Officer
London SW1A 2AS
If you have a complaint, you can also contact the Information Commissioner's Office (ICO). The ICO is an independent regulator set up to uphold information rights.