Privacy

Last updated: 5th December, 2022

Who we are

The Bus Open Data Service (BODS) is a service for bus operators across England, and local transport authorities or agents working with operators, to publish data about local bus services. It is a legal requirement for bus operators across England to publish this data, so that application developers and other data consumers can use this data without restrictions in their applications, products and research. The service is provided by the Department for Transport.

What data we collect from you

Our main purpose is ensuring data about local bus services across England is in the public domain and utilised responsibly. This data is provided by users, including bus operators, Local Authorities, agents, consumers, or anyone who has signed up to use the service.

The personal data we collect from you includes:

  • your questions, queries or feedback and email address if you contact the Bus Open Data service, supporting mailboxes or team members
  • your sign up information when registering with the service
  • your email address and subscription preferences when you sign up to our email alerts
  • how you use our emails - for example whether you open them and which links you click on
  • your Internet Protocol (IP) address, and web browser version
  • information on how you use the site, using cookies and page tagging

Why we need your data

We want to build an accurate database for local bus services across England. So, we require the ability to monitor how the data is being provided and used over time.

We also collect data in order to:

  • reply to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • allow you to access government services and make transactions
  • provide you with information about local services
  • monitor use of the site to identify security threats
  • communicate service messages aimed at keeping users informed of the service provided, which includes service updates and support that is provided as part of the overall service.
  • spot check the level of service usage for both data publishers and consumers

What we do with your data

We use your data to occasionally check your activity when using the service.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

We use your data to calculate performance metrics to support continuous improvement of the service. When you sign up, you can also opt in to be contacted to participate in user research. If you change your mind later about this, please let us know by emailing BusOpenData@dft.gov.uk.

We use Google Analytics software to collect information about how you use GOV.UK. This includes IP addresses. The data is anonymised before being used for analytics processing. Google Analytics processes anonymised information about:

  • the pages you visit on GOV.UK
  • how long you spend on each GOV.UK page
  • how you got to the site
  • what you click on while you’re visiting the site

We do not store your personal information through Google Analytics (for example your name or address).

We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.

We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.

How long we keep your data for

We will retain your data for as long as you have a BODS account. However, if you use an institutional email account and depending on what you choose for your account name, this may not include any personally identifiable information.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data will not be transferred outside of the European Economic Area (EEA).

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. To prevent unauthorised access or disclosure we have put in place technical and organisational procedures to secure the data we collect about you – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.

Children’s privacy protection

We understand the importance of protecting children’s privacy online. Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.

What are your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.

Changes to this notice

We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data.

Contact us or make a complaint

Contact the DfT Data Protection Officer if you either:

  • have any questions about anything in this document
  • think your personal data has been misused or mishandled

Data Protection Officer

Department for Transport

3rd Floor

One Priory Square

Hastings

East Sussex

TN34 1EA

Email: DataProtectionOfficer@dft.gov.uk

Our Personal Information Charter, can be found here: Personal information charter - Department for Transport - GOV.UK (www.gov.uk)