If you are registered under an Oyster photocard concessionary scheme, you can find extra information about how we use your personal data in Terms & conditions.
Oyster card customers must register their cards in order to buy monthly or longer period season tickets.
Registration is optional for holders of 7 Day Travelcards or pay as you go credit.
The data we hold includes:
The Oyster ticketing system links the data recorded when an Oyster card is used to validate a journey to an individual Oyster card for eight weeks after the card is used.
After eight weeks, the data in the ticketing system is permanently disassociated from the Oyster card and it cannot be linked to an individual. We retain the anonymous journey data for research purposes.
The eight-week period is considered reasonable to enable customers to verify or make enquiries concerning their Oyster journeys (for example, for refund purposes) and was agreed in consultation with the Information Commissioner's Office at the time of Oyster's implementation in 2003.
We are changing the Oyster ticketing system so that it will retain customers' names and contact details for two years after the customer last used their card or bought an Oyster product.
The Oyster ticketing system retains details of debit or credit cards used to buy Oyster products, for a maximum of 18 months.
Please note if you are issued a penalty fare notice or prosecuted for fare evasion, we will need to keep your personal details and relevant journey and transaction history for a longer period.
Oyster card customers can view details of the last eight journeys made on their card at London Underground and London Overground touchscreen ticket machines or by requesting a print out at a ticket office.
If you have registered your Oyster card, you can request a copy of your journey history by contacting the Oyster helpline, or by accessing your web account.
You can request access to other personal information through a subject access request.
We take the privacy of our customers very seriously and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with Oyster cards.
We share customer data only in very limited circumstances. We only share Oyster users' personal data with our subsidiaries and service providers, and those train operating companies which accept Oyster for travel on their services. The data is used for the purposes of customer services and administration, to provide travel-related information and for customer research and fraud prevention.
We do not pass any Oyster data to third parties for marketing purposes.
At our discretion, we may disclose personal data in response to valid requests from the police and other law enforcement bodies. This is permitted by the Data Protection Act 1998 (DPA).
We may also disclose personal data if required to do so by law. The DPA allows us to do this where the request is supported by evidence of the relevant legislation which requires the disclosure, or a court order.
All police requests for Oyster card information are coordinated by a specialist request handling team within TfL, which assesses the validity of each request.
Before we authorise any disclosure, the police have to demonstrate that the personal data concerned will assist them in the prevention or detection of a specific crime, or in the apprehension or prosecution of an offender.
Each police request is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with the DPA.
We reject about 5-10% of requests each month because the police do not provide acceptable levels of detail or, we deem the requests excessive.
Transport for London (TfL), its subsidiaries and service providers, will use your personal information for the purposes of customer services and administration, the provision of travel related information, customer research and fraud prevention.
If you use your Oyster card in connection with National Rail products or services, you will also be authorising TfL to share your personal information with relevant Train Operating Companies so that they can use it for the same purposes. Your personal information will be properly safeguarded and processed in accordance with the requirements of the Data Protection Act 1998.
In certain circumstances, TfL may also share your personal information with the police and other law enforcement agencies for the purposes of the prevention or detection of crime.
TfL and its subsidiaries may also contact you about our offers and promotions. Please tick the relevant box if you do not wish to receive this information.
Train Operating Companies and their subsidiaries, whose services you have used, may contact you about their offers and promotions. Please tick the relevant box if you do not wish to receive this information.