What personal data we collect from you when you use our website;
How we will collect and use that information;
How we keep information secure; and
How you can contact us if you wish to exercise any of your rights in relation to the information or make a complaint.
- Information we may collect from you
- How we use your information
- Sharing or disclosure of your information
- When we collect information
– Website visits and purchases
– Travel Shop purchases
– Customer Service database
- Where we store your personal information
- Information Security
- Your rights
The data controller is:
Network Ticketing Limited, Stagecoach Depot, Shields Road, Walkergate, Newcastle, NE6 2BZ. Registered in England No. 2197910.
Our Data Protection Manager is The Manager, Network Ticketing Limited, Stagecoach Depot, Shields Road, Walkergate, Newcastle, NE6 2BZ. firstname.lastname@example.org
More information about the Data Protection Law can be found on the Information Commissioners Website
The Information Commissioner is our regulator for data protection matters.
Information we may collect from you
We may collect and process information about you when you buy tickets, use our website, buy a product from us or make a sales enquiry or contact us.
We collect information such as your contact details, ticket purchases, payment and refund details. We may require additional details for some services, such as photographs for ID, or your age for age restricted tickets. This information is generally provided by you. Sometimes we obtain details from third parties, for example, in order to provide some ticket types or a complaint is passed to us from another operator.
How we use your information
We will only use the information you provide as permitted by the Data Protection Law. Depending on how you contact us, use our services, the consent you have given, our legitimate interests, or legal obligations we may have, this will include:
- To provide you with the service (things like carrying out our obligations arising from any contracts- selling tickets, making and taking payments. We mostly rely on the legal ground of contractual performance to process your data, but sometimes the data is also used for our legitimate interests of customer service, like providing information to our regulators)
- To provide you with details of promotions and offers which we feel may interest you; (this is based on our legitimate interests to try and sell more bus tickets when you have given consent for us to contact you and you have an absolute right to ask us to stop sending marketing emails/SMS).
- For your safety and security.
- For fraud and crime prevention.
- To run competitions
Sharing or disclosure of your information
We will only share or disclose your information as set out in this Policy or in accordance with Data Protection Law and will obtain your consent where we are required to do so. We will only use third parties to process information where we are satisfied that they comply with these standards and can keep your data secure. We may share or disclose information for the following reasons:
- We use data processors to provide or assist with some of our services. Where we do so, they must agree to strict contractual terms and to keep your data secure.
- To respond to your complaints or administer requests you have made, either to us or another regulatory body, or appeals service, or local authorities and contract partners;
- To process payment card transactions;
- To comply with requests from the police or other law enforcement agencies for the purposes of crime prevention or detection. These are dealt with on a case-by-case basis, under an overall Information Sharing Protocol, to ensure that any disclosure is lawful;
- To comply with other legal obligations for example, relating to crime and taxation purposes or regulatory activity;
- To protect our legitimate business interests, for example, for fraud prevention or revenue protection; and
- We have a policy in place for one off sharing of data, such as a request from an insurance company.
You can find out more below about the information we collect and how we use, share or disclose it.
Types of Information we collect
Website visits and purchases
This section shows the information we collect when you use our website. Before providing us with your details, please read the following important information regarding:
- Collection of visitor information;
Collection of visitor information
We will only use the information that we collect about you lawfully, in accordance with the Data Protection Law.
The details you provide about yourself and any other information which identifies you (‘Personal Information’) is held by on this website (the “Site”) for operational purposes, for example member registration or processing payments. We may also use your Personal Information to personalise your experience on the Site by informing you of new products or services that we may think are of interest to you.
networkonetickets.co.uk gathers general information about users, for example, what pages users access the most and which areas of the site are most frequently visited. Such data is used in the aggregate to help us to understand how the Network One website is used. We gather this information so that we can continue to improve and develop the website to benefit our users. We may make this aggregated information available to users of the site and also to auditors. These statistics are anonymous.
When you register to buy a ticket, we ask for personal information such as your name, contact details, and other details. Once you register with and accept our Terms & Conditions, you are not anonymous to us. We may contact you regarding site changes or changes to the products or services that you use.
If you buy a ticket online with us, we will record your personal details and send you a confirmation email. Your personal data will be used principally to communicate with you with reference to your request.
A cookie is a small piece of information that is sent to your browser when you access a website. Cookies contain information about your visits to that website and the purpose of cookies is to enable our websites to remember you, and your browsing habits, when you visit it again in the future.
Access to our database containing personal information on registered users of the site is restricted. We encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet. SSL is certified by Verisign and is recognised as a secure way to pay online. As you may be aware, no data transmission over the Internet can be entirely secure. As a result, while we will always use reasonable endeavours to protect the personal information you provide to us, we cannot guarantee the security of your information and the use of our facilities (e.g. e-mail) is at your own risk. If you have any questions about paying for your ticket through the Site, please contact Customer Relations.
Travel Shop Purchases – Period Pass Records Apps and Smartcards
Personal details we hold
When you buy annual passes/season tickets valid for one month or more, we keep a record of this on a database. We keep the following details:
- Name, address and photo card number (if applicable) and date of birth;
- Phone number and email if you provide them;
- The product type, zone, start and end date of annual tickets you have purchased, along with any duplicate, replacement or refund of these; and
- The method of payment used, but not any payment card details.
How we use your personal data
We use this information for Contractual obligations, Customer Service and administration, customer research, marketing and fraud prevention.
Customer Relations Database
We collect your information and comments when you contact us by letter, email, web form, or phone.
Personal details we hold
We may hold your name, address, email address, phone number, social media name, ticket details, our correspondence with you, the compensation claims you have made and payment made by us, and other supporting information you may provide.
To ensure that we carry have an accurate record of dealings between us (and for training purposes) we may, in certain circumstances, record or monitor telephone calls, however you will always be told when this happens.
How we use your personal data
This information is used for administration of correspondence or processing claims you have made, such as delay repay as well as for fraud prevention purposes. We also use it to respond to complaints.
Sharing data with third parties
We may also share information with other Bus Operating Companies, or under interoperable tickets for the purpose of fraud prevention. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with Data Protection Law.
Where We Store Your Personal Information
The information that we collect from you will only be stored in the European Economic Area (“EEA”) or, where it is necessary to disclose it to our processors located outside the EEA, other jurisdictions which are acceptable according to guidance provided by the Information Commissioner and/or where appropriate legal and security safeguards are in place. Please contact the Data Protection Officer if you wish to find out more about the safeguards.
We use a range of technical and organisational measures to safeguard access to and use of, your personal information and to ensure it retains its integrity and availability. These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training. We also consider anonymising or pseudonymising personal data where practical.
ASK FOR A COPY OF YOUR PERSONAL DATA
You are entitled to request a copy of the personal information we hold about you.
We aim to get the information to you without undue delay and within 30 days. If we have any trouble with this timeframe we will let you know within 30 days and explain what the problem is. Sometimes we may hold information that we don’t have to provide, for example it would prejudice a police investigation or contains someone else’s personal data.
In most cases we provide the copy of your data to you for free. We have set out some information about when it might not be free, or provided below.
If you believe the information we hold about you is inaccurate or incomplete you can contact us and ask us to correct it. You may also request any data processing we are carrying out on your data is halted whilst a request for rectification or objection or a dispute over the lawfulness of processing is being considered.
We will provide a response confirming the action we have taken or disagree with taking within 30 days, or provide a response within 30 days if the matter is complex and a further time is needed.
This is also known as the “Right to be forgotten”, you can request deletion or removal of personal information in some circumstances, such as where there is no compelling reason for its continued processing.
We will provide a response to you without undue delay and within 30 days, confirming whether/what personal data we have deleted and/or explaining why we don’t agree that some data does not need to be deleted.
WITHDRAWAL OF CONSENT
If we relied on consent as the ground for processing your personal data, you can withdraw this consent at any time. It does not affect the processing carried out beforehand. You can withdraw consent by contacting our Customer Services Team or our data protection manager email@example.com. We will comply with your request without undue delay and within 30 days.
You also have a right to request that no further processing takes place in relation to some grounds of processing, such as for direct marketing.
We will respond to your request without undue delay and within 30 days, confirming the action we will or won’t take.
Where you have provided us with personal data and the reasons we are processing it are based on consent or our contract with you, and the processing is automated, you have a right to ask for that information be provided to you or another data controller in a structured, commonly used and machine-readable format. The right may be restricted if it is not practical for us to provide the information in this way or it adversely the rights of others.
If we are able to provide your personal data in this way, we will do so in 30 days or we will let you know within 30 days if we require more time or there are any issues with carrying out the request.
HOW WE DEAL WITH RIGHTS REQUESTS
We will try to deal with your request without undue delay and at least within 30 days. In exceptional circumstances, we may need to extend the time to respond fully, if the request is particularly complex or there are multiple requests. But we will let you know within 30 days.
We are not able to charge you a fee for dealing with rights requests, unless they are manifestly unfounded or excessive or in circumstances where copies have been provided previously. We would always let you know if we thought this was the case, so that you can make a decision about what you wanted to do next.
There are various limitations and exemptions in relation to the exercise of rights in data protection law – for example if it would affect another’s rights and freedoms or if we need to retain the information to make or defend a legal claim. We intend only to rely on limitations and exemptions where it is fair to do so and always bearing in mind that it is your personal data.
If we don’t respond to within 30 days of your request or you are not happy with our response you can lodge a complaint with the Information Commissioner Office or issue legal proceedings against us.
We also have a complaints policy. If you are not happy with the way in which we deal with your data or have dealt with a rights request, then please us know. Our Data Protection Managers are the first point of contact for dealing with Rights Requests and complaints. firstname.lastname@example.org
In writing to, Network Ticketing Limited, Stagecoach Depot, Shields Road, Walkergate, Newcastle, NE6 2BZ. Registered in England No. 2197910.
If you are not satisfied with the response you can complain to the ICO. Their contact details are
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
You also have the right to seek a judicial remedy, issue legal proceedings against us.
How Long we keep your personal data for
We generally retain personal data for around 6 months after the legal limitation periods in which claims can be brought or industry recommended periods. We would also retain information if we are under a legal or regulatory requirement to do so.
We may also keep your personal data for the purposes of our legitimate interests in running our Group businesses, including anonymising or pseudonymising data for analysis.
Identifiable data is kept for around 3 years for marketing.
We may occasionally update this statement.