South Yorkshire Passenger Transport Executive (SYPTE) ("we", "us" or "our") is committed to protecting and respecting your privacy.
We will not sell your information.
We will not share your information unless you wish us to do so for the purpose of dealing with an enquiry, investigating a complaint, or unless we are legally obliged to do so.
We will process your data in accordance with current data protection legislation and good data handling principles.
We will only contact you if you have given us permission to do so, or if we need to contact you so we can provide the service you have requested.
This policy sets out the basis on which we will process any personal data we collect from you, or that you provide to us. Please read it carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy applies when you interact with us; for example, when you visit our interchanges, use our websites, write to us or apply for a product or service. Any order you place is also subject to the terms and conditions related to that product.
If you have any questions regarding any of these terms, please contact us directly via any of the methods listed at the end of this document.
Who are we?
For the purpose of the relevant data protection legislation, the data controller is South Yorkshire Passenger Transport Executive, 11 Broad Street West, Sheffield S1 2BQ.
People who contact us via social media
We use a third-party provider, Hootsuite, to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by Hootsuite in line with their privacy notice.
People who call our Traveline helpline
When you call Traveline on 01709 515151 we will collect the phone number you have called from with the date and time of your call. We will also record the call, which we will store in our call recording software for training and validation purposes. The retention period for this data is 12 months from the date of your call.
Traveline also offers a translation service, provided by a third-party company, for customers whose English is not their first language. The company that provides this service does not retain any information from the calls or record them.
People who email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidelines. If your email service does not support TLS, you should be aware that any emails we send you or receive from you may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We keep emails for an appropriate amount of time depending on the reason you have contacted us.
People who apply for travel passes
We will use your personal information for:
issuing and renewing a pass
contacting you in relation to your pass
complaints about a pass or service
When you apply for a pass, the legal basis for us to process your personal data is public task/legal obligation. We must keep the data for the duration of the pass in order for us to manage any issues with that pass. We will only keep data for 3 months after a pass has expired. We may contact you by email, post or telephone in relation to your pass. When you apply for a pass, we share your data with an appointed third-party supplier, SmartCitizen, for the purpose of managing the pass production. Your pass will be printed and posted by a company called ESP Systex Ltd or EUCLID. When passes are renewed we use a company called Data8, to match data for fraud prevention.
We will automatically renew ENCTS passes at no cost to you but if you want to opt out of the auto-renewal process please contact us at firstname.lastname@example.org or ring 01709 515151 before the pass expires.
People who visit MyTSY
Signing up to the MyTSY service enables a customised view of your public transport requirements. To enable us to contact you in the event of a route change, or timetable update, we will email you with changes. We will not use this for marketing data unless you have signed up to this service separately.
If you make a complaint
If you contact us to make a complaint about one of our public services that you wish us to pursue for you, we may share your personal information with the relevant bus, tram or train operator to allow them to investigate and respond. The legal basis for us processing your personal data in this instance is public task.
You may be asked if you would like to receive our newsletter and participate in our marketing and survey campaigns for the purpose of improving our services to you or to notify you of changes to service and ticket pricing. We will ask for consent to use this data on a regular basis or when passes are renewed.
If at any time you wish to opt out from receiving such emails please click the unsubscribe link shown in the most recent email you receive from us or contact us email@example.com. Please be aware it can take up to 30 days to remove you from our list.
If you are a pass holder there may be times when we need to contact you about your pass or another service we provide for you. In this instance, we may share your information with an appointed third party supplier to post out to you on our behalf. Any appointed supplier will be thoroughly screened on their data protection credentials, and we will ensure your data is removed as soon as any fulfilment is complete.
Customer surveys and consultations
From time to time we will gather information using third parties to conduct customer surveys and public consultations. Any data we collect will be processed in accordance with the latest data protection laws. The data will be used for the purpose of improving our service and we won’t keep it or share it with third parties.
People who use our public WiFi service
When you connect to our public WiFi service in our interchanges certain information such as the make of device and time you accessed the service is captured. This information is anonymised and you will never be contacted by us or our service suppliers as a result of using our WiFi service. We use the anonymised data to help us develop better products.
Certain data is kept for 12 months in line with our obligations under the Regulation of Investigatory Powers Act 2000.
CCTV at interchanges and other SYPTE sites
All our sites have CCTV installed for the security and protection of customers and staff and for crime detection. The viewing and use of the recordings is strictly controlled. We keep data for six years in the event of a personal injury claim.
If you apply for a job with us
Information you provide to SYPTE during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. We will hold the information securely whether it’s in electronic or physical format.
We will only use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
The application form asks you to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. If you do provide it, this information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.
Data about unsuccessful applicants will be held within the recruitment system for a period of three months from the date of the interviews before being deleted.
Who do we share your information with?
We may share your personal information internally if necessary but only for the purpose of providing the service requested, such as a travel pass application.
We may disclose your personal information to third parties:
In the event of a legal requirement to provide information, such as to law enforcement agencies relating to criminal activity;
If you make a complaint that you wish us to pursue for you then we may share your information with the relevant bus, tram or train operator in order to allow them to investigate and respond.
Where we store and transfer your personal data
All information you provide to us is stored on secure servers within the EU. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of one of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to review and update your personal details by signing in to your MyTSY account at any time or using the contacts below.
You have the right to access information held about you. Any access requests should be made to the contact details shown at the end of this document.
You have the right to object to or restrict our data processing, the right to be forgotten by us and the right to withdraw consent for us to use your data. Clearly in certain circumstances this would mean we could not provide our services to you.
Our security procedures mean that we may have to request proof of identity before we disclose information to you.
How to contact us
Customer Liaison Team, South Yorkshire PTE, 11 Broad Street West, Sheffield S1 2BQ