Concessionary travel privacy notice

Read our privacy notice for information on how we collect, store and process your data.

About this privacy notice

This privacy notice provides details on how Brighton & Hove City Council’s concessionary fares service uses your personal information for passes to residents who are above the qualifying age and disabled passes to applicants who meet the relevant qualifying criteria.

By ‘use’ we mean the various ways it may be processed, including storing and sharing the information.The council is the data controller for the purposes of the Data Protection Act (2018) and EU General Data Protection Regulation as of May 2018 and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.

Brighton & Hove City Council are committed to protecting your personal information. As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

What personal data we collect and use about you

We collect and use:

  • your name, address and date of birth
  • your contact details
  • proof that you live in Brighton & Hove
  • your photograph
  • for age related passes - proof of your date of birth
  • for disabled passes - proof of disability living allowance (if relevant)
  • for disabled passes - proof of war pensioners’ mobility supplement (if relevant)
  • for disabled passes - details of existing blue badge (if relevant)

How your information will be used

It will be used to determine eligibility for the scheme and enable Brighton & Hove City Council to provide a concessionary bus pass for use on local bus services throughout Brighton & Hove and England.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never sold for direct marketing purposes.

Our staff are trained to handle your information correctly and protect your confidentiality and privacy.

We will explicitly seek your consent to process your personal data (article 6(1)(a) GDPR) and sensitive (health) data (article 9(2)(b) GDPR. Submission of the application form and supporting evidence is required in order to apply. Consent to process this information will be given when you apply. Once an application is made, the Council has statutory authority to process the data under the Concessionary Bus Travel Act 2007 and associated to the concessions as defined within the Transport Act 2000 (Article 6(1)(e)). Your financial data will be processed with your consent to administer the purchase of replacement passes.

We have legal grounds under the GDPR to process this information because it is necessary for the performance of a task carried out in the public interest and the task or function has a clear basis in law under the Transport Act 2000.

We have legal grounds to process (including share) special category data because it is necessary for reasons in the substantial public interest and in the exercise of a statutory function under the Transport Act 2000.

Smart cards allow details of where and when your pass has been used to be recorded anonymously. The council may identify you from this data in the following circumstances:

  • Analysing usage for carrying out renewals (Article 6(1)(e) GDPR)
  • Identifying fraudulent use (Sch. 8 Para. 8(1)(b)(ii) Data Protection Act 2018)
  • Safeguarding vulnerable individuals (Sch. 8 Para. 4(1) Data Protection Act 2018)

Sharing your information

Any sharing of personal data is always done:

  • on a case-by-case basis
  • using the minimum personal data necessary
  • with the appropriate security controls in place
  • In line with legislation.

Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the sharing of your personal data to such persons.

We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Your information rights

Under GDPR you have certain rights concerning your information.

Check your rights in relation to your personal information.

How to get advice or make a complaint

Data Protection Officer

If you have a concern about how we collect or use your personal data you can contact the Council’s Data Protection Officer.  

How to make a complaint

We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.

Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.

You can also make a complaint or find out more information on the Commissioner's Office website.

If your complaint is not about data protection, find details on how to make a complaint about a council service