Group Privacy Notice

1. Introduction

The Translink Group consists of the Northern Ireland Transport Holding Company (NITHC) which owns and controls subsidiary companies, including Northern Ireland Railways Company, Ulsterbus and Citybus, each being data controllers. The Department for Infrastructure (DFI) oversees NITHC and NITHC is legally obliged to share information with the DFI.

The Translink Group (“we”, “our” or “us”) is committed to protecting and respecting your privacy. This notice tells you what to expect when we collect or process your personal information. 

Your privacy is very important to us, and we take all necessary measures to ensure your personal information is properly protected and secured. This includes having appropriate technical and organisational arrangements to secure your information.

The Data Protection Officer for the Translink Group and may be contacted at: dpo@translink.co.uk. Further information and contact details are available below.

2. Scope of Notice

This notice was last updated on 24 July 2024

It applies to information we collect when you:

  • visit our website;
  • register your details on our website or apps e.g., our mobile phone ticketing app;
  • use our public transport services or products, e.g., Smart passes;
  • register your details for the purpose of entering into a contractual relationship with us;
  • submit your details as part of an online enquiry;
  • submit a freedom of information request;
  • apply for a job with us;
  • are a current or former employee;
  • are present at Translink buildings and premises;
  • contact us.

3. Information we process and use

Translink regularly processes the following kinds of information:

  • Contact Information: Name, address, email address, phone number.
  • Payment Information: Credit/debit card details, billing address.
  • Travel Information: Journey details, travel history, ticket purchases.
  • Communication Records: Emails, letters, and phone call recordings.
  • Technical Information: IP addresses, browser type, and version, time zone settings, operating systems, and platform.
  • Location Data: GPS data and journey tracking information.
  • CCTV imagery: discussed specifically below.

 We use this information for a range of purposes including:

  • To provide and manage our transport services
  • To process payments and issue tickets
  • To communicate with you regarding your bookings and travel arrangements
  • To improve our services and develop new products
  • To ensure the safety and security of our services
  • To comply with our legal and regulatory obligations
  • To conduct marketing activities, where permitted
  • To handle customer service enquiries and complaints
  • To improve our website and services and to enable us to fulfil our legal and contractual duties to you and to third parties
  • To process job applications
  • To record visitors to our buildings and sites

 The information may be obtained from various sources:

  • Information you give us by registering, submitting your details, corresponding with us, using our services etc. This may include your name, address, e-mail, phone number, credit or debit card information, your photograph and other information. Please note that in respect of job applicants, employees and other groups (e.g.,disabled people) this may also include special category data, such as that relating to an individual’s health. Such data is processed strictly in accordance with our Data Protection Policy.

 We will never send an unsolicited message asking you to provide your password, financial details, or other sensitive information by email or through a link.

  • Information we collect about you each time you visit our website or use our services, products and apps. This includes but is not limited to: traffic data, analytics and journey data in order to find out the number of visitors to the various parts of our website and/or apps, and information to ensure the effective running of our website (e.g., cookies). This information is only processed in a way which does not identify you. We do not make any attempt to find out the identities of those visiting our website or using our apps.  

Location data, travel history data and ticket purchase records etc. can, on some occasions, be identifiable to you.

  • Information we receive from other sources: we work with third parties to assist us in providing our services, or to provide a service to them. For example: 
  • We act as data processor for public transport schemes such as 60+ smart passes or school travel passes and, accordingly, receive and process information on behalf of the Department for Infrastructure and the Education Authority (which are in those cases the respective data controllers).
  • we engage a website platform provider (Kentico), a website development agency (MMT Digital), an analytics provider (Freemavens), as well as security and performance maintenance assistance and online survey tools. The third-party companies are data processors for the Translink Group and only process personal information in line with our instructions.

 We may also receive information from a person or organisation acting on your behalf, such as a legal professional, an agent or other representative.

  • CCTV imagery at or near Translink’s stations, depots, halts, railway crossings, offices, properties, car parks and on-board buses and trains, including staff body worn cameras and automatic number plate recognition (ANPR). CCTV surveillance is essential for many reasons including:
  • To protect the safety and security of employees, customers and the public
  • To support the safe and efficient management of our networks, including the monitoring of railway crossings
  • To prevent and detect crime, anti-social behavior and fare evasion
  • To apprehend and prosecute offenders (which may include the use of CCTV as evidence in criminal and civil proceedings)
  • To investigate incidents and accidents involving the organisation’s staff and or property
  • To protect the organisation’s property and infrastructure

  

  • To exercise or defend legal claims involving Translink
  • To investigate employee misconduct and further grievance, disciplinary and similar proceedings
  • For training purposes within a controlled environment

 We regularly review the use of surveillance systems and our CCTV policy. Except in extreme cases, we will clearly display signage so that you are aware that you are in an area where CCTV is operated and which provides contact details should you require additional information.

5.Lawful bases for processing

 Depending on the particular purpose, we process your personal data under the following lawful bases:

  • Public Task: To provide a public transport service in line with our tasks under the Transport Act (NI) 1967 and relevant service agreements.
  • Performance of a Contract: To fulfill our contractual obligations to you, such as processing your ticket purchases, managing your travel bookings, and providing customer support.
  • Legal Obligation: To comply with legal and regulatory requirements, such as retaining records for audit purposes and providing information to law enforcement agencies when required.
  • Legitimate Interests: To pursue our legitimate interests, or those of third parties, provided that these interests are not overridden by your rights and freedoms. This includes improving our services, ensuring the security of our systems and services, conducting marketing activities or communications, protecting our physical and intellectual property, advancing or commercial interests and fraud prevention.
  • Consent: Where you have explicitly given your consent, we will process your data for purposes such as sending marketing communications, photography and certain data sharing with partners such as Disability Action or the Consumer Council NI. You can withdraw your consent at any time by contacting us.
  • Vital interests: To protect and preserve life, for example in emergency situations.

6.Disclosure of your information

 We will only disclose your personal information to third parties when:

  • We are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request. This may include law enforcement agencies, regulators and other public authorities.
  • We need to enforce or apply any contractual obligations, investigate potential breaches or protect the rights, property or safety of the Translink Group, our customers and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • We need to share the information with service providers, contractors or similar in order to fulfill the purposes above (this is further discussed below) or in your interests, or;
  • We have your consent to do so.

We transfer or disclose the personal data we collect to external support providers (and their subsidiaries and affiliates) who are engaged by us to support our business processes. For example, we engage support providers to provide IT functions including system management and security, data storage, analytics, business applications and replication of systems for business continuity/disaster recovery purposes; as well as transport-specific providers such as analytics companies, journey planning specialists etc.

We also have a specific integration with the Irish Rail (Iarnród Éireann) Seat Reservation System into the via an Application Programming Interface (API).  We will pass customer names and email addresses to Irish Rail, to enable the sending of update emails to customers (e.g. service alerts).

It is our policy to only use third-party support providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.

7.International transfer outside EEA

In rare cases, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for one of our suppliers. Our data processors will only process information in line with our instructions. By submitting your personal data, you agree to this potential transfer, storing or processing.

If you require more information about the safeguards Translink applies to international data transfers under Articles 45-49 UK GDPR, please contact Translink’s DPO (Contact details below).

8. Cookies

 Cookies are bits of data which are stored in your computer or mobile when you visit a website or app. They can be used for a range of different purposes, such as customising a website for a particular user and helping a user navigate a website. Cookies cannot be used to identify you personally. You can read more about how we use cookies in our Cookies Policy here.

9.Where we store your personal data 

All electronic information you provide to us is stored on our secure servers, the secure servers of the third parties who we work with or other secure electronic locations. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice. Third parties are contractually obliged by us to take appropriate measures to keep all personal data secure.

Paper-based records are handled in a proportionately secure way on our premises, or in off-site archiving if applicable.

Unfortunately, the transmission of information via the internet is never completely secure. We will do our best to protect your personal data once we receive it, however, we cannot fully guarantee the security of your data transmitted to our website or our apps. Any transmission is at your own risk. 

10.Retention 

Our policy is to retain personal data only for as long as it is needed for the purposes described above. Note that retention periods vary for different reasons and can be set in accordance with regional, national and international regulations or professional retention requirements. In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archiving and historical purposes we often need to retain information for significant periods of time.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data. See ‘Your Rights’ below.

On some occasions, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

For more information on Translink’s Data Retention periods and disposal mechanisms, please contact Translink’s DPO using the contact details below.

11.Paying with credit and debit card

 During the credit and debit card payment process via our website you will be redirected over a secure connection to a processor.  Further information on this process, and the relevant privacy statements can be accessed here.

12.Links to other sites

Our website and apps may contain links to other independent websites which are not provided by us. Such independent sites are not under our control, and we are not responsible for and have not checked and approved their content or their privacy policies (if any).

You will need to make your own independent judgement about whether to use these sites, including whether to buy any products or services offered by them.

13.Users aged under 18

We are sometimes given information about children in order to provide a service, as part of ticketing, to deal with a complaint/request and for various other purposes. We also hold information provided to us directly by children, for example if they have made an enquiry.

We are committed to safeguarding the privacy of children who may use our services, and the information in this notice applies to children as well as adults. Children of a reasonable reading age should be able to understand its main points.

We do not knowingly collect personal data from children under the age of 13 without the consent of a parent or guardian. If we are made aware that we have collected personal data from a child under 13 without such consent, we will take steps to delete this information as appropriate.

For children aged 13 to 18, we only process personal data when we have obtained the appropriate consent from the child themselves, or from their parent or guardian, depending on the legal requirements and the context of the data processing.

We ensure that any data processing for children is carried out with heightened transparency, security, and due regard for the child’s best interests.

14.Your rights

You have various rights as an individual which you can exercise in relation to data protection, and the information we hold about you. These are set out more fully here: Data Protection, along with the means of exercising those rights.

You also have the right to lodge a complaint about how your data is processed with the Information Commissioner’s Office, however, we request that you submit any complaint which you have to us in the first instance so that we may try and resolve the issue. All relevant details are below.

15.Contact us / the ICO

Questions, comments and requests regarding this notice or the information that we collect from you are welcomed and should be addressed to:

Data Protection Officer,
Legal & Governance Department,
9th Floor, 22 Great Victoria Street, Belfast, BT2 7LX,

Or email:
dpo@translink.co.uk

To Contact the ICO 
If you are not satisfied with our response to any complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner's Office (ICO):

Website: www.ico.org.uk

The address of the Information Commissioner is:

Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF.

The address of the Information Commissioner’s Office for Northern Ireland is:

10th floor, Causeway Tower,
9 James Street South,
Belfast,
BT2 8DN.

16.Changes to our privacy notice

Any changes we may make to this notice in the future will be posted on our website without further recourse or notice to you.

You might also like

Still having a look about? You might also be interested in this...

Icon of a cookie
Cookies Policy

Some cookies on this site are essential, and the site won't work as expected without them.

More on our Cookies Policy

Icon of a padlock
Security
We have set out some useful information here about the safeguards you can expect from Translink and some tips about keeping yourself safe online. More on Security
Icon of a file with a padlock in front
Data Protection

Translink processes personal information in order to deliver a public transport service and improve services to our customers.  We are registered Data Controllers with the Information Commissioners Office.

More on Data Protection

Freedom of Information

In order to comply with the Freedom of Information Act 2000, public sector organisations such as ours have obligations to routinely publish information and respond to requests for certain information whenever it is possible to do so.

More on Freedom of Information & Open Data

Icon of scales
Legal Information

Translink is a trading name used by any one or more of the companies under the ultimate ownership of the Northern Ireland Transport Holding Company (NITHC).

More on Legal Information