Privacy notice – Diamond Travelcards

North Somerset Council is registered with the Information Commissioner’s Office for the purposes of processing personal data.  The Diamond Travelcard service is administrated on behalf of North Somerset Council by our partner Agilisys Ltd, www.agilisys.co.uk, and inputted into our software provider’s system Smart Applications Management, who in-turn use ESP and Unicard to process the applications.

The information you provide will be held and used in accordance with the requirements of UK and European data protection law.  The information will form part of your Diamond Travelcard account, and held for 18 months after the expiry of your card.

Unless otherwise agreed with you, we will only collect the minimum personal data required to deliver the service, which includes name, contact details, date of birth, photo, evidence of disability or impairment.  It does not include information relating to criminal convictions or offences.

The information will be used for the administration of the Diamond Travelcard service; our statutory duty under the National Concessionary Travel Scheme and the Transport Act 2000 (as amended by the Concessionary Bus Travel Act 2007), in accordance with GDPR Article 6(1)(c) and Article 9(2)(g)

We will not use your personal information in a way that may cause you unwarranted nuisance.  Failure to provide the information could result in the inability for us to assess your eligibility for a travelcard.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014.  Under the conditions of the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research.  We do not share the information with other organisations for commercial purposes, and at no point is your data shared or processed outside of the UK.

You have the right to see the personal data we process about you, as well as the right of rectification, and restriction to destruction of records only.  For details of how to make such a request, please click here.

If you have any questions or concerns about the way we process your personal data, our Data Protection Officer can be contacted at DPO@n-somerset.gov.uk