This policy applies to all Metroline Personnel and to all Personal Data Processed by Metroline at any time, by any means and in any format.
2.1 The Data Protection Officer (DPO) is responsible for ensuring that this notice is made available to data subjects prior to Metroline collecting/processing their personal data.
2.2 All Employees of Metroline who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
Since March 2000, Metroline has been a wholly owned subsidiary of Singapore based ComfortDelGro; one of the world’s largest passenger land transport companies. As part of the successful ComfortDelGro Group, our main focus is to become the best London bus company in the Capital providing service to Transport for London and commercial services in Hertfordshire.
Metroline employs over 5000 people; almost 4500 of these are drivers, with a team of over 250 engineers and operates 14 garages across London from: Cricklewood Head Office, Edgware, Willesden, Willesden Junction, Holloway, Harrow Weald, Kings Cross, West Perivale, Brentford, Uxbridge, Alperton, Hayes, Greenford and Potters Bar. Metroline also operates a purpose-built state of the art engineering facility in West Perivale called the Central Engineering and Logistics Facility (CELF).
Metroline currently operates bus routes, mostly for London Buses, and operates 2 commercial routes (routes 84 and 242) from Potters Bar Garage which serve Hertfordshire. Metroline carries over 1 million people across London each day.
Our DPO and data protection representatives can be contacted directly here:
More information about Data Protection can be found on the Information Commissioners Website ico.org.uk.
The Information Commissioner is our regulator for data protection matters.
The personal data we would like to collect and process on you is:
Personal data type:
Source (where Metroline obtained the personal data from if it has not been collected directly from you, the data subject):
This may include your name, address, e-mail address, phone and mobile number, bank account information, and your photograph. Metroline may request your consent before you register or submit any personal information to us when using our services, website or Apps. Please note that in respect of job applicants and employees this may also include sensitive data, such as that relating to an individual’s health. Such data is processed strictly in accordance with our Privacy and Data Protection Policy.
CCTV surveillance is essential for many reasons including the safety and security of the public and our employees and the prevention and detection of crime. Metroline regularly review the use of surveillance systems and our CCTV policy. We will always clearly display signage so that you are aware that you are in an area where CCTV is operated and which provides contact details should you require additional information.
Disclosing personal data to the police
At our discretion, we may disclose personal data in response to valid requests from the police and other statutory law enforcement agencies.
Before we authorise any disclosure, the police have to demonstrate that the personal data is necessary to assist them in the prevention or detection of a specific crime, or in the apprehension or prosecution of an offender.
Requests from the police are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Law.
From time to time, you will be asked to submit personal information about yourself (e.g. contact information; name, address and email address) in order for Metroline to contact you.
By entering your details in the fields requested, you enable us to provide you with information you require. Whenever you provide such personal information, we will treat that information in accordance with this policy.
Metroline website www.metroline.co.uk does not automatically capture or store personal information, other than logging the user’s IP address and session information such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics.
Links to other web sites do not imply any endorsement, validation or responsibility by Metroline as to the content or privacy policies of such sites. We cannot guarantee that these links will work all of the time and we have no control over the availability of the linked pages.
Use and storage of your personal information on our Website
When you supply any personal information Metroline has legal obligations towards you in the way Metroline uses this data. Metroline must collect the information fairly, that is, Metroline must explain how it will use it and tell you if Metroline want to pass the information on to anyone else.
Metroline will hold your personal information on our systems for as long as you use the service you have requested. Metroline will ensure that all personal information supplied is held securely, in accordance with the Data Protection Legislation.
Metroline will not contact you for promotional purposes such as notifying you of improvements to the service or new services unless you specifically agree to be contacted for such purposes at the time you submit your information on the site, or at a later time if you sign up specifically to receive such promotional services.
Sharing data with third parties
Metroline may share your information within Metroline Group. We do not share or sell your personal information to any other company for marketing purposes.
Third-party companies will be required to use your personal data in accordance with the Data Protection Legislation currently in force.
Where Metroline uses trusted suppliers to help us deliver our services to you, Metroline allow the supplier concerned limited access to the personal data they need to provide their service. A list of just some of the service suppliers are listed below:
Information we receive from other sources:
Metroline works with third parties in providing services, for example Metroline engages a website platform provider and website development agency, as well as analytics providers, security and performance maintenance assistance and online survey tools. These third party companies are data processors for Metroline and only process personal information in line with our instructions.
Information you give us
You may give Metroline information about you by filling in forms on our website, subscribing to our benefits and services or by corresponding with us by phone, e-mail, social media or otherwise. This includes information you provide when you register to use our website, driver recruitment service, search for tickets, order tickets on our website, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey and when you report a problem with our website. The information you give us may include but not limited to your name, date of birth, address, country of residence, email address, photo card ID information, phone and mobile number, travel preference information and credit card information.
If you use Transport for London (TfL) contracted services
Sometimes we obtain details from third parties, for example if we have taken over a contract/bus company, or a complaint is passed to us from Transport for London (TfL) or another operator.
If you use TfL contracted services operated by Metroline the on-bus system will collect personal data from you in connection with your use of Oystercards or contactless payment cards on our buses. This data does not pass through any data management system operated by Metroline and TfL does not permit bus operators access to any personal data collected in this way.
If you want to know more about the information collected from you in connection with your use of TfL buses please contact: Customer Services, Transport for London, 14 Pier Walk, North Greenwich, London, SE10 0ES.
How we use your information:
Metroline will use the information as permitted by the Data Protection Law. Depending on how you use our services, the consent you have given, our legitimate interests, or legal obligations we may have, contact us, this will include:
Metroline has share administrative services and support. Your data may therefore be shared with them. Metroline may also be required to pass certain customer data to a successor business, local authority or Transport for London.
The personal data we collect will be used for the following purposes:
Metroline legal basis for processing the personal data:
A full description of the different types of personal information Metroline processes, the purpose of the processing and the legal basis for the processing is shown below:
Metroline has a legal obligation to use your personal information where lawfully requested or required to do so by public authorities.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
When Metroline is asking you for sensitive personal data we will always tell you why and how the information will be used. You may withdraw consent at any time by sending a Withdrawal of consent email to [email protected] .
Metroline may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. Metroline may share your information with selected third parties including:
Metroline will process and store personal data in line with the Privacy and Data Protection Policy and the relevant Retention Procedure.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by Metroline (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with Information Commissioner Office (ICO) and Metroline’s Data Protection Officer.
If we don’t respond to within 30 days of your validated request or you are not happy with our response you can lodge a complaint with the ICO.
If you are not happy with the way in which we deal with your data or have dealt with a rights request, then please contact our Data Protection Officer. If you are not satisfied with the way in which they have handled your complaint or rights request then you can contact the Data Protection Officer by email to [email protected] or writing to Data Protection Officer, Metroline Head Office, ComfortDelGro House, 3rd Floor, 329 Edgware Road, Cricklewood, LONDON, NW2 6JP.
If you are not satisfied with the response you can complain to the ICO at Head office, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. Fax: 01625 524 510 or through their website ico.org.uk
Document Owner and Approval
The GDPR Steering Group is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the review requirements stated above.
This policy was approved by the GDPR Steering Group as per issue date and is issued on a version controlled basis.
Change History Record
Description of Change: Initial issue
Date of Issue: 21.05.18