If you hold a concessionary Oyster card, please refer to the privacy page which applies to your scheme.

Personal information we hold

In most cases, registering your Oyster card details with us is optional. If you do register your Oyster card or add it to your online account, the personal information we will hold includes:

  • Name, address, email address, telephone number
  • Password/memorable information
  • Your marketing preferences
  • Your journey history

We store the details of any payment cards used for auto top-up, to add pay as you go credit or to purchase season tickets. This information is encrypted and stored in line with payment card industry security standards.

The TfL ticketing system records the location, date and time an Oyster card is used to validate a journey.

If you telephone Customer services, your call will be recorded for training and quality purposes.

If you sign in to your online account, we will collect the IP address used by your computer for the purpose of fraud prevention and detection.

How we use personal information

TfL and the companies that process personal information on our behalf use your personal information for customer services and administration, customer research, fraud prevention and to provide you with travel related information.

We will only send you information about TfL's offers and promotions if you choose to receive it and you can change your marketing preferences at any time. TfL will not pass your personal information to any other organisation for marketing purposes without your prior consent.

Length of time we keep information

We retain data about the individual journeys made using your Oyster card for eight weeks after the card is used. After eight weeks, the journey data in the ticketing system is disassociated from your card (ie anonymised).  This eight-week period is considered reasonable to enable customers to verify or make enquiries concerning their journeys (for example, for refund purposes).

Customer names and contact information associated with a registered Oyster card will be retained for two years after the card was last used or had a season ticket or pay as you go credit added.

Some journey information is also stored on the Oyster card itself; this comprises the last eight journeys and related charges, up to three season ticket products, (generally the most recent three tickets, including future dated), and the last two incomplete journeys. If you are an irregular user of your Oyster card, the data stored on the card may be older than eight weeks.

Details of debit or credit cards used to pay the administration fee, to add pay as you go credit or season tickets are retained for a maximum of 18 months.

IP addresses collected when you access your Oster online account are retained for 13 months.

Keeping personal information secure

We take the privacy of our customers very seriously and a range of robust policies, processes and technical measures are in place to control and safeguard access to, and use of, personal information associated with Oyster cards.

Sharing personal information

TfL has contracts with a number of third party service providers, which provide the majority of the administration and 'back office' services that ensure the efficient day-to-day operation of the Oyster card scheme. This includes the central ticketing system, and the customer relationship database.

If you use your Oyster card on National Rail services, TfL may share your personal data with the relevant train operating companies for the purpose of fraud prevention and detection.

Where you have agreed to receive marketing messages from train operating companies, we will pass them your contact details.

If you appeal against a penalty fare notice issued on a national rail service and you state that you used your Oyster card for that journey, the independent appeals body may verify the information you provide against journey data held in our ticketing systems. This is strictly for the purpose of assessing your appeal, and any information sharing is managed in accordance with relevant privacy and data protection legislation.

In some circumstances, disclosures of personal data to the police (and other law enforcement agencies) are permitted by the Data Protection Act 1998 (DPA), if they relate to the prevention or detection of crime and/or the apprehension or prosecution of offenders. Before any such disclosure takes place, the police are required to demonstrate that the personal data concerned will assist them in this respect. Each police request to TfL is dealt with on a strictly case-by-case basis to ensure that any such disclosure is lawful and in accordance with the DPA.

Overseas processing

TfL and its service providers currently process personal information relating to Oyster within the United Kingdom and the USA. Any such processing is subject to appropriate contractual safeguards and carried out in accordance with the requirements of UK and EU privacy legislation.

Accessing your personal information

You can see your journey history by signing into your TfL online account or you can request a copy by calling Customer Services on 0343 222 1234 (TfL call charges). You can also view your last eight journeys and the transaction details at touch-screen ticket machines at Tube stations.

For access to other personal information please see the section on Subject Access requests in Access your data.

Oyster card Privacy Notice

Transport for London (TfL), its subsidiaries and service providers, will use your personal information for the purposes of customer services and administration, the provision of travel related information, customer research and fraud prevention.

If you use your Oyster card in connection with National Rail products or services, you will also be authorising TfL to share your personal information with relevant Train Operating Companies (TOCs) so that they can use it for the same purposes. Your personal information will be properly safeguarded and processed in accordance with the requirements of the Data Protection Act 1998.

In certain circumstances, TfL and relevant TOCs may also share your personal information with the police and other law enforcement agencies for the purposes of the prevention or detection of crime.