Privacy policy for the Create Transport Disruption Data Service
Last updated: 12/08/2024
Who we are
The Create Transport Disruption Data Service allows users to convert their disruptions information into a format called SIRI-SX, which is an XML-based data standard. The service provides an easy-to-use webflow that takes the user through a series of questions, allowing them to define their disruptions. In order to make the process as simple as possible, we utilise data from Traveline National Dataset (TNDS), NaPTAN dataset and National Operator Code (NOC) database to represent bus operator routes and services to the user. The aim of the tool is to integrate closely with the Bus Open Data Service (BODS) in the publication of disruptions data.
What data we collect from you
Our main purpose is ensuring data about local bus services across England is in the public domain. This data is provided by bus operators and anybody can sign up to use it. The personal data we collect from you includes:
- your questions, queries or feedback, and email address if you contact GOV.UK
- your email address and subscription preferences when you sign up to our email alerts
- your Internet Protocol (IP) address, and web browser version
- information on how you use the site, using cookies and page tagging
Why we need your data
We want data consumers to be able to use disruptions for bus services across England, for the benefit of the general public. We collect information through Google Analytics to see how you use this service so that we can make it better. We also collect data in order to:
- reply to any feedback you send us, if you’ve asked us to
- monitor use of the site to identify security threats
What we do with your data
We use your data to occasionally check your activity when using the service. We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime. We use your data to calculate performance metrics to support continuous improvement of the service. When you sign up, you can also opt in to be contacted to participate in user research. If you change your mind later about this, please let us know by emailing us.
We use Google Analytics software to collect information about how you use GOV.UK. This includes IP addresses. The data is anonymised before being used for analytics processing. Google Analytics processes anonymised information about:
- the pages you visit on GOV.UK
- how long you spend on each GOV.UK page
- how you got to the site
- what you click on while you’re visiting the site
We do not store your personal information through Google Analytics (for example your name or address). We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are. We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.
How long we keep your data for
We will retain your data for as long as you have a Create Transport Disruption account. However, if you use an institutional email account and depending on what you choose for your account name, this may not include any personally identifiable information.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored. Your personal data will not be transferred outside of the European Economic Area (EEA).
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. To prevent unauthorised access or disclosure we have put in place technical and organisational procedures to secure the data we collect about you – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.
Children’s privacy protection
We understand the importance of protecting children’s privacy online. Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.
What are your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.
Changes to this notice
We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data.
Contact us or make a complaint
Contact the GDS Privacy Team if you either:
- have any questions about anything in this document
- think your personal data has been misused or mishandled
GDS Privacy Team
gds-privacy-office@digital.cabinet-office.gov.uk
You can also contact the Cabinet Office Data Protection Officer by email or post.
Data Protection Officer
Data Protection Officer
Cabinet Office
70 Whitehall
London SW1A 2AS
If you have a complaint, you can also contact the Information Commissioner's Office (ICO). The ICO is an independent regulator set up to uphold information rights.