Bus driver jobs and paid training - apply here

Privacy Notice

Privacy Notice

INTRODUCTION

Abellio London Bus (“we” or “us”) are committed to protecting and respecting your privacy when you use our services.

This privacy notice (the “Notice”) applies to you if you are or have been a passenger on our buses, a witness to traffic incidents of our buses, a road user relating to road safety investigations, a member of the public who has contacted us or lodged a complaint with us. This Notice also applies to you if you access, use and interact with our website, including applications and third-party platforms hosting our website and content that hyperlink to this Notice or are an employee or agent working for Abellio.

This Notice states:-

  • our contact details
  • how we collect your data
  • the types of personal data we may collect from you
  • the purpose and legal basis of using your data
  • why we share your personal data to third parties
  • how we use your personal data
  • our use of cookies and technology
  • our use of children’s data
  • where we store your personal data
  • our information security measures
  • how long we keep your personal data for
  • your data subject rights
  • how you can lodge a complaint

OUR CONTACT DETAILS

Data Controller: Abellio London Bus

Privacy Representative: Data Protection Manager (“DPM”)

Address: 301 Camberwell New Rd, London SE5 0TF

Email address: privacy@abellio.co.uk

 

HOW WE COLLECT YOUR DATA

We may collect and process personal data about you when you:

  • are involved in or witness an accident or incident involving one of our buses
  • lose property on one of our buses
  • contact Customer Care or our privacy team
  • use our website
  • book coach parking at one of our depots
  • book an MOT test at one of our depots
  • register as an operator for our rail replacement service
  • working as a rail replacement coordinator 
  • A driver of a vehicle operating our rail replacement services

The personal data are collected either from you directly, provided by third parties or other sources.

In the case of accidents and incidents, we ask you to provide your contact details and details of injuries directly. If our group structure changes or there is a legitimate business reason, we may obtain your personal data from third parties. 

If you travel on one of the services we operate on behalf of Transport for London (“TfL”), we will not collect any data about you unless you contact Customer Care or our privacy team.

 

PERSONAL DATA WHICH WE MAY COLLECT FROM YOU

We may process the following types of data about you:-

  • “CCTV Data” means images of you that are captured on CCTV systems that are in operation inside of and outside of the bus depots, office buildings or our vehicles (whether operated by us, on our behalf or to which we have access) and audio recordings depending on the type of buses; 
  • Contact Data” means your name, address, telephone number and email address;
  • Identity Data” means data about you, such as your age, date of birth, photographs, voice recordings, phone number and identification documents; and
  • Incident Data” means data about your vehicles, including vehicle registration number, details of damage to property and/or vehicles and special categories of data like personal injury details.
  • “Location data” including GPS location data, and duration at location for our rail replacement services

 

PURPOSE AND LEGAL BASIS OF USING YOUR DATA

We process your personal data according to legislation, rules and regulations applicable to the UK, or as required by government bodies like TfL. We also process your data because we need to fulfill our contractual obligations with you, or for our legitimate interests or the legitimate interests of third parties. 

Examples of legitimate interests include:-

  • carrying out our obligations arising from contracts with TfL and improving our services;
  • providing you with details of our services, information about travelling and customer service;
  • maintaining health and safety in our premises and buses;
  • preventing and detecting crime and anti-social behaviour;
  • handling your requests and enquiries;
  • running and improving our website; and
  • providing administrative services and support, such as record-keeping.
  • Managing our road transport services 

 

WHY WE SHARE YOUR PERSONAL DATA TO THIRD PARTIES

We will only share or disclose your information as set out in this Notice or in accordance with data protection legislation (“DPL”) and will obtain your consent where we are required to do so.  We will only use third parties to process information where we are satisfied that they comply with these standards and can keep your data secure.

We may share or disclose information for the following reasons:-

  • engaging data processors to provide or assist with some of our services;  
  • responding to your complaints or administering requests you have made, either to us or another regulatory body such as TfL;
  • processing payment card transactions;
  • complying with the requests from police or law enforcement agencies for crime prevention or detection purpose;
  • complying with other legal obligations, for example, relating to crime and taxation purposes or regulatory activity; 
  • complying with our customers contractual obligations;
  • service delivery data for our road transport operations;
  • obtaining administrative support from members of our group company; and
  • protecting our legitimate business interests.

In any event, we will only share your data to third parties to fulfil our purposes of processing or when there is a legal basis to do so as described in this Notice.  

 

HOW WE USE YOUR PERSONAL DATA

Processing Activities relating to TfL’s customers and members of public and rail operating companies

The table below sets out some examples of the purpose and legal basis of processing your personal data and details for sharing data to third parties:-

Processing Activity 

Types of personal data collected

Purpose of processing

Legal basis for processing 

Sharing to third parties

Operating CCTV camera systems on buses and at bus depots 

  • CCTV Data 
  • Maintaining operational and workplace safety of employees, passengers and members of the public
  • Preventing and detecting crime and anti-social behaviour
  • Investigating traffic incidents, breach of driving standard incidents, mechanical defects of parts on buses
  • Providing evidence for disputes in claims handling
  • Legitimate interests
  • Public interests
  • Data manifestly made public
  • Establishing, exercising or defending legal claims
  • To police and other law enforcement agencies for crime investigation and law enforcement purposes
  • To TfL for investigations into major incidents involving our buses
  • To third party organizations for safety research and analysis purpose
  • To third party companies and courts for defending or bringing legal claims

Reporting traffic incidents involving our buses and handling insurance claims 

  • Contact Data
  • Identity Data
  • CCTV Data
  • Incident Data
  • Reporting and investigating accidents and incidents
  • Assessing, adjusting, advising and settling insurance claims
  • Investigating and managing complaints 
  • Supporting repairs to vehicles
  • Bringing and defending legal actions
  • Detecting and preventing fraud 
  • Legal obligations
  • Legitimate interests
  • Establishing, exercising or defending legal claims
  • To third party companies for the purpose of investigating incidents and accidents, resolving claims, repairing vehicles, detecting and preventing fraud
  • To third party companies and courts for participating in police or legal actions

Managing requests for passengers losing property on our buses

  • Contact Data
  • Details of property
  • Administration
  • Facilitating the return of property to the rightful owner
  • Legitimate interests
  • Public interests
  • To TfL for the purpose of facilitating collection of property (if necessary)

Managing complaints or enquiries received from Customer Care 

  • Contact Data
  • Identity Data
  • Investigating and managing complaints
  • Supporting exercise of data subject rights
  • Reporting and investigating accidents and incidents 
  • Legal obligations
  • Legitimate interests
  • To TfL for the purpose of facilitating investigations and resolving complaints

Managing requests for data subject rights or data enquiries

  • Contact Data
  • Identity Data
  • CCTV Data
  • Administration
  • Supporting exercise of data subject rights
  • Detecting and preventing fraud
  • Legal obligations
  • Legitimate interests
  • To TfL, police or law enforcement agencies for the purposes of crime investigation and law enforcement
  • To regulator for the purpose of reporting data breaches, investigating and resolving data protection complaints 

 

Processing Activities relating to our website users and customers 

We process your personal data through your use, access and interaction with this website (the "Website"). Details as follows:-

Processing Activity 

Types of personal data collected

Purpose of processing

Legal basis for processing 

Sharing to third parties

Booking coach parking through the Website

  • Contact Data
  • Vehicle registration number
  • Providing services
  • Administration
  • Contractual obligations
  • Legitimate interests
  • To third party company for payment processing purpose

Booking MOT testing through the Website

  • Contact Data
  • Vehicle registration number
  • Providing services
  • Administration 
  • Providing evidence of MOT testing in insurance claims
  • Record-keeping 
  • Contractual obligations
  • Legal obligations
  • Legitimate interests
  • To third party company for payment processing purpose

Registering as a rail replacement bus operator through the Website

  • Contact Data
  • Providing services 
  • Administration 
  • Contractual obligations
  • Legitimate interests
  • To third party company for payment processing purpose

 

 

 

 

 

 

Road transport services 

Processing Activity 

Types of personal data collected

Purpose of processing

Legal basis for processing 

Sharing to third parties

Controlling vehicles used for road transport services 

  • Contact Data
  • Location data
  • Providing services
  • Administration
  • Contractual obligations
  • Legitimate interests
  • To third party company for Service delivery
  • Accounts processes

 

USE OF COOKIES AND TECHNOLOGY

Collection of visitor information

We will only use the information that we collect about you lawfully, in accordance with the DPL.

The details you provide about yourself and any other information which identifies you is held by us on the Website for operational purposes, for example booking coach parking.  

We gather general information about users, for example, what services users access the most and which areas of the Website are most frequently visited.  Such data is used in the aggregate to help us understand how the Website is used.  We gather this information so that we can continue to improve and develop our services to the benefit of our users.  We may make this aggregated information available to users of the Website and to auditors.  These statistics are anonymous and contain no personal information and cannot be used to gather such information.

When you register with us to book coach parking or MOT testing, we ask for personal information such as your name, contact details, and other details.  Once you have done this and accept our Terms & Conditions, you are not anonymous to us.  We may contact you regarding Website changes or changes to our services that you use.

Hyperlinks

We may provide hyperlinks from the Website to third party websites.  No liability is accepted for the contents of any site operated by a third party which may be accessed via links from Website.  These links are provided for your convenience only and do not imply that we approve or recommend the content of such sites.  We encourage our users to be aware when they leave the Website to read the privacy statements of each and every website that collects personal data.  This Notice applies solely to information collected by us.

Cookies

Website uses cookies to help us to provide you with a good experience when you browse the Website and also allows us to improve it.

A "cookie" is a small text file that is placed on your equipment (computer, phone, tablet etc) when you visit a website. There are several types of cookies:

Functional cookies

The functional or session cookies are used to provide services or to store your preferred settings. For example, for: 

  1. remembering the products you purchase during online shopping; 
  2. memorising and passing on the information that you enter during the log-in process or that you leave behind on the various web pages during the ordering process, so that you do not have to enter the same data every time; 
  3. saving your preferences;
  4. detecting abuse of our websites.

Analytical cookies

These cookies are used to analyse your visit to Website. For example, we analyse the number of visitors visiting Website, the duration of the visits, the order of the pages visited and whether the pages of Website need to be adjusted. With the help of the collected information we can organise Website to be more user-friendly. Furthermore, these cookies are used to solve possible technical problems on Website. 

Other techniques

In addition to cookies, we also use Javascripts and web beacons. By using Javascript in your browser we can make our sites interactive and develop applications for the web. A web beacon is a small graphic image on our sites. By means of this image, we can, for example, determine how many visitors saw the page at which times. These techniques can also be used for marketing and tracking purposes.

Cookies from external parties

Some of the cookies may be placed with our consent by third parties with the aim to bring certain products and services to your attention or to give you direct access to social media:  Google Analytics, Google Maps, Crobox, Doubleclick, Visual Web OptimizerMetrixlab, MediaMind, ClickTale, Usabilla, Turn, Twitter, YouTube, LinkedIn, Google Adwords, Cloudfront, Sizmek, Cadreon, Criteo and Facebook. For the cookies that these external parties place, the information they collect with them and the purpose for which that information is used, we refer to the privacy statements of these parties on their own websites. These statements can change regularly and we have no control whatsoever.

Would you like to know more about cookies? Then go to http://www.allaboutcookies.org/

An overview of the cookies & similar techniques that we use can be found here 

 

CHILDREN’S DATA

We do not routinely process children’s data, however in the rare instances that we do we may be required to gain consent from a parent or guardian to process the child’s data.

Where we chose to rely on consent as the legal basis for processing children’s personal data, consent may be required from a person holding ‘parental responsibility’.

The children’s consent must be freely given, specific, informed and unambiguous.

 

WHERE WE STORE YOUR PERSONAL INFORMATION

The information that we collect from you will only be stored in the European Economic Area (“EEA”) or, where it is necessary to disclose it to our processors located outside the EEA, other jurisdictions which are acceptable according to guidance provided by the Information Commissioner’s Office and/or where appropriate legal and security safeguards are in place.  Please contact the DPM if you wish to find out more about the safeguards. 

 

INFORMATION SECURITY MEASURES

We use a range of appropriate technical and organisational measures to safeguard access to, and use of, your personal data and to ensure it retains its integrity and availability.  These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training.  We also consider anonymising or pseudonymising personal data where practical. 

Although physical, electronic, and administrative safeguards to protect your personal data from unauthorised or inappropriate access are maintained, the transmission of personal data via the internet is not completely secure and we cannot guarantee the security of your personal data transmitted to us or provided through email or portals. Personal data that you submit may be sent to, and stored on, secure servers owned by or operated for us by third-party providers. Any payment transactions carried out by third-party providers will be encrypted using appropriate technology. 

 

HOW LONG WE KEEP YOUR PERSONAL DATA FOR

We will store your personal data for as long as we have to in line with legal or regulatory requirements.  If there is no legal or regulatory requirement, we will only store it for as long as we need it in accordance with our data retention schedule. 

We may also keep your personal data for the purposes of our legitimate interests in running our group businesses, including anonymising or pseudonymising data for analysis. 

 

DATA SUBJECT RIGHTS

If you require a copy of your personal data, this is considered a data subject access request (“DSAR”).  We are not able to charge you a fee for dealing with DSARs, unless they are manifestly unfounded or excessive or in circumstances where copies have been provided previously.  We will always let you know if we think this is the case, so that you can make a decision about what you want to do next. 

There are various limitations and exemptions in relation to the exercise of rights under data protection legislation - for example if it will affect another’s rights and freedoms or if we need to retain the information to make or defend a legal claim.  We intend only to rely on limitations and exemptions where it is fair to do so and always bear in mind that it is your personal data.

Right

Means

Rectification 

You can contact us to correct inaccurate or incomplete information held about you.  

Restriction

You may request processing is halted whilst a request for rectification, objection or a dispute over the lawfulness of processing is being considered.

Erasure

This is also known as the “Right to be forgotten”.  You can request deletion or removal of personal information in some circumstances, such as where there is no compelling reason for its continued processing. However, this right is not absolute and we may refuse your request to erase your personal data if there is a legal reason to retain them. 

Withdrawal of Consent 

If we relied on consent as the ground for processing your personal data, you can withdraw this consent at any time. It does not affect the processing carried out beforehand. If you do withdraw your consent, we may still be able to process some of the data that you have provided on other grounds.

Objection 

You have a right to request that no further processing takes place in relation to some grounds of processing, such as for direct marketing.

Portability 

Where you have provided us with personal data and the conditions for processing it is based on consent or our contract with you. If the processing is automated, you have a right to ask for that information be provided to you or another data controller in a structured, commonly used and machine-readable format. This right may be restricted if it is not practical for us to provide the information in this way or it adversely affects the rights of others.

 

If you wish to exercise any of the above rights, please contact us via our DSAR Portal

 

LODGING A COMPLAINT

If you are not happy with the way we deal with your data or have dealt with a rights request, please let us know. The DPM role has been established in a manner to remain independent of business decisions.  If you wish to lodge a complaint, please contact our DPM at privacy@abellio.co.uk.

If you are not satisfied with the way our DPM has handled your complaint or rights request, then you can contact the Group Data Protection Officer (“DPO”):

Address: St Andrews House

Second Floor

18-20 St Andrew St.

London

EC4 3AG

Email: privacy@transport-uk.com

If you are not satisfied with the DPO’s response, you can contact the Information Commisioner’s Office. Their contact details are:

Information Commissioner's OfficeWycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

https://ico.org.uk/global/contact-us/

You also have the right to seek a judicial remedy.

 

CHANGES TO THIS NOTICE

We may revise this Notice from time to time.  The most current version of this policy will govern use of your information and will always be at Privacy Policy | Abellio London.  By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy notice.

This Notice was last updated in January 2024.