logo logo

Privacy Policy

Who are ITSO

We are the Guardian of the ITSO Specification developed in the UK under Crown Copyright, which aims to make travelling on public transport throughout the UK seamless and easier by enabling smart ticketing technology.

The ITSO community is a membership of public sector authorities, transport operators and equipment and solution suppliers to the smart ticketing industry, who together use the ITSO Specification to deliver smart, integrated and interoperable ticketing across Great Britain.

Your Privacy

ITSO Limited (“We”) is committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 and the General data protection regulation (GDPR), the data controller is ITSO Limited of Aurora House, Deltic Avenue, Milton Keynes MK13 8LW.

Information we may collect from you and how we'll use it

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our site www.itso.org.uk (our site). To the extent applicable, this includes information provided at the time of becoming a member of ITSO, registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of transactions you carry out through our site and of the fulfilment of your orders, including your contact details for use in prepopulating future online forms.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
  • We may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our members. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site. The cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example by ensuring that users are finding what they are looking for easily.

How we use the information we hold on you:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

Your ITSO account

If you have registered for an ITSO account this will also allow you to login to the website for access to membership services information. You might be asked to use your ITSO Account to enable you to sign in and access ITSO member services. Your ITSO account will always be covered by the policies of this website. 

Where we store your personal data

The data that we collect from you will not be transferred to, or stored at, a destination outside the European Economic Area (EEA). Nor will it be processed by staff operating outside the EEA.

However, the data may be processed by staff who work for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order and the provision of support services.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers.

We do not process payment transactions through our website. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Will ITSO share my information?

We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post, email or telephone.

When will ITSO contact me?

If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous transaction with you.

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.

If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please advise us when we collect your data or by contacting us at compliance@itso.org.uk

Disclosure of your information

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If ITSO Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

What if I am a user under 18?

If you are aged 18 or under, please get your parent/guardian's permission before you provide any personal information to ITSO Ltd

Your rights (new ones for GDPR)

How long will you keep my personal info?

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with the ITSO Ltd.

Can I delete my data?

You can delete the information we hold on you as a member of ITSO Ltd. Please contact us at compliance@itso.org.uk

Can I find out what personal information ITSO Ltd hold about me

You have the right to request a copy of the personal information ITSO Ltd hold about you, how it is being processed and to have any inaccuracies corrected. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files. Please contact us at compliance@itso.org.uk

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.

You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

You can also exercise the right at any time by contacting us at Aurora House, Deltic Avenue, Milton Keynes MK13 8LW or  compliance@itso.org.uk

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, members and affiliates.

If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to ITSO Privacy and Cookies policy

Changes to our privacy policy Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contacting ITSO about this policy

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to compliance@itso.org.uk