We are improving our site by involving residents.
Help us continue to improve by giving your feedback
Privacy notices
Croydon Council privacy notices.
Concessionary travel services
Croydon’s Concessionary Travel Services aims to ensure that our residents are able to easily apply for Blue Badges, Disabled Persons Freedom Passes and London Taxi Cards, to assist them in undertaking journeys they may not be able to without these schemes, and to prevent isolation.
When providing concessionary travel services to you, we have to collect and use your personal information. We process your personal information in order to confirm eligibility for the scheme you have applied for, be this for a new or renewal application, and to provide advice, guidance and support to vulnerable families, adults, the elderly, those with physical and hidden disabilities and carers either directly or jointly with our partners.
Whilst the majority of information provided to us is mandatory, for example to comply with our statutory obligations, some of it is provided by you on a voluntary basis. In order to comply with the GDPR and the Data Protection Act 2018, we will inform you whether you are required to provide certain information to us, or if you have a choice in this. We will also explain what your data rights are and what your information will be used for. Information may be collected in many ways including on paper, by telephone, electronically or by a member of staff in person.
Your privacy rights
This privacy notice tells you:
- what information we hold about you
- how we use your information
- who we share your information with, within and outside the council
- how we keep your information safe and secure
- your right to see your concessionary travel records
The legal bases for processing your personal information are:
- compliance with a legal obligation
- contract for the supply of services
- consent
Concessionary travel staff will update its systems with any details relating to your situation that will assist us in supporting you to meet your concessionary travel needs. The information we hold about you is confidential. Any records we hold can only be seen by authorised staff and others with a right to know, including you.
We comply with our legal obligations under the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018 when using your personal data, for example, collecting, storing, sharing, and destroying.
The law gives you a number of rights to control what personal information is used by us and how it is used by us. Additional information about your individual data rights can be found in our corporate privacy notice on our website.
What information we hold about you
This may include all or some of the following:
Your personal details, including your full name, date of birth, address, as detailed in the application form for the concessionary travel scheme you apply for:
- Details, you disclose to us, regarding your disability in relation to the disability eligibility criteria you apply under. This may include your medical history and details of any diagnoses.
- The names and contact details of your support workers or carers.
- Your legal status and documents, for example, immigration, power of attorney.
- Health, social care or other services you are receiving.
- Information about your situation given to us by your family or carers or medical professionals involved in your care.
- Any documents sent to us relating to you.
- Records of phone or electronic conversations relating to you, for example conversations between you or your carer or nominated family member and concessionary travel and contact centre staff, or conversations between council staff and NHS, SLaM, or members of your family or your representative.
How we use your information
We use your information to help us to:
- produce statistics and reports to plan our monitor the delivery of our service. Statistics are used in such a way that individuals cannot be identified from them
- account for our decisions and investigate complaints
- make sure the service you receive is efficient and effective
- meet our statutory obligations including those related to diversity and equality
- review the quality of services provided
- research and plan new services
Information shared within the council
Your data is accessed by staff working in the Concessionary Travel Services team and our contact centre, who take the concessionary travel services phone calls where access is needed to be able to answer any queries you have on your application.
Each service will only access the personal information that is essential to carry out their work.
Other council teams or services outside of Concessionary Travel and Contact Centre Services may also have access to your personal information to carry out their statutory roles or support the Concessionary Travel Services team, and may include:
- Complaints team
- Legal Services Department
- Information Management team
Information shared outside the council
Relevant information about you may be passed to external organisations in order for you to receive the concessionary travel scheme you have applied for. The types of organisation we may pass your information to are listed below:
- Your advocate or representative, if you have instructed one.
- Health care professionals including your GP, nurse or hospital consultants.
- For Blue Badges, the Department for Transport, who have the statutory responsibility for the scheme.
- For Freedom Passes, the London Councils, who administer the scheme with Transport for London.
- For London Taxi Cards, the London Councils, who administer the scheme.
- We also have a legal duties to pass information to third-party organisations such as the Police or the Department of Work and Pensions and anti-fraud agencies for the purposes of preventing and detecting crime, or for anti-fraud purposes, or for the protection of public funds.
All organisations we pass your information to will have an information-sharing agreement with us to ensure they meet the standards of the GDPR and the Data Protection Act 2018, and will be covered by a legal basis allowing them to collect, use and share your personal information. In some circumstances, information may be shared with third parties where there is a legal obligation to do so.
You have the right to object to some or all your information being shared under current data protection legislation (Article 21 the General Data Protection Regulations 2016, and the Data Protection Act 2018).
All objections will be considered on an individual basis by the data controller. The contact details for the DPO for each organisation can be found within this privacy notice as displayed by each individual organisation, or on their website.
Important on risk
We may share your personal information when we feel that the risk is serious and protecting you is more important than protecting your privacy. For example, we may share your information:
- to protect families, children and adults who are thought to be at risk if they are frail, confused or cannot understand what is happening to them
- to prevent or investigate a crime
- to protect yourself, or our staff, or the public
- to protect other professionals if we are required to do so by any court or law.
If we are worried about your safety and believe we need to take action to protect you from being harmed, we will discuss our concerns with you and, if possible, obtain your permission to disclose this information. We may share this information with third parties if we assess the risk to you or others to be serious.
There may also be situations when the risk to you or others is so great that we believe we need to share your information without delay. If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will also let you know what we have done and why if we think it is safe to do so.
How we keep your information safe and secure
We are committed to ensuring that your information is securely held.
We manage, maintain and protect all information according to legislation, our policies and best practice. All information is stored, processed and communicated in a secure manner. We provide training to staff who handle personal information and how to report and escalate when something goes wrong.
When we no longer require to keep information about you, we will review it and archive it for any relevant legal retention period and ultimately dispose of it in a secure manner.
Requesting access to your personal data
Under GDPR and the Data Protection Act 2018, you have the right to request access to information that we hold about you. To make a request for your personal information, contact our Information Management team at SAR@croydon.gov.uk.
Further information
The GDPR and Data Protection Act 2018 give you a number of rights to control what personal information is used by us and how it is used by us. Information about your individual data rights is listed in our corporate privacy notice on our website.
If you have any questions or concerns about the way we collect, store or use your personal information, please contact us in the first instance on 020 8726 6000.
For advice about data protection issues, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.
We reserve the right to amend this Privacy Notice at any time and will keep it under review. If we do make any changes, we will post the current version to our website at this address.
Last updated: July 2024.
NEW Help improve this site by giving feedback Show Hide
Feedback
Send feedback directly to the content team using our website feedback form
You can also join our user research group to receive invites to activities and surveys to help shape future improvements to the site.