Skip to main content

Your privacy settings

We use cookies to help you with journey planning and relevant disruptions, remember your login and show you content you might be interested in. If you're happy with the use of cookies by West Midlands Combined Authority and our selected partners, click 'Accept all cookies'. Or click 'Manage cookies' to learn more.

Manage cookies

Privacy and cookies policy

Transport for West Midlands (TfWM) is an executive body of the West Midlands Combined Authority (WMCA), set up to improve the regions transport infrastructure and create a fully integrated, safe and secure network.

We will sometimes need to collect your personal information so that we can provide you with the full range of our services. We recognise that this information is important to you and we will ensure it is only used fairly, correctly and safely in line with the UK’s data protection laws. The West Midlands Combined Authority (WMCA) is the data controller for this information in terms of the Data Protection Act 2018.

This privacy policy outlines our obligations and your rights under the data protection legislation, which regulates the use of personal information.

Why we need to collect information about you

We collect and process various categories of personal information at the start of, and for the duration of your relationship with us. We will limit the collection and processing of information to what is necessary to achieve one or more legitimate purposes as identified in this notice.

We will use your personal information for a limited number of purposes and always in line with our responsibilities, and where reasonable your wishes, where there is a legal basis to use your personal information and in relation to your rights.

We process personal information:

  • To provide you with the services you have requested, For example our Swift travel card service, and process your travel ticketing requests;
  • To monitor our performance in providing services to you, to gather statistical information to allow us to plan future provision of services, and to obtain your opinion about our services;
  • To communicate with you;
  • To meet various legal requirements;
  • For the prevention and/or detection of crime;
  • To process financial transactions including grants, payments and benefits directly involving us or where we are acting on behalf of other government bodies;
  • For general processing where you have given your consent for us to do so;
  • Where it is permitted under the Data Protection Act, for example, to comply with legal obligations, or for us to seek legal advice or undertake legal proceedings;
  • For marketing purposes to keep you updated on the latest news and services;
  • To inform you of network disruption.

We may not be able to provide you with a service if we do not have enough information and, in some instances, your consent to use that information.

We aim to keep your information accurate and up to date. You can help us to do this by letting us know if any of the information you have given us, such as your address changes. Our contact details can be found later in this document.

Schedule A, below explains the lawful basis we process your information.

Ways in which we collect your information

Face to Face

We may keep a record of your visit to us to assist us in the delivery and improvement of the services that we provide to you and to others. Any such records that include personal information will be kept securely.

Telephone calls

Ordinarily we will inform you if we record or monitor any telephone calls you make to us. We may do this to increase your security; so that we have a record of a call taking place and/or for training and quality purposes.

If you email us, we may keep your email as a record that you have made contact. This includes your email address. We will not include any personal or otherwise confidential information in any email we send to you unless it is sent securely or you have agreed to us contacting you with this information. We would also recommend that you keep the amount of personal or confidential information you send to us via email to a minimum.


We will keep a copy of any letters received and sent to you, for as long as is necessary to deliver our services to you.

Mobile Apps

If you use one of our mobile applications we will process the information you provide us, and details of how you use the mobile app.



Cookies are small text files that are placed on your computer by some websites that you visit. They are widely used in order to make websites work, or to make them work more efficiently, as well as to provide information to the owners of the site. Details about how we use Cookies can be found in our Privacy and Cookies Notice.

Other websites

On our website you may find links to other external websites which we have provided for your information and convenience. This privacy notice applies solely to the West Midlands Combined Authority and its responsibilities for West Midlands Network. We are not responsible for the content of any external sites. When you visit other websites, we recommend that you take time to read their own privacy notices.

What we will do with your information

When deciding what personal information to collect, use and hold we are committed to making sure that we:

  • Only collect, hold and use personal information where it is necessary and fair to do so;
  • Keep your personal information secure and safe;
  • Securely dispose of any personal information when it is no longer needed;
  • Be open with you about how we use your information and who we share it with; and
  • Adopt and maintain high standards in handling any personal information

We may disclose personal information to a third party, but only where it is required by law, where that third party needs that information to provide you with a service on our behalf, or where it is otherwise allowed under the Data Protection Act. We will strive to make sure that the third party has sufficiently robust system and procedures in place to protect your personal information.

How long we will hold your information

By providing you with a service, we create records that contain information. We manage our records to help us provide a service to you. The retention periods we will hold records are determined based on the type of record, the nature of the activity, product or service. We will not retain records for any longer than necessary, or as required by law.

When we dispose of personal information, we will do so in a secure way.

Who we may share your information with

We will not share your information except:

  1. Where we have your permission
  2. Where required for the service we are providing you
  3. Where we are required by law and by law enforcement agencies, juridical bodies, government, tax authorities or other regulatory bodies
  4. With third parties, external partners, and agencies assisting us in delivering our service to you
  5. With external partners to improve, and advance, the service we provide to you

Information will only be shared where it is necessary, and permitted under the Data Protection Act. Any information shared will be proportionate and limited only to what is necessary.

WMCA will ensure that the third party, external partner, or agency have sufficient systems and procedures in place to prevent the loss or misuse of personal information. Sharing will only take place under strict contractual agreements and/or sharing agreements.

Transferring information overseas

If you’re personal information is transferred outside the European Economic Area (EEA) for processing or storage purposes we will ensure that safeguards are in place to protect it to the same standard we apply. We will ensure that any transfer only takes place if:

  • The European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately
  • The transfer has been authorised by the relevant data protection authority; and/or
  • We have entered into a contract with the organisation with which we are sharing (on terms approved by the European Commission), to ensure your information is adequately protected.

Communications about our service

We will contact you with information relevant to the service we are providing you. By a variety of means including via email, text message, post and/or telephone.
We may monitor or record calls, emails, text messages, or other communications in accordance with applicable laws.

Your rights

Under the Data Protection Act, you as the Data Subject, have the following rights. Each request will be reviewed and actioned wherever possible. However, you should be aware that, due to the reasons that we may be processing your information we might not be able to comply with some requests due to legal obligations.:


You have a right to get access to the personal information we hold about you.

If you would like a copy of the personal information we hold about you please contact us at:

  • Email:
  • Telephone: Switchboard – 0121 200 2787
  • Main Contact Centre – 0345 303 67 60
  • Address: Data Protection Officer, 16 Summer Lane, Birmingham, B19 3SD


You have a right to rectification of inaccurate personal information and to update incomplete personal information.

If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.

Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you


You have a right to request that we delete your personal information.

You may request that we delete your personal information if you believe that:

  • we no longer need to process your information for the purposes for which it was provided;
  • we have requested your permission to process your personal information and you wish to withdraw your consent; or
  • we are not using your information in a lawful manner.

Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you


You have a right to request us to restrict the processing of your personal information.

You may request us to restrict processing your personal information if you believe that:

  • any of the information that we hold about you is inaccurate;
  • we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or
  • we are not using your information in a lawful manner.

Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you.


You have a right to data portability.

Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.


You have a right to object to the processing of your personal information.

You have a right to object to us processing your personal information (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims.

Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you


You have a right to withdraw your consent.

Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time.

We will always make it clear where we need your permission to undertake specific processing activities

Lodge complaints

You have a right to lodge a complaint with the regulator.

If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter.

We hope that we can address any concerns you may have, but if you remain unhappy you can contact the Information Commissioner’s Office (ICO). For more information, visit:

Automated processing and profiling

Under data protection legislation we have to let you know when we use your personal information to do something 'automatically' using our computers or other systems, or make an automated decision (without human intervention) that significantly affects you.

If you are a pay as you go Swift card customer, we calculate the fares you are charged using automated means - ie using the location where you start your journey (touch in) and, if travelling by train, end your journey (touch out).

We may also use journey history, and travel patterns to improve the services we provide and develop our transport strategy. This processing will normally be done in an anonymised manner to ensure you cannot be identified.

Using personal information for marketing

We will only send you information about our services if you have asked us to do so or, based on the information we hold, and those services are considered of benefit to you. Your information may also be shared with other service providers who may contact you if they provide services to help you. You can opt out of this at any time by letting us know.

On our websites, you have the option to submit your email details to join our Marketing Database. We may ask you for additional details to help tailor your experience. These details are submitted and controlled by you at all times.

Details held for Marketing and Information Updates will be used for sending you relevant information. You have the ability to update your details at any time or unsubscribe from receiving our emails by clicking the preference centre or unsubscribe link placed at the bottom of our emails. Alternatively you may contact us at to request removal.

We will hold your details on our Marketing Database until you unsubscribe from our Database. If you do not open emails for longer than 6 – 12 months we will remove your details automatically.

No details given for marketing purposes will be shared with third parties.

We may from time to time send you information from our partners if we feel it is relevant to you.

Competitions run in conjunction with our partners may have explicit terms and conditions around data sharing. These will be highlighted to you when you enter the competition.

Use of CCTV

We have installed CCTV systems and Body Worn Video in some of our locations for the purpose of:

  • staff and public safety,
  • the prevention and detection of crime,
  • the management and investigation of major incidents
  • supporting the efficient management and operation of transport networks

Where CCTV is in operation signs are prominently displayed notifying you of its operation and providing you with details of who to contact for further information about them.

We will only disclose CCTV images to third parties for the purposes as stated above of public safety and the prevention and detection of crime. CCTV images will not be released to the media for entertainment purposes or placed on the internet.

You have the right to see CCTV images of yourself and if appropriate provided with a copy.

Your online privacy and cookies

You can visit our website without telling us who you are or revealing any information about yourself. We and our partners will treat any personal information about you securely, fairly and lawfully. When we ask you for personal information online it will only be in response to you actively applying for or using one of our services.

Cookies - what are they?

A 'cookie' is a small text file that's stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.

Some of the cookies are necessary for the functionality of the website and they are deleted from your device once you close your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.

We use session and persistent cookies to distinguish you from other users. This information helps us to provide you with a good experience when you browse our website and it also allows us to improve our website accordingly.

We also use analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

How to control and delete cookies

If you want to restrict or block the cookies we set, you can do this through your browser settings. The ‘help’ function within your browser should tell you how.

Cookies - how we use them

If you delete cookies relating to this website we will not remember things about you, including your cookie preferences, and you will be treated as a first-time visitor the next time you visit the site.

We use cookies (and other similar technologies) to:

  • Provide services that you request and to provide a secure online environment
  • Manage our relationship with you
  • Give you a better online experience and track website performance
  • Help us make our website more relevant to you

Essential site cookies

These are cookies that are essential for us to provide our service to you and to provide a secure online environment. Without cookies we are unable to provide some products or services that you might request. Other 'essential' cookies keep our website secure. Even if you say “No” to cookies on this website we'll continue to use these 'essential' cookies.

Essential cookies we use include:

  • ASP.NET_SessionId: This cookie is deleted when you close your browser.
  • Performance Cookies: tracking website performance: These cookies collect aggregated information and are not used to identify you. We use this type of cookie to understand and analyse how visitors use our online services and look for ways to improve them. For example, a cookie might tell us that lots of people give up on an application process at a particular step – so we can try to make that step easier to complete.

The analytics cookies we use include:

  • Google Analytics, which uses cookies to help us analyse how our visitors use the site. Find out more about how these cookies are used on the Google privacy site.
  • Adobe Analytics, to improve our websites and services. This service and the cookies it uses help us understand the popularity of our content and make better consumer experiences

Functionality cookies: giving you a better online experience

These cookies remember your preferences and tailor the website to provide enhanced features. Without these cookies, we cannot remember your choices or personalise your online experience.

We use this type of cookie to:

  • Make your online experience faster by remembering you between visits on your personal devices
  • Remembering relevant information as you browse from page to page to save you re-entering the same information repeatedly
  • Provide enhanced features, such as playing videos or allowing you to post a comment.

Third party cookies

Please note that during your visits to the Network West Midlands (NWM) website you may notice some cookies that are not related to NWM or NWM contractors. When you visit a page with content embedded from, for example, YouTube, you may be presented with cookies from these websites. NWM does not control the dissemination of these cookies. You should check the third party websites for more information about these.

The third-party companies we partner with include:

  • Twitter - we may use Twitter’s conversion tracking and tailored audiences products.  We and third parties collect user data through their application for purposes of conversion tracking and serving ads targeted to users’ interests. We do not select targeting criteria that could reveal sensitive information about users and don’t subject users to advertising that isn't relevant to our brand. Users can opt out of interest-based advertising through ‘Do Not Track’ functionality in your web browser or through such other methods that Twitter may specify here:
  • Orlo - We may use tracking associated with Orlo, a social media monitoring Dashboard. This allows us to monitor campaign effectiveness of social media click through and conversions on activities on our website. If you would like to disable tracking please visit Stop Tracking at
  • Facebook - Facebook provide us with certain features and tools (e.g., pixels, SDKs and APIs) that have been added to our website to allow us to send data about actions that people take on our website ('Event Data') to Facebook to track conversions ('Conversion Tracking') and to create custom audiences of people who have visited our website ('Custom Audiences from your Website').

To read more about Terms For Conversion Tracking, Custom Audiences From Your Website, and Custom Audiences From Your Mobile App visit

How to reject cookies

We will not use cookies to collect personal identifiable information about you and we recommend that you allow the use of cookies. However, if you wish to restrict or block the cookies which are set on our websites, you can do this through your browser settings. The Help function within your browser should tell you how.

To opt out of being tracked by Google Analytics across all websites visit

For more information about 'cookies' and how to reject them, please see the Interactive Advertising Bureau's website.

Prevention and detection of fraud

We are required by law to protect any public funds we administer. Therefore, we may use information you provide to us for the prevention and detection of fraud, or to comply with the law.

As well as conducting our own ‘data matching’ exercise, we may also share your information with other public bodies. These include (but are not limited to):

  • The Audit Commission
  • Department for Work and Pensions
  • Other Local Authorities
  • Her Majesty’s Revenue & Customs
  • The Police
  • Other bodies responsible for auditing or administration of public funds.

We may also share information with credit reference agencies, service providers or contractors and partner organisations, where the sharing of information is necessary, proportionate and lawful.

Data Matching

The Cabinet Office may require us to participate in the National Fraud Initiative data matching exercise to assist in the prevention and detection of fraud. Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it indicates that there is an inconsistency which may require further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation.

Further information on the Cabinet Officer’s legal powers and the reasons why it matches particular information are provided on the GOV.UK website

How to contact us

For more information about either requesting access, to stop processing of your personal information or to raise a concern please contact us at:


If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. Contact details are provided above.

We hope that we can address any concerns you may have, but if you remain unhappy you can you can contact the Information Commissioner’s Office (ICO). For more information, visit:

Equalities Information

We may use information such as your ethnic background, first language, gender, sexual orientation and age gap to gather statistics about the population of the area and the take up of our services. This is to help comply with our legal obligations and to plan the provision of services in the future.

Such analysis will not identify individuals or have impact on entitlement to services and facilities.

Changes to the way we use information

If we change the way we use your information, and we believe you may not reasonably expect such a change we will notify you and will allow a period of time to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide our service to you.

Changes to this Privacy Notice

We keep our privacy notice under regular review. This privacy notice was last updated in February 2019.

Schedule A – Schedule of Purposes of Processing

We will only use and share your information where it is necessary for us to carry out our lawful activities. We want to ensure that you fully understand how your information may be used. We have described the legal purposes for which your information may be used in detail below:

A. Contractual necessity

We may process your information where it is necessary to enter into a contract with you for the provision of a services or to perform our obligations under that contract. This may include processing to:

  1. assess and process applications for products or services;
  2. provide and administer those products and services throughout your relationship with us, including opening, setting up, updating, or closing the service or product; collecting and issuing all necessary documentation; executing your instructions; processing transactions, resolving any queries or discrepancies and administering any changes.

Calls to our Service Centre and online helplines may be recorded and monitored for these purposes;

  1. manage and maintain our relationship with you and for ongoing customer service. This may involve sharing your information with our partner organisations to improve the availability of our services;
  2. communicate with you about the service or the products and services you receive from us, and
  3. undertake any processing necessary to provide, deliver, or improve the service to you

B. Legal obligation

When we provide a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you.

Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide products and services to you.

C. Legitimate interests of West Midlands Combined Authority

We may process your information where it is in our legitimate interests do so as an organisation, and without prejudicing your interests or fundamental rights and freedoms.

  1. We may process your information in the day-to-day running of West Midlands Combined Authority, to manage our services and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating. This may include processing your information to:
    1. monitor, maintain and improve internal processes, information and data, technology and communications solutions and services;
    2. ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;
    3. ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
    4. provide assurance on our material risks and reporting to internal management and supervisory authorities on whether we are managing them effectively;
    5. perform general, financial and regulatory accounting and reporting;
    6. protect our legal rights and interests;
    7. manage and monitor (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
    8. enable a sale, reorganisation, transfer or other transaction relating to West Midlands Combined Authority.
  2. It is in our interest as a business to ensure that we provide you with the most appropriate products and services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:
    1. identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
    2. send you relevant marketing information which we believe may be of interest to you;
    3. understand our customers’ actions, behaviour, preferences, expectations, feedback and relationship history in order to improve our products and services, develop new products and services;
    4. monitor the performance and effectiveness of products and services;
    5. assess the quality of our customer services and to provide staff training. Calls to our service centres and communications to our online helplines may be recorded and monitored for these purposes;
    6. perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers;
    7. combine your information with third-party data, such as economic data in order to understand customers’ needs better and improve our services.
    8. We may share information with third parties who help provide our services under strict contractual agreements protecting your personal data.
  3. It is in our interest to manage our risk and to determine what products and services we can offer and the terms of those products and services.

D. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in West Midlands Combined Authority;

We may process your information where:

  1. we are exercising an official authority set out in law
  2. to perform a specific task the public interest that is set out in law

E. Consent

For some work, we undertake we may only process your information with your consent. If we are processing information with consent, we will ensure you are clearly informed of this, and you have the opportunity to provide clear unambiguous consent.