Skip to content Skip to menu

Merseytravel is committed to processing your personal information in a responsible, secure and transparent way. On 25th May 2018, the General Data Protection Regulation (GDPR) was introduced across Europe, replacing the Data Protection Act 1998 as the law governing how personal information is handled.

Personal information is anything that relates to a living, identifiable individual, either on its own or when combined with other information.

The GDPR is based around six Principles, which ensure that personal information will be:

In addition, the GDPR provides you with the following rights when it comes to your personal data:

- your information is no longer required for the purpose it was collected

- you withdraw your consent

- you object to Merseytravel processing your information (and there is no overriding legitimate interest for continuing the processing)

- Merseytravel has breached the GDPR when processing your data

- there is a legal obligation to delete the data (such as a court order)

As mentioned above, one of your rights is to receive copies of any personal data that is held about you through, such as CCTV images or Walrus travel card data. This is known as a ‘subject access request’.

You are required to provide proof of your identity or, if you are making a requester on behalf of someone else (such as an insurance company asking for CCTV footage of an incident involving their client) proof that you are authorised to receive their information. Merseytravel will respond within one month.

Subject Access Requests 

For details of how to submit a subject access request, exercise any of your other rights or if you have any other questions about the GDPR, please contact [email protected].

You also have the right to complain to the Information Commissioner if you believe that Merseytravel has failed to fulfil our legal obligations. Contact details for the Commissioner, along with guidance on the legislation, can be found at

All of Merseytravel's Fair Processing Notices, our Data Protection Policy and CCTV Code of Practice can be found below: