e+ card privacy notice

Updated: January 2025

Our contact details

Name: Data Protection Officer

Address: Time Square, Market Street, Bracknell, RG12 1JD

Phone Number: 01344 352000

Email: dpo@bracknell-forest.gov.uk

Bracknell Forest Council is registered as a controller with the Information Commissioner’s Office (ICO).

You can find us on the ICO website - our registration number is Z4971654.

The type of personal information we collect

The type of information we collect about you will depend on the service you are requesting through the e+Card, this includes:

  • full name
  • age
  • postal address
  • email address
  • date of birth
  • gender
  • landline and mobile number
  • photo image

We currently collect and process the following special category data:

  • data concerning sex life or orientation
  • racial or ethnic origin
  • religious or philosophical beliefs

How we get the personal information and why we have it

The personal information we process is provided to us directly by you for one of the following reasons:

  • to process your e+ card application and join you to the services you need under your e+ card account. This may include the following, if selected:
    • local discounts
    • promote your business
    • library card
    • leisure card
    • leisure Saver Scheme
    • bus pass
    • railcard
    • proof of age card
    • rewards for recycling
    • organ donor register
    • R-bus journeys
    • BFC My Choice
  • data entry and online validation or provision of proofs enables e+ card applicants access to multiple services through a single enrolment process
  • having a single, central data source for registration and updates means all relevant data are cascaded to all selected services in real time - applicants can apply online or visit one council site and join more services by simply selecting additional options presented on the screen

We use the information that you have given us in order to:

  • create a smartcard member’s record and a physical smartcard for use as a personalised token for membership and access to various council services
  • create a physical PASS proof of age card to access age restricted goods, content and services

Equality data is collected at registration and held anonymised to assist service access and monitoring.

User account management

Services within the card management system can be added or removed when requested by a cardholder. Cardholders have access to their own accounts and can view the data held and activity in their own account through secure online password access.

How the law allows us to use your personal information

Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis for processing is Article 6 UK GDPR:

  • (a) you have given your consent
  • (b) process is necessary for the performance of a contract
  • (c) processing is necessary for compliance with a legal obligation

Special category data

Special category data is processed under Article 9 UK GDPR:

  • (a) you have given your explicit consent

You can read the guide to lawful basis for processing special category data on the Information Commissioner's Office website.

Where we use consent to process your personal data, we will explain to you what we are asking you to agree to and why.

If we have consent to use your personal data, you have the right to remove it at any time.

If you want to remove your consent, please email  info.smartcard@bracknell-forest.gov.uk and we will deal with your request.

If you remove your consent we are unlikely to be able to provide continued services to you.

Our ‘Legal obligation' to provide for concessionary travel is stated in:

  • the Cabinet Office guidance relating to the National Fraud Initiative to provide concessionary travel bus pass rights - National Fraud Initiative 2020/21
  • Section 9, Concessionary Bus Travel Act 2007 as approved by parliament in March 2010

Performance of a contract

‘Performance of a contract’ when providing leisure services with our external provider Everyone Active.

Who we share your information with

We may share this information with:

  • NHS Blood and Transplant - data is shared with the Organ Donor Register when e+ applicants actively request this
  • Everyone Active - staff contracted by the council to enrol and manage records - data fields and photos are required to create and update leisure member records
  • Suez - staff contracted by the council to manage the rewards scheme - data is required to manage the recycling initiative

We will need to share your personal data with third parties to deliver our services. You can ask us for more information on our third-party service providers.

We will not sell your personal data to any party.

Third parties with e+ include the following (this is not an exhaustive list):

  • our e+ data management system is managed by SmartCitizen Ltd
  • our contracted supplier for the recycling incentive scheme is Suez
  • data for concessionary travel (bus passes) are shared with the Fraud Office
  • leisure service data is shared with our contractor Everyone Active (Sports and Leisure Management Ltd)
  • for the library service we use Alto and Capita

How we store your personal information

Your information is securely stored directly into SmartConnect by yourself and council staff with e+ system role rights.

We keep your personal data obtained to issue your e+ card for in the SmartConnect database within each uniquely identified individual record if, within the previous 6 years:

  • there is still a valid e+ card associated which has a transaction recorded on an electronic reader in one of the integrated services
  • the valid cardholder’s account has been accessed or activated by the cardholder
  • any data change or update has been made to the record

There is an automated system deletion process which runs nightly to delete records inactive according to these rules. Any cardholder whose e+ record has been deleted due to lengthy inactivity can re-register as a new applicant to across services.

Any cardholder can access their own record to see the data held by us and request to change this or have specific services added or removed at any time. Cardholders can have their e+ record deleted altogether if they no longer wish to access the associated services.

The deletion of, or any amendment to an e+ record in SmartConnect is flagged in the relevant associated services in real time.

Data will not be kept for longer than is necessary and is kept in line with the council’s retention and disposal schedule.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Find out more about your right of access from the ICO.

Your right to get your data corrected

You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Find out more about your right to get your data corrected from the ICO.

Your right to get your data deleted

You have the right to ask us to delete your personal information in certain circumstances.

Find out more about your right to get your data deleted from the ICO.

Your right to limit how organisations use your data

You have the right to ask us to limit the processing of your information in certain circumstances.

Find out more about your right to limit how organisations use your data from the ICO.

Your right to object to the use of your data

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks.

Find out more about your right to object to the use of your data from the ICO.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.

The right only applies if we are processing information based on your consent or for the performance of a contract, and the processing is automated.

Find out more about your right to data portability from the ICO.

Making a request

You are not required to pay any charge for exercising your rights. If you make a request, we have 28 days to respond to you.

To make a request, contact us by emailing: info.smartcard@bracknell-forest.gov.uk

Service adjustments

As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act 2010.

This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.

Our lawful basis for processing this information is article 6(1)(c) of the UK GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.

We will create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to make sure they are communicating with you in the required way.

To request service adjustments, contact us by

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@bracknell-forest.gov.uk

You can also complain to the ICO if you are unhappy with how we have used your data by:

  • visiting the ICO website
  • phoning the ICO helpline on 0303 123 1113
  • writing to:
    • Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF