Translink, a division of the Department of Transport and Main Roads (TMR) is committed to protecting your privacy. Translink is bound by the Information Privacy Act 2009 (the IP Act) which regulates the way in which Queensland government agencies must manage personal information. It addresses concerns about any unauthorised use of this information and gives individuals a right of access to personal information held about them. TMR’s Privacy Policy sets out details of the types of personal information we hold and how we handle this information.
These privacy provisions are required to be read together with the Contactless Payments Terms and Conditions, go card Terms and Conditions and TMR's Privacy Policy.
Collection
Translink collects personal information about you in several different ways. For example, we collect personal information when you:
- sign up for a go card;
- register your details on our website or apps;
- provide your details as part of an online enquiry; or
- contact and correspond with us, for example, to ask for information or to ask for assistance through our call centre.
We may also collect personal information about you from authorised service providers, such as organisations that issue credentials making you eligible for free travel. This occurs only with your consent and is used to provide you with relevant travel products and services.
We ensure use of your personal information is kept to a minimum and aligns with the intended purpose of its collection. Personal information, for example, a customer's email address is only collected by Translink’s customer relationship management system to deliver news, updates, and alerts to a customer who has requested and consented to use the email provided to receive this information.
Translink regularly collects types of personal information strictly aligned to its public transport products and services. The following are examples of personal information collected:
- Contact information: name, address, email address, phone number.
- Payment information: credit/debit card details, billing address.
- Communication records: emails, letters, and phone call recordings.
Where possible, we will allow you to interact with us anonymously or by using a pseudonym. However, if you choose not to share certain details, we may be unable to offer you specific products, services, or assistance that rely on the collection, use, or disclosure of personal information.
Registered smart cards
If you choose to register your smart card, such as your go card, your personal information will be securely stored in Translink’s ticketing system and linked to the serial number of your smart card. Your physical smart card will not store any personal information onto the actual card.
Unregistered smart cards
If you have an unregistered smart card, like a go card, the following information will be retained:
- travel history
- financial transactions such as top-ups; and
- contact details for data-matched concession fare card holders.
Contactless payments
If you use a contactless credit or debit card, or a linked device such as a smart phone or watch, to pay for your journey the following information will be retained:
- travel history; and
- financial transactions associated with your travel.
Any personal information such as name or address associated with your contactless credit or debit cards cannot be registered at this time.
Keeping your cards safe
As part of our commitment to protect your personal information, we encourage you to keep your smart card or contactless payment method safe and protected from unauthorised access, loss, or theft. Should you have any concerns regarding unauthorised access to your contactless credit or debit cards, you should contact your financial service provider for assistance.
Access to travel history and fares associated with a contactless payment method is available to the holder of the linked credit or debit card. This includes holders of cards linked to joint bank accounts.
Any person with access to your contactless payment method may be able to access your travel history and associated fare payments. If you are concerned that someone is using your card details to access your travel history, we suggest you use a different card, a registered go card or a paper ticket.
Please phone 13 12 30 if you have further questions or consult the Contactless Payments Terms and Conditions.
Use and disclosure of personal information
The purposes for which we collect your information may include:
- contacting you (including via SMS and email);
- providing you with account functionality to manage your public transport ticketing products and payment methods;
- managing and planning the public transport network;
- top ups, fare adjustments, refunds, balance transfers, replacement cards or cancellation of a lost or stolen registered card (where you have a registered smart card);
- notifying you of changes to your smart card (for example impending card expiry);
- monitoring and taking enforcement action in relation to fare evasion on the public transport network and fraud – our authorised representatives are entitled to collect identity information in this context under the Transport Operations (Passenger Transport) Act 1994 (QLD);
- developing and improving our services and obtaining feedback; and
- where you have opted in, provide you with relevant surveys to improve Translink services and/or a product offering.
Translink regularly engages external entities to perform some of its functions and activities. Where these arrangements require access to, or collection of personal information on behalf of Translink, we take all reasonable steps to ensure that these entities are bound to comply with the IP Act.
Translink will not disclose your personal information to another person or third party unless one of the following reasons applies:
- you have given us your consent to do so
- the disclosure is permissible under the IP Act
- Translink is required or authorised to do so under a legislative authority, such as to uphold law enforcement.
Access, amendment and deletion
You have a right to request access to personal information held by us and may also use Translink's online services and Translink mobile applications to access, update and amend certain personal information.
You may also request deletion of:
- any accounts created using Translink Apple or Android mobile applications; and
- information held by us associated with those accounts or with any Translink online service or application integrated or connected with Meta products including Facebook.
If you wish to access, correct or update any personal information we may hold about you, or request deletion of an account or information associated with a Translink mobile application or Meta product as described above, please:
- where possible, use the relevant online service or mobile application; or
- contact us.
We may decline to provide access to amend or delete information, where we are legally permitted to do so. We will explain the basis for our decision when responding to your request or otherwise, within a reasonable time.
Reasons for refusal may include, but are not limited to, where access, amendment or deletion would be:
- contrary to the public interest under the IP Act or the Right to Information Act 2009 (QLD)
- inconsistent with our obligations to maintain records under legislation including in the Public Records Act 2023 (QLD).
While we take reasonable steps to ensure that the information we collect is relevant, correct, complete, not misleading and up to date, we will be relying on you to provide us with accurate, complete and up-to-date personal information. It is in an individual’s best interests for their address to be correct, for them to be readily contactable, and for there to be clarity over their identity or personal information.
Storage and security
Translink takes all reasonable steps to keep personal information we hold about you secure and protected against loss, misuse, and unauthorised access.
Translink operates under the Department of Transport and Main Roads’ Information Security Management System (ISMS) that conforms with the requirements of the Queensland Government Information Security Policy and International Information Security Standard (ISO/IEC 27001).
The ISMS includes information security controls that have been implemented to provide a secure environment. Translink employees are periodically trained on Translink's privacy obligations and our commitment to keep personal information we hold secure. Translink’s websites securely encrypts the transmission of information across the internet by using best practice security protocols such as Transport Layer Security, allowing secure web browsing.
All personal information you provide to us is securely stored on our servers and/or those of service providers engaged by Translink to deliver support services. We take reasonable steps to ensure that your personal information is treated securely and in compliance with TMR’s Privacy Policy. Service providers engaged to process personal information on our behalf are contractually required to implement appropriate security measures to protect your personal information.
Online services
Where relevant, TMR may record information about your use of Translink’s websites and applications for statistical purposes and to improve your digital experience. As a rule, unless you provide your information for a specific purpose, no attempt will be made to identify users or their browsing activities.
Email and SMS
We will not use your personal contact details you provide such as email address, SMS device number or phone number other than for the purpose for which you provided it. Where assistance is requested, your enquiry will be forwarded to the relevant departmental officer and/or our service providers. If you have received communication from Translink and no longer wish to receive updates from us, you can unsubscribe via:
- using the “update preferences or unsubscribe” link included in our electronic messages (for example, email, SMS); or
- logging into your go card account to manage your email and SMS preferences related to your go card account notifications.
Mobile applications
For information about how your personal information is managed through the Translink app please visit our Translink app privacy, terms and conditions page.
Cookies and Analytics
Cookies are bits of data which are stored in your computer or mobile when you visit a website or app. They can be used for a range of different purposes, such as customising a website for a particular user and helping a user navigate a website.
Translink uses Google Analytics to gather anonymous statistical information about how Translink’s websites are accessed and used. Google Analytics uses cookies to gather information for the purpose of providing statistical reporting.
The information generated by the cookie about your use of the websites will be transmitted to and stored by Google on servers located outside of Australia. The information Translink receives from Google through Google Analytics is limited to aggregated information and cannot be used to identify you personally.
If you are logged into your contactless payments or go card account, information about your user account is NOT linked to data recorded by Google Analytics and is NOT provided to Google.
Information gathered using the Google Analytics cookie includes:
- the number of visitors to Translink’s websites
- how visitors arrive at Translink’s websites; for example, did they type the address in directly, follow a link from another webpage, or arrive via a search engine
- the number of times each page is viewed and for how long
- time and date of visit
- geographical location of the visitor
- information about what browser was used to view Translink’s websites and the operating system of the computer
- information about whether the browser supports Java and Flash; and
- the speed of the user's internet connection.
Translink uses Google Advertising (Google Signals only) to track cross-platform behaviour if users visit Translink websites across multiple browsers/and or devices. The data collected is aggregated, and individuals cannot be identified. You can choose not to allow Google to collect your information by opting out of Google Analytics or specifically opt out of Google Analytics display advertiser features.
Translink may use a user behaviour analytics platform to gain qualitative insights into how users interact with our website or app. Tools like heatmaps and session recordings help us visualise these interactions, enabling us to identify issues, friction points, and opportunities to enhance our services. To provide these insights, the platform uses cookies to collect data on user behaviour and devices on our behalf. This data may include personal information such as online identifiers (e.g. IP address, user ID), technical details (e.g. device type, screen size, browser information), geographic location (country only), and behavioural data (e.g. clicks, taps, scrolls).
External links
Translink’s websites contain links to third-party websites. We are not responsible for the content, security, or privacy practices of these external websites. We encourage you to read the privacy policies or statements of any website you visit. Translink’s privacy provisions do not apply to information collected on external websites that may be linked to Translink’s websites.
Amendments to this statement
We may periodically update this Statement and our information handling practices. Any significant changes will be published in a revised version of this Statement on the Translink website. When implementing changes to our information handling practices, we will ensure compliance with Queensland privacy laws, while respecting the expectations of our customers when managing personal information.
Feedback and enquiries
For details on how you can provide feedback and enquiries please visit Translink’s Contact Us page.
Privacy complaints
If an individual believes that Translink has not dealt with their personal information in accordance with the Information Privacy Principles contained in the IP Act, they may lodge an information privacy complaint to TMR.
Privacy complaints made to TMR must:
- be in writing;
- state an address of the complainant to which notices may be forwarded under the Act; and
- provide particulars of the act or practice as the subject of the complaint.
Privacy complaints are to be marked private and confidential and forwarded to:
Post:
Right to Information, Privacy and Complaints Management
Department of Transport and Main Roads
GPO Box 1549
Brisbane QLD 4001
Email: privacy@tmr.qld.gov.au
Online: the Department of Transport & Main Roads Contact Us form.
Complaints may be made anonymously, however where a complaint is received that requires investigation of a customer record or requires a response containing personal information, evidence of the complainant’s identity must be provided.
Definitions
| Term | Definition |
| Children | Individuals who are under 18 years (Section 45 IP Act) |
| Contactless payments | Fare payment method using a credit or debit card, including those linked to a digital wallet on a smart device. |
| Personal information | "Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion." (Section 12 IP Act). |
| Transit account | Refers to your go card account or your contactless payment account. |