Bee Privacy Statement ccPDF, 2.0MB

Bee confident about your data

  1. Bee confident about your data with the Bee Scheme

We need to collect, use and share some personal information about Bee Card users in order to deliver the services you request of us. However, we know that you will only feel comfortable giving us your information if you trust us to use it fairly and responsibly and keep it safe. We want you to Bee Confident About Your Data.

This Privacy Statement explains what personal information we collect about you when you use the Bee Scheme, how we use and share it, and how you can access or correct it. We will:

  • Keep information to a minimum ; the scheme collects and retains only the personal information we need to run it and keep you moving.
  • Limit the way your information is used ; we only use and share personal information in ways that are necessary to run the scheme and keep you moving. We won't use it to harass you about things that don't relate to the Bee Scheme.
  • Keep information safe ; the system is designed to reasonably protect personal information and we complement this with clear policies and processes that control access to personal information.
  • Provide customer communication and control ; we will be as open as possible with you about the way your information is managed and we will make sure you can access and manage your information.

The Bee Scheme is operated by a group of participating regional councils (Bay of Plenty, Hawkes Bay, Taranaki, Manawatū-Whanganui, Invercargill, Nelson, Northland, Otago, and Waikato). It is managed by a Scheme Manager (currently Otago Regional Council) and operated by a supplier on our behalf. All these agencies will manage personal information about your Bee Card in the ways set out in this statement.

We may update this statement from time to time, for example to reflect changes to the Privacy Act, so please check in again occasionally to see what might have changed. This statement was last updated in September 2018.

For more information about your privacy, check out our FAQs at; Contact your regional council directly to find out more about their general privacy practices.

  1. You're in control of the personal information we collect about you

You're in control of the personal information we collect about you. When you purchase a Bee Card you have the choice to register that card. The amount of personal information we collect about you, and of course the level of service we will be able to deliver to you, will depend on whether you choose to register your card or not.

If you don't register your Bee Card, we still generate information about the use of that card, but it won't be linked to your identity, and so won't be personal information about you. This means you won't be able to receive any of the personalised benefits of a registered card, including receiving notices and alerts about your card, transferring unused value on the card, claiming concessions or accessing historical trip information online.

Please note however that by registering your Bee Card you're not signing away your right to privacy. As explained in this statement, we only collect the information we need, and we only use that information to run the scheme.

2.1 Information we collect when you purchase and use a registered Bee Card

We collect personal information from you directly when you purchase and register your Bee Card or engage directly with us about your use of the Bee Scheme. We generate personal information about you when you use your Bee Card and take trips in participating regions. We may also collect personal information from third parties, for example where you have applied for a concession card and we need to verify your eligibility.

The information we may collect or generate about you includes:

  • full name
  • address (if you order a Bee Card online)
  • email address
  • date of birth (if you claim certain concession types)
  • credit card details (if you use the online top up function)
  • concession number (for example your Social Welfare Number)
  • concession edibility confirmation (if you claim certain concession types)
  • trip information associated with your Bee Card, including the points at which you tag on and off and the date and time of your trip
  • communications with you, including queries or complaints about your use of the Bee Scheme (although these may be held by your regional council on our behalf)

2.2 Information we collect when you use our website

We collect personal information about your use of our website in order to understand how you use it so we can continuously improve the online experience for all our website visitors.

We collect this information whether or not you have a Bee Card. We use Google Tag Manager and Google Analytics to gather and analyse this information.

The information we may collect about you when you visit the Bee website includes:

  • IP address of the device you use to access the Bee website
  • domain name
  • browser type
  • date and time you visit the Bee website
  • pages you access and documents you download (using cookies)
  • website you came from to arrive at the bee website

A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

The Bee website uses cookies to understand the number of visits you make to the site and the number of times you visit certain pages. This information is gathered and used solely for the purposes of analysing, evaluating and improving Bee website content. Cookies are not required or used for website functionality or marketing purposes.

You can disable cookies without reducing the functionality of the Bee website or your experience. To do this, you can modify your browser settings to decline cookies.

  1. We use and share your personal information only when we need to

Our primary purpose for collecting your personal information is:

To provide an integrated ticketing solution for the regions that facilitates the delivery of cost effective, efficient and responsive public transport

While we take care with all the personal information we collect, we think that information about your movements ; the trips you take using your Bee Card ; is particularly sensitive. For this reason, we make sure that we only use your information to support our primary purpose.

3.1 How we use your personal information

To achieve our primary purpose, we may use your personal information to:

  • manage the Bee Scheme, including ensuring it is operating effectively and efficiently
  • deliver the products and services you have requested
  • communicate with you about the products and services you have requested
  • verify your identity or eligibility for concession travel
  • handle complaints or requests about Bee Card use or the Bee Scheme
  • meet our legislative or other reporting requirements
  • obtain reimbursement or subsidies for certain concession travel
  • respond to government or law enforcement requests for information or third-party requests made under the Local Government Official Information and Meetings Act
  • analyse travel patterns and Bee Card use to assist with planning public transport provision and designing infrastructure
  • improve Bee products and services, and your customer experience
  • meet our other legislative obligations, including health and safety, privacy and the retention requirements of the Public Records Act

3.2 When we share your personal information

To achieve our primary purpose, we may need to share your personal information:

  • between the agencies participating in the Bee Scheme, including regional councils and public transport operators, where necessary to meet the uses listed above. Please note that regional councils will only have access to personal information about their own customers
  • with our third-party service providers, including data service providers, where necessary to meet the uses listed above
  • with government agencies (such as the New Zealand Transport Agency), to meet our reporting requirements. Please note that we will usually share anonymised and aggregated information for this purpose
  • with concession agencies (such as the Ministry of Social Development), to verify concession eligibility or obtain subsidies for concession travel
  • with government, regulatory or law enforcement agencies, where required by law. Please note that we have a process in place to ensure that law enforcement requests are managed carefully and consistently

  1. We protect the personal information we hold about you

4.1 Where we store it, and for how long

The personal information collected and generated by the Bee Scheme is stored on the Bee Scheme central system. This system is managed by our supplier INIT and is hosted on an Oracle cloud platform in a data centre in New Zealand.

Where a participating regional council has a legitimate reason to access and use personal information about your use of the Bee Scheme (for example, if you've made a complaint to your regional council), this information may also be retained on that council's system.

However, we require all participating regional councils to limit the duplication and retention of personal information held on the central system.

We retain your personal information for as long as we have a lawful basis to use it and in compliance with our obligations under the Public Records Act. When our need to retain identifiable information has passed, we anonymise and aggregate it.

4.2 How we keep it safe

We take reasonable steps to protect your personal information from harm. We require any agencies with access to the Bee Scheme central system (such as participating regional councils) to do the same. The steps we take include system and process safeguards and controls:

  • our system is protected by firewalls, using modern encryption protocols
  • our system is password protected and we have access controls in place
  • access to personal information is restricted to agencies and employees who have a legitimate business need to use it
  • credit card details for stored value reload and recurring payments are stored securely in a PCI compliant system
  • all Bee Scheme data is backed up regularly
  • sensitive Bee Scheme data is encrypted
  • all agencies participating in the Bee Scheme are required to agree to our scheme privacy policy, which sets out rules and expectations for the management of personal information
  • we have a privacy breach management procedure designed to ensure that privacy or security issues are identified and managed quickly and openly

  1. You can see, correct and control your information at any time

You have rights under the Privacy Act to access and, where appropriate, control the personal information we collect and hold about you. We know these rights are important and we have processes in place to ensure that we meet our obligations to you.

5.1 Accessing or correcting your information

If you've registered your Bee Card, you can access most of the personal information we hold about you by logging into your Bee profile at This includes your entire trip history, your card transaction history and your profile information. You can also correct some information yourself online, such as your contact details. If you wish to dispute your trip or transaction information, including the amount you have been charged, please follow the dispute process set out at

If you've not registered your Bee Card, you can't access information about the use of that card. This is because the card will not be linked with you in our system and we will have no way of confirming that you're the owner of that card. Releasing information about the use of that card could result in the disclosure of information about someone else.

If you wish to access personal information that is not available online, then you should make a request to your regional council in the first instance. Your regional council may be able to provide you with some of the information you have requested but, if they cannot, they may escalate your request to the Bee Scheme Manager for processing.

We will respond to requests under the Privacy Act as soon as we can, and no later than 20 working days after we receive them. Please note that we may need to verify your identity to protect your privacy and the privacy of our other customers.

5.2 Controlling the way we use your information

We hope you get value out of the personalised services we provide to registered Bee Card users. However, we also want to respect your choices about communication. If you do not want us to use your personal information to communicate with you about the Bee Scheme, you can opt out of our communications by following the unsubscribe links at the bottom of our emails. However, please note that we may still need to send certain communications where these are necessary for us to deliver services to you.

You can control the information we collect about your use of the Bee website by disabling cookies in your browser.

5.3 Queries or complaints about your information

Please let us know if you think we've misused your information or otherwise breached the Privacy Act. In the first instance, please contact your regional council about your concerns. If they cannot resolve the matter for you, then they may escalate it to the Bee Scheme Manager for consideration.

If your regional council or the Bee Scheme Manager can't resolve your concerns, you have the right to complain to the Office of the Privacy Commissioner, by following the steps set out at

Remember, for more information about your privacy, check out our FAQs at