Privacy Policy

“Personal Information,” as used herein, refers to any information that is linked or reasonably linkable to an identified or identifiable individual. Examples of Personal Information include, but are not limited to, a person's name, mailing address, billing address, telephone number, email address, credit or debit card number, and information related to a customer's mobile device and location if you use the Services on it.

METRO limits its collection of Personal Information to what is adequate, relevant, and reasonably necessary in relation to providing the Services to you, to help improve your experience, and to support our business functions. METRO may collect the following categories of Personal Information:

• User Account Information: When creating an account, you may have to provide the following information:


First and last name;
Email address;
Phone number;
Address;
Date of birth;
Payment information including billing address;
Favorite locations; and/or
Answers to security questions, and log in credentials.
• Aggregate Data: Aggregate Data is statistical information derived from collective Data that relates to a group or category of persons. Aggregate Data reflects the characteristics of a large group of anonymous people. METRO may use Aggregate Data for agency purposes. For example, METRO may use Aggregate Data to guide internal operations.
  
  
• Financial Information: METRO accepts, processes, and transmits credit, debit card, and prepaid data from customers. (I.e. Visa, Mastercard, Discover, and American Express.) METRO and third parties secure credit or debit card account numbers and other payment card data. In doing so, METRO complies with and requires third-party contractors to implement and certify compliance with the latest Private Payment Card Industry Data Security Standards (PCI DSS).
  
  
• Commercial Information: Details relating to the ticket transactions made to access METRO Services, including but not limited to, ticket purchase, activation, validation, access, and usage.
  
  
• Vehicle information: Certain METRO Services, such as use of our Park & Ride system and the HOV/HOT Express Lanes Barrier, require collection of your vehicle information. This includes:


Images of your vehicle;
Vehicle license plate numbers; and/or
Vehicle information such as make, model, and year.
• Precise Geolocation: If you enable location services, METRO will collect and use your precise geolocation to deliver specific features, such as auto filling your location when searching for a ride. METRO will send messages in the form of mobile notifications through the mobile apps. The METRO mobile apps may use your location to display notifications. Also, messages may be activated by beacon devices in a public space, which communicate location, transit, or event information.
  
  
• Demographic Information. Certain demographic information may be required when creating an account for any of METRO's Services, For example, age, gender, and date of birth.
  
  
• Student Information: Some METRO Services and discounts require student verification. To accomplish this, you or your parent/guardian may have to provide the following:


School identification card;
Report card;
Current class schedule with tuition receipt; and/or
Enrollment verification letter
• Limited Health Information: METROLift customers must submit certain health information related to their disability and physician contact information for the sole purpose of being eligible for the METROLift program.
  
  

How METRO Collects Personal Information

METRO may collect your Personal Infromation in the following ways:

• METRO may also collect information from you when you utilize any of our Services. This includes but is not limited to:
  
When you create an account for any of METRO's Services.
When you pay for trips.
When you access METRO's complimentary Wi-Fi.
When you download and use any of the METRO mobile apps.
When you access or use METRO's websites.
• You voluntarily provide METRO Personal Information for the limited purposes of administering a contest, promotion or survey, or for research to improve METRO's Services.
  
  
• METRO may hire other companies to provide limited services on our behalf, such as processing credit card transactions, sending emails, or answering customer questions about our Services. METRO may provide these companies with the Personal Information they need to deliver the service for which they are hired. We require these companies to maintain the confidentiality of the information they receive and prohibit them from using the information for any other purpose.
  
  

Personal Information Automatically Collected

While operating our websites, certain information may be collected automatically in logs or by Cookies. A “Cookie” is a small text file that a website can place on your computer's hard drive in order, for example, to collect technical information about your activities on the website or to make it possible for you to use an online shopping cart to keep track of items you wish to purchase. The Cookie transmits the information back to the website's computer and is the only computer that can read it.

You may set up your web browser to warn you whenever a website attempts to place a Cookie on your computer or refuse to accept Cookies. METRO will use Cookies collected during your visit to our websites for the purpose of facilitating your use of our websites and for maintaining statistics concerning your use of our websites that will help us make improvements. Technical information collected by Cookies will not be linked to your Personal Information.

METRO Uses Your Personal Information for the Following Business Purposes:

• Maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services;
• Advertising or marketing;
• Helping to ensure security and integrity and prevent fraud;
• Undertaking activities to verify or maintain the quality or safety of our Services or devices and to improve, upgrade, or enhance them;
• Compliance with our legal and regulatory obligations;
• To conduct other activities for legitimate business purposes;
• To improve our Services, in order to better serve you;
• To optimize and improve the METRO websites;
• To respond to requests from public and government authorities;
• To detect, prevent, or investigate potential security incidents, fraud, harmful, unauthorized, unethical, or illegal activity;
• To provide important safety notices or otherwise notify you of emergency situations;
• To allow METRO to better respond to your customer service requests;
• To send periodic alerts and updates regarding METRO Services, including but not limited to email, text, and push notifications; and
• To protect the rights, privacy, safety or property, and security of you, us, and others.

METRO May Shre Your Personal Information With:

• Our affiliates;
• Service providers;
• Third parties we use to help us run our business, such as marketing agencies or website hosts;
• Third-party payment providers;
• Credit reporting agencies;
• Our insurers and brokers;
• Our banks;
• External auditors; and
• Law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

METRO only allows its service providers to handle your Personal Information if we are satisfied with the measures they implement to protect your Personal Information. We also impose contractual obligations on service providers, contractors, and third parties to ensure they can only use your Personal Information to provide services to us and to you.

Additionally, we may share some Personal Information with other parties, such as potential buyers of some or all of our business or during a restructuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

METRO or its contractors do not sell, trade, or lease your Personal Information to anyone, except when the purpose and manner of the disclosure have been disclosed to you prior to your providing of the Personal Information.

METRO will not otherwise disclose your information to a third party for reasons inconsistent with the aforementioned purposes; notwithstanding disclosure may be appropriate under the following exceptions:

• You agree to its disclosure;
• Disclosure is required by law or court order; or
• Disclosure is legally required in connection with a law enforcement investigation or any other legal proceeding.

Aggregate Data and Information

METRO may also combine the Personal Information provided by METRO customers in a non-identifiable format with other information to create Aggregate Data that may be disclosed to third parties. Aggregate Data is used by METRO to manage, evaluate and improve the METRO Services, to inform other METRO initiatives and for the marketing of METRO's Services.

Aggregate Data does not contain any information that could be used to contact or identify individual METRO customers or their accounts. For example, METRO may inform third parties regarding the number of METRO Fare Card accounts within a particular zip code. METRO requires third parties with whom Aggregate Data is shared to agree that they will not attempt to make information personally identifiable, such as by combining it with other databases. METRO may use Aggregate Data and provide Aggregate Data to others to generate statistical reports for the purpose of managing METRO operations.

Anonymous Data and Information

METRO may remove all Personal Information from Data developed as a byproduct of the use of the METRO Services to create “Anonymous Data” that may be disclosed to third parties. METRO may use Anonymous Data for any of its statutorily authorized purposes and may make Anonymous Data available to third parties.

Anonymous Data does not contain any information that could be used to track, contact or identify individual METRO customers or their accounts. For example, METRO may share a dataset that includes information such as where and approximately when a sample of anonymous Fare Card and app users traveled on certain days in a given month. METRO requires third parties with whom Anonymous Data is shared to agree that they will not attempt to make the Anonymous Data personally identifiable, such as by combining it with other databases or reverse engineering the information.

Residents of Texas have certain rights under the Texas Data Privacy and Security Act (TDPSA) which may be exercised free of charge up to two times per year, provided that in cases where the requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to comply with the request.

You Have the Right to:

• Confirm whether we are processing your Personal Information and how to access that data.
• Correct inaccuracies in your Personal Information.
• Delete Personal Information provided by or obtained about you.
• Obtain a digital copy of your Personal Information in a readily usable format, if available.
• Opt out of the processing of your Personal Information for targeted advertising.
• Opt out of the sale of your Personal Information.
• Opt out of profiling performed in furtherance of decisions that produce legal or similarly significant effects.
• Not be retaliated or discriminated against for exercising these rights.

We are required to respond without undue delay but within 45 days of receipt of your request. Depending on factors such as the type and complexity of the request, we may extend the time for response once by an additional 45 days, as long as we notify you within the original 45 days.

If we decline to act regarding your request, we must notify you without undue delay, but within 45 days of receipt of the notice and provide information on our appeal process. We are required to provide justification and provide information on the appeal process within a reasonable time after the communication of the decision to decline.

Exercising Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by following this URL https://crm.ridemetro.org/ or calling (713) 635-4000.

If your request is declined, you may appeal by contacting us at privacy@ridemetro.org and the process will be explained to you via email.

If you choose to contact us directly by using one of the methods provided above, you will need to provide us with:

• Enough information to identify you (e.g., your full name, address and customer and matter reference number);
• Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
• A description of what right you want to exercise and the information to which your request relates.

Please note, any Personal Information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf.

You may also designate another person to serve as your agent to opt out of processing on your behalf.

METRO may use Aggregate Data and provide Aggregate Data to others to generate statistical reports for the purpose of managing METRO operations. METRO also tracks activity and functions on its websites in the form of log files on web servers. These logs are analyzed by third-party statistical analysis software solutions such as Google Analytics and Siteimprove, to provide visitor activity trend data. The data gathered is used to better organize information contained on our websites and to improve your experience. These files log visitors to the websites, usually a standard procedure for hosting companies and a part of hosting services analytics. The information inside the log files includes internet protocol (“IP”) addresses, browser type, Internet Service Provider (“ISP”), date/time stamp, referring/exit pages, and possibly the number of mouse clicks. This information is used to analyze trends, administer websites, track your movement around the websites, and gather demographic information. IP addresses and other such information are not linked to any information that is personally identifiable. This information is not used to identify you on an individual level.

METRO uses third-party services to assist us in analyzing how our websites and mobile apps are used, including but not limited to the following:

• Google Analytics and Google Firebase are analytics services offered by Google to track and report websites and mobile app traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the advertisements of its own advertising network. For more information on the privacy practices of Google, please visit the Google privacy policy located at https://policies.google.com/privacy?hl=en. You can opt-out of having your site activity available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtag.js, ga.js, analytics.js, and dc.js) that is running on websites from sharing information with Google Analytics about your visit activity.
  
  
• Siteimprove is an analytics service utilized to track and report website traffic and accessibility compliance. Siteimprove uses the data collected to track and monitor the use of our services. This data is shared with other Siteimprove services. For more information on the privacy practices of Siteimprove, please visit the Siteimprove privacy policy located at https://siteimprove.com/en/privacy/. To stop Siteimprove from storing data about your usage of our websites, you can opt-out using the following button. Opt out/Opt in

METRO is committed to the security of your Personal Information. In addition to physical safeguards and mechanisms that we implement to protect and secure hardware containing Personal Information, your Personal Information is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems and are required to keep the information confidential. METRO complies with and requires third parties to comply with NIST Cybersecurity Framework, standards consistent with NIST or ISO27001 security standards and guidelines and all applicable state and federal laws. We implement a variety of security measures when you place an order, enter, submit or access your information, to maintain the safety of your Personal Information. The data and information that we receive may be stored on our servers which are scanned on a regular basis for security risks and known vulnerabilities, to make your use of our Services as safe as possible. We may also perform regular malware scanning.

For website security purposes and to ensure that the services remain available to all users, METRO employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. Except for authorized law enforcement investigations, court order, or other legal proceedings, no other attempts are made to identify individual users or their usage habits.

Portions of METRO's Services may utilize or include third-party services or provide links to certain third-party websites (collectively, “Third-Party Services”). When you engage a Third-Party Service, you are interacting with the third party and not with METRO. Such Third-Party Services are not under our control, and we are not responsible for the contents of such Third-Party Services, or any changes or updates to such Third-Party Services. Posting of a link to another website does not constitute endorsement of that website (or any of the products, services or other materials offered through that website) by METRO or our licensors, regardless of whether the link is associated with a third-party advertisement carried by a METRO Service. We are not responsible for the privacy practices of Third-Party Services nor any data or information you may share with such Third-Party Services, and make no warranties, express or implied, as to any Third-Party Services or the products or services they provide. We encourage you to be aware of this when you use any METRO Service, and to read the terms and privacy statements of every Third-Party Service that you interact with and/or visit.

Third-Party Services We Use:

• RideCo: METRO uses RideCo as its on-demand transit software for the METRO On Demand mobile application.


https://www.rideco.com/privacy-policy
https://www.rideco.com/platform-terms
• TripSpark: METRO utilizes TripSpark for ride matching and other program management.


https://www.tripspark.com/privacy-policy/
• Transit IQ: METRO uses Transit IQ as its on-demand transit software for the RideMETRO mobile application.


https://www.transitiq.com/privacy/
• INIT Innovations in Transportation, Inc.: METRO uses INIT as its supplier of integrated planning, dispatching, telematics and ticketing systems for METRO’s fare system.


https://www.initse.com/enus/footer-meta/privacy-policy/

Pursuant to the Children's Online Privacy Protection Act (“COPPA”), children under 13 years of age must have permission from a parent or legal guardian before providing Personal Information on a website or mobile application. METRO complies with the requirements of COPPA and the Federal Trade Commission's Rule interpreting COPPA. METRO's websites and mobile apps are not directed to children, and do not knowingly collect any Personal Information from children under the age of 13, without parental consent. If METRO learns that it has Personal Information on a child under the age of 13 without parental consent, access to that information by the child or any third party will immediately be denied and the information removed from the system.

METRO is a government entity under Chapter 451 of the Texas Transportation Code. As such, METRO is subject to any requests for disclosure under the Texas Public Information Act, Chapter 552 of the Texas Government Code. All information, with certain limited exceptions, provided to METRO through the websites, mobile app, and web forms may be subject to disclosure to the public upon request.

While we attempt to maintain accurate and current information on our websites, METRO does not guarantee the accuracy or completeness of any material displayed on its websites or on any links accessed from its websites. METRO updates its websites periodically and may change any of the material at any time without notice. The materials posted may be out of date and METRO makes no commitment to update the materials.

METRO and third parties will only store Personal Information that is necessary to maintain METRO customer accounts, to perform account functions such as billing, account settlement, or enforcement activities, to provide METRO Services, or as otherwise permitted by this Privacy Policy. The Personal Information collected through our Services is retained by us in accordance with the applicable records retention and disposition requirements of Texas and federal law. METRO may also retain certain data to prevent fraud, ensure future security, or for legitimate business purposes such as analyzing aggregated, non-personally identifiable data or recovering accounts. Throughout this retention period, your Personal Information will continue to be governed by the terms and protections outlined in this Privacy Policy.

METRO reserves the right to update this Privacy Policy at any time. METRO will notify you of any changes by either placing a prominent notice on its websites, sending a mobile app notification, or by sending an e-mail notification directly to you. However, METRO encourages you to review this Privacy Policy periodically to stay informed about how we are helping to protect the Personal Information we collect. Your continued use of METRO’s Services constitutes your acknowledgement and agreement to any changes made to this Privacy Policy.

For more information regarding METRO’s Privacy Policy, please contact us at webmaster@ridemetro.org or call 713-635-4000.