Your Privacy & Ventra
Your privacy is very important to us.
We protect the information that we collect as part of your use of the Ventra system.
Good to know:
- We do not (and won’t) sell your personal information to any third parties for any reason, including advertising.
- You can use the Ventra system anonymously and do not have to provide us with personal information.
- If you choose to register, we carefully protect the personal data you provide in secure systems that live in a secure facility.
- When you use a Ventra Card, we collect and store data about the use of that card, including what rides are taken. We do the same with the Ventra app regarding use of Metra mobile tickets.
- In the Ventra app, we collect data on how people use the app to better understand the user experience and identify ways to make it better.
- The data we collect helps us understand how people use our services and to provide support.
- Certain optional features in the app request location data (e.g., the Ventra app needs to use location information show you nearby bus and train stops in the transit tracker).
- We don’t store detailed location information from the app except as it relates to specific use of a ticket and do not request location data when you’re not using the app.
Ventra Privacy Policy
Overview
The Chicago Transit Authority (CTA) and the Ventra Participating Transit Agencies (collectively, the “Ventra Agencies”) are committed to ensuring Ventra customer privacy and security. Specifically: (1) the Ventra Agencies will not provide personal identifying information (“PII”) from Ventra Accounts to any third party without express customer consent, except as described in this Privacy Policy; (2) PII from Ventra Accounts will not be provided to advertisers for their use; and (3) the Ventra Agencies will maintain a secure environment for customer PII.
This Privacy Policy is intended to provide an understanding of how the Ventra Agencies handle PII collected by Ventra. Among other things, this policy explains the types of information collected from Ventra customers and specifies the third parties with whom the Ventra Agencies and Cubic Transportation Systems (the “Ventra Contractor”) may share this information.
The Ventra Contractor operates the Ventra Customer Service Center and the Ventra Call Center. The Ventra User Agreement provides that by enrolling in Ventra and using the transit systems, a customer allows the Ventra Agencies, the Ventra Contractor, and other third parties referenced herein to process PII according to the provisions set forth in the Ventra User Agreement and this Ventra Privacy Policy.
Definitions
The following definitions apply:
- Personal Identifying Information (PII): PII identifies or describes a person or can be directly linked to a specific individual. Examples of PII include, but are not limited to, a person’s name, mailing address, billing address, business name, alternate contact information (if given), telephone number, email address, fax number, Ventra Card serial number, credit or debit card number, security code and expiration date, and information related to a customer’s mobile device and location if a customer uses the Ventra Mobile Application.
- Aggregate Data or Aggregate Information: Aggregate Data or Aggregate Information is statistical information that is derived from collective data that relates to a group or category of persons from which PII has been obtained or collected. Aggregate Data reflects the characteristics of a large group of anonymous people. The Ventra Agencies may use Aggregate Data and provide Aggregate Data to others to generate statistical reports for the purpose of managing the Ventra Card and the Ventra Agencies’ Ventra program operations.
Collection of Personal Identifying Information (PII)
A Ventra Account may either be registered or unregistered. If a customer registers a Ventra Account, the Ventra Agencies collect personal identifying information from applications and other forms submitted by Ventra customers to the Ventra Customer Service Center by telephone, mail, facsimile transmission, in person, or by electronic submission through the Ventra website or via the Ventra Mobile Application. The Ventra Agencies also consider data developed as a byproduct of a customer’s use of the Ventra system (e.g., a registered user’s travel routes and times traveled) to be PII if a Ventra Account is registered.
Additionally, the Ventra Mobile Application may collect certain information automatically, including, but not limited to, the type of mobile device being used, a mobile device’s unique device ID, the IP address of a mobile device, the type of mobile operating system, the type of mobile Internet browsers used on the mobile device, and information about the way a customer uses the Ventra Mobile Application. When a customer uses the Ventra Mobile Application, the Ventra Agencies may use GPS or other similar technology to determine a customer’s location in order to provide certain services available via the Ventra Mobile Application. If you do not want your location being used for such purposes, you should turn off the location services for your mobile device in your account settings.
How the Ventra Agencies Use Personal Identifying Information
The Ventra Agencies use PII provided by customers in order to provide services through the Ventra website and Ventra Mobile Application, to effectively and efficiently process enrollments, manage accounts, respond to questions, send customer emails about Ventra program updates, and otherwise communicate with Ventra customers.
PII is only utilized as described in this Privacy Policy.
Third Parties with Whom the Ventra Agencies May Share Personal Identifying Information
The Ventra Agencies may share PII with any current or future Ventra Agencies for the purpose of operating and managing the Ventra program. The Ventra Agencies may also disclose PII to the Regional Transportation Authority (RTA) and the Federal Transit Administration (FTA). If another transit agency or party is added to the Ventra program, the Ventra Agencies will notify their customers via amendment to this Privacy Policy and on the Ventra website. In addition, the Ventra Agencies may disclose PII to third party service providers for the purpose of operating and maintaining the Ventra system, such as managing customer accounts and collecting revenue. Any such contractors are provided only with the PII they need to deliver the service being provided. The Ventra Agencies require service providers to maintain the confidentiality of the information and to use it only as necessary to carry out their duties under the Ventra program.
The Ventra Agencies require outside law enforcement and regulatory agencies to obtain a subpoena for Ventra records containing PII, including location data, unless otherwise required by law, or the law enforcement or regulatory agency articulates the existence of a bona fide emergency requiring immediate access to specific records. Additionally, the Ventra Agencies may disclose PII without request to appropriate law enforcement agencies where necessary to protect their or their customers’ rights, property or safety.
The Ventra Agencies may provide a Ventra customer’s PII to a third party as necessary to process any retail transaction using a Ventra Card that a customer may conduct with retail merchants other than any of the Ventra Agencies. As with any credit or debit card payment, if a Ventra customer conducts a transaction with a retail merchant using the Ventra Mobile Application, or any other Ventra program media, the Ventra Agencies need to share some information (for example, the customer’s name and credit or debit card number) with the banks and other entities in the financial system that process credit or debit card transactions. The Ventra Agencies are not responsible for third party use of PII provided to retail merchants at which customers use the Ventra Mobile Application or any other Ventra program media to conduct transactions, regardless of whether the transaction was conducted in person or online by the Ventra customer.
Besides these entities, PII will not be disclosed to any other third party without express customer consent, except as required to investigate and respond to consumer complaints and to comply with laws or legal process served on any current or future Ventra Agencies or the Ventra Contractor.
Retention of Personal Identifying Information
The Ventra Agencies, through the Ventra Contractor, will only store the PII of a Ventra customer that is necessary to perform account functions such as billing, account settlement, or enforcement activities. All PII will be discarded no later than four years after a Ventra Account is closed or terminated.
Security of Ventra Personal Identifying Information
The Ventra Agencies are committed to the security of customer PII. The Ventra Agencies, together with the Ventra Contractor, store the PII provided by Ventra customers on computer servers that are located in secure, controlled facilities. Servers are designed with software, hardware and physical security measures in place to prevent unauthorized access.
Access to PII is controlled through administrative, technical, and physical security measures. By contract, third parties with whom the Ventra Agencies share PII are also required to implement adequate security measures to maintain the confidentiality of such information.
Ventra Customer Obligations and Legal Disclaimer
Ventra customers are responsible for safeguarding personal mobile devices, usernames, passwords, personal identification numbers (PINs), and other authentication information that may be used to access a Ventra account. Ventra customers should not disclose authentication information to any third party and should notify the Ventra Agencies of any unauthorized use of their usernames, passwords or accounts. The Ventra Agencies cannot secure PII that is released by Ventra customers to others or PII that customers request the Ventra Agencies release to others. In addition, there is a risk that unauthorized third parties may engage in illegal activity, such as hacking into the Ventra Agencies’ security systems or the Ventra Contractor’s security system, or by intercepting transmissions of personal information over the Internet. The Ventra Agencies are not responsible for any data obtained in an unauthorized manner, and the Ventra Agencies are the only entities that may authorize obtaining data from the Ventra program by a third party. The Ventra Agencies are not responsible for any data or PII obtained by a third party as a result of a Ventra cardholder’s negligence or misuse of Ventra fare media, products, or equipment. If a Ventra cardholder’s fare media is lost, stolen, or damaged, the Ventra Agencies are not responsible for any data or PII that is obtained by a third party until the problem is reported to the Ventra Agencies as defined in the Ventra User Agreement.
Account Access and Controls
Registering a Ventra Account is in the customer’s discretion. Please see the Ventra User Agreement for information concerning the various benefits, protections, and potential fees associated with registering your Ventra Account. The information required to register an account or to obtain other convenience benefits provided by Ventra includes PII such as name, mailing address(es), billing address, email address, telephone number, and, for certain convenience benefits, credit or debit card number, expiration date and Ventra account security code. The Ventra Participating Transit Agencies may request other information as required by law. The Ventra Participating Transit Agencies may request other optional information, such as alternate contact information, but in such instances the Ventra Participating Transit Agencies will clearly indicate that providing such information is optional.
Customers who have registered their Ventra Accounts can review and update personal information at any time, and are also able to modify, add, or delete any optional account information. PII and optional account information can be reviewed and edited as discussed below under “Updating Personal Identifying Information.” Ventra customers can close their account at any time by contacting Ventra Customer Service at (877) NOW-VENTRA. All account information will be deleted no later than 4 years after an account is closed, terminated, or left inactive by the customer. See the Ventra User Agreement for more information on the requirements of customer account maintenance.
Aggregate Data
The Ventra Agencies may also combine the PII provided by Ventra customers in a non-identifiable format with other information to create Aggregate Data that may be disclosed to third parties. Aggregate Data is used by the Ventra Agencies to improve the Ventra program and for the marketing of Ventra. Aggregate Data does not contain any information that could be used to contact or identify individual Ventra customers or their accounts. For example, the Ventra Agencies may inform third parties regarding the number of Ventra accounts within a particular zip code. The Ventra Agencies prohibit third parties with whom Aggregated Data is shared from attempting to make the information personally identifiable.
Cookies
The Ventra website, www.ventrachicago.com, stores “cookies” on the computer systems of users of the website. Cookies are small data elements that a website can store on a user’s system.
The cookies used by the Ventra web site facilitate customers’ use of the website (e.g., by remembering login names and passwords until the session has ended). The Ventra website does not require that users of the website accept these cookies. Additionally, the Ventra website does not store third party cookies on the computer systems of users of the website.
If a user visits a third party website via a link provided on the Ventra website, the privacy policies of those other websites will apply and should be reviewed to understand how these external sites utilize cookies and how the information that is collected through the use of cookies on those websites is utilized.
The Ventra Agencies do not knowingly engage in business with any company or vendor that uses Spyware or Malware. The Ventra Agencies do not market detailed information collected from web sessions that can be directly tied to personal information. The Ventra Agencies do not provide Ventra customers with downloadable software that collects or utilizes any PII.
Third Party Websites and Applications
The Ventra website contains links to third party websites. These web links may be referenced within content, or placed beside the names or logos of the other entities. The Ventra Agencies do not disclose PII to these third party websites except as described in the Ventra Privacy Policy.
WARNING: The Ventra Agencies are not responsible for the privacy practices of external websites or applications, regardless of whether they are accessed through a service or content link. Please review the privacy policies of external websites or applications before providing any information to them.
Personal Information of Children Under the Age of 13
The Ventra Agencies comply with the requirements of the Children’s Online Privacy Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512). The Ventra website and the Ventra Mobile Application are not directed to children, and the Ventra Agencies do not knowingly collect any personally identifiable information from children under the age of 13.
Updating Personal Identifying Information
Customers can review and edit their PII online at www.ventrachicago.com, via the Ventra Mobile Application, or by calling Ventra Customer Service at (877) NOW-VENTRA.
Complaints or problems regarding updating personal information should be submitted via the Ventra website or by contacting Ventra Customer Service at (877) NOW-VENTRA. Ventra Customer Service will either resolve the issue or forward the complaint to an appropriate Ventra Agency staff member for a response or resolution. The Ventra Agencies strive to answer all queries within 48 business hours, but it may not always be feasible to do so.
Changes to the Ventra Privacy Policy
The Ventra Agencies reserve the right to modify the Ventra Privacy Policy at any time without notice. When the Ventra Agencies revise the Ventra Privacy Policy, the “last updated” date at the bottom of the Ventra Privacy Policy will reflect the date of the most recent change. We encourage Ventra customers to review the Ventra Privacy Policy periodically. Continued use of the Ventra program constitutes the customer’s agreement to the Ventra Privacy Policy and any updates.
E-mails Sent to the Ventra Agencies
The Ventra Privacy Policy does not apply to the content of emails transmitted directly to the Ventra Agencies. Please do not send PII in an email directly to the Ventra Agencies. For more information on how the Ventra Agencies protect the content of email correspondence transmitted to and from the Ventra Agencies, please click here.
Contact Information
Questions or comments regarding the Ventra Privacy Policy may be directed to Ventra Customer Service at (877) NOW-VENTRA.
The effective date of the Ventra Privacy Policy is August 14, 2013.
Last updated: December 18, 2017