Your Privacy & Ventra
Your privacy is very important to us.
We protect the information that we collect as part of your use of the Ventra system.
Good to know:
- We do not (and won’t) sell your personal information to any third parties for any reason, including advertising.
- You can use the Ventra system anonymously and do not have to provide us with personal information.
- If you choose to register, we carefully protect the personal data you provide in secure systems that live in a secure facility.
- When you use a Ventra Card, we collect and store data about the use of that card, including what rides are taken. We do the same with the Ventra app regarding use of Metra mobile tickets.
- In the Ventra app, we collect data on how people use the app to better understand the user experience and identify ways to make it better.
- The data we collect helps us understand how people use our services and to provide support.
- Certain optional features in the app request location data (e.g., the Ventra app needs to use location information show you nearby bus and train stops in the transit tracker).
- We don’t store detailed location information from the app except as it relates to specific use of a ticket and do not request location data when you’re not using the app.
The following definitions apply:
- Personal Identifying Information (PII): PII identifies or describes a person or can be directly linked to a specific individual. Examples of PII include, but are not limited to, a person’s name, mailing address, billing address, business name, alternate contact information (if given), telephone number, email address, fax number, Ventra Card serial number, credit or debit card number, security code and expiration date, and information related to a customer’s mobile device and location if a customer uses the Ventra Mobile Application.
- Aggregate Data or Aggregate Information: Aggregate Data or Aggregate Information is statistical information that is derived from collective data that relates to a group or category of persons from which PII has been obtained or collected. Aggregate Data reflects the characteristics of a large group of anonymous people. The Ventra Agencies may use Aggregate Data and provide Aggregate Data to others to generate statistical reports for the purpose of managing the Ventra Card and the Ventra Agencies’ Ventra program operations.
Collection of Personal Identifying Information (PII)
A Ventra Account may either be registered or unregistered. If a customer registers a Ventra Account, the Ventra Agencies collect personal identifying information from applications and other forms submitted by Ventra customers to the Ventra Customer Service Center by telephone, mail, facsimile transmission, in person, or by electronic submission through the Ventra website or via the Ventra Mobile Application. The Ventra Agencies also consider data developed as a byproduct of a customer’s use of the Ventra system (e.g., a registered user’s travel routes and times traveled) to be PII if a Ventra Account is registered.
Additionally, the Ventra Mobile Application may collect certain information automatically, including, but not limited to, the type of mobile device being used, a mobile device’s unique device ID, the IP address of a mobile device, the type of mobile operating system, the type of mobile Internet browsers used on the mobile device, and information about the way a customer uses the Ventra Mobile Application. When a customer uses the Ventra Mobile Application, the Ventra Agencies may use GPS or other similar technology to determine a customer’s location in order to provide certain services available via the Ventra Mobile Application. If you do not want your location being used for such purposes, you should turn off the location services for your mobile device in your account settings.
How the Ventra Agencies Use Personal Identifying Information
The Ventra Agencies use PII provided by customers in order to provide services through the Ventra website and Ventra Mobile Application, to effectively and efficiently process enrollments, manage accounts, respond to questions, send customer emails about Ventra program updates, and otherwise communicate with Ventra customers.
Third Parties with Whom the Ventra Agencies May Share Personal Identifying Information
The Ventra Agencies require outside law enforcement and regulatory agencies to obtain a subpoena for Ventra records containing PII, including location data, unless otherwise required by law, or the law enforcement or regulatory agency articulates the existence of a bona fide emergency requiring immediate access to specific records. Additionally, the Ventra Agencies may disclose PII without request to appropriate law enforcement agencies where necessary to protect their or their customers’ rights, property or safety.
The Ventra Agencies may provide a Ventra customer’s PII to a third party as necessary to process any retail transaction using a Ventra Card that a customer may conduct with retail merchants other than any of the Ventra Agencies. As with any credit or debit card payment, if a Ventra customer conducts a transaction with a retail merchant using the Ventra Mobile Application, or any other Ventra program media, the Ventra Agencies need to share some information (for example, the customer’s name and credit or debit card number) with the banks and other entities in the financial system that process credit or debit card transactions. The Ventra Agencies are not responsible for third party use of PII provided to retail merchants at which customers use the Ventra Mobile Application or any other Ventra program media to conduct transactions, regardless of whether the transaction was conducted in person or online by the Ventra customer.
Besides these entities, PII will not be disclosed to any other third party without express customer consent, except as required to investigate and respond to consumer complaints and to comply with laws or legal process served on any current or future Ventra Agencies or the Ventra Contractor.
Retention of Personal Identifying Information
The Ventra Agencies, through the Ventra Contractor, will only store the PII of a Ventra customer that is necessary to perform account functions such as billing, account settlement, or enforcement activities. All PII will be discarded no later than four years after a Ventra Account is closed or terminated.
Security of Ventra Personal Identifying Information
The Ventra Agencies are committed to the security of customer PII. The Ventra Agencies, together with the Ventra Contractor, store the PII provided by Ventra customers on computer servers that are located in secure, controlled facilities. Servers are designed with software, hardware and physical security measures in place to prevent unauthorized access.
Access to PII is controlled through administrative, technical, and physical security measures. By contract, third parties with whom the Ventra Agencies share PII are also required to implement adequate security measures to maintain the confidentiality of such information.
Ventra Customer Obligations and Legal Disclaimer
Ventra customers are responsible for safeguarding personal mobile devices, usernames, passwords, personal identification numbers (PINs), and other authentication information that may be used to access a Ventra account. Ventra customers should not disclose authentication information to any third party and should notify the Ventra Agencies of any unauthorized use of their usernames, passwords or accounts. The Ventra Agencies cannot secure PII that is released by Ventra customers to others or PII that customers request the Ventra Agencies release to others. In addition, there is a risk that unauthorized third parties may engage in illegal activity, such as hacking into the Ventra Agencies’ security systems or the Ventra Contractor’s security system, or by intercepting transmissions of personal information over the Internet. The Ventra Agencies are not responsible for any data obtained in an unauthorized manner, and the Ventra Agencies are the only entities that may authorize obtaining data from the Ventra program by a third party. The Ventra Agencies are not responsible for any data or PII obtained by a third party as a result of a Ventra cardholder’s negligence or misuse of Ventra fare media, products, or equipment. If a Ventra cardholder’s fare media is lost, stolen, or damaged, the Ventra Agencies are not responsible for any data or PII that is obtained by a third party until the problem is reported to the Ventra Agencies as defined in the Ventra User Agreement.
Account Access and Controls
Registering a Ventra Account is in the customer’s discretion. Please see the Ventra User Agreement for information concerning the various benefits, protections, and potential fees associated with registering your Ventra Account. The information required to register an account or to obtain other convenience benefits provided by Ventra includes PII such as name, mailing address(es), billing address, email address, telephone number, and, for certain convenience benefits, credit or debit card number, expiration date and Ventra account security code. The Ventra Participating Transit Agencies may request other information as required by law. The Ventra Participating Transit Agencies may request other optional information, such as alternate contact information, but in such instances the Ventra Participating Transit Agencies will clearly indicate that providing such information is optional.
Customers who have registered their Ventra Accounts can review and update personal information at any time, and are also able to modify, add, or delete any optional account information. PII and optional account information can be reviewed and edited as discussed below under “Updating Personal Identifying Information.” Ventra customers can close their account at any time by contacting Ventra Customer Service at (877) NOW-VENTRA. All account information will be deleted no later than 4 years after an account is closed, terminated, or left inactive by the customer. See the Ventra User Agreement for more information on the requirements of customer account maintenance.
The Ventra Agencies may also combine the PII provided by Ventra customers in a non-identifiable format with other information to create Aggregate Data that may be disclosed to third parties. Aggregate Data is used by the Ventra Agencies to improve the Ventra program and for the marketing of Ventra. Aggregate Data does not contain any information that could be used to contact or identify individual Ventra customers or their accounts. For example, the Ventra Agencies may inform third parties regarding the number of Ventra accounts within a particular zip code. The Ventra Agencies prohibit third parties with whom Aggregated Data is shared from attempting to make the information personally identifiable.
The Ventra website, www.ventrachicago.com, stores “cookies” on the computer systems of users of the website. Cookies are small data elements that a website can store on a user’s system.
The cookies used by the Ventra web site facilitate customers’ use of the website (e.g., by remembering login names and passwords until the session has ended). The Ventra website does not require that users of the website accept these cookies. Additionally, the Ventra website does not store third party cookies on the computer systems of users of the website.
The Ventra Agencies do not knowingly engage in business with any company or vendor that uses Spyware or Malware. The Ventra Agencies do not market detailed information collected from web sessions that can be directly tied to personal information. The Ventra Agencies do not provide Ventra customers with downloadable software that collects or utilizes any PII.
Third Party Websites and Applications
WARNING: The Ventra Agencies are not responsible for the privacy practices of external websites or applications, regardless of whether they are accessed through a service or content link. Please review the privacy policies of external websites or applications before providing any information to them.
Personal Information of Children Under the Age of 13
The Ventra Agencies comply with the requirements of the Children’s Online Privacy Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512). The Ventra website and the Ventra Mobile Application are not directed to children, and the Ventra Agencies do not knowingly collect any personally identifiable information from children under the age of 13.
Updating Personal Identifying Information
Customers can review and edit their PII online at www.ventrachicago.com, via the Ventra Mobile Application, or by calling Ventra Customer Service at (877) NOW-VENTRA.
Complaints or problems regarding updating personal information should be submitted via the Ventra website or by contacting Ventra Customer Service at (877) NOW-VENTRA. Ventra Customer Service will either resolve the issue or forward the complaint to an appropriate Ventra Agency staff member for a response or resolution. The Ventra Agencies strive to answer all queries within 48 business hours, but it may not always be feasible to do so.
E-mails Sent to the Ventra Agencies
Last updated: December 18, 2017