- Personally Identifiable Information - What Types are Collected
Personally Identifiable Information means any information that identifies or describes a person, including but not limited to, travel pattern data, address, telephone number, email address or credit card number.
For un-registered PRONTO accounts, the only Personally Identifiable Information collected is boarding information, which includes the bus route or trolley boarded, which trolley station or bus stop you boarded at and the time at which you boarded a bus or trolley.
For registered PRONTO accounts, MTS does request that certain Personally Identifiable Information be provided to set up your account. Collection of Personally Identifiable Information occurs when you provide your account information through either the MTS website (https://www.sdmts.com), PRONTO website or PRONTO Mobile application (https://www.ridepronto.com), PRONTO Institutional Portal, PRONTO Support Center, MTS Transit Store and North County Transit District (NCTD) Customer Service Centers.
The following is a description of what Personally Identifiable Information that may be collected:
- Use of Information
- Use of Aggregated Travel Information: MTS collects Aggregated Travel Information, which is collective data of a group or category of PRONTO account subscribers, in a format that does not identify any individual PRONTO account subscriber. Personally Identifiable Information such as your name, address and billing information are removed before it is used for Aggregated Travel Information. Aggregated Travel Information includes fare media sale transactions, fare media validation information, and information on the type of subscriber, such as a rider using a Senior, Disabled, Medicare or Youth discount pass. MTS uses such Aggregated Travel Information to plan, develop, implement, manage, and promote MTS’s services and programs. MTS does share Aggregated Travel Information with a limited number of third-party partners. For example, MTS shares Aggregated Travel Information with San Diego Association of Governments (“SANDAG”) and North County Transit District (“NCTD”) for data analysis and interoperability purposes.
- Third Party Access to Personally Identifiable Information
MTS only provides access of Personally Identifiable Information that may identify any individual PRONTO account subscriber to the below described parties and entities:
- MTS: Access to Personally Identifiable Information is limited only to certain approved personnel and only for certain approved purposes necessary to administer your account. MTS controls access by providing only certain employees with the necessary log in credentials. The PRONTO Support Center, operations staff, MTS management, and MTS’s system integrator have access to your Personally Identifiable Information as required to perform account functions and to investigate customer complaints. In addition, MTS Code Compliance Security Officers also have access but it is restricted to only a subscriber’s name, date of birth, recent sale transactions and recent fare validation information to investigate transit fare violations.
- NCTD: Access to Personally Identifiable Information is limited only to certain approved personnel and only for certain approved purposes necessary to administer your account. MTS and NCTD control access by providing only certain employees with the necessary log in credentials. NCTD Customer Service Centers, operations staff, NCTD management, and NCTD’s system integrator have access to your Personally Identifiable Information as required to perform account functions and to investigate customer complaints. In addition, NCTD Code Compliance Security Officers also have access but it is restricted to only a subscriber’s name, date of birth, recent sale transactions and recent fare validation information to investigate transit fare violations.
- Law Enforcement Purposes: Per state law, MTS must make Personally Identifiable Information available to a law enforcement agency pursuant to a search warrant or to a Peace Officer without a search warrant if there is good cause to believe the delay of obtaining a search warrant would cause an adverse result in an investigation.
- Personally Identifiable Information – Where it is Stored
Safeguarding and protection of Personally Identifiable Information is a high priority for MTS. Personally Identifiable Information is only held in the back-office database servers that are within a protected, access-controlled, data center. Connections go through an encrypted channel and are secured by multiple factors of authentication.
- Storage Period
State law requires that MTS only store Personally Identifiable Information from a registered PRONTO account with credit card information to the extent it is necessary to perform account functions such as billing, account settlement or enforcement activities. All other stored Personally Identifiable Information that is not necessary to perform account functions, such as a credit card number that has expired, will be discarded within 4 years and 6 months from the date of expiration. In addition, any personal account information connected to a closed PRONTO account will be discarded (i.e. masked) within 4 years and 6 months from the date the PRONTO account has been closed.
- Do Not Track
Your browser or device may allow you to adjust your settings so that “do not track” requests are sent to the websites that you visit or service that you access. However, because an industry-standard protocol for “do not track” signals has not yet been established, we do not disable tracking technology that may be active on the service in response to any “do not track” requests that we receive from your browser or device.
- Changes to a registered PRONTO Account
You may review and request changes to your Personally Identifiable Information through either the https://www.ridepronto.com website, PRONTO mobile application, MTS Transit Store, NCTD’s Customer Service Centers or calling the PRONTO Support Center.
The Children’s Online Privacy Protection Act (“COPPA") imposes certain requirements on operators of websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
If MTS has actual knowledge that we have collected Personally Identifiable Information online from children under the age of 13, MTS will make all reasonable efforts to obtain parental or legal guardian consent before any further use of the Personally Identifiable Information occurs. When MTS obtains parental or legal guardian consent, MTS will maintain reasonable procedures to protect the confidentiality, security and integrity of the Personally Identifiable Information collected from children under the age of 13.
When MTS does not obtain parental or legal guardian consent to use Personally Identifiable Information for children under the age of 13, MTS will no longer maintain the Personally Identifiable Information in any retrievable form.
- Effective Date
November 21, 2023
October 28, 2021
December 5, 2014
July 1, 2013