Privacy Policy

Privacy Policy for Protection of Personally Identifiable Information

PRONTO

The PRONTO fare system is an account-based solution used by transit passengers to obtain regional transportation services.   When a transit passenger uses a PRONTO fare media, certain forms of Personally Identifiable Information may be collected.  This Privacy Policy describes what types of Personally Identifiable Information are collected and how San Diego Metropolitan Transit System (“MTS”) manages and stores Personally Identifiable Information to ensure your privacy. 

  1. Personally Identifiable Information - What Types are Collected

Personally Identifiable Information means any information that identifies or describes a person, including but not limited to, travel pattern data, address, telephone number, email address or credit card number.  
For un-registered PRONTO accounts, the only Personally Identifiable Information collected is boarding information, which includes the bus route or trolley boarded, which trolley station or bus stop you boarded at and the time at which you boarded a bus or trolley. 
For registered PRONTO accounts, MTS does request that certain Personally Identifiable Information be provided to set up your account.  Collection of Personally Identifiable Information occurs when you provide your account information through either the MTS website (https://www.sdmts.com), PRONTO website or PRONTO Mobile application (https://www.ridepronto.com), PRONTO Institutional Portal,  PRONTO Support  Center, MTS Transit Store and North County Transit District (NCTD) Customer Service Centers. 
The following is a description of what Personally Identifiable Information that may be collected: 

  • Personally Identifiable Information that may be Collected
  • Type of Subscriber the Personally Identifiable Information is Collected From
  • First and Last Name
  • All Subscribers of Registered PRONTO accounts
  • Mailing Address
  • All Subscribers of Registered PRONTO accounts except for Institutional Programs
  • Email Address
  • All Subscribers of Registered PRONTO accounts except for Institutional Programs
  • All fare media validation Transactions: which bus route or trolley line was validated, the trolley station or bus stop validated at, and the date/time at which the customer validated
  • All Subscribers of Registered and Un-Registered PRONTO accounts
  • Login Name and Password
  • Only Subscribers of Registered PRONTO accounts
  • Response to Security Question (i.e. who is your childhood friend?)
  • Only Subscribers of Registered PRONTO accounts
  • Credit or Debit Card Number, Type and Expiration Date
  • All Subscribers of Registered and Un-Registered PRONTO accounts except for Institutional Programs
  • Billing Address if different than Mailing Address
  • AllSubscribers of Registered PRONTO accounts except for Institutional Programs
  • Date of Birth
  • Only some Subscribers of Registered PRONTO accounts that have Senior, Disabled, Medicare or Youth Discount. If at any time the Senior, Disabled, Medicare or Youth Discount expires and transfers to an Adult account, date of birth may remain within the PRONTO account.   
  • School Attending
  • Only some Subscribers of Registered PRONTO accounts that have Youth or College Discounts as part of an Institutional Program.  If at any time the Youth or College Discount expires and transfers to an Adult account, school attending may remain within the PRONTO account.   
  • Workplace
  • Only Subscribers of Registered PRONTO accounts for Institutional programs. If at any time the Subscriber no longer participates in the Institutional Program and transfers to an Adult account, workplace may remain within the PRONTO account.
  • Photo used for a reduced fare PRONTO Card with Photo Identification
  • Only some Subscribers of Registered PRONTO accounts that have a Senior, Disabled, Medicare or Youth Discount.  If at any time the Senior, Disabled, Medicare or Youth Discount expires and transfers to an Adult account, photo may remain within the PRONTO account.     
  1. Use of Information
  1. Use of Personally Identifiable Information: MTS uses Personally Identifiable Information to more efficiently administer your registered PRONTO account functions.  MTS will not use Personally Identifiable Information collected from registered PRONTO accounts to send you emails or mail marketing advertisements for any other MTS service or product.  However, MTS reserves the right to email or mail notices regarding significant impacts to MTS services, your registered PRONTO account, and this Privacy Policy
  2. Use of Aggregated Travel Information: MTS collects Aggregated Travel Information, which is collective data of a group or category of PRONTO account subscribers, in a format that does not identify any individual PRONTO account subscriber.  Personally Identifiable Information such as your name, address and billing information are removed before it is used for Aggregated Travel Information.  Aggregated Travel Information includes fare media sale transactions, fare media validation information, and information on the type of subscriber, such as a rider using a Senior, Disabled, Medicare or Youth discount pass.  MTS uses such Aggregated Travel Information to plan, develop, implement, manage, and promote MTS’s services and programs. MTS does share Aggregated Travel Information with a limited number of third-party partners.  For example, MTS shares Aggregated Travel Information with San Diego Association of Governments (“SANDAG”) and North County Transit District (“NCTD”) for data analysis and interoperability purposes.   
  1. Third Party Access to Personally Identifiable Information

MTS only provides access of Personally Identifiable Information that may identify any individual PRONTO account subscriber to the below described parties and entities:

  1. MTS:   Access to Personally Identifiable Information is limited only to certain approved personnel and only for certain approved purposes necessary to administer your account.  MTS controls access by providing only certain employees with the necessary log in credentials.  The PRONTO Support Center, operations staff, MTS management, and MTS’s system integrator have access to your Personally Identifiable Information as required to perform account functions and to investigate customer complaints.  In addition, MTS Code Compliance Security Officers also have access but it is restricted to only a subscriber’s name, date of birth, recent sale transactions and recent fare validation information to investigate transit fare violations.   
  2. NCTD: Access to Personally Identifiable Information is limited only to certain approved personnel and only for certain approved purposes necessary to administer your account.  MTS and NCTD control access by providing only certain employees with the necessary log in credentials.  NCTD Customer Service Centers, operations staff, NCTD management, and NCTD’s system integrator have access to your Personally Identifiable Information as required to perform account functions and to investigate customer complaints.  In addition, NCTD Code Compliance Security Officers also have access but it is restricted to only a subscriber’s name, date of birth, recent sale transactions and recent fare validation information to investigate transit fare violations.  
  3. Law Enforcement Purposes:  Per state law, MTS must make Personally Identifiable Information available to a law enforcement agency pursuant to a search warrant or to a Peace Officer without a search warrant if there is good cause to believe the delay of obtaining a search warrant would cause an adverse result in an investigation.
  1. Personally Identifiable Information – Where it is Stored

Safeguarding and protection of Personally Identifiable Information is a high priority for MTS.  Personally Identifiable Information is only held in the back-office database servers that are within a protected, access-controlled, data center. Connections go through an encrypted channel and are secured by multiple factors of authentication.

  1. Storage Period

State law requires that MTS only store Personally Identifiable Information from a registered PRONTO account with credit card information to the extent it is necessary to perform account functions such as billing, account settlement or enforcement activities.  All other stored Personally Identifiable Information that is not necessary to perform account functions, such as a credit card number that has expired, will be discarded within 4 years and 6 months from the date of expiration.  In addition, any personal account information connected to a closed PRONTO account will be discarded (i.e. masked) within 4 years and 6 months from the date the PRONTO account has been closed.  

  1. Cookies

A cookie is a small data file that websites commonly write to your hard drive when you visit a website. A cookie file contains information that can identify you anonymously in order to track traffic patterns and add functionality to the website. The cookies on MTS websites do not identify you personally but rather identify your computer when you visit MTS websites. A cookie cannot read data off your hard disk or read cookie files created by other websites. Your browser can be set to warn you before accepting cookies and may choose to refuse cookies by turning them off in your browser. You do not need to have cookies turned on to use the majority of MTS websites, but you will need to allow cookies in certain areas in order to perform certain functions. MTS websites allow users to clear cookies.

  1. Do Not Track

Your browser or device may allow you to adjust your settings so that “do not track” requests are sent to the websites that you visit or service that you access. However, because an industry-standard protocol for “do not track” signals has not yet been established, we do not disable tracking technology that may be active on the service in response to any “do not track” requests that we receive from your browser or device.

  1. Security

Please do not send highly sensitive information, such as a credit card number over email.  MTS cannot guarantee that incoming email before being received by MTS will not be intercepted.  Despite the protections established within this Privacy Policy, if any unauthorized access to or use of Personally Identifiable Information occurs, MTS will notify you of a breach in security of the system following discovery in one or more of the following ways: email, mail, posting of the breach on https://www.sdmts.com, https://www.ridepronto.com or by notifying the media. 

  1. Changes to a registered PRONTO Account

You may review and request changes to your Personally Identifiable Information through either the https://www.ridepronto.com website, PRONTO mobile application, MTS Transit Store, NCTD’s Customer Service Centers or calling the PRONTO Support Center. 

  1. Children’s Privacy Policy

The Children’s Online Privacy Protection Act (“COPPA") imposes certain requirements on operators of websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. 
If MTS has actual knowledge that we have collected Personally Identifiable Information online from children under the age of 13, MTS will make all reasonable efforts to obtain parental or legal guardian consent before any further use of the Personally Identifiable Information occurs.  When MTS obtains parental or legal guardian consent, MTS will maintain reasonable procedures to protect the confidentiality, security and integrity of the Personally Identifiable Information collected from children under the age of 13.
When MTS does not obtain parental or legal guardian consent to use Personally Identifiable Information for children under the age of 13, MTS will no longer maintain the Personally Identifiable Information in any retrievable form.   

  1. Effective Date

 The Effective Date of this Privacy Policy 11/21/2023.   

  1. Changes to Privacy Policy

MTS will endeavor to make all appropriate revisions to this Privacy Policy as changes to MTS’s collection and management of Personally Identifiable Information occur.   When material changes occur to the Privacy Policy, MTS will notify you in one or more of the following ways: updating the Privacy Policy posted on https://www.ridepronto.com Web site; updating the Privacy Policy posted on https://www.sdmts.com Web site; sending rider alerts on social media and/or email.

History of Changes to Privacy Policy


Date

Activity

November 21, 2023

MTS updates its Privacy Policy relating to: how it uses and who has access to Personally Identifiable Information and Aggregated Travel Information; do not track requests, and cookies.

October 28, 2021

MTS updates Privacy Policy due to the implementation of PRONTO. PRONTO is MTS’s new fare collection system, replacing Compass Cards.

December 5, 2014

MTS establishes Privacy Policy for Compass Cards.

July 1, 2013

MTS assumes responsibility of the administration of the San Diego Regional Compass Card program from SANDAG.  SANDAG’s Privacy Policy is in effect until MTS establishes its own Privacy Policy for Compass Cards.