Effective Date: September 1, 2022
Last Updated: August 31, 2022
Last Reviewed: September 12, 2023
As part of the Modaxo family of brands, TransLoc / DoubleMap / RideSystems / Journey Holding Corporation are committed to being trusted stewards of the personal information you share with us. We collect and use this data to help fulfill and build on Modaxo’s vision of providing a one-stop-shop for intelligent mobility solutions. We prepare cities, universities, and public and private enterprises for the future of multimodal transportation – one where riders can choose the easiest, smartest, and greenest way to travel.
Today, we rely on data to incorporate state-of-the-art technology into our products and services to improve quality, minimize environmental impact, and make them safer and more enjoyable to drive, own, and use.
CATEGORIES AND SOURCES OF PERSONAL INFORMATION
The personal information we collect depends on how you interact with us, the products you use, and the choices you make. We collect personal information about you from different sources and in various ways:
INFORMATION YOU PROVIDE TO US
You may choose to share information with us when you create or modify an account, request services, contact the Customer Relationship Center, or otherwise communicate with us. For example, we collect the following:
- Contact Information: Depending on the nature of your interaction with us, we collect personal or business information such as name, email address, postal address, and phone number.
- Account Information/ User Name. If you establish an account to use our apps, we collect your user name and related information.
- Geographic Location Data. If location information is required in order to utilize our services (i.e., our On Demand or Tap Ride microtransit services) we collect the geographic information you provide such as points of origin and destination.
- Preferences: We may collect your preferences such as communication, language, and time zone.
- Identification Numbers You Provide: Unique identification numbers associated with you.
- Security: When you create an account, we collect passwords, security questions, etc.
- Content of Communications: We will collect your communications with us, such as emails, customer service requests, survey responses, or social media posts or messages.
INFORMATION FROM YOUR DEVICES
When you use our websites and online services, we automatically collect some information from your devices (such as mobile phone, tablet, smartwatch, or computer). For example:
- Device Details and Network Information: Some devices share and our servers log information such as type of device, hardware model, MAC Address, OS, version, settings, IMEI, configuration, and network-related information such as IP address, mobile network provider. As further described in the Cookies section below, our websites and online services store and retrieve data using cookies set on your device.
- Digital Activity: When you connect to our online services, we collect information about online activity and usage patterns, such as access times, webpages visited, web logs, app features used, etc.
- Device and Mobile Location: Depending on your device and app settings, we also collect location data from your devices when you use our apps or online services.
You may use app or device controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.
INFORMATION WE GENERATE ABOUT YOU
We infer new information from the data we collect, such as:
- Digital Activity: When you connect to our online services, we may infer your zip code, city, state, and country location based on your IP address. We may also make inferences from your online activity and usage patterns, such as access times, webpages visited, web logs, app features used, etc.
- Inferred Preferences: We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we may use information about your vehicle and past purchases to determine your likely readiness to make a new purchase, which we may use for marketing, advertising, or other purposes.
- Identification Numbers We Generate: When you interact with us, we may generate unique identification numbers such as account ID, or customer ID. In some cases, we generate unique identifiers to assist with our processing of location data.
OTHER SOURCES OF INFORMATION ABOUT YOU
In addition to information we collect from you, and your devices and the information we generate or infer, we also obtain information from others when you direct them to share information with us and in the following cases:
- Affiliates: We may share personal information among the companies within the Modaxo Company family of companies and affiliates. Our “family of companies” is the group of companies related to us by common control or ownership. We share information within this “family” as a normal part of conducting business and offering products and services to our customers.
- Service Providers and Suppliers: We may receive Contact Information or other personal information from our vendors or agents working on our behalf for the purposes described in this Policy.
- Business Partners: We receive personal information from our transportation service provider customers and other partners, other companies with which we work together to offer services to our customers, or to reach potential customers with our marketing messages. Examples include:
- Social Media Platforms: If you sign into our website or a service using a social media sign-on (such as Facebook Connect), or pre-populate fields in a form using such tools, you allow us to access your information that is publicly available or that you have made publicly available (e.g., name, user ID, profile picture) and any information the platform makes available. We encourage you to review the privacy policies for the social media platforms and authentication methods you use.
- Law enforcement agencies, courts, regulatory agencies, and others: We may receive personal information from government agencies or courts for legal compliance purposes, to protect your personal safety or the safety of others, to protect Modaxo’s or others’ rights, or to investigate fraud. We may also receive personal information from others; for example, in connection with litigation settlements, we may acquire information about you from third parties for the purpose of meeting our tax reporting obligations.
- Consumer Data Analytics Firms: We may receive Demographics and other data from third parties for purposes such as supporting our marketing campaigns and personalizing services to our customers.
- Parties to Corporate Transactions: We may receive personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or at transfer, divestiture, or sale of all or a portion of business or assets.
We may combine personal information you provide to us, information from your devices, information about you we receive from others, and information we generate about you.
We also collect information in a form that cannot reasonably be linked back to you.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies on our websites are used to store your preferences and settings, enable you to sign-in, combat fraud, analyze how our products perform, and fulfill other legitimate purposes.
Our websites may also contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those websites, and gather usage and performance data. We also include web beacons in our promotional email messages or newsletters to determine whether you open and act on them, and in our ads appearing on other sites to measure the performance of those ads.
Our websites often include web beacons and cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics or advertising. In other cases, it is because our web pages contain third-party content (such as embedded videos, maps, plug-ins, or ads) that contain web beacons used to determine the effectiveness and track your interaction with that content. When your browser connects to a third party’s web server to retrieve content and/or web beacons, that third party is able to set or read its own cookies on your device and may collect information about your online activities over time and across different websites or online services that also contain that third party’s content or web beacons.
For example, our websites and apps may use one or more of Uservoice, Sentry, Instabug, Pendo, HubSpot, Google Analytics third-party analytics tools, to track page content and click/touch, movement, scroll, and keystroke activity. You can find more information on these vendors’ privacy practices on their websites.
Mobile advertising ID controls. Apple and Android mobile devices each generate an advertising identifier that can be accessed by apps and used by advertisers in much the same way that cookies are used on websites. Each operating system provides options to limit tracking and/or reset the advertising ID.
Browser cookie controls. Web browsers vary on whether they are set to accept various types of cookies by default. You can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
Email web beacons. You can disable web beacons in email messages by changing the settings on your email client to prevent the automatic downloading of images.
OUR USE OF PERSONAL INFORMATION
We use the personal information we collect for purposes described in this Policy or otherwise disclosed to you. For example, we have used personal information for the following purposes over the past 12 months:
OUR SHARING OF PERSONAL INFORMATION
We use the personal information we collect for purposes described in this Policy or otherwise disclosed to you. For example, we have used personal information for the following purposes over the past 12 months:
|Purpose of Use||Categories of Personal Information|
|Product and Service Delivery. To provide and deliver our products and services, including operating, securing, and troubleshooting; providing support for vehicle service, warranty, and recall; providing customer service and technical support; and providing credit and financing services.||Contact Information, Demographics, Preferences, , Identification Numbers You Provide, Security, Content of Communications, Geographic Location information, , Digital Activity, , Inferred Preferences, Identification Numbers We Generate.|
|Product Improvement. To improve existing products and services.||Contact Information, Demographics, Preferences, , Content of Communications, Geographic Location information, , Digital Activity, Identification Numbers We Generate, Payment Data We Generate, Inferred Preferences|
|Research and Development. To conduct research and develop new products and services.||We primarily use de-identified data for this purpose, but may in limited circumstances also share Demographics, , Geographic Location Information, , Digital Activity, Identification Numbers We Generate|
|Personalization. To understand you and your preferences to enhance and personalize your experience.||Contact Information, Demographics, Preferences, Content of Communications, Digital Activity, Geographic Location Information, Inferred Preferences, Identification Numbers We Generate|
|Business Operations. To operate our business, such as accounting, finance, tax, regulatory compliance, litigation, information security, fraud detection and prevention, supplier and vendor management, human resources, information technology, and improving our internal operations.||Contact Information, Demographics, , Preferences, Identification Numbers You Provide, Security, Content of Communications, Geographic Location Information, Digital Activity, Preferences, Identification Numbers We Generate|
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
Finally, we may use de-identified information for any purpose in accordance with applicable law.
OUR USE OF PERSONAL INFORMATION
We share personal information with your consent, when you direct us to share it with others, or as necessary to complete your transactions or provide the products you have requested or authorized. We also share personal information with:
- Affiliates. We share personal information among the companies within the Modaxo family of companies and affiliates. Our “family of companies” is the group of companies related to us by common control or ownership. We share information within this “family” as a normal part of conducting business and offering products and services to our customers.
- Service Providers and Suppliers. We share personal information with vendors or agents working on our behalf for the purposes described in this Policy. In such cases we require these vendors to protect the confidentiality of the personal information and to use it only to provide the services to us. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal information to provide those functions.
- Business Partners. We share personal information with transportation service providers, our agency customers, business partners and other companies that we work together with to offer services to our customers, or to reach potential customers with our marketing messages. Examples include:
- Analytics Companies. Please see the Cookies section of this Policy for a description of how we work with advertising and analytics providers.
- Social Media Platforms. We share hashed emails from our marketing database with social media advertising platforms, such as Facebook. Those users are identifiable to the Social Media company when it matches our hashed data to its hashed data of its users.
- Law Enforcement Agencies, Courts, Regulatory Agencies, and Others. We will access, transfer, disclose, and preserve personal information when we believe that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- detect, investigate, and prevent fraud, or to help prevent the loss of life or serious injury;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
- Parties to Corporate Transactions. We may also disclose personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or at transfer, divestiture, or sale of all or a portion of our business or assets.
Finally, we may share de-identified information in accordance with applicable law.
CALIFORNIA PRIVACY RIGHTS
California Consumer Privacy Act (“CCPA”)
If you are a California resident and the processing of personal information about you is subject to the CCPA, you have certain rights with respect to that information:
Access/Right to Know. You have a right to request that we provide you with the following information:
- The categories and specific pieces of personal information we have collected about you in the last 12 months.
- The categories of sources from which we collect personal information.
- The purposes for collecting, using, or selling personal information.
- The categories of third parties with which we share personal information.
- The categories of personal information we have disclosed about you for a business purpose. Note that the CCPA defines “business purpose” broadly; and because we use service providers for a number of business purposes that require access to our systems that hold personal information (such as supplying cloud data storage, maintaining the security of our systems, and providing customer support), in the past 12 months we have disclosed for a business purpose data from all of the categories of personal information that we maintain.
- The categories of personal information we have sold about you for each category of third party to which the personal information was sold. Note that the CCPA defines “sell” very broadly, and some of our data sharing described in this Policy may be considered a “sale” under that definition. We do not knowingly sell the personal information of minors under 16 years of age without affirmative authorization.
In the past 12 months, we have shared personal information with others for commercial purposes or their independent uses as follows: Analytics Companies. We share Device Details and Network information, Digital Activity, Preferences, Demographics, Device and Mobile Location
Right to Delete. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions.
Right to Opt-Out From Sales. You also have a right to opt-out from future sales of personal information. See also the Cookies section of this Policy to learn how to opt out of analytics.
How to Exercise Your California CCPA Rights
You can exercise your CCPA rights by submitting your request(s) to us using the web form located on our website. You can also exercise your CCPA rights by calling us toll free at 888.959.3120, 24 hours per day, seven days per week. If you call outside of service hours, please leave your name and contact number and we will call you back within two (2) business days. .
If you want to exercise more than one of your CCPA rights, please submit a separate request for each CCPA right, which will help us handle your requests more effectively. Please be aware that we will process your requests in the order we receive them.
Whether you use the web form or call us, we will need information from you to process your request so that we can confirm you are a California resident, determine if we have personal information about you, and, for access and deletion requests, verify your identity. We may also need to contact you about your request, and you can choose the contact method you would like us to use.
Please be aware there might be circumstances where we will not honor your request, as permitted under the CCPA. For example, if we are not able to verify your identity and that you are a California resident, we may not honor your access or deletion request. In addition, we may not delete your personal information if an exception under the CCPA applies.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
If you want an authorized agent to submit a “Delete My PI” or “Access My PI” request on your behalf, the authorized agent must provide proof of their registration with the California Secretary of State, as well as proof that you gave the authorized agent written permission to submit the request(s) on your behalf. We may also require you to verify your identity with us.
If you want an authorized agent to submit a “Do Not Sell My PI” instruction on your behalf, the authorized agent must provide proof of their registration with the California Secretary of State, as well as proof that you gave the authorized agent written permission to submit the instruction on your behalf.
You have a right to not be discriminated against for exercising rights set out in the CCPA.
California Shine the Light
Additionally, under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2022 will receive information regarding 2021 sharing activities).
To obtain this information on behalf of TransLoc/DoubleMap/RideSystems/Journey Holding Corp, please send an email message to CCPARequests@transloc.com with “Request for California Privacy Information” on the subject line and in the body of your message.
We will provide the requested information to you at your e-mail address in response. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response. Please also note that we may not be required to respond to requests made by means other than through the above designated e-mail address.
California Business and Professions Code Section 22581
California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted, please send a detailed description of the specific content or information you wish to have removed; see How to Contact Us below. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
Understanding TransLoc Rider & Privacy
The following are terms of a legal agreement between you and TransLoc. By accessing, browsing, or using this website, you acknowledge that you have read, understood, and agree to be bound by these terms. If you do not agree to these terms, please do not use this website.
TransLoc’s mission is to make mass transit the first choice for everyone, but never at the expense of your privacy. Your trust is incredibly important to us. Because of this, we want to be very clear about what information we collect in our TransLoc Rider mobile applications and how we use it.
WHAT INFORMATION DO WE COLLECT?
We collect non-personal device location information. This includes an app-specific device ID and GPS location.
The app-specific device ID is unique to the TransLoc Rider application and is not connected to any other mobile application on your device. Non-personal means your app-specific device ID is not connected to any personally identifying information, such as name, phone number, email, etc. TransLoc Rider has no access to this type of personal information.
HOW WE USE THIS INFORMATION
We aggregate device location information and combine it with real-time transit information in order to help transit agencies understand how riders use their transit system.
WHY WE COLLECT THIS INFORMATION
Transit agencies lack essential information to plan great transit service. For example, agencies lack information about where riders start and end their travels. This information is the core of understanding transit need and creating more desirable, accessible transit for everyone.
HOW WE INFORM APP USERS
When a user first launches TransLoc Rider we proactively inform them that upon enabling Location Services their device’s location information is being collected. We also make it clear users can always turn off location reporting in the TransLoc Rider app and still use the real-time tracking with no change to their experience.
WHAT INFORMATION DO WE COLLECT?
We may collect, store and use the following kinds of personal data:
- Information about your use of OnDemand;
- Information about any interactions carried out between you and OnDemand, including, but not limited to, the following:
- Trip origin and destination information; and
- Anonymized OnDemand usage patterns;
- Personal Information, such as:
- Email Address;
- Phone Number; and
- Saved addresses, if rider chooses to input addresses for convenience.
- We will collect information about your device and usage of OnDemand, such as:
- Geographical location;
- Operating system and version;
- Device type and model;
- Browser type and version.
- We may use this information in the administration of OnDemand, to improve the app’s usability.
WHY WE COLLECT
- Provide information to your transit agency about the usage of its OnDemand system; and
- Send vehicle arrival notification information to you on behalf of the agency, e.g. specifically, we will notify you via SMS text message when a driver is approaching your pickup location.
Additionally, we provide anonymized origin and destination data to transit agencies. This data improves an agency’s ability to plan and execute improvements to their system.
HOW WE PROTECT
We work hard to protect users’ information from unauthorized access, unauthorized alteration, disclosure, and destruction. We do this using industry standard encryption protocols.
Children Under the Age of 13
OnDemand is not intended for children under 13 years of age, and no one under age 13 may provide any information to OnDemand. If you are under 13, do not use or provide any information through OnDemand. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
HOW TO OPT OUT
If you would like to remove your personal account information, please email firstname.lastname@example.org and include your OnDemand username and the email associated with your account to have your information removed from TransLoc’s systems. If you need to update your name, phone number, email address, or personal addresses, you may do so through OnDemand at any time.
DO NOT TRACK
We do not currently collect, or allow third parties to collect, personal information about your on-line activities over time and/or across third party websites for tracking purposes. Therefore, OnDemand does not and will not respond to any “DO NOT TRACK” signals sent by your browser, device or otherwise.
TransLoc Architect Policy
TransLoc Architect collects specific personal data (for example: email address) for its users in order to allow usage of the application. This personal information is not shared with third-party entities. Only GTFS data is shared, and GTFS data does not include personal data. Users of TransLoc Architect will be able to direct their GTFS data to particular uses within the TransLoc Architect tool.
If you have a privacy concern, complaint, or a question for TransLoc, DoubleMap or Ride Systems, please contact us at:
TransLoc / DoubleMap / Ride Systems / Journey Holding Corp
4505 Emperor Blvd., Suite 120
Durham, North Carolina 27703
We are committed to working with consumers to obtain a fair and rapid resolution of any complaints or disputes about privacy and the handling of your data. We will be happy to respond to your questions and comments.