Updated January 4, 2021
Brightline’s privacy practices are consistent with U.S. law, Canada’s Personal Information Protection and Electronic Documents Act, and other applicable law, including the European Union’s General Data Protection Regulation (“GDPR”), which governs which governs the collection, storage, use, and transfer of personal information for European Union residents.
Brightline acts as both a controller and processor of your personal information, within the meaning of the GDPR. The legal bases for our processing of your personal information is your general and express consent as detailed herein and our pursuit of legitimate business interests.
Information We Collect
Brightline and its service providers collect information when you access and use the Service. That information falls into three categories: (1) information you give us; (2) information we collect from you automatically; and (3) information we collect from other sources.
Information You Give Us
We collect the information you give us when you access and use our Service. For example, we collect information from you when you create a Brightline Account; subscribe to our emails, mobile messages, or social media notifications; allow us to access your location; participate in a program, sweepstakes, contest, promotion, survey, or poll; communicate with us via third-party social media sites; shop our Service; transfer Brightline credits or one-way rides; request guest support; apply for a job; or otherwise communicate with us through the Service. We may also collect information you give us in other ways.
The types of information you give us may include personally identifiable information. That means information that can be used to identify you, whether alone or in combination, such as your first and last name, email address, zip code, date of birth, gender, phone number, credit card information, social media account information, photograph, travel preferences, and other identifiable information. It may also include sensitive information, such as information relating to disabilities – for instance, if you ride in a wheelchair, are deaf or hard of hearing, or are blind or have low vision.
Information We Collect Automatically
We also collect certain information about you automatically when you access or use our Service. This information may include, without limitation:
This information is gathered during the sign-in process and through other tools and methods, such as cookies, web beacons, embedded scripts, entity tags, HTML5 local storage, in-app tracking protocols, and location-identifying technologies.
These technologies and others like them are used for the following purposes:
Information We Collect From Other Sources
The information obtained from publicly available sources enables us to correct inaccurate information, enhance the security of your transactions, and give you product recommendations and special offers that are more likely of interest.
Combination of Information
We may combine or associate the information you give us with the information we collect from you automatically and the information we collect from other sources. If we combine or associate any personally identifiable information you give us with information we collect from you automatically or information we collect from other sources, we will treat the combined or associated information as personally identifiable information for all applicable purposes.
Use Of Information
Brightline and its service providers may use the information collected about you for various purposes, including to:
We take commercially reasonable steps to ensure that the personally identifiable information we process is relevant to the purposes of that processing.
Sharing Of Information
Brightline may share information collected about you, with or without notice to you, in the following circumstances:
Protection Of Information
Brightline and its service providers employ commercially reasonable methods to protect your information. Those commercially reasonable methods include technical, physical, and administrative security measures designed to reduce the risk of loss, misuse, unauthorized access, disclosure, modification, and destruction of your information.
For example, your personally identifiable information is stored behind secured networks and is accessible only by a limited number of persons who have special access rights to such systems and are required to keep your information confidential. In addition, the transmission of highly sensitive information, such as a credit card number, is encrypted via Secure Socket Layer (SSL) technology.
Our website and mobile application are also scanned on a regular basis for security vulnerabilities in order to make your use of the Service as safe as possible.
Please note, however, that although we have employed commercially reasonable methods to help safeguard your information, no system or network can be guaranteed to be 100% secure.
Please also note that you must be vigilant in protecting your password in order to maintain the security of your information.
Your Consent And Choices
Brightline and its service providers collect information in a fair and non-intrusive manner, as set forth above. They also recognize the need for appropriate management and protections of the information you provide.
If Brightline or its service providers are required or wish to provide notice of unauthorized access to their data security systems or unauthorized access to or processing of your information, you expressly agree that Brightline and/or its service providers may do so by posting a notice on GoBrightline.com, by sending an “in-app message,” or by sending an email to any email address in your account profile.
Managing Your Information
At the time you sign up for a Brightline Account or Brightline Updates, you must submit certain information to us, including personal information. You are responsible for providing accurate information to us, and you are also responsible for maintaining the accuracy of that information. If you wish to remove your Brightline Account or email from our databases, please contact our Privacy Officer as set forth below. We will make good faith efforts to reflect your changes in our then-active databases as soon as reasonably practicable. Please note that it is not always possible to completely remove or delete all information from our databases. Residual data may remain on backup media or for other reasons. We may also retain information you submit to us as business records, for administrative purposes.
With respect to our mobile and other applications, you can prospectively stop the collection of information by uninstalling the applications.
Promotional and Operational Communications
If you have signed up for the receipt of Brightline Updates and receive promotional emails, you can opt out of receiving such emails at any time by following the “unsubscribe” instructions in the promotional emails we send you. Please note that even if you opt out of receiving promotional emails, we may continue to send you non-promotional emails and other types of communications, as permitted by law. For example, we may send emails that contain service-related announcements that affect your account, purchase confirmations and updates regarding rides you’ve booked, requests for feedback on our services and/or specific travel experiences, or responses to comments and feedback submitted to us. You must opt in to receive promotional text messages and may opt out at any time thereafter by following the instructions provided in the text messages.
Our mobile application may send you “in-app messages” or “push notifications” including alerts, sounds, and icon badges. The “in-app messages” may be of a promotional nature or an operational nature. These messages are part of the application’s functionality and cannot be turned off. If you do not wish to receive these messages, you should not download or use our application. You can opt out of receiving “push notifications” or alter the way the notifications are delivered by modifying your device and application settings.
You may be able to adjust your device settings so that information about your physical location is not sent to us or third parties by disabling location services, or by changing preferences and permissions within websites and mobile applications. Please note that several device settings and functions may be used to derive your physical location, including WiFi, Bluetooth, and others. See your device settings and functions for more information.
Cookies, Web Beacons, and Similar Technologies
You may be able to reject or block cookies, web beacons, entity tags, and HTML5 local storage by adjusting the appropriate settings in your browser software. Each browser is different, but many common browsers such as Internet Explorer, Chrome, Firefox, and Safari have preferences or options that may be adjusted to allow you to reject or block cookies and certain other technologies before they are received or installed. Some browsers also allow you to reject the installation or use of certain technologies altogether. For more information, open your browser and access the Help menu.
You may have to repeat this process for each browser that you use.
Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of such advertising, visit www.youradchoices.com and www.networkadvertising.org.
We are not responsible for the effectiveness of, or compliance with, those opt-out programs.
You should also be aware that, even if you are able to opt out of interest-based advertising, you will continue to receive generic advertisements.
Adobe Flash Player Technology
We allow Adobe to set and enable special cookies that are necessary to deliver video content for Adobe Flash Player. These special cookies are sometimes referred to as Flash cookies. You cannot remove Flash cookies simply by changing your browser settings. If you would like to limit your receipt of Flash cookies, visit the Adobe website: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
“Do Not Track” Technology
Some newer web browsers have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit. This header indicates that you do not want your activity to be tracked. Like many websites and online services, our Service currently does not respond to browser “Do Not Track” signals.
Third-Party Websites And services
Our Service may contain hyperlinks to other websites or services which we do not control, as they are owned and operated by third parties. We provide these links as a convenience and make no representations regarding the policies or business practices of such third parties. We also work with third parties to deliver advertisements on other websites and platforms.
Brightline does not intend for its Service to be used by children under the age of 13. If you are a child under the age of 13, you are not permitted to have a Brightline Account, and you should not send any information about yourself to us through the Service. You are also not permitted to ride with us without being accompanied by an adult 18 years of age or older.
If you are a parent or guardian of a child under the age of 13 and you believe we may have collected information about him/her, please contact our Privacy Officer as set forth below.
Brightline customers who are California residents have the right under California Civil Code Section 1798.83 to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To request such details, contact our Privacy Officer as set forth below. Please allow up to 60 days for a response.
Brightline customers who are Nevada residents have the right under Nevada law to direct us not to make any “sale” of any “covered information” that we have collected, or that we may collect in the future, from or about you. The term “sale” is limited to our exchanging your information for money to anyone who intends to license or sell that information to other people. It does not include our disclosing your information to anyone who works with us to process your information, or to any of our affiliates. “Covered information” may include personally identifiable information in the form of your first and last name, home or other physical address, email address or telephone number, and any other information that we have collected or may collect from you in combination with any of the other identifiers listed above that are unique to you and would identify you.
To exercise this right, contact our Privacy Officer as set forth below. We may ask you to follow up telephone or web-based requests with an email confirmation. We may also ask you to provide us with information that will help us identify you in order to verify your request. We will never ask you for a copy of your photo identification, your Social Security Number, or your full account number with us.
Please allow up to 60 days for a response to your verified request.
Canada’s Privacy Legislation
Canada’s federal privacy legislation, the Personal Information Protection and Electronic Documents Act, incorporates ten (10) “Fair Information Principles” regarding your personally identifiable information. We adhere to those Fair Information Principles for information collected in and/or transferred from Canada. The principles are as follows:
Principle 1 - Accountability. An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the fair information principles.
Principle 2 - Identifying Purposes. The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Principle 3 - Consent. The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
Principle 4 - Limiting Collection. The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Principle 5 - Limiting Use, Disclosure and Retention. Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Principle 6 - Accuracy. Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 - Security Safeguards. Personal information shall be protected by security safeguards appropriate to the sensitivity of the Personal Information.
Principle 8 - Openness Concerning Policies and Practices. An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Principle 9 - Individual Access to Personal Information. Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 - Challenging Compliance. An individual shall be able to address a challenge concerning compliance with the fair information principles to the designated individual or individuals accountable for the organization’s compliance.
Questions & Complaints
If you have questions, comments, concerns, or complaints about Brightline’s privacy practices, please contact our Privacy Officer at:
Brightline Privacy Officer
161 NW 6th Street, Suite 900
Miami, FL 33136
Our Privacy Officer will endeavor to respond to all questions, comments, and concerns as soon as reasonably practicable. The Privacy Officer will also endeavor to investigate and attempt to resolve any complaints within 60 days.
If you are an E.U. resident, you have the right under the GDPR to lodge a complaint with your local supervisory authority for data protection.