At Brightline Trains Florida LLC (“Brightline”), your privacy is important to us.  This Privacy Policy describes how Brightline and the service providers acting on its behalf collect, use, share, and protect the information received when you access and use gobrightline.com and its respective subdomains, the Brightline App and related mobile services, and certain in-station and onboard wireless services (collectively, the “Service”).

 

Brightline’s privacy practices are consistent with U.S. law, Canada’s Personal Information Protection and Electronic Documents Act, and other applicable law, including the European Union’s General Data Protection Regulation (“GDPR”), which governs which governs the collection, storage, use, and transfer of personal information for European Union residents.

 

Brightline acts as both a controller and processor of your personal information, within the meaning of the GDPR.  The legal bases for our processing of your personal information is your general and express consent as detailed herein and our pursuit of legitimate business interests.

 

If you have questions about this Privacy Policy or the protection of your information, please contact our Privacy Officer using the contact information provided below.

 

We may update or otherwise modify this Privacy Policy from time to time.  If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice through the Service.  Please review our Privacy Policy periodically to ensure you are aware of any changes that have been made.   Your continued use of the Service after any such changes are made constitutes an agreement to be bound by such changes.

 

Brightline and its service providers collect information when you access and use the Service. That information falls into three categories:  (1) information you give us; (2) information we collect from you automatically; and (3) information we collect from other sources.

 

Brightline and its service providers collect information in a fair and non-intrusive manner, as set forth above.  They also recognize the need for appropriate management and protections of the information you provide.

 

Brightline has adopted and implemented this Privacy Policy in order to assist you in understanding the types of information Brightline and its service providers collect, how that information may be used, and how that information may be shared with others.  By signing up for a Brightline Account and/or accessing and using the Service, you expressly agree that Brightline and its service providers may collect, use, and share your information in accordance with this Privacy Policy or as permitted or required by law.  You also expressly agree that your information may be collected, transferred, stored, or disclosed both within and outside the U.S., including but not limited to Canada, the European Union, and Switzerland.  Some of these jurisdictions may have laws that provide less protection to your information than you receive under the laws in our own jurisdiction.  The U.S., for instance, has not received a decision from the European Commission determining that it provides adequate protection to personally identifiable information.  Canada, by contrast, has received such a decision.  Brightline and its service providers will take reasonable steps to ensure that any transfer or disclosure of personal information to or within any jurisdiction complies with applicable law and receives the level of protection required by those jurisdictions.  You can obtain additional details regarding those safeguards by contacting our Privacy Officer as set forth below.

 

If Brightline or its service providers are required or wish to provide notice of unauthorized access to their data security systems or unauthorized access to or processing of your information, you expressly agree that Brightline and/or its service providers may do so by posting a notice on gobrightline.com, by sending an “in-app message,” or by sending an email to any email address in your account profile.

 

If you do not consent to Brightline’s collection, use, or sharing of your information as provided in this Privacy Policy, you should not sign up for a Brightline Account or Brightline Updates, and you should not access or use the Service.

 

If you wish to withdraw your consent to Brightline’s collection, use, or sharing of your information as provided in this Privacy Policy, you have the right to do so at any time.  If you wish to exercise that right, please contact our Privacy Officer as set forth below.

 

If you have questions, comments, concerns, or complaints about Brightline’s privacy practices, please contact our Privacy Officer at:

 

Brightline Privacy Officer

350 NW 1st Ave., Suite 200
Miami, FL 33128

Email: PrivacyOfficer@GoBrightline.com

 

Our Privacy Officer will endeavor to respond to all questions, comments, and concerns as soon as reasonably practicable.  The Privacy Officer will also endeavor to investigate and attempt to resolve any complaints within 60 days.

 

If you are an E.U. resident, you have the right under the GDPR to lodge a complaint with your local supervisory authority for data protection.

 

Canada’s federal privacy legislation, the Personal Information Protection and Electronic Documents Act, incorporates ten (10) “Fair Information Principles” regarding your personally identifiable information.  We adhere to those Fair Information Principles for information collected in and/or transferred from Canada.

 

The principles are as follows:

 

Principle 1 - Accountability.  
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the fair information principles.

 

Principle 2 - Identifying Purposes.

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

 

Principle 3 - Consent.
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

 

Principle 4 - Limiting Collection.

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

 

Principle 5 - Limiting Use, Disclosure and Retention.

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.

 

Principle 6 - Accuracy.

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

 

Principle 7 - Security Safeguards.

Personal information shall be protected by security safeguards appropriate to the sensitivity of the Personal Information.

 

Principle 8 - Openness Concerning Policies and Practices.

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

 

Principle 9 - Individual Access to Personal Information.

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

 

Principle 10 - Challenging Compliance.

An individual shall be able to address a challenge concerning compliance with the fair information principles to the designated individual or individuals accountable for the organization’s compliance.

 

Brightline customers who are Nevada residents have the right under Nevada law to direct us not to make any “sale” of any “covered information” that we have collected, or that we may collect in the future, from or about you.  The term “sale” is limited to our exchanging your information for money to anyone who intends to license or sell that information to other people.  It does not include our disclosing your information to anyone who works with us to process your information, or to any of our affiliates.  “Covered information” may include personally identifiable information in the form of your first and last name, home or other physical address, email address or telephone number, and any other information that we have collected or may collect from you in combination with any of the other identifiers listed above that are unique to you and would identify you.

 

To exercise this right, contact our Privacy Officer as set forth below.  We may ask you to follow up telephone or web-based requests with an email confirmation.  We may also ask you to provide us with information that will help us identify you in order to verify your request.  We will never ask you for a copy of your photo identification, your Social Security Number, or your full account number with us.

 

Please allow up to 60 days for a response to your verified request.

 

Brightline customers who are California residents have the right under California Civil Code Section 1798.83 to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

 

To request such details, contact our Privacy Officer as set forth below. Please allow up to 60 days for a response.

 

Brightline does not intend for its Service to be used by children under the age of 13.  If you are a child under the age of 13, you are not permitted to have a Brightline Account, and you should not send any information about yourself to us through the Service.  You are also not permitted to ride with us without being accompanied by an adult 18 years of age or older.

 

If you are a parent or guardian of a child under the age of 13 and you believe we may have collected information about him/her, please contact our Privacy Officer as set forth below.

 

Our Service may contain hyperlinks to other websites or services which we do not control, as they are owned and operated by third parties.  We provide these links as a convenience and make no representations regarding the policies or business practices of such third parties.  We also work with third parties to deliver advertisements on other websites and platforms.

 

This Privacy Policy does not apply to any website or service which is owned and operated by third parties; nor are we responsible for the policies or business practices of such third parties.  We encourage you to review the privacy policy of any website or service owned and operated by a third party before submitting any information to that third party or otherwise accessing/using the services provided by that third party.

 

Brightline and its service providers employ commercially reasonable methods to protect your information.  Those commercially reasonable methods include technical, physical, and administrative security measures designed to reduce the risk of loss, misuse, unauthorized access, disclosure, modification, and destruction of your information.

 

For example, your personally identifiable information is stored behind secured networks and is accessible only by a limited number of persons who have special access rights to such systems and are required to keep your information confidential.  In addition, the transmission of highly sensitive information, such as a credit card number, is encrypted via Secure Socket Layer (SSL) technology.

 

Our website and mobile application are also scanned on a regular basis for security vulnerabilities in order to make your use of the Service as safe as possible.

 

Please note, however, that although we have employed commercially reasonable methods to help safeguard your information, no system or network can be guaranteed to be 100% secure.

 

Please also note that you must be vigilant in protecting your password in order to maintain the security of your information.

 

Brightline may share information collected about you, with or without notice to you, in the following circumstances:

• When We Work Together - We may share information with affiliated companies for purposes of management and analysis, decision making, and other business purposes.
• When We Work with Administrative Service Providers - We may share your information with service providers that provide us with support services, such as website hosting, email address verification, email and postal delivery, product and service delivery, credit card processing, location mapping, analytics, and research.
• When We Work with Marketing Service Providers - We may share your information with marketing service providers for promotional purposes, including, without limitation, to assess, develop, and provide you with promotions and special offers that may be of interest, and to administer sweepstakes, contests, and other similar programs.
• When We Work on Business Transactions - We may share your information with entities or persons involved in certain business transactions, such as a merger or other situation involving the transfer of some or all of our business or assets.
• When Sharing Helps Us Protect Lawful Interests - We may share your information with governmental entities or other third-parties if we believe that the disclosure is (1) permitted or required by law, (2) necessary to enforce our Terms of Service or any other agreement or policy applicable to the Service, or (3) necessary to protect the rights, property, life, health, security, or safety of any entity or person, including our self, our service providers, our customers, and any third party.
• When You Give Consent - We may share your information with other companies and persons if you give us permission or direct us to do so.
• When You Post Information - We may share your information if posted on a blog, a chat room, or a social network like Facebook, Twitter, or Google+.
• When You are Photographed or Recorded on Our Property - We may share your image, voice, or likeness if photographed or recorded on our property.  You irrevocably consent to the uncompensated use of your image, voice, or likeness, for any commercial purpose, if photographed or recorded on our property. 
• When Your Information Does Not Directly Identify You - We may share your information in a way that does not directly identify you.  For example, we may share information about your use of our Service in a manner that does not identify you, and we may combine information about the nature or frequency of your transactions with similar information about other people and share the aggregated information for statistical analysis and other business purposes.