Privacy Policy

At Brightline Trains Florida LLC (“Brightline”), your privacy is important to us. This Privacy Policy describes how Brightline and the service providers acting on its behalf collect, use, share, and protect the information received when you access and use gobrightline.com and its respective subdomains, the Brightline App and related mobile services, and certain in-station and onboard wireless services (collectively, the “Service”).

Brightline’s privacy practice are consistent with U.S. law, Canada’s Personal Information Protection and Electronic Documents Act, and other applicable law, including the European Union’s General Data Protection Regulation (“GDPR”), which governs the collection, storage, use, and transfer of personal information for European Union residents.

Brightline acts as both a controller and processor of your personal information, within the meaning of the GDPR. The legal bases for our processing of your personal information are your general and express consent as detailed herein and our pursuit of legitimate business interests.

If you have questions about this Privacy Policy or the protection of your information, please contact our Privacy Officer using the contact information provided below.

We may update or otherwise modify this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice through the Service. Please review our Privacy Policy periodically to ensure you are aware of any changes that have been made. Your continued use of the Service after any such changes are made constitutes an agreement to be bound by such changes.

Brightline and its service providers collect information when you access and use the Service. That information falls into three categories: (1) information you give us; (2) Brightline and its service providers collect information when you access and use the Service. That information falls into three categories: (1) information you give us; (2) information we collect from you automatically; and (3) information we collect from other sources.

Information you give us

We collect the information you give us when you access and use our Service. For example, we collect information from you when you create a Brightline Account; subscribe to Brightline Updates or our emails, text messages, mobile messages, or social media notifications; allow us to access your location; participate in a program, sweepstakes, contest, promotion, survey, or poll; communicate with us via third social media sites; shop our Service; transfer Brightline credits or one-way rides; request guest support; apply for a job; or otherwise communicate with us through the Service. We may also collect information you give us in other ways.

The types of information you give us may include personally identifiable information. That means information that can be used to identify you, whether alone or in combination, such as your first name and last name, email address, zip code, date of birth, gender, phone number, credit card information, social media account information driver’s license or passport information, photograph, license plate number, travel and purchase preferences, location, and other identifiable information. It may also include sensitive information, such as information relating to disabilities- for instance, if you ride in a wheelchair, are deaf or hard of hearing, or are blind or have low vision.

Information we collect automatically

We also collect certain information about you automatically when you access or our Service. This information may include, without limitation:

• Device and Location Information – We may collect information about your computer, tablet, smart phone, or other network connected hardware through which you use the Service, such as type, model, versions IP address, IMEI number, MAC address, Mobile RFID, other unique device identifiers, operating system characteristics, device or session ID, errors-related data status, capability, confirmation, functionally, performance data, and connection type. This information may also include GPS or other location data needed to verify your location and/or facilitate/ enhance the Service.
• Usage Information – We may collect information about your use of the Service, such as browser type, access times, pages viewed, and the referring link through which you accessed our Service. This information may also include clickstream data, which is information about the page-by-page paths you take as you browse through the Service.
• Purchase Information – We may collect information about your purchases and other transactions using the Service.

This information is gathered during the sign-in process and through other tools and methods, such as cookies, web beacons, embedded scripts, entity tags, HTML5 local storage, in-app tracking protocols, and location-identifying technologies.

• Cookies – Cookies are small data files that are sent from a website’s server and stored on your device’s hard drive or other data storage mechanism either for the duration of your visit or a longer period of time. These cookies may be used for many purposes, including, without limitation, tracking user preferences or web pages visited while using our Service. Most web browsers are set to accept cookies by default, but, if you prefer, you may be able to set your browser to reject or block cookies, as discussed further below. If you choose to reject or block cookies, it could affect our ability to respect certain advertising preferences that are dependent on cookies, and it could also affect the availability and functionality of our Services.
• Web Beacons – Web beacons are small, transparent images that are embedded in web pages, applications, and emails. They are sometimes referred to as “tracking pixels,” “clear gifs,” “single pixel gifs,” “internet tags,” “page tags,” or “web bugs.” We may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to our Service, to monitor how users navigate the Service, and to count how many emails that we sent were actually opened or how many particular posts or links were actually viewed or acted upon.
• Embedded Scripts – Embedded scripts are code snippets within websites and applications that are designed to collect information about your interactions with Service. These scripts facilitate operations by, among other things, monitoring usage of online components. The scripts are temporarily downloaded onto your device and are active only while you are connected to the Service. They are either deleted or deactivated thereafter.
• Entity Tags – Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or” cached” within your browser. The tags validate these “caches” when a website is opened, accelerating website performance if the content of a particular webpage has not changed.
• HTML5 Local Storage – HTML5 local storage allows data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the website is revisited.
• In-App Tracking Protocols – Mobile applications also often employ other tracking technologies such as device identifiers and “Ad IDs” to associate app user activity to a particular app.
• Location-Identifying Technologies – These technologies include GPS software and other means of locating you, in order to verify your location and deliver relevant content to you based on your location.

These technologies and others like them are used for following purposes:

• Services and Functionality – Some of these technologies are required to allow you to access and use the Service. Without these technologies, parts of the Service would not work properly, and you would be unable to fully use the Service.
• Usage and Performance Monitoring – Some of these technologies help us track and analyze the volume of use and performance of the Service. They show us how visitors and costumers interact with the Service, whether there are any errors in webpages, applications, and other functionality is accessed and used, and how they are performing or operating. When these technologies are used for performance monitoring, no information that identifies you is collected.
• User Convivence – Some of these technologies enhance the ease of use of our website and mobile applications, as well as the services and functionality they make available. They do this by, among other things, accelerating load and refresh times and remembering information that you have provided previously.
• Marketing – Some of these technologies are used to tailor your experience using the Service by controlling the promotions, advertisements, and other marketing messages that may appear when you access or use the Service. These technologies also help us learn which services and functionality you are using and how you are accessing information about us. We may use this information to personalize your visit to a website or use of a mobile application or to send you relevant promotion, advertisements, and marketing messages.

Information we collect from other sources

We may also collect information about you from publicly available sources. For example, we may collect information about you from other companies and organizations, and we may collect information you submit to a blog, chat room, or a social network such as Facebook, Twitter, or Google+. In fact, certain parts of the Service have been specifically designed to permit interactions that you initiate between the Service and third-party website or services, including third-party social networks. These features include technologies such as “plug-ins” and “widgets.” Which create links between two websites and enable a particular website to offer another company’s services. In our case, these technologies enable you to, among other things, “share” content relating to our Service on third-party websites, services, and networks. If you choose to use these features, information you post or provide access to may be publicly displayed on our Service or on the third-party websites, services, and networks. Similarly, if you post information on a third-party platform that references our Service – for example, by using a hashtag associated with us in a tweet or status update – your post may be published on our Service in accordance with the terms of use of the third-party platform. In addition, both we and third-party which maintains the website, service, or network may have access to certain information about you and your use of our Service and the third-party platform. We may also receive information about you if another user of a third-party platform gibes us access to his profile and you are one of his “connections,” or information about you is otherwise accessible through web profile or other similar pages relating to your “connections.”

The information obtained from publicly available sources enables us to correct inaccurate information, enhance the security of your transactions, and give you a product recommendations and special offers that are more likely of interest.

Combination of information

We may combine or associate the information you give us with the information we collect from you automatically and the information we collect from other sources. If we combine or associate any personally identifiable information you five us with information, we collect from you automatically or information we collect from other sources, we will treat the combined or associated information as personally identifiable information for all applicable purposes.

Brightline may share information collected about you, with or without notice to you, in the following circumstances:

• When We Work Together - We may share information with affiliated companies for purposes of management and analysis, decision making, and other business purposes.
• When We Work with Administrative Service Providers - We may share your information with service providers that provide us with support services, such as website hosting, email address verification, email and postal delivery, product and service delivery, credit card processing, location mapping, analytics, and research.
• When We Work with Marketing Service Providers - We may share your information with marketing service providers for promotional purposes, including, without limitation, to assess, develop, and provide you with promotions and special offers that may be of interest, and to administer sweepstakes, contests, and other similar programs.
• When We Work on Business Transactions - We may share your information with entities or persons involved in certain business transactions, such as a merger or other situation involving the transfer of some or all of our business or assets.
• When Sharing Helps Us Protect Lawful Interests - We may share your information with governmental entities or other third-parties if we believe that the disclosure is (1) permitted or required by law, (2) necessary to enforce our Terms of Service or any other agreement or policy applicable to the Service, or (3) necessary to protect the rights, property, life, health, security, or safety of any entity or person, including our self, our service providers, our customers, and any third party.
• When You Give Consent - We may share your information with other companies and persons if you give us permission or direct us to do so.
• When You Post Information - We may share your information if posted on a blog, a chat room, or a social network like Facebook, Twitter, or Google+.
• When You are Photographed or Recorded on Our Property - We may share your image, voice, or likeness if photographed or recorded on our property.  You irrevocably consent to the uncompensated use of your image, voice, or likeness, for any commercial purpose, if photographed or recorded on our property. 
• When Your Information Does Not Directly Identify You - We may share your information in a way that does not directly identify you.  For example, we may share information about your use of our Service in a manner that does not identify you, and we may combine information about the nature or frequency of your transactions with similar information about other people and share the aggregated information for statistical analysis and other business purposes.

Brightline and its service providers employ commercially reasonable methods to protect your information.  Those commercially reasonable methods include technical, physical, and administrative security measures designed to reduce the risk of loss, misuse, unauthorized access, disclosure, modification, and destruction of your information.

For example, your personally identifiable information is stored behind secured networks and is accessible only by a limited number of persons who have special access rights to such systems and are required to keep your information confidential.  In addition, the transmission of highly sensitive information, such as a credit card number, is encrypted via Secure Socket Layer (SSL) technology.

Our website and mobile application are also scanned on a regular basis for security vulnerabilities in order to make your use of the Service as safe as possible.

Please note, however, that although we have employed commercially reasonable methods to help safeguard your information, no system or network can be guaranteed to be 100% secure.

Please also note that you must be vigilant in protecting your password in order to maintain the security of your information.

Brightline and its service providers collect information in a fair and non-intrusive manner, as set forth above.  They also recognize the need for appropriate management and protections of the information you provide.

Brightline has adopted and implemented this Privacy Policy in order to assist you in understanding the types of information Brightline and its service providers collect, how that information may be used, and how that information may be shared with others.  By signing up for a Brightline Account and/or accessing and using the Service, you expressly agree that Brightline and its service providers may collect, use, and share your information in accordance with this Privacy Policy or as permitted or required by law.  You also expressly agree that your information may be collected, transferred, stored, or disclosed both within and outside the U.S., including but not limited to Canada, the European Union, and Switzerland.  Some of these jurisdictions may have laws that provide less protection to your information than you receive under the laws in our own jurisdiction.  The U.S., for instance, has not received a decision from the European Commission determining that it provides adequate protection to personally identifiable information.  Canada, by contrast, has received such a decision.  Brightline and its service providers will take reasonable steps to ensure that any transfer or disclosure of personal information to or within any jurisdiction complies with applicable law and receives the level of protection required by those jurisdictions.  You can obtain additional details regarding those safeguards by contacting our Privacy Officer as set forth below.

If Brightline or its service providers are required or wish to provide notice of unauthorized access to their data security systems or unauthorized access to or processing of your information, you expressly agree that Brightline and/or its service providers may do so by posting a notice on gobrightline.com, by sending an “in-app message,” or by sending an email to any email address in your account profile.

If you do not consent to Brightline’s collection, use, or sharing of your information as provided in this Privacy Policy, you should not sign up for a Brightline Account or Brightline Updates, and you should not access or use the Service.

If you wish to withdraw your consent to Brightline’s collection, use, or sharing of your information as provided in this Privacy Policy, you have the right to do so at any time.  If you wish to exercise that right, please contact our Privacy Officer as set forth below.

Managing your information

At the time you sign up for a Brightline Account or Brightline Updates, you must submit certain information to us, including personal information.  You are responsible for providing accurate information to us, and you are also responsible for maintaining the accuracy of that information.  You can access, review, correct, update, and remove information you have submitted to us by signing into your account through the Service.  We will make good faith efforts to reflect your changes in our then-active databases as soon as reasonably practicable.  Please note that it is not always possible to completely remove or delete all information from our databases.  Residual data may remain on backup media or for other reasons.  We may also retain information you submit to us as business records, for administrative purposes.

With respect to our mobile and other applications, you can prospectively stop the collection of information by uninstalling the applications. 

Promotional and operational communications

If you have signed up for the receipt of promotional emails, you can opt out of receiving such emails at any time by following the “unsubscribe” instructions in the promotional emails we send you.  Please note that even if you opt out of receiving promotional emails, we may continue to send you non-promotional emails and other types of communications, as permitted by law.  For example, we may send emails that contain service-related announcements that affect your account, purchase confirmations and updates regarding rides you’ve booked, requests for feedback on our services and/or specific travel experiences, or responses to comments and feedback submitted to us. 

You must opt in to receive promotional text messages and may opt out at any time thereafter by following the instructions provided in the text messages.

Our mobile application may send you “in-app messages” or “push notifications” including alerts, sounds, and icon badges.  The “in-app messages” may be of a promotional nature or an operational nature.  These messages are part of the application’s functionality and cannot be turned off.  If you do not wish to receive these messages, you should not download or use our application.  You can opt out of receiving “push notifications” or alter the way the notifications are delivered by modifying your device and application settings.

Location information

You may be able to adjust your device settings so that information about your physical location is not sent to us or third parties by disabling location services, or by changing preferences and permissions within websites and mobile applications.  Please note that several device settings and functions may be used to derive your physical location, including Wi-Fi, Bluetooth, and others.  See your device settings and functions for more information.

Please also note that if you choose to disable location services or choose preferences or permissions pertaining to location tracking, it could affect the availability and functionality of certain aspects of our Service.

Cookies, web beacons, and similar technologies 

You may be able to reject or block cookies, web beacons, entity tags, and HTML5 local storage by adjusting the appropriate settings in your browser software.  Each browser is different, but many common browsers such as Internet Explorer, Chrome, Firefox, and Safari have preferences or options that may be adjusted to allow you to reject or block cookies and certain other technologies before they are received or installed.  Some browsers also allow you to reject the installation or use of certain technologies altogether.  For more information, open your browser and access the Help menu.  You may have to repeat this process for each browser that you use.

Please note that if you choose to reject or block cookies, it could affect our ability to respect certain advertising preferences that are dependent on cookies, and it could also affect the availability and functionality of our Service.

Interest-based ads

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which maintain websites where people can opt out of interest-based advertising from their members.  To opt-out of such advertising, visit www.AboutAds.info and www.networkadvertising.org.

We are not responsible for the effectiveness of, or compliance with, those opt-out programs.

You should also be aware that, even if you are able to opt out of interest-based advertising, you will continue to receive generic advertisements.

“Do Not Track” Technology 

Some newer web browsers have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit.  This header indicates that you do not want your activity to be tracked.  Like many websites and online services, our Service currently does not respond to browser “Do Not Track” signals.

Our Service may contain hyperlinks to other websites or services which we do not control, as they are owned and operated by third parties.  We provide these links as a convenience and make no representations regarding the policies or business practices of such third parties.  We also work with third parties to deliver advertisements on other websites and platforms.

This Privacy Policy does not apply to any website or service which is owned and operated by third parties; nor are we responsible for the policies or business practices of such third parties.  We encourage you to review the privacy policy of any website or service owned and operated by a third party before submitting any information to that third party or otherwise accessing/using the services provided by that third party.

Brightline does not intend for its Service to be used by children under the age of 13.  If you are a child under the age of 13, you are not permitted to have a Brightline Account, and you should not send any information about yourself to us through the Service.  You are also not permitted to ride with us without being accompanied by an adult 18 years of age or older.

If you are a parent or guardian of a child under the age of 13 and you believe we may have collected information about him/her, please contact our Privacy Officer as set forth below.

This portion of the Privacy Policy applies to California consumers only.  It does not apply to information collected through business-to-business interactions.

Personal Information Collected on California Consumers, Sources of Collection, and Business Purposes for Collection for the Last Twelve Months

As described in the section titled "Information We Collect” above, Brightline collects the information you give us when you access and use our Service.  The personal information obtained regarding California residents includes identifiers such as first and last name, email address, zip code, date of birth, gender, phone number, credit card information, social media account information, driver’s license or passport information, photograph, license plate number, travel and purchase preferences, location, and information relating to disabilities.  It also includes the following categories of personal information described in California Civil Code § 1798.80(e): (1) the personal information listed as “identifiers,” (2) the other information that identifies, relates to, describes, or is capable of being associated with, a particular individual that we describe in the section titled “Information We Collect” above.

Business Purposes for Collecting Personal Information for the Last 12 Months

Brightline may have used, or disclosed information collected regarding California residents for various business purposes, including to: 

• Process requests to create Brightline Accounts, subscribe to Brightline Updates, or to receive marketing emails, including verification that email addresses or physical addresses are active and valid.
• Manage such account(s).
• Communicate with individuals about their account(s), as well as products, services, programs, promotions, offers, sweepstakes, contests, rewards, surveys, and transactions.
• Provide access to facilities.
• Verify age.
• Process purchases, payments, changes, cancellations, and refunds.
• Detect, investigate, and prevent security breaches or fraudulent transactions.
• Respond to customer service inquiries and other questions, requests, or comments.
• Post comments or statements on our Service. 
• Facilitate, personalize, and improve experiences using the Service and overall travel experience. 
• Conduct research, analysis, and marketing activities.
• Monitor and analyze usage, activities, and trends.
• Maintain appropriate records for internal administrative purposes. 
• Send notices, updates, alerts, and other administrative or support messages; and
• Any other purpose, with consent or as permitted or required by applicable law

For more information, please see the sections titled “Use of Information” and “Sharing of Information” above.

No Sales of Personal information for the Last 12 Months

Brightline does not sell personal information and has not sold any personal information described herein within the past 12 months.

Your California Privacy Rights

If you are a California resident, you have the following rights for purposes of the personal information covered by this Privacy Policy.

Right to Access and Right to Know About Personal Information Collected, Disclosed, or Sold.

You have the right to request that we disclose the following to you:

• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting or selling personal information;
• The categories of third parties with whom we share personal information;
• The specific pieces of information we have collected about you.
• The categories of personal information about you that we have sold, if any, by category or categories of personal information for each third party to which we sold the personal information; and
• The categories of personal information about you that we disclosed for a business purpose.

Right to Deletion of Personal Information.

You have the right to request deletion of your personal information we collected from you.

Right to Opt-Out.

You have the right to opt out of the disclosure of personal information we collected from you. 

Right to Non-Discrimination for Exercise of a California Privacy Rights.

We may not discriminate against you because of your exercise of any of the foregoing rights, or any other rights under the California Consumer Privacy Act, including by:

• Denying you goods or services;
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Providing you a different level or quality of goods or services; or
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided by your personal information.

How to Exercise Your California Rights?

You may exercise the rights set forth above by clicking on the Make Privacy Request link located under “Privacy Request” below, or by emailing us at PrivacyOfficer@GoBrightline.com. We may take steps to verify your identity before responding to your request.  Please allow up to 60 days for a response to your verified request.

Brightline customers who are Nevada residents have the right under Nevada law to direct us not to make any “sale” of any “covered information” that we have collected, or that we may collect in the future, from or about you.  The term “sale” is limited to our exchanging your information for money to anyone who intends to license or sell that information to other people.  It does not include our disclosing your information to anyone who works with us to process your information, or to any of our affiliates.  “Covered information” may include personally identifiable information in the form of your first and last name, home or other physical address, email address or telephone number, and any other information that we have collected or may collect from you in combination with any of the other identifiers listed above that are unique to you and would identify you.

To exercise this right, click on the Make Privacy Request link located under “Privacy Request” below, or email us at PrivacyOfficer@GoBrightline.com.  We may take steps to verify your identity before responding to your request.  Please allow up to 60 days for a response to your verified request.

Canada’s federal privacy legislation, the Personal Information Protection and Electronic Documents Act, incorporates ten (10) “Fair Information Principles” regarding your personally identifiable information.  We adhere to those Fair Information Principles for information collected in and/or transferred from Canada. The principles are as follows:

Principle 1 - Accountability.  
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the fair information principles.

Principle 2 - Identifying Purposes.

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

Principle 3 - Consent.
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.

Principle 4 - Limiting Collection.

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

Principle 5 - Limiting Use, Disclosure and Retention.

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.

Principle 6 - Accuracy.

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

Principle 7 - Security Safeguards.

Personal information shall be protected by security safeguards appropriate to the sensitivity of the Personal Information.

Principle 8 - Openness Concerning Policies and Practices.

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Principle 9 - Individual Access to Personal Information.

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 - Challenging Compliance.

An individual shall be able to address a challenge concerning compliance with the fair information principles to the designated individual or individuals accountable for the organization’s compliance.

Please note that if you choose to delete your Brightline account and data from our database, that means saying goodbye to your account information, including past and future purchases, memberships, travel packs, credits, future loyal rewards, and more.  You will be forfeiting any pre-purchased travel, credits, and rewards, that you may have.

Please also note that we cannot delete and will retain any personal information which we are required to maintain under applicable federal, state, and local law, such as train manifest information and incident reports.

When you make a privacy-related request, we may take steps to verify your identity before responding to your request.  In order to verify your identity with respect to the non-sensitive data that is subject to this notice, we may ask you to confirm your email address and/or account information, and we may ask questions about the scope of your interaction with us and our service providers.  We reserve the right to take additional steps to verify your identity using other information we have about you.  If you wish to designate an authorized agent to make a request on your behalf, you may make such a designation by providing the agent with written permission to act on your behalf.  We may take steps to verify your own identity in response to a request even if you choose to use an agent, as permitted by law.

If you have questions, comments, concerns, or complaints about Brightline’s privacy practices, please contact our Privacy Officer at:

Brightline Privacy Officer

350 NW 1st Ave., Suite 200
Miami, FL 33128

Email: PrivacyOfficer@GoBrightline.com

Our Privacy Officer will endeavor to respond to all questions, comments, and concerns as soon as reasonably practicable.  The Privacy Officer will also endeavor to investigate and attempt to resolve any complaints within 60 days.

If you are an E.U. resident, you have the right under the GDPR to lodge a complaint with your local supervisory authority for data protection.