Last updated April 24, 2013
The following definitions apply:
Personally Identifiable Information (PII): PII identifies or describes a person or can be directly linked to a specific individual. Examples of PII include but are not limited to, a person's name, mailing address, business name, alternate contact information (if given), e-mail address, fax numbers, Clipper® card serial number, telephone number, e-mail address, credit card number, security code and expiration date.
Aggregate Data or Aggregate Information: Aggregate Data or Aggregate Information is statistical information that is derived from collective data that relates to a group or category of persons from which PII has been removed. Aggregate Data reflects the characteristics of a large group of anonymous people. MTC may use Aggregate Data and provide Aggregate Data to others to generate statistical reports for the purpose of managing the Clipper® program operations.
Collection of Personally Identifiable Information
A Clipper® card may either be registered or unregistered. MTC, through its Clipper® Customer Service Center (CSC), collects personal information in order to register Clipper® cards with the Clipper FPS. Examples of personal information include a Clipper® cardholder's name, address, telephone number, email address, credit card number and expiration date, or other information that personally identifies a Clipper® cardholder. MTC obtains this personal information from applications and other forms submitted by Clipper® cardholders to the Clipper® Customer Service Center by telephone, mail, facsimile transmission or by electronic submission through the Clipper® website. Data developed as a byproduct of the use of the Clipper® FPS (e.g., a registered user's travel routes and times traveled) is also considered personal information if a card is registered.
How MTC uses Personally Identifiable Information
Third Parties with Whom MTC May Share Personally Identifiable Information
MTC may share PII with the Alameda-Contra Costa Transit District (AC Transit), the Golden Gate Bridge, Highway and Transportation District (Golden Gate Transit), the Peninsula Corridor Joint Powers Board (Caltrain), the San Francisco Bay Area Rapid Transit District (BART), the San Francisco Municipal Transportation Agency (Muni), the San Mateo County Transit District (SamTrans), the Santa Clara Valley Transportation Authority (VTA), and the Water Emergency Transit Agency (WETA) (collectively referred to herein as Clipper® Participating Transit Agencies) for the purpose of operating and managing the Clipper® FPS. In addition, MTC and the Clipper® Participating Transit Agencies may disclose personal information to third-party service providers for the purpose of operating and maintaining the Clipper® FPS, such as managing patron accounts and revenue collection. These contractors are provided only with the PII they need to deliver the service. MTC requires its service providers to maintain the confidentiality of the information and to use it only as necessary to carry out their duties under the Clipper® Program.
The CSC Contractor may share PII with the California Department of Justice and the Better Business Bureau when necessary to respond to consumer complaints.
Besides these entities, PII will not be disclosed to any other third party without express customer consent, except as required to comply with laws or legal processes served on MTC or the CSC Contractor.
Retention of Personally Identifiable Information
MTC, through the CSC Contractor, shall only store the PII of a Clipper® customer that is necessary to perform account functions such as billing, account settlement, or enforcement activities. All PII shall be discarded no later than four years and six months after the account is closed or terminated.
Security of Clipper® Personally Identifiable Information
MTC is committed to the security of customer PII. MTC, together with its CSC Contractor, stores the PII provided by Clipper® customers on computer servers that are located in secure, controlled facilities. Servers are designed with software, hardware and physical security measures in place to prevent unauthorized access.
Access to PII is controlled through the following administrative, technical, and physical security measures. By contract, third parties with whom MTC shares PII are also required to implement adequate security measures to maintain the confidentiality of such information.
- Access to PII is limited only to certain operations and technical employees for limited, approved purposes based on their specific work responsibilities.
- Privacy and security training is required for employees with access to PII, upon hire. In addition, regular periodic refresher training is required for those employees.
- Clipper® network perimeters are protected with firewalls.
- Electronic storage of PII is encrypted.
- Electronic connections to and from the Clipper® website are encrypted.
- Vulnerability and penetration tests are conducted on the Clipper® system.
- Employees' use of Clipper® customer databases is monitored.
- Physical access to MTC and CSC Contractor servers is restricted to authorized technical personnel.
- Data center access to approved technical personnel is restricted via passcode authentication, and other security protocols.
In addition to MTC's policies and procedures implementing PII security, the Clipper® customer must also do such things as safeguard passwords, PINs, and other authentication information that may be used to access a Clipper® account. Clipper® customers should not disclose authentication information to any third party and should notify MTC of any unauthorized use of their passwords. MTC cannot secure PII that is released by Clipper® customers or PII that customers request MTC to release. In addition, there is a risk that unauthorized third parties may engage in illegal activity by such things as hacking into MTC's security system or the CSC Contractor's security system or by intercepting transmissions of personal information over the Internet. MTC is not responsible for any data obtained in an unauthorized manner, and MTC is the only entity that may authorize obtaining data from the Clipper® FPS.
Please note that the CSC Contractor will never ask Clipper® customers to provide or confirm any information in connection with Clipper® such as credit card numbers, Clipper® card serial numbers, or other PII, unless the customer is logged into the secure Clipper® customer website. If a customer ever has any doubt about the authenticity of an e-mail regarding Clipper® , the customer should open a new web browser, type in , log into the customer's Clipper® account, and then perform the requested activity.
Account access and controls
Creating an account with Clipper® is in the customer's discretion. The required account information consists of PII such as name, business name, mailing address(es), e-mail address, telephone number, fax number, signature, and credit card number, expiration date and security code. MTC may request other optional information, such as alternate contact information, but, in such instances, clearly indicates that such information is optional.
Customers can review and update personal account information at any time. Customers are also able to modify, add, or delete any optional account information by signing into their Clipper® account and editing the account profile. PII can also be reviewed and edited online as discussed below under "Updating Personally Identifiable Information." Clipper® customers can close their account at any time by submitting a completed Clipper® Card Refund Request form (available at ). All account information will be deleted no later than four years and six months after the account is closed or terminated.
MTC may also combine the PII provided by Clipper® customers in a non-identifiable format with other information to create Aggregate Data that may be disclosed to third parties. Aggregate Data is used by MTC to improve the Clipper® program and for the marketing of Clipper®. Aggregate Data does not contain any information that could be used to contact or identify individual Clipper® customers or their accounts. For example, MTC may inform third parties regarding the number of Clipper® accounts within a particular zip code. MTC requires third parties with whom Aggregate Data is shared to agree that they will not attempt to make information personally identifiable, such as by combining it with other databases.
The Clipper® website (www.clippercard.com) stores "cookies" on the computer systems of users of the website. Cookies are small data elements that a website can store on a user's system.
The cookies used by the Clipper® web site facilitate customer's use of the web site (e.g. remember login names and passwords until the session has ended). The Clipper® web site does not require that users of the website accept these cookies. Also, the Clipper® web site does not store "third party" cookies on the computer systems of users of the website.
MTC does not knowingly engage in business with any company or vendor that uses Spyware or Malware. MTC does not market detailed information collected from web sessions that can be directly tied to personal information. Further, MTC does not provide Clipper® customers with downloadable software that collects or utilizes any PII.
Third-Party Websites and Applications
The Clipper® website may contain links to third-party websites operated by entities that are affiliated with Clipper®. These web links may be referenced within content, or placed beside the names or logos of the other entities. MTC does not disclose PII to these third-party websites.
WARNING: Once a patron enters external websites (whether through a service or content link), MTC is not responsible for the privacy practices of those other websites. Please review all privacy policies of external websites you may visit from links on the Clipper® website before using or providing any information to such other websites.
Updating Personally Identifiable Information
PII can be reviewed and edited online at . The Clipper® website uses functions that have the ability to collect and store self-reported data. These functions enable Clipper® customers to revise, update or review information that has been previously submitted by going back to the applicable function, logging-in and making the desired changes. In addition to this method, customers may update their PII by telephoning the Clipper® Customer Service Center at (877) 878-8883.
Complaints or problems regarding updating personal information should be submitted via the website. The Clipper® Customer Service Center will either resolve the issue or forward the complaint to an appropriate MTC staff member for a response or resolution. MTC strives to answer all queries within 48 business hours, but it may not always be feasible to do so.
If an adequate resolution is not received, please contact MTC's Privacy Officer at:
Metropolitan Transportation Commission
Attn: Privacy Officer
101 Eighth Street, Oakland, CA 94607
Or e-mail: privacy firstname.lastname@example.org
Or call: 510-817-5700
E-mails Sent to MTC
|October 19, 2012||Revisions to address third-party applications that access or make use of the Clipper® Website|
|April 24, 2013||Revisions to reduce retention period for personal account information from seven years to four years and six months after an account is closed or terminated.|