American Public Transportation Association Privacy Policy

APTA values your privacy. This privacy policy (Policy) describes the information we collect when you become a member of APTA and/or purchase goods/services from APTA and the American Public Transportation Foundation (APTF). This policy sets out how we use, disclose, and protect this information. This policy also tells you about rights and choices you may have with respect to your information, and how you can reach us to update your information or get answers to questions you may have about our privacy practices. Your access and use of our website indicates your consent to the terms of this policy and our Terms of Use.

Information We Collect and You Provide

To be an APTA member or purchase goods/services from APTA and the APTF we require you to provide us with certain information, including: (1) your name, location, and your contact information (such as your e-mail address, phone number, billing and physical address); and (2) payment information (such as your credit or debit card number, bank account routing number, and billing and shipping address). If you communicate with us by, for example, e-mail, telephone, online form, any information voluntarily provided in such communication may be collected. Note, when you become a member of APTA or purchase goods/services from APTA and the APTF our payment processor directly collects and processes the payment information that you provide, as necessary to complete your membership/purchase.

Company Information

 In order to be an APTA member or purchase good/services from APTA and the APTF we may ask you to provide information about your company, which includes, but is not limited to: company name, company address, billing and payment information, location, team size, budget, payment information (e.g. payment number and invoice details), and currency.

Account Administrators

In some cases, APTA members can assign several levels of administrative access to their personnel that use our APTA website. You should be aware that certain user roles include heightened privileges with an account on our website and may be able to access, view, and edit your information, as needed to perform their functions. For example, some users can enter information on behalf of their fellow team members, access, edit, or otherwise change information on the account. In addition, some users may have the ability to view information about team members without the ability to edit or change the information.

Information We Receive from Third Parties

In order to support your APTA membership or purchase of good/services, we may also collect information about you from credit card processors, sales, and housing bureau third party partners and combine it with other information we collect from you.

Automatically Collected Information

We automatically collect information when you become an APTA member or purchase goods/services from APTA and the APTF. We may also track user activity (e.g. pages visited and meeting attended) and use cookies and other tracking technologies. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and applications recognize a browser. Cookies help us track and target the interests of our members to enhance their experience with our association. We use IP address to derive your approximate location. We work with analytics providers such as Google Analytics, which use cookies and similar technologies to collect and analyze information about use of the website and report on activities, trends, and demographics. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout. For information about how to opt-out of certain use of cookies and other technologies, please see the Your Rights and Choices section below.

How We Use Information

We may use the information we collect for various purposes, including:

Providing & Improving Our Services

When you become an APTA member or purchase goods/services from APTA and the APTF we use the information you provide to create and maintain your account. The information we collect also helps us improve, enhance, personalize, and promote our association.

Communications

We will communicate with you if you’ve provided us the means to do so. For example, if you’ve provided your phone number, we may call you to discuss association activities/events, to the extent permitted under applicable law. If you’ve given us your email address, we may send you promotional email offers or email you about APTA and the APTF events, to the extent permitted under applicable law. If you do not want to receive promotional emails from us, please indicate your preference by opting-out via the links provided in the emails. Note, that if you opt-out of receiving our promotional emails, you may still receive transactional emails from us.

Legal

We reserve the right to access, use, preserve, transfer, or disclose, at any time without notice to you, any information as reasonably necessary to: (1) comply with any applicable law, regulation, subpoena, or legal process, or respond to any governmental requests or regulatory investigation and to cooperate with law enforcement, if we believe such action is required or permitted by law; (2) enforce this Policy or our Terms of Use, including investigating any potential violations; (3) protect the safety, integrity, rights, or security of our users, our Services or equipment, or any third party; or (4) detect, prevent, or otherwise address fraud, security, or technical issues related to APTA and the APTF.

Data Analyses

We may also perform data analyses (including anonymization of personal information).

Business Purposes

We may process personal information in connection with prospective service engagements, partnerships or vendor relationships.

Data Controller and Processor

Note that when we collect personal information provided by our members or when a good/service is purchased, we are a data controller and we collect personal information for very limited purposes. In addition, we often use third-party vendors to process personal information and we have contracts in place requiring those data processors to protect your personal information consistent with this policy.

How We Disclose Information

We may disclose the information we collect, including in the following ways:

Affiliates & Partners

We may share your information with other APTA members and other APTA affiliates and subsidiaries, on a limited basis as is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.

Service providers

We employ credit card processors, sales, and housing bureau service providers to perform tasks on our behalf when providing the services to our members. We do not authorize these service providers to use or disclose the data except as necessary to perform tasks on APTA’s behalf or comply with legal requirements. If you would like to review a list of the third-party services used to support APTA, please see our sub-processors list.

Analytics

In addition, our third-party analytics vendors may set and access their own cookies, pixel tags and similar technologies to collect or have access to information about you which they may collect over time and across different websites, to provide us with aggregate information.

Legal/Protection

We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply this Policy or our Terms of Use and other agreements; or protect the rights, property, or safety of APTA and the APTF, our employees, our users, or others.

Aggregate Data

We may de-identify your information and process and share it in an anonymous and aggregated form for purposes in addition to those described above. For example, we may share aggregate reports about business metrics.

Your Rights and Choices

You may update your preferences, ask us to remove your information from our mailing lists, delete your membership account, submit a request to exercise your rights available under applicable law, or express your concern about the use of your information at any time. To do so, please contact us via the email address or phone number provided below in the Contact Us section. Additionally, you may choose not to provide information to us. However, if you do not provide information when requested, you may not be able to benefit from APTA membership or purchases from APTA and the APTF as the information may be necessary to provide you with the services or we may be legally required to collect it in the context of the APTA membership. Please note that if you cease being an APTA member, we will terminate your access to all APTA member services and you may no longer have the ability to access or update your information.

Tracking

Many web browsers allow you to manage your preferences relating to cookies. You may be able to adjust your browser to manage cookies using your browser’s preferences, however, if you choose to block cookies, doing so may impair the use of APTA services.

GDPR Rights for EU Individuals

Pursuant to the EU General Data Protection Regulations, we may obtain your opt-in consent at the time of collection for the processing of certain information for direct marketing purposes or to use cookies and similar tracking technologies. If we rely on consent for the processing of your information, you may have the right to withdraw your consent at any time and, when you do so, this will not affect the lawfulness of the processing before your consent withdrawal. Under certain jurisdictions, you may have the right to request access to and receive information about the information we maintain about you, to update and correct inaccuracies in your information, to restrict or to object to the processing of your information, have the information deleted, or to exercise your right to data portability, as appropriate.

Those rights may be limited in some circumstances by local law requirements. In addition to the above-mentioned rights, you have the right to lodge a complaint with a competent EU supervisory authority subject to applicable law. Please refer to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm if you would like to locate the appropriate Data Protect Authority.

Security

We are committed to protecting your information. We seek to use reasonable organizational, technical, and administrative measures to protect information within our organization. We also take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it or when you request their deletion. Unfortunately, no data transmission or storage system can be guaranteed to be 100 percent secure. Your password protects your user account, so you should use a unique and strong password, limit access to your computer and browser, and log out after having used our website. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact Us section below.

Please note requests to delete or remove your information do not necessarily ensure complete or comprehensive removal of the content or information posted and removed information may persist in backup copies indefinitely. Please note that if you choose to delete your information or opt-out of the collection and use of your information, you understand that certain features, including but not limited to access to the Services, may no longer be available to you.

We may store the information we collect about you indefinitely, but information generally will be retained only for as long as necessary to fulfill the purposes for which the information was collected, or as other required by law. Following termination or deactivation of an APTA membership, APTA may retain your information and content for backup, archival, and audit purposes.

Children

APTA membership and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

Updates to this Policy

From time to time we may, in our discretion, make changes to this Policy. The “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised. If we make material changes, we may notify you by sending you an email or other communication. We encourage you to read this Privacy Policy periodically to stay up-to-date about our privacy practices. Your continued membership in APTA or the purchases of goods/services from APTA and the APTF after we have updated this Policy constitutes your acceptance of the changes.

Contact Us

 If you have questions about this Policy please contact us:

American Public Transportation Association
1300 I Street NW, Suite 1200
Washington, D.C. 20005
202.496-4800
memberservices@apta.com

APTA Data Privacy Framework Policy for EU & Swiss Personal Data Transferred to the U.S.

APTA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. APTA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. APTA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

APTA is subject to the jurisdiction and enforcement authority of the US Federal Trade Commission in relation to the EU, UK, and Swiss data we handle under the DPF Program.

How We Obtain Personal Information

We obtain and process Personal Information in different capacities.

As a data controller, we collect and process EEA,UK, and Swiss Personal Information directly from individuals, either via our publicly available websites, including www.apta.com, or in connection with our customer, partner, and vendor relationships.

We commit to be subject to the Principles received from the EEA, the UK, and Switzerland in reliance on the Frameworks.

Personal Information Received from the European Economic Area, the United Kingdom, and Switzerland

We may receive from the EEA, the UK, and Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the DPF Principles.

Access

Pursuant to the DPF Principles EEA, UK, and Swiss individuals have the right to access their personally identifying data that is transferred to the United States.  Said individuals have the right to update, amend and/or correct inaccurate, or incomplete information, and to delete information that has been handled in violation of the DPF Principles. Individuals wishing to exercise this right may do so by contacting memberservices@apta.com.

Data Integrity and Purpose Limitation

We may use the Personal Information we receive from the EEA, the UK, and Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Information we process is relevant and reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks.

Onward Transfers

Our Privacy Policy describes the types of third parties that we may disclose your Personal information to, and the purposes of such disclosures. If we disclose your Personal Information to a third party acting as a data processor, we will comply with, and protect the Personal Information as provided in, the Accountability for Onward Transfer Principle. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice

You may choose to change your Personal Information or cancel your APTA membership by contacting us using the contact details below. You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message. If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or our Privacy Policy, or if we intend to disclose it to a third party acting as a data processor not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.

Recourse and Enforcement

In compliance with the DPF Principles, APTA commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States. European Union, UK, and/or Swiss individuals with DPF inquiries or complaints should first contact APTA by referring to the contact information at the end of this policy.

APTA has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Contact Us

If you have questions, concerns, or complaints about this Data Privacy Framework Program Policy or our privacy practices, please contact us.

American Public Transportation Association
1300 I Street NW, Suite 1200
Washington, D.C. 20005
202.496-4800
memberservices@apta.com