ORCA Privacy Statement

Last Modified May 14, 2012

Welcome to ORCA, which offers people the opportunity to use a single card to ride buses, trains and ferries
throughout the Puget Sound region.
The ORCA Privacy Statement explains how information is collected and treated by the Agencies when an individual
chooses to participate in the ORCA Program. This includes summarizing the type of data residing on an ORCA
Card, as well as the type of data that is stored centrally. You’ll learn the differences between a card that has been
registered so the value can be replaced if lost, an unregistered card, and a card that has been distributed to an
individual by an employer or other institution.

ORCA Privacy at a Glance
Before getting into the full ORCA Privacy Statement that is below, this section provides brief answers to a few of
the most frequent questions about ORCA data. You should refer to the full statement below for more in-depth
information.

What information can my employer access regarding my use of an employer-provided ORCA Card?
If your ORCA Card is given to you by an employer or other institution, that “Business Account” entity retains
ownership of the card and can obtain access to data about transactions involving the card. Transaction data includes
the date, time of day, fare and bus route, ferry or train station where a card was used. The ORCA system collects
this data specific to the card serial number.

What electronic information can be “read” from an ORCA card?
An ORCA Card’s microchip contains electronic information that does NOT include names but could include data
in such fields as the type of card, Business Account ID number (if issued to an employer or other institution), the
passenger type expiration date or date of birth (if present), fare products loaded onto the card including E-purse
value and passes, the history of the prior ten (10) trip transactions (time, date, route and fare when the card was
used) and the history of the prior five (5) revalue transactions (See Sec. 8.2). In order to keep the processing time
to several milliseconds when an ORCA Card is tapped, the information on the card is generally not encrypted.
However, date of birth or passenger type expiration date, if present, is encrypted.
The electronic information on the card can be read by ORCA reader devices. Anyone with physical possession of
a card, whether or not he or she is the rightful owner, can use the card until it is empty or blocked, as well as read
some of the electronic data at an ORCA service location. It is also possible that an ORCA Card’s unencrypted
data could be electronically “read” by a non-ORCA device if the card uses the same frequency and were to come
within the range of the reader device. However, the unencrypted data which is not in plain text would require
interpretation.

continued...
Page 1

 ORCA Privacy Statement
1.0 Application of this Privacy Statement
1.1 ORCA stands for One Regional Card for All. The ORCA Program allows you to use a single fare card when
taking the public transportation services provided by the participating Agencies.
1.2 This Privacy Statement explains how information is collected and treated by the Agencies when an individual
participates in the ORCA Program. With the exceptions noted below, this Privacy Statement applies to the products
and services provided by the Agencies under the ORCA Program, including but not limited to ORCA Cards, ORCA
Products, ORCA Websites, and ORCA Customer Services.
1.3 ORCA Websites and any ORCA Customer Services that require Personal Identifying Information (PII) are not
intended for minors. We will not accept or request information from individuals we know to be under 18.
1.4 This Privacy Statement does not apply to the following:
 

a. information, including PII, that you provide to a Retail Revalue Site. If you provide PII to a Retail Revalue
Site (e.g. your name and credit card number), such PII is not covered by this Statement. The Retail Revalue Site,
not the Agencies, is responsible for the collection, storage, transmittal, safekeeping and use of that information.

 

b. This Privacy Statement does not apply to information, including PII, that you provide to your employer,
school or other Business Account to which the Agencies sell Business Cards and ORCA Products. If you provide
PII to your employer, school or other Business Account in connection with obtaining a Business Card or ORCA
Product, such PII is not covered by this Statement. The Business Account, not the Agencies, is responsible for the
collection, storage, transmittal, safekeeping or use of that information.

2.0 Definitions
As used in this Privacy Statement, the following terms shall have the meanings indicated.
2.1 “Agency(ies)” means one or more of the following public transportation providers and the contractors and
subcontractors which these Agencies, individually or collectively, have retained for purposes related to the ORCA
Program.
 
 
 
 
 
 
 
 

Central Puget Sound Regional Transit Authority (“Sound Transit”);
City of Everett (“Everett Transit”);
King County (“King County Metro”);
Kitsap County Public Transportation Benefit Area (“Kitsap Transit”);
Pierce County Public Transportation Benefit Area (“Pierce Transit”);
Snohomish County Public Transportation Benefit Area (“Community Transit”); and
The State of Washington acting through the Washington State Department of Transportation,
Washington State Ferries Division (“WSF”)

For clarification, the term “Agency(ies)” does not include Business Accounts or Retail Revalue Sites.
2.2 “Autoload” is the Cardholder-authorized process for automatically loading ORCA Products on a registered
ORCA Card and making a corresponding charge against the Cardholder’s credit card to pay for the loaded product.
2.3 “Business Account” means an entity other than an individual customer, including but not limited to an employer,
educational institution or social service agency, that purchases Business Cards and products for distribution to its
employees, students or other program participants according to the terms of an agreement with one of the Agencies.
2.4 “Business Card” is a type of ORCA Card issued to a Business Account for distribution to individuals who are
eligible participants in the Business Account’s transportation program.
2.5 “Card Verification Number (CVN)” is the three-digit number printed on the card at manufacture, which is
required for security purposes to register an ORCA Card online and other card-not-present functions.
2.6 “ORCA” is the trademark acronym for One Regional Card for All.
Page 2

 ORCA Privacy Statement

2.7 “ORCA Card” is the smart card that can be presented for fare payment on train, bus and ferry services provided
by, and in accordance with the terms established by the Agencies. ORCA Card can mean cards issued to individuals
and Business Cards, unless the context indicates it means one or the other.
2.8 “ORCA Customer Services” are the facilities and services of one or more of the Agencies that exchange
information with customers regarding the ORCA Program and sell ORCA Cards and ORCA Products, including
customer service counters, telephone call-in centers, mail-in centers, business account support and ticket vending
machines.
2.9 “ORCA Product(s)” or “Product(s)” are any transit fare payment option offered for sale within the ORCA
Program including, but not limited to, monthly or period passes and E-purse.
2.10 “ORCA Program” means the equipment, systems, facilities, ORCA Cards, ORCA Products, ORCA
Websites, data, information, and any products and services related to the regional fare coordination and payment
program implemented by the Agencies using smart cards as the common media for fare payment on their public
transportation services.
2.11 “ORCA Websites” are the following public-facing Websites: www.orcacard.com and www.orcacard.biz.
2.12 “Personally Identifying Information” (PII) means the following information when collected by the Agencies
under the ORCA Program: a natural person’s name; and, if combined with said name, the address, telephone
number, e-mail address, date of birth, Regional Reduced Fare Permit-related information (as defined below), photo,
and check/debit card/credit card information.
2.13 “Retail Revalue Site” is a retail business or other entity that, under an agreement with an Agency, is equipped
with a device for customer purchase of ORCA products for loading on an ORCA Card.
2.14 “Regional Reduced Fare Permit (RRFP)” is a type of ORCA Card issued to individuals who are eligible for
reduced fares by one of the Agencies based on the individual’s disability or age (65 and older). A valid Medicare card
is proof of eligibility for an RRFP.

3.0 Customer Services Requiring Information
3.1 No information is required if you pay cash fares for your public transportation rides. Information may be
needed, however, if you choose to use services such as an ORCA Card or an ORCA Website. If you contact ORCA
Customer Services by mail, telephone, e-mail or in-person, that contact may be logged and the information you
provide may be collected by the ORCA Program. The type of information required will vary with the services
sought. If you decline to submit information for some services, the Agencies may be unable to provide you those
services. You may still use cash to purchase ORCA Cards or ORCA Products as described in Section 3.3.
3.2 Your PII is collected in the ORCA Program:
a. when you use a check, debit card or credit card to purchase an ORCA Card or ORCA Product or authorize
“Autoload” of ORCA Products to load on an ORCA Card;
b. when you establish your eligibility for Youth fare, the Regional Reduced Fare Permit for seniors and persons
with disabilities, and King County’s Access paratransit program;
c. when you purchase an ORCA Card or Product that requires proof of eligibility under a reduced fare program
(e.g. a youth fare, a Regional Reduced Fare Permit, a Kitsap Transit Low Income fare, or a King County Access
pass product);
d. when you register an ORCA Card to take advantage of the replacement card benefit or other registration
benefits;
e. when you surrender your registered card and request a refund of the remaining E-purse value;
f. when you request customer services such as an e-mail reply or phone call from an ORCA representative; and
g. when you use the functionality on password-protected areas of ORCA Websites.

Page 3

 ORCA Privacy Statement

3.3 You may obtain an ORCA Card and purchase ORCA Products without providing PII if you use cash (or money
order) and do not register your ORCA Card. You may also anonymously visit many pages on the ORCA Websites.
We ask for PII only to the extent needed to provide you with customer services. If you are uncomfortable providing
the requested information, or with the use of that information, you may simply decline to receive that level of service
or participate in that particular program. For example, to avoid purchasing an ORCA Product by credit card online,
you may simply pay cash at an ORCA Customer Services location.
3.4 ORCA Websites and any ORCA Customer Services that require PII are not intended for minors. We will not
accept or request PIl from individuals we know to be under 18.

4.0 Information Related to ORCA Card Issuance and Optional Registration
4.1 When an ORCA Card is first issued, issuance information is created both in the ORCA central system and in
the card’s electronic memory. This issuance information includes: the card’s serial number; the type of card; for a
Youth card, the qualifying date of birth to enable automatic conversion to Adult card upon the expiration of youth
status upon end of qualifying age; for an RRFP (Regional Reduced Fare Permit,) an expiration date for temporary
disabilities and any eligibility for a personal care attendant; for a senior RRFP card, the qualifying date of birth; for
an ORCA Business Card, the identifying number of the Business Account.
4.2 An ORCA Card that is also a Regional Reduced Fare Permit may have a photo, name or other PII printed on its
face. That type of information might also be on ORCA Cards that are used as identification badges distributed by
employers or other Business Accounts.
4.3 When you provide PII to establish your eligibility for reduced fare programs, certain PII is retained in the ORCA
Program to enable the Agencies to administer and monitor use of these reduced fare programs.
a. When eligibility for youth fares is established, the date of birth (or for Business Cards, the date that the
cardholder is no longer eligible for a youth fare) is retained in the ORCA Program.
b. When eligibility for a Regional Reduced Fare Permit is established, the following is retained in the ORCA
Program: First name, Last name, Middle initial (if applicable), Date of birth (for Senior and Youth only),
whether or not a personal care attendant is eligible, Address and Expiration date (if applicable).
c. When eligibility for King County’s Access paratransit program is established, the following information is
retained in the ORCA Program to enable loading Access Products on an ORCA Card: First name, Last name,
Middle name (if applicable), Date of birth, Address, Access ID and Access Eligibility Expiration date.
d. When eligibility for Kitsap Transit Low Income fare is established, the expiration date is retained in the
ORCA Program.
4.4 An individual is not required to register an ORCA Card with the Agencies unless the individual is requesting
an RRFP or purchasing a pass for use on King County’s Access paratransit service. If an individual chooses to
provide PII to the Agencies for purposes of registering an ORCA Card, such PII is held by the ORCA Program and
associated with the card serial number.

5.0 Information Related to the Purchase of ORCA Cards and ORCA Products
5.1 When you purchase an ORCA Card or an ORCA Product, the system collects varying amounts of information
depending on your method of payment. You will need to provide PII if your purchase is by check, credit card or
debit card (see Section 6 below). Regardless of how you pay, the system will collect the following information when
you purchase an ORCA Card or an ORCA Product.
a. date and time of the purchase;
b. the serial number of the ORCA Card and the number of the device used to load an ORCA Product if the
ORCA Card is presented at a Retail Revalue Site, an Agency customer service office or a ticket vending machine;
c. the serial number of the subject ORCA Card and the processing location information about the purchase if
the card is not presented for loading the ORCA Product at the time of purchase (e.g. online purchase; mail or
telephone order; or Autoload);
d. the amount/type of ORCA Product purchased; and
e. the amount paid and method of payment (e.g. cash, check, credit or debit card) and related-information as
listed in Section 6.
Page 4

 ORCA Privacy Statement

5.2 Information about the purchase of ORCA Cards and ORCA Products is associated with the card’s serial number.
If you have provided PII (e.g. to establish eligibility for a reduce fare program or to make a purchase using a check,
credit card or debit card), the PII that is retained can be associated with the card serial number.
5.3 The ORCA Card contains the current amount/type of ORCA Products available for use. It can also contain
certain information related to the last five (5) purchases of ORCA Products, including the date and time the product
was loaded on the card, the amount/type of ORCA Product loaded, the payment method and the payment amount.

6.0 Information Related to Purchases Using Credit Cards, Debit Cards and Checks
6.1 If you purchase an ORCA Card or ORCA Product by a means other than cash payment (or money order),
you must provide the PII necessary for the transaction and, if applicable, shipment of an ORCA Card. Please note,
however, the following does not apply when you pay at a Retail Revalue Site (See Section 10 below) or at a ticket
vending machine. Any PII that you provide at a ticket vending machine to make payment with a credit or debit card
is collected and processed under the ticket vending machine system, not the ORCA system.
6.2 When you pay by personal check, the following information is provided by you or may be collected from the
face of a check: name; address; driver’s license number; check amount; checking account number; and check routing
number.
6.3 When you pay by credit or debit card for a single transaction, the following is provided by you or collected
from the card: name; PIN number if debit card; billing address; and the credit or debit card number and expiration
date. An encrypted transmission of this information is sent to the credit card verifying and processing companies.
The ORCA system only retains your name, billing address, expiration number, the last four digits of the credit card
number and an authorization number generated for that transaction.
6.4 When you authorize recurring credit card transactions to “Autoload” ORCA Products on your ORCA Card, the
following information is provided by you and stored in the ORCA system: name; billing address; credit card number
and expiration date; and directions on when to charge your credit card. Your credit card information is stored in an
encrypted database in the ORCA system. Each time a payment transaction is triggered, the necessary credit card
information is sent via an encrypted transmission to the credit card’s verifying and processing companies.
6.5 If you are purchasing an ORCA Card and request that it be shipped to you, your name, address and other
shipping information will be collected and shared with the U.S. Postal Service.
6.6 If there is a problem processing an order, your PII may be used to contact you.

7.0 Information Related to the Use of ORCA Cards and Products
7.1 When an ORCA Card is presented to an ORCA reader device for fare payment or to check the card’s status, the
system collects the following information:
a. the date and time the card was presented;
b. the number of the reader device used;
c. the I.D. of the Agency or Retail Revalue Site whose reader device was used;
d. the location of the reader device, if the device is at a fixed location (e.g. retailer; WSF gate; rail platform);
e. the vehicle and route numbers if the card is read by a device on an Agency vehicle;
f. the nature of the read transaction (e.g. checking the status of ORCA Products on the card; or payment of
fare);
g. the amount/type of ORCA Product used;
h. any transfer or incentives applied.
7.2 The ORCA Card itself contains a record of the last ten (10) uses of the card.
7.3 Information related to the ORCA Card’s use is associated with the card’s serial number. If you have provided PII
linked to your card’s serial number, the information about the use of the ORCA Card can be associated with your
PII.
Page 5

 ORCA Privacy Statement

8.0 Information Residing on ORCA Cards
8.1 The Card Serial Number and Card Verification Number are printed on the ORCA Card.
8.2 The following information resides in an electronic form in an ORCA Card:
a. information about the card properties (e.g. directory of entries and their sizes; expiration date; blocking
status);
b. type of card and: (i) passenger type expiration date (temporary RRFP); (ii) date of birth (if present); (iii) if
an RRFP, any eligibility for a personal care attendant; (iv) if a Business Card, the I.D. number of the Business
Account;
c. zone fare preference pre-sets;
d. Autoload settings for automatic revalue of products;
e. fare products loaded onto card including remaining E-purse and passes;
f. history of prior ten (10) trip transactions; and
g. history of prior five (5) revalue transactions.
If present on the card, a passenger type expiration date and birth date are encrypted.

9.0 ORCA Websites and the Information Collected
9.1 The Agencies maintain two public Websites for customer services related to the ORCA Program:
www.orcacard.com and www.orcacard.biz.
9.2 Our servers automatically record and store information that a computer or browser sends whenever a person
visits an ORCA Website, even if only to browse or download information. These server logs may include the
following information:
a. the Internet Protocol (IP) address and domain name associated with your computer’s connection to the
Internet. The Internet Protocol Address is a numerical identifier assigned either to your Internet service provider
or directly to your computer;
b. the type of browser, browser language and operating system used;
c. the date and time you visited an ORCA Website;
d. the Website you visited prior to coming to an ORCA Website;
e. the pages viewed by users, the amount of time users spent on a certain page, search terms and other nonpersonally identifying information that may be collected as an ORCA Website is navigated; and
f. one or more cookies that may uniquely identify your browser.
We also may collect statistical information about your use of the ORCA Websites, such as “clickstream data” and
“user hits” which are visits and sessions that may be logged to determine which pages are visited most frequently.
9.3 When you visit ORCA Websites, your computer will receive one or more “cookies.” Cookies are small text files
placed on a user’s computer and accessed by the ORCA Websites to recognize repeat users, to facilitate the user’s
ongoing access to and use of the Website, and to compile data to improve the site
and related business purposes. Most browsers are set up to accept cookies, but you can reset your browser to refuse
all cookies or to indicate when a cookie is being sent. However, some ORCA Website features and services may not
function properly if your cookies are disabled.
9.4 Although it may identify a user’s computer, automatically collected information is not considered PII because
it does not personally identify individuals. Automatically collected information is typically consolidated on a daily
basis and kept at an aggregate level by the Agencies’ contractor(s) responsible for providing the ORCA Websites.
Such information may be used by the Agencies and their service providers to help understand how people are
using the ORCA Websites and improve the value of the Websites and the ORCA Program. Automatically collected
information may be used to detect or attempt to prevent unauthorized intrusions on the ORCA Websites.
Page 6

 ORCA Privacy Statement

9.5 Personally Identifying Information (PII) will be collected on an ORCA Website only if you seek certain services
and only if you choose to provide such information via the Website. The PII required for ORCA-related services are
described in other Sections of this Privacy Statement. Should you seek a service that requires PII but you do not wish
to provide PII via an ORCA Website, you may choose to provide the required PII by visiting an Agency customer
service center.
9.6 When you send an e-mail or letter with questions or comments to the ORCA Program or an Agency, or if you
provide your contact information when ordering ORCA Cards, ORCA Products or services, the Agencies may retain
these communications, and use your e-mail address and other information included in your correspondence in order
to process your communications, respond to you and improve our services.
9.7 The ORCA Websites may have links to other websites, such as the Agencies’ individual websites. When you
link to one of these external websites, you are no longer on an ORCA Website and this Privacy Statement no longer
applies. Instead, you are subject to the privacy notice and other terms of that external website.

10.0 ORCA Program Information Available to Retail Revalue Sites
10.1 A Retail Revalue Site is equipped with a device that can check the status of ORCA Products on a card or load
ORCA Products purchased at that site. To enable accurate transfer of ORCA revenues from the Retail Revalue Site,
a report of all such transactions, by card serial number, is produced by the ORCA Program and regularly provided
by an Agency to the Retail Revalue Site.
10.2 A Retail Revalue Site is prohibited from using any information received from the ORCA Program for any
purpose other than performing its functions under its agreement with the Agencies.
10.3 If you provide PII to a Retail Revalue Site (e.g. your name and a check, debit card or credit card) in connection
with your payment for an ORCA Card or ORCA Product, such PII is not collected by the ORCA Program and is
not covered by this Privacy Statement. The Retail Revalue Site, not the Agencies, is responsible for the collection,
storage, transmittal, safekeeping and use of that information.

11.0. ORCA Program Information Available to Business Accounts
11.1 A Business Account owns the Business Cards that are distributed to its employees, students or other program
participants. The Business Account has a record of the serial numbers of all cards it has purchased and distributed.
The card serial numbers may be linked by the Business Account to names and other PII that it may have. The ORCA
Program does not collect PII associated with the serial numbers of Business Cards unless you choose to register your
Business Card. For example, an Agency will typically only know that it issued ORCA Business Card numbers 100
through 200 to a specific employer. The employer will know that it assigned Card #101 to a specific employee. The
employer does not typically share the employee’s name with the Agencies but may provide it to the Agencies for
administrative purposes such as resolving questions about a card or investigating unauthorized use of the card or
other business purposes.
11.2 A Business Account may obtain transaction data for a specific card serial number.

12.0 Use and Sharing of Information
12.1 Except as otherwise restricted in law or in this Privacy Statement, the Agencies plan to use and share all
information collected through or generated by the ORCA Program for the purposes of fare media sales, fare
collection, support of Business Account transportation programs, monitoring the functionality and performance of
the ORCA Program, soliciting and receiving feedback, developing the ORCA Program, making reports on ORCA
Card use and other ORCA-related activities or products, and for any other ORCA Program or Agency purposes.

Page 7

 ORCA Privacy Statement

12.2 The Agencies will not sell PII to other entities for their marketing purposes. The Agencies will only share PII
with:
a. Agency employees, officials and contractors on a “need to know” basis for purposes of fulfilling their duties
and responsibilities; and
b. other persons or entities if it is reasonably necessary:
1. to satisfy an applicable law or regulation;
2. to respond (voluntarily or involuntarily) to a subpoena, court order or other legal process and requests
by a governmental agency; and to protect the Agencies from any kind of potential harm (as an Agency
perceives that potential in its discretion.);
3. to enforce Agency terms of use and other provisions applicable under the ORCA Program or an Agency
transportation service, including investigation of potential violations thereof;
4. to detect, prevent, or otherwise address fraud, security or technical issues; or
5. to protect against harm to the rights, property or safety of the Agencies, the users of their services, or the
public, as required or permitted by law.
12.3 Persons or entities that receive information from the Agencies may be able to combine such information with
other information they independently possess. The Agencies are not responsible for combining or any later use that
may be made of information provided to others in accordance with this Privacy Statement.

13.0 Retention of Information
13.1 Information collected through or generated by the ORCA Program may be retained in the ORCA central
system and at individual Agencies; on both active databases and in archive systems; and in electronic as well as hard
copy form.
13.2 The Agencies will store all information related to the ORCA Program for as long as they believe it useful or
required by applicable law.

14.0 Public Records
14.1 The Washington Public Records Act (Chapter 42.56 RCW) (“Act”) applies to all records related to the ORCA
Program including but not limited to: any data and reports related to the issuance, loading and use of ORCA Cards
and Business Cards; PII that you provide; and the e-mails, comments and other communications between you and
any of the ORCA Agencies. Generally public records are available for inspection and copying by the public but the
Act exempts some records from mandatory disclosure. For example, the Act contains the following exemptions from
mandatory disclosure.
RCW 42.56.330(4) The personally identifying information of current or former participants or applicants in a
paratransit or other transit service operated for the benefit of persons with disabilities or elderly persons;
RCW 42.56.330(5) The personally identifying information of persons who acquire and use transit passes or other
fare payment media including, but not limited to, stored value smart cards and magnetic strip cards, except that an
agency may disclose personally identifying information to a person, employer, educational institution, or other entity
that is responsible, in whole or in part, for payment of the cost of acquiring or using a transit pass or other fare
payment media, for the purpose of preventing fraud, or to the news media when reporting on public transportation
or public safety. As used in this subsection, “personally identifying information” includes acquisition or use
information pertaining to a specific, individual transit pass or fare payment media.
Information regarding the acquisition or use of transit passes or fare payment media may be disclosed in aggregate
form if the data does not contain any personally identifying information.
Personally identifying information may be released to law enforcement agencies if the request is accompanied by a
court order.
The Agencies reserve their discretion, if any, to release or withhold records in accordance with the Act.
Page 8

 ORCA Privacy Statement

14.2 The Agencies reserve the right to impose fees in accordance with the Act for responding to requests for
inspection and copying of records.
14.3 In the event of a conflict between this Privacy Statement and the Public Records Act or other law governing the
disclosure of records, the Public Records Act or other applicable law will control.

15.0 Information Security
15.1 The Agencies’ security measures are intended to protect against unauthorized access to or unauthorized
alteration, disclosure or destruction of information collected or generated under the ORCA Program. For example,
steps have been taken to safeguard the integrity of their telecommunications and computing infrastructure, including
but not limited to authentication, monitoring, auditing, and encryption. In addition, customer orders are processed
through a secure server using advanced forms of encryption software. This means that all your PII entered online
will be encrypted during transmission to maximize security protection. Because the ORCA Websites do not encrypt
email, however, you should not send emails containing information that you consider sensitive.
15.2 Notwithstanding the above, this Section 15 and this Privacy Statement should not be construed in any way
as providing business, legal or other advice, or warranting as fail-proof, the security of information provided by
or submitted to the ORCA Websites or otherwise submitted to the ORCA Program or Agencies through customer
participation in the ORCA Program. Due to the nature of Internet communications and evolving technologies, the
Agencies cannot provide, and disclaim, assurance that the information you provide to them will remain free from
loss, misuse, or alteration by third parties, who, despite the Agencies’ efforts, may obtain unauthorized access.
15.3 If, despite the ORCA Program’s information security measures, unencrypted “personal information” held by
the Agencies was, or is reasonably believed to have been, acquired by an unauthorized person, the Agencies shall
notify the subject of that personal information in accordance with RWC 42.56.590. For purposes of this Section,
“personal information” has the same definition as it does in RCW 42.56.590(5) and (6).

16.0. Changes to or Deletion of Personal Identifying Information
16.1 The Agencies depend on the users of ORCA Cards and ORCA Products to update their own PII whenever
necessary. You may use the Cardholder Website or visit an ORCA Customer Service Office to update your personal
details and modify or terminate your ORCA Card registration or Autoload authorization.
16.2 You may request deletion of your name and other PII from the active ORCA database(s). Please understand,
however, that it may be impossible to remove this information completely, due to system backups and records of
deletions. In addition, if you request deletion of your PII, you will be unable to utilize associated features of the
Cardholder Website and possibly other services offered through our ORCA Programs, such as a registering an
ORCA Card. The Agencies will fulfill a PII deletion request within a reasonable time.

17.0 NO WARRANTIES
THE AGENCIES HAVE ADOPTED PROCEDURES AND MEASURES THEY BELIEVE TO BE
COMMERCIALLY REASONABLE TO PROTECT ANY INFORMATION COLLECTED FOR THE ORCA
PROGRAM INCLUDING INFORMATION COLLECTED ON ORCA WEBSITES. HOWEVER, NO ONE IN
THE AGENCIES GUARANTEES INFORMATION SECURITY OR WARRANTS THAT THE INFORMATION
(INCLUDING BUT NOT LIMITED TO PII) COLLECTED IN CONNECTION WITH THE ORCA PROGRAM
WILL REMAIN FREE FROM UNAUTHORIZED ACCESS OR DISCLOSURE, LOSS, MISUSE, ALTERATION
OR THEFT AND THE AGENCIES EXPRESSLY DISCLAIM ANY SUCH OBLIGATION.

18.0 Governing Law and Venue
This Statement shall be construed in accordance with the laws of the State of Washington, without regard to any
conflict of law provisions. Any dispute arising under this Statement shall be resolved exclusively by the state or
federal courts sitting in King County, Washington that have jurisdiction over the matter.

Page 9

 ORCA Privacy Statement

19.0 Questions or Comments on this Privacy Statement
Please direct any questions or comments regarding this Privacy Statement to the ORCA Regional Program
Administrator as follows:
E-mail: contactus@orcacard.com
Telephone: 1-888-988-6722 / TTY Relay: 711during regular business hours
Mail: ORCA Regional Program Administrator
401 S Jackson
Seattle, WA 98104
When we receive formal written questions or complaints at this address, it is our policy to contact the complainant
regarding his or her concerns.

20.0 Changes to this Privacy Statement
20.1 This Privacy Statement may change over time. We expect most changes will be minor. Significant changes will
be posted in the “News” footer located at the bottom of the ORCA Website pages. The date of the most recent
revision of this Statement will be identified at the top of the page and prior versions will be kept in an archive for
your review upon your request.
20.2 We will post changes to this Statement at least ten (10) days before they take effect. Any information we collect
under the current Privacy Statement will remain subject to the terms of this Statement. After any changes take effect,
all new information we collect, if any, will be subject to the new Statement.

Alternate formats available upon request.
1-888-988-6722 (ORCA)
TTY Relay: 711
email: contactus@orcacard.com

2-2011.OPS
Page 10