FLO Card for Registered Traveler - access the airport security Fast Lane, www.flocard.com, Privacy and Security

Participation in the Registered Traveler rtGO™ program is voluntary. We will not share your personal biographic or biometric data with anyone without your prior consent, unless expressly required by law. Sensitive personal data will be encrypted and protected to prevent access from outside parties.

The operators of both FLO and the rtGO™ program have significant experience in establishing and adhering to the privacy standards and protections necessary for successful operation of the Registered Traveler program.

Both FLO and rtGO™ follow recognized industry practices and federal guidelines for data and information security. Our solution is required to meet the security standards defined by TSA. Explore the links below to learn more about TSA's security and privacy requirements for the Registered Traveler Program and certified solution providers.

TSA Registered Traveler Security, Privacy and Compliance Standards
Registered Traveler Interoperability Pilot Privacy Impact Assessment
Paperwork Reduction Act Statement of Public Burden

rtGO Privacy Policy

The mission of our entire team is to provide each of our members with superior service and the peace of mind that the security of their personal information is our top priority. We understand concerns about the safety and security of your personal information and assure you that we have taken great care to develop a robust set of standards, policies and procedures designed to safeguard such information.

This Privacy Policy describes our efforts to meet these objectives. It includes a summary of the types of information we collect, how we will use that information and the ways we will safeguard the confidentiality and security of the information.

We strongly recommend that all potential applicants read our Privacy Policy in its entirety and contact us with any questions or concerns. Inquiries of this policy can be addressed to Privacy@flocard.com.

1. GOVERNMENT COMPLIANCE

The rtGO™ program was built by Unisys Corporation and is operated by government certified enrollment and authentication personnel. The program is operated in accordance with standards set and oversight conducted by the Transportation Security Administration (TSA), an agency of the U.S. Department of Homeland Security.

The rtGO™ solution meets or exceeds all data collection and storage standards required by the federal government, specifically TSA, with regard to the Registered Traveler Program. A complete set of these standards can be found on the TSA website at TSA Registered Traveler Security, Privacy and Compliance Standards. Information regarding TSA, and its use of information, can be found in the Privacy Impact Assessment located at Registered Traveler Interoperability Pilot Privacy Impact Assessment.

2. INFORMATION COLLECTED AND HOW IT IS USED

A. To better serve our members and to ensure the security and integrity of the program, FLO and rtGO™ collect basic biographic information from the applicant. The information requested in the enrollment process (including all information collected in the pre-enrollment application available on this website) is authorized by policies written by the U.S. Government's Transportation Security Administration (TSA) and is highly recommended to ensure a prompt and accurate Security Threat Assessment. The requested biographic data includes full name, address, citizenship, Social Security number and date of birth. In addition to information to be transmitted to TSA, we collect an applicant's credit card information.

It is important to note, pursuant to the Privacy Act of 1974, applicants are not required to provide Social Security numbers. However, the absence of this data may delay or prevent the completion of the security assessment, without which the applicant may not be permitted to participate in this program. Our entire team will take extraordinary precautions to protect all information collected from applicants including encryption of all data when captured.

Since we only collect the minimum biographical data required by TSA, all captured data (excluding any billing information) will be encrypted and electronically sent to TSA over a government compliant secure medium. We will maintain only necessary biographic information in a secure and segregated database to provide timely, quality customer service. This ensures that only data that is “need to know” can be accessed by appropriate personnel at any time.

B. TSA standards dictate that all service providers require applicants to appear in person at an enrollment station with two forms of government-issued identification (at least one of which must contain a photo and at least one of which can be authenticated to prove citizenship status) — such as a passport or drivers license. The enrollment team carefully examines these documents for authenticity using the latest document authentication technology to detect tampering or counterfeiting and stores an encrypted copy of the document in the applicant’s file. Click here for a list of acceptable documents.

The government-issued documents submitted at enrollment are used solely for identity authentication during the enrollment process. These documents will not be used for any other purpose by FLO or any of its partners.

C. Upon successfully completing the initial identity verification described in paragraph B above, the enrollment team will take a digital photo and digital images of all of the applicant's fingerprints and irises and store these encrypted images in our secure database. All fingerprint images will be sent to the Registered Traveler Central Information Management System (CIMS), operated by contract with TSA, where they will be used to prevent duplicate enrollments with the same biometric.

The enrollment team will also create and store a template of the finger and iris images, to create a unique biometric ID of the member. Once accepted into the program, these unique templates will be encrypted and stored on the Integrated Circuit Chip (ICC) of the applicant's rtGO™ Card for use at security checkpoint kiosks.

D. The applicant's biometrics and biographical information (excluding billing information) collected during the enrollment process will be submitted to TSA as required. TSA conducts the necessary security threat assessment and makes a determination if the applicant is approved for membership in the program. TSA makes this Threat Assessment using a variety of terrorist threat-related databases. TSA does not transmit to FLO or any of its partners any information about the applicant concerning its decision for approval or denial. TSA tells us only that the applicant, having gone through the TSA Security Threat Assessment process, has received either an "Approved Security Threat Assessment" or has received a "Not Approved Security Threat Assessment." All redress and/or appeals of the approval decision should only be directed to TSA. Neither FLO, its partners or rtGO™ enrollment personnel can reverse, or appeal any decision made by TSA concerning the eligibility of an applicant to participate in the program. An applicant becomes a member of FLO's program and will be issued an appropriate rtGO™ card upon receiving approval by TSA.

E. TSA will conduct continuous security reviews of all RT nembers. Our team does not receive the contents of any such reviews; it is informed by TSA only that the member has received approval for continued membership or has not received approval for continued membership. If a member's security review is not approved, FLO will will notify the member immediately upon notification by TSA that his or her rtGO™ Card and membership is no longer valid. In addition, TSA will notify the applicant directly of his or her status and any redress and appeals processes that are applicable.

3. DATA RETENTION

All information collected and stored by FLO and the rtGO™ enrollment team, as described in section 1 and 2 above, will be retained in the rtGO™ system for a period of 90 days after cancellation or revocation of the applicant’s membership unless the applicant requests in writing that this information not be retained.

4. INFORMATION SECURITY

FLO, the rtGO™ Team and all related subcontractors, pursuant to legal agreements, have a comprehensive information security programs to ensure the privacy of all applicants and members as well as the integrity of their respective systems. We apply security protocols that include physical, electronic and procedural protocols to ensure that access to systems and data is only by authorized personnel on a need-to-know basis. These include biometric verification and the use of PINs by all employees and personnel to access or collect any data. These safeguards enable us to audit when and how data is accessed. We use government compliant encryption standards (a strong data coding process) for all program sensitive data communications (internal and external) and storage. FLO and the entire rtGO™ team, pursuant to TSA standards, conduct quarterly data security audits at a minimum to ensure that all rules and standards are being followed. In addition, we will have an independent audit conducted at least annually to ensure compliance with all government standards for data collection, storage and transmission.

5. CONFIDENTIALITY

Each member's record in the rtGO™ program, whether in hard copy or in computer systems, is designated as CONFIDENTIAL. Each employee handling this information must pass an in-depth federal government background investigation. All employees of the program and all associated subcontractors receive Privacy and Fair Information Practices training when they are hired and again if the Policy is changed. Any employee or subcontractor who violates the confidentiality and security requirements are subject to our strict disciplinary process which includes action up to and including dismissal. Where subcontractors are used in support of the program, we require them to conform to all privacy and security training, policies and standards.

6. SHARING INFORMATION WITH GOVERNMENT ENTITIES

We will only release information about members to the Transportation Security Administration. Any requests from any law enforcement officials will be directed to TSA. We do not collect tracking data about members to provide to TSA, only basic identity information, and the biometric images captured at enrollment.

7. SHARING INFORMATION WITH NON-AFFILIATED PARTIES

A. Neither FLO, its partners or subcontractors, pursuant to legal agreements, sell or otherwise provide lists or compilations of the personal data of our members to any business or non-profit organization. We will not provide member information to any affiliated or non-affiliated organizations for marketing unless specifically directed to do so by our members. FLO, its partners and subcontractors will not market to members apart from services directly relating to membership in FLO's program.

B. None of the information that is collected by FLO, its partners, or subcontractors may be used for any purpose outside the operation and maintenance of rtGO™ and FLO membership services.

C. We pledge to notify members by email of any material changes in our privacy policies, so that they can cancel their membership if they so choose.

8. rtGO™ MEMBER ACCESS TO INFORMATION

A member can request a copy of all data collected from the member that is stored by FLO, its partners or subcontractors in their information systems files.

This Privacy Policy is provided to you by FLO and applies to any information collected at any time pertaining to the rtGO™ service offering from a member or prospective member. We reserve the right to amend this Privacy Policy from time to time and will notify all participants that fall under this agreement prior to implementing these changes. If you should have questions or want further information, please send an email to privacy@flocard.com.