Privacy Policy
1 General information
Berliner Verkehrsbetriebe AöR, Holzmarktstraße 15-17, 10179 Berlin (“BVG” or “we”) complies with statutory data protection regulations. User data is treated with confidentiality. It is only disclosed to third parties to the extent permitted by data protection regulations or if the user provides their consent.
Personal data is any information relating to an identified or identifiable natural person (Article 4(1) of the EU General Data Protection Regulation (“GDPR”)). This includes information such as your name, your email address, your postal address, and your telephone number. It does not include information that cannot be linked directly to your identity, such as the number of users of a website.
Cookies are small pieces of text used to store information on web browsers Cookies are used to store and receive identifiers and other information on computers, telephones, and other devices.
Cookies cannot run programs or transmit viruses to your computer. They are used to make our website more user-friendly and effective as a whole.
When we use the term “cookies” here, we always also mean comparable technologies that are used for similar purposes.
We use both first-party cookies and cookies from integrated third-party services on our website.
We use functional cookies to ensure a smooth user experience on our website. We also use marketing cookies to measure the success of our online advertising and to allow us to allocate our advertising budget as effectively as possible. In addition, we use analysis cookies that help us to better understand use of our website and to tailor our services better to your needs.
If you wish to contact our data protection officer directly, please see section 7.2 for details of how to do so.
2 Introduction to data processing when using the website
The data we process on our website encompasses the personal data required to enable the informational use of our website, to allow you to contact us by email or our contact form, and to use the “My BVG” service. We also use functional cookies and similar technologies (see 3.1 and 4.1) to enable the use of our website. We do not carry out any other processing of personal data unless you have given consent to the processing or there is another legal basis that allows us to do so. This, in particular, covers data you provide on a voluntary basis when contacting us or using the “My BVG” service, as well as data for analysis and marketing purposes (see 4.2 and 4.3). It also includes, for example, data that is processed for the purpose of providing you with your requested journey planning information and, in this context, improving the BVG’s transport services (see 3.7.). You are under no obligation to provide your personal data. If you do not provide your personal data, however, we will not be able to provide the service for which it is required.
If you use our website for purely informational purposes, i.e. not to log in, register, or transmit any other data to us, we do not process any personal data except for the data that is transmitted by your browser to make it possible for you to visit our website and ensure the IT security of the website. This includes your IP address, the date and time of the request, the browser used, and the content of the request. The legal bases for the data processing are Articles 6(1)(b) and (f) of the GDPR. We have a legitimate interest in ensuring the stability and security of the website.
If you have provided your consent to this as set out in Article 6(1)(a) of the GDPR, the aforementioned data will also be processed for marketing and analysis purposes and shared with third parties (see 4.2 and 4.3).
To ensure secure data transmission between your computer and the website, we use the current version of the TLS 1.3 encryption protocol. This protects the data from access and manipulation by unauthorised third parties.
Please make sure that your browser is up to date and supports the TLS 1.3 encryption standard. If your browser is not up to date, data is automatically exchanged using a lower version of TLS that corresponds to the configuration of your browser.
3 Use of functions on our website
Below, we set out the ways in which we ourselves process data in connection with the various available functions on our website.
3.1 First-party cookies
3.1.1 Permanently required cookies
3.1.1.1 Type and purpose of cookies
We use first-party cookies on this website. Our cookies are functional cookies required to ensure a smooth user experience on our website. They cannot be disabled.
These cookies enable numerous basic functions such as the following:
- Order processing for online subscriptions
- Access to the website’s login area
- Saving the language selection
- Saving the font size selection
- Saving the start and end points of connection enquiries
These are session cookies that are erased when you close your browser.
3.1.1.2 Data processed
The following categories of data are routinely processed:
- IP address
- Time of request
- Device data, e.g. operating system, browser version, screen resolution
- Settings you make when using our website (e.g. language selection)
3.1.1.3 Legal basis for data processing, purpose of data processing
Legitimate interest (Article 6(1)(f) of the GDPR): ensuring a smooth user experience and enabling key basic functions of the website.
3.1.2 Temporarily required cookies
3.1.2.1 A/B testing
3.1.2.1.1 Purpose of cookies
To help improve our website, we use A/B testing, a method of evaluating two versions of a page on our website. This involves testing the original version of a page against a slightly modified version. Which page version you see is chosen at random.
By setting the cookie, we ensure that you will be shown the same version when you return to our website during the A/B testing period.
3.1.2.1.2 Cookie storage duration
A/B testing is usually carried out over a maximum of 60 days, but the exact period depends on the complexity of the page being tested. The lifetime of the cookies corresponds to the period of the testing, after which they are erased.
3.1.2.1.3 Data processed
The following categories of data are processed:
- IP address
- VersionA/version B (which version was shown the last time the website was visited)
3.1.2.1.4 Legal basis for setting cookies
Setting the cookies represents a legitimate interest of the BVG (Article 6(1)(f) of the GDPR): ensuring that the customer is always shown the same version of the website during the A/B testing period.
3.2 Contacting us by email or on the contact form
If you contact us by email or on the BVG contact form, your request and the information contained therein will be evaluated in order to determine your reason for contacting us and to allow us to assist you accordingly. We will store your reason for contacting us, your email address, and your name for the purpose of replying to your questions. When you contact us, it is helpful if you limit yourself to submitting information that is only absolutely necessary for your concerns.
The legal bases for the data processing operations set out above are Articles 6(1)(b) and (f) of the GDPR. Article 6(1)(b) of the GDPR is the legal basis for processing requests from customers with whom we have a contract. In addition, we have a legitimate interest in ensuring a smooth customer service experience. We also use your data to ensure that our services function properly and to improve and expedite our data processing processes, e.g. by means of optimised assignment function.
If the reason for data processing ceases to apply, all personal data you have entered will be erased. This, however, does not apply to data that is required for contract processing or is subject to statutory retention periods (e.g. for tax reasons).
3.3 Contacting us by telephone
If you contact us by telephone, we will process the following data:
- Your telephone number, unless withheld
- Telephone number dialled
- Date of the call
- Start (time) of the call
- End (time) of the call
- Forwarding to the external call centre, using only the BVG telephone number dialled
The legal basis for this data processing is Article 6(1)(b) of the GDPR. The data will be erased after thirty days.
The external call centre is provided by our processor Teleperformance Berlin GmbH ( former Majorel Berlin GmbH) and regiocom Customer Care SE. The external call centre provides both staff and a voicebot (see 3.3.1) to answer your questions. We have concluded a processing contract with Majorel Teleperformance pursuant to Article 28 of the GDPR. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed or processed for other purposes.
3.4 Voicebot replies to telephone enquiries
When you call us, you will be asked if you wish to speak to a voicebot about certain questions (e.g. regarding journey planning informationthe Deutschland ticket).
If you have consented to the use of the voicebot, the following data will be processed:
- Opt-in selection
- Reason for the call/query (customer free text)
- Session date
- Session start (time)
- Session end (time)
- Session duration
- ConversationID
- UserId
- Session ID
- Forwarding to call centre staff
- Telephone number of the BVG facility
- Starting stop or station
- Destination stop or station
- Depending on the enquiry: date and desired departure/arrival time
- Depending on the enquiry: changes, sections on foot, forms of transport, route numbers
- Telephone number to send the route suggestion, if applicable
The data will also be used to develop the voicebot and analysed for product optimisation.
3.4.1 Your data will be stored for a maximum of 30 days. Legal basis for data processing, purpose of data processing
- Consent (Article 6(1)(a) of the GDPR): Answering telephone enquiries
- Consent (Article 6(1)(a) of the GDPR): Analysis of user behaviour (tracking) in the voicebot in order to make decisions relating to product and marketing optimisation.
- Consent (Article 6(1)(a) of the GDPR): Use of data for further development of the voicebot
We will only store the aforementioned data and perform associated data processing operations if you grant us your voluntary and revocable consent to do so during the call. You can withdraw your consent at any time during the call by saying the word ‘cancel’. If you have objected to the processing of your data, your data will only be processed to reply to your request and will not be stored. Subsequent withdrawal or erasure is not possible due to the highly pseudonymised nature of the data.
3.4.2 Contract processor pursuant to Article 28 of the GDPR
We have contracted the service provider Cognigy GmbH (Speditionstr. 1, 40221 Düsseldorf, Germany) to implement the chatbot. The text message service for sending the route suggestion is provided by the service provider LINK Mobility Austria GmbH (websms) (Brauquartier 5/13, 8055 Graz, Austria). We have concluded a processing contract with both service providers pursuant to Article 28 of the GDPR. These processing contract ensure that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to third parties or processed for other purposes.
3.5 Career page functions
3.5.1 Job applications
When you apply for a position at the BVG, a range of personal data will be processed.
3.5.1.1 Application process
To conduct the application process, whether you submit your application in paper form or online, we process your personal data, including first name, surname, address, email address, phone number, date of birth, salary expectations (if applicable), information about your professional qualifications (e.g. education, vocational training, other skills), evidence of these qualifications (e.g. certificates), as well as other information you provide during the application process.
The legal basis for the data processing is Article 6(1)(b) of the GDPR, Section 18 of the Berlin Data Protection Act (BlnDSG). Processing your data is necessary to conduct the application process as a step prior to entering into a contract at your request.
In the course of making an application, your name, your contact details, your qualifications, and other data you transmit to us will be processed for the purpose of selecting applicants for employment. You are required to enter personal data so that we may review your application and, as applicable, later conclude an employment contract with you. Your application will not be considered if you do not enter personal data. Your application and the personal data it contains will be forwarded internally to the employees who are responsible for making the relevant decisions.
We are obliged to ask about your nationality and, where relevant, whether you are in possession of a residence permit that allows you to seek employment. The legal basis for this request is Article 6(1)(c) of the GDPR, Section 18 of the BlnDSG, in conjunction with the BVG’s obligation only to employ persons if they are in possession of a valid work permit (Section 4(3)(4) of the Residence Act). You are considered to be in possession of a valid work permit if you are an EU citizen or have a valid residence permit that allows you to seek employment.
3.5.1.2 Processing of special categories of personal data
The application you submit, including any attached documents, should not contain any sensitive personal data. Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
You are, however, free to tell us about your severely disabled status in your application. The legal basis for processing voluntary disclosure of a severe disability is Section 18 of the BlnDSG, Section 26(3) of the Federal Data Protection Act (BDSG), in conjunction with BVG’s obligation to provide equal opportunities for applicants with disabilities
3.5.1.3 Telephone and video interviews
In some cases, the BVG conducts telephone or live video interviews. These interviews are not recorded, and we do not carry out any software-assisted evaluations of verbal or non-verbal behaviour.
The legal basis for conducting a live video interviews is your consent as set out in Article 6(1)(a) of the GDPR, Section 18 of the BlnDSG, in conjunction with your consent.
The BVG uses service providers such as MS Teams to facilitate telephone and video interviews.
The legal basis for processing your data by these service providers is Article 28 of the GDPR in conjunction with the data processing agreement between BVG and the service provider.
3.5.1.4 Calculation of a MatchScore
The BVG uses SmartRecruiters software to conduct the application process (see section 3.5.1.6). SmartRecruiters calculates a MatchScore using artificial intelligence, which indicates how well an applicant’s information matches the job posting.
The BVG uses the MatchScore only to assess whether an applicant may be suitable for other advertised positions. Suitable applicants will be informed about other roles for which they may be a match, encouraging them to apply.
The BVG does not use the MatchScore for selection decisions during the application process. No selection decisions are made based solely on the MatchScore, nor is it used to evaluate individual applicants.
The legal basis for processing personal data to create the MatchScore is Article 6(1)(f) of the GDPR, Section 18 of the BlnDSG. The BVG has a legitimate interest in informing suitable applicants about other job postings.
3.5.1.5 Duration of storage
The personal data that the BVG processes in relation to applicants is erased six months after the end of the application process, provided this data is not legitimately required for other purposes (e.g. for legal reasons or if you commence employment with us). No recordings are made of aAudio or/ video transmissions are not recorded, so there is also no data is stored on completion of theseafter the transmissions ends.
3.5.1.6 Use of a service provider
The BVG uses the SmartRecruiters software to conduct the application process. The software is operated by:
SmartRecruiters GmbH,
Wilhelmstrasse 118,
D-10963 Berlin.
During operation of the SmartRecruiters software, SmartRecruiters GmbH processes personal data as a processor on behalf of the BVG. The legal basis is Article 28 of the GDPR in conjunction with the processing agreement between the BVG and SmartRecruiters GmbH.
3.5.2 Chatbot
We use a chatbot on our careers pages (see also section 4.1.3). The chatbot gives you the opportunity to upload application documents in connection with a job posting. From this upload, we generate an email with the documents you uploaded as one or more attachments. This email is only forwarded to those persons within the BVG who are involved in the application process.
3.5.3 Online test for specific job postings
An online test must be completed if applying for certain positions, e.g. apprenticeships, drivers, security staff. If you apply for one of these positions, you will receive an email with a link to the online test after you have entered your application data.
The following personal data will be processed for this purpose: first name, surname, date of birth, gender. The legal basis for this is Article 6(1)(ab) of the GDPR, Section 18 of the BlnDSG. For security reasons, your IP address, time and date of access, browser activity/settings, and login ID data are required for authentication and input control. The legal basis for this is Article 6(1)(f) of the GDPR. We will assess how quickly you completed the tasks, which questions you answered correctly, and how many correct answers you gave. We do not use automated decision-making systems.
The legal basis for data processing in connection with the online test, including its assessment, is your consent as set out in Article 6(1)(ab) of the GDPR, Section 18 of the BlnDSG. The online test is a step prior to entering into a contract that is required for applicant selection.
For security reasons, IP addresses, access times and dates, browser activity and settings, and login ID data are processed for authentication and input control. The legal basis is Article 6(1)(f) of the GDPR, Section 18 of the BlnDSG. The BVG has a legitimate interest in ensuring the secure operation of the online tests and preventing misuse.
As part of the online application process we have contracted a service provider to collect the aforementioned data and assess the online test on our behalf.
The contracted service provider is
ALPHA-TEST GmbH
Dynamostr. 15
D-68165 Mannheim
Email: Kontakt@alpha-test.de
We have concluded a processing contract with ALPHA-TEST GmbH pursuant to Article 28 of the GDPR. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instructions and in compliance with data protection legislation.
Your data will only be disclosed to third parties if we are legally permitted or obliged to do so, or if you provide your consent for us to do so.
3.5.4 Employer reviews
As part of the application process, you will be given the opportunity to consent to us contacting you to evaluate our application process. If you choose not to consent, this will not affect your application or the application process itself. If you consent to being contacted, we will process your personal data (name, first name, email address, job category, and location).
Your Data will be processed for the purpose of contacting you via email by softgarden e-recruiting GmbH, Tauentzienstraße 14, D-10789 Berlin ('softgarden') and or New Work SE, Am Strandkai 1, D-20457 Hamburg ('kununu'). The processing of your personal data for the purpose of contacting you via softgarden or kununu is carried out within the framework of a processing agreement. The legal basis for this processing is Article 28 of the GDPR in conjunction with the processing agreement with the respective service provider.
If you consent, softgarden or kununu will contact you once by email within 48 hours of your consent and send you a link to submit your feedback anonymously.
You may at any time object to the processing of your personal data for the future. However, depending on when you object, you may not be able to submit an evaluation.
3.5.5 Applicant pool
The BVG maintains an applicant pool in which certain personal data concerning applicants is stored. Consent is obtained from each applicant for this purpose. If you have any questions about the applicant pool, please contact recruiting@bvg.de.
We process data in the applicant pool on the basis of applicants’ consent. The legal basis for the data processing is Article 6(1)(a) of the GDPR, Section 18 of the BlnDSG. You can withdraw your consent for inclusion in the applicant pool at any time.
3.5.6 Employee recommendations
BVG accepts recommendations from its employees for suitable candidates for job postings. Employees can send a recommendation link to individuals or provide information about the recommended person. If the recommending employees choose the latter option, they can, in addition to providing contact details, also give information about how they know the recommended person. Employees are instructed to obtain the recommended person’s consent before submitting their details. If a recommendation is made, the recommended person will be flagged accordingly during the selection process. The BVG will send the recommended person an email inviting them to apply. If no application is made within 30 days, the recommended person’s details will be erased.
The legal basis for processing personal data as part of the recommendation process is Article 6(1)(f) of the GDPR, Section 18 of the BlnDSG. The BVG has a legitimate interest in receiving recommendations for suitable applicants, including any additional relevant information.
3.5.7 Jobalert newsletter
You can subscribe to our 'Jobalert' newsletter if you provide your email address, your name, and your job interests. The 'Jobalert' newsletter will notify you when a job that matches your search criteria is advertised.
If you subscribe to the 'Jobalert' newsletter, we will store the sign-up date, and your confirmation of sign-up. This information is stored only as a means of proof in the event that a third party misuses an email address and signs up for 'Jobalert' newsletter without the valid user’s knowledge.
The legal basis for this processing is your consent as set out in pursuant Article 6(1)(a) of the GDPR. We will store your email for as long as you are subscribed to 'Jobalert' newsletter.
Your consent is obtained with the aid of the double opt-in procedure. You will receive an email containing a link that you must click on to confirm that you are the owner of the email address and wish to receive notifications through our email service. If you do not confirm your subscription to the newsletter within two weeks following receipt of the confirmation email, we will not process the personal data you provided further. Instead, this data will be automatically erased. You can unsubscribe from the 'Jobalert' newsletter at any time by clicking on the link contained in every 'Jobalert' newsletter or by sending us a message using the contact details set out above. The data you provided during sign-up will be erased when you unsubscribe.
3.6 BVG account
If you would like to use the BVG account (formerly “My BVG”), you must sign up to do so, providing your name, your email address, and a password you choose. We use the double opt-in procedure for sign-ups, i.e. your sign-up is not completed until you have confirmed that you wish to sign up by clicking on the link in a confirmation email we send you for this purpose. If your confirmation is not received within 24 hours, the personal data you provided is automatically erased from our database.
You can use this account to log in to BVG apps and for the online subscription self-service system. Your BVG account will then be associated with the relevant BVG service and the above data from your BVG account (surname, first name, login, password) will be used (single sign-on, SSO).
3.6.1 Duration of storage
We will store the data you provide for the duration of your use of the account, unless you erase it yourself. You can manage and change any of the data you provide in your password-protected customer account yourself.
Your personal data is processed solely for the purpose of using the BVG account. If you decide to erase your BVG account, your account data will first be blocked from further processing, with the exception of processing that is required in compliance with legal obligations or rights (see the relevant sections in the BVG app privacy policies) and then permanently erased. Your request for erasure may, however, conflict with statutory provisions or rights on the part of the BVG (e.g. .legal obligations to retain data, obligations under commercial or tax law).
The legal bases for the data processing are Articles 6(1)(a) and (b) of the GDPR.
3.6.2 Disclosure to third parties
The single sign-on service is provided by our service provider akquinet AG – (Paul-Stritter-Weg 5, D-22297 Hamburg). The other IT service providers for this service are Cronon AG (Pascalstraße 10, 10587 Berlin) for data storage and IBM iX Germany GmbH (Chausseestraße 5, 10115 Berlin) for forwarding data changes to the background system.
The disclosure of personal data to our service providers for SSO registration is based on Article 28 of the GDPR in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
3.7 Ticket subscriptions and corporate tickets
In connection with a subscription for transferable and personal tickets (from section 3.7.1) and corporate ticket subscriptions (from section 3.7.2), we will process your personal data as set out below.
3.7.1 Ticket subscriptions
3.7.1.1 Categories of personal data for contract performance
We process your personal data in connection with your subscription contract. For transferable tickets (annual and monthly eco-tickets, 10 o’clock monthly tickets), we require your full name, address, date of birth, gender, account details (except for the school student ticket Berlin AB), payment frequency (monthly or annually), and, as required, the full name, date of birth, gender, and address of your legal representative or guardian/carer.
For personal tickets (VBB subscription ticket 65plus, school student ticket, trainee ticket), we also require your photo and proof of eligibility in addition to the information above. The legal basis for processing this data is Article 6(1)(b) of the GDPR.
The photograph is required for us to issue the season ticket in your name. The photograph is electronically processed, digitised as an image file, and stored exclusively for the time and for the purpose of producing the electronic ticket in the form of the non-transferable VBB fahrCard. The stored image file is erased no later than two months following dispatch of the VBB fahrCard. The picture will not be returned; paper-based photographs will be destroyed.
The proof of eligibility (e.g. front and back of student ID for a school student ticket; certificate with hologram for the VBB trainee subscription; trainee contract for a trainee/student; official ID as proof of age for the VBB 65+ subscription) is required to check your eligibility for the requested ticket. All proof submitted in connection with subscription ticket requests will be erased ten days after the ticket is sent out. If the proof of eligibility is required only for verification (e.g. proof of school student status above the age of 16) but not to issue a new ticket, it will be erased no later than two months following the check. The proof of eligibility required depends on the fare product you request.
Providing us with your telephone number and email address is voluntary, but if you do, it will be easier for us to contact you if we need to. We process and use this information solely for the purpose of managing contractual matters with you. The legal basis for this is your consent as set out in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time.
In addition, we process pseudonymised ID numbers on the chip card in order to verify its authenticity, as well as our customers’ personal data, if this is required in the course of providing our services. This may include, for example, personal data processed during ticket inspections (e.g. name of passenger not in possession of a valid ticket, time and place of inspection, penalty charge amount) or data in connection with operational incidents. The legal bases are Articles 6(1)(b) and (f) of the GDPR.
We would like to point out that you are generally not obliged to provide personal data. Under certain circumstances, however, it may be necessary to provide the data for conclusion or performance of a contract with the BVG. In such cases, failure to provide personal data may mean that you cannot enter into a subscription contract with us.
3.7.1.2 Disclosure to third parties
We will only disclose your personal data to third parties if this is necessary for the above-mentioned purposes. We will only disclose data that a service provider needs to fulfil its tasks for the BVG. This may involve the disclosure of personal data to marketing service providers for ticket sales, to service providers for printing tickets/chip cards and to check the authenticity of the VBB fahrCard and to IT service providers for data storage and maintenance purposes. If the recipients are processors, we will have signed processing contracts with them pursuant to Article 28 of the GDPR. Specifically, these are the following service providers that we use to administer an existing contract with you (BVG subscription) and to administer subscriptions:
Data recipient as independent controller
If the recipients are service providers who must receive the name and shipping address due to their order, these service providers act on their own responsibility:
- Postal company for sending the fahrCard and other contractual documents (PIN AG, Alt-Moabit 91, 10559 Berlin; Deutsche Post AG, Stolkgasse 4, 50667 Cologne)
Data recipient as data procesor
- Service provider for printing the fahrCard (for personalised smart cards) (PAV Card GmbH, Hamburger Str. 6, 22952 Lütjensee)
- IT service provider for data storage and maintenance (HanseCom Public Transport Ticketing Solutions GmbH, Weidestraße 120 b, 22083 Hamburg)
- IT service provider for data storage (Cronon AG, Pascalstraße 10, 10587 Berlin)
- Service providers for ticket checks (B.O.S. Eltan GmbH, Bayreuther Straße 3, 10787 Berlin; Kötter Sicherheits- und Ordnungsdienst SE & Co. KG, Niederlassung Berlin, Am Borsigturm 100, 13507 Berlin)
- Service provider for creating and sending postal and/or electronic correspondence (Richard Scholz GmbH, Bessemerstraße 36 - 42, 12103 Berlin)
- Service provider in connection with cancellation without Login: IBM iX Germany GmbH (Chausseestraße 5, 10115 Berlin)
We will disclose the personal data required and provided in connection with your SEPA direct debit mandate to the bank that we use to collect payments (Berliner Sparkasse, Niederlassung der Landesbank Berlin AG, Alexanderplatz 2, 10178 Berlin), which will carry out this transfer of funds and the associated processing of your personal data as an independent entity.
We have contracted the IT service provider
Sal.A iT-Services GmbH
Albertstr. 12, D-10827 Berlin,
Email: info@sal-a.de
to verify photographs and proof of eligibility. In this case, too, a processing contract has been concluded in accordance with Article 28 of the GDPR.
If, during the order or verification process, it becomes apparent that the proof of eligibility or the photograph you upload cannot be verified, we will notify you through our service provider and provide instructions on how to proceed. The legal basis for this is Article 6(1)(b) of the GDPR. Contact is necessary in order to be able to conclude or execute the contract you have requested.
In some cases, we also transmit personal data to credit agencies prior to the conclusion of a subscription contract and prior to substantial changes to a subscription contract in order to check the creditworthiness of the subscriber. The legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest is in avoiding payment defaults.
If we disclose personal data to debt collection agencies in accordance with Article 6(1)(f) of the GDPR, we are pursuing our legitimate interest in asserting, exercising, and defending our legal claims.
3.7.1.3 Duration of storage
We store the personal data concerning you for as long as it is required for the respective purposes for which it was processed. If there is a legal obligation to retain data (e.g. for tax reasons), we will process the personal data required for this purpose for the duration of this retention period.
3.7.2 Corporate tickets
We process your personal data in connection with your corporate ticket contract (photograph, name, address, company affiliation, account details, payment information). The legal basis for this is Article 6(1)(b) of the GDPR.
Your photo is required because the corporate ticket is a personal, non-transferable ticket. If you do not provide one, a corporate ticket cannot be issued in your name. The picture is electronically processed; it is digitised as an image file and stored exclusively for the time and for the purpose of producing the electronic ticket in the form of the non-transferable VBB fahrCard (here as a corporate ticket). The stored image file is erased no later than two months following dispatch of the VBB fahrCard. If you require a replacement for your non-transferable ticket, you will need to resubmit your photo.
In addition, we will send your corporate ticket application to your employer so that they can confirm that you are eligible to participate in the corporate Ticket.
We would like to point out that you are generally not obliged to provide personal data. Under certain circumstances, however, it may be necessary to provide the data for conclusion or performance of a contract with the BVG. In such cases, failure to provide personal data may mean that we are unable to provide you with your requested corporate ticket or any other services.
Sections 3.6.1.2. (Disclosure to third parties) and 3.6.1.3 (Duration of storage) apply accordingly.
In addition to the recipients mentioned in 3.6.1.2, there are the following data recipients for corporate tickets:
- Service provider for the provision of the online application (for corporate ticket framework agreements concluded online): IBM iX Germany GmbH (Chausseestraße 5, 10115 Berlin)
- Service provider for provision of online application (for companies and participants): Sal.A iT-Services GmbH (Albertstr. 12, 10827 Berlin)
These recipients are processors with whom we have concluded processing contracts in accordance with Art. 28 of the GDPR.
3.7.2.1 Information events for the corporate ticket
The BVG offers digital information events for interested companies. These events are held online (video conference) using Microsoft Teams. For you to register and participate in the online event, the BVG is required to process your email address. Further information on how Microsoft processes your data can be found at https://privacy.microsoft.com/de-de/privacystatement.
The legal basis for the data processing is Article 6(1)(b) of the GDPR.
3.7.2.2 Call-back service for interested companies
BVG offers a call-back service for interested companies. For your registration and participation in this service, the processing of your contact data (name, company and telephone number) by BVG is required. Registration takes place via the chatbot (see chapter 4.1.5). The legal basis for the data processing is Article 6(1)(b) of the GDPR.
3.7.3 Deutschland Ticket
If you signed up for a Deutschland Ticket subscription on our website at https://abo.bvg.de/, you can display the ticket as a digital ticket (mobile ticket) in the following BVG apps: Fahrinfo app, Ticket app, or Jelbi app.
The following data is transmitted to the BVG apps via an encrypted data connection:
- SSO-ID (Fahrinfo app, Ticket app, Jelbi app; in the Fahrinfo app, also your email address)
- Class (type of ticket)
- Valid from
- Valid to
- Date of birth (only for the Deutschland Ticket in the Ticket app and Jelbi app)
- Name, first name (for Fahrinfo app)
When you log in to one of the apps, the Deutschland Ticket is displayed as a valid, checkable ticket.
Disclosure to third parties
Your data will be disclosed to the following service providers if you have chosen to use the digital Deutschland Ticket:
- SYSTEMTECHNIK GmbH, (Wielandstraße 12, D-99610 Sömmerda) – development of the Ticket app front-end and background systems
- eos.uptrade (Schanzenstraße 70, D-20357 Hamburg) – development and operation of the Fahrinfo app background and front-end systems
- Trafi (UAB Intelligent Communications, Labdarių 5, LT-01120, Vilnius, Litauen) – hosting and operation of the central IT system for the Jelbi app
The disclosure of personal data to our service providers for display of the Deutschland Ticket is based on Article 28 of the GDPR in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
If your ticket is checked by another transport company in the VBB fare network, or another transport company outside the network, the privacy policies of the company carrying out the check apply. Under certain circumstances, the transport company carrying out the check may record the fact that your ticket was checked on your fahrCard.
Account-based ticketing
We offer account-based ticketing as part of our fare services. This involves the processing of your personal data.
The processing of your personal data is based on Article 6(1)(b) of the GDPR, as it is necessary for performance of the contract between you and us.
This section currently only applies to persons switching from existing subscription products to the ‘Berlin subscription’.
Categories of personal data:
To use the account-based ticketing function, you will need a BVG account. This involves the processing of your personal data, in particular your surname, first name, email address, and password. For more details, see ‘BVG account’.
Thanks to the account-based ticketing functionality, your personal data (surname, first name, authorisation to travel) is mainly stored in our back-end systems and therefore no longer needs to be stored on your card. Only a personal identifier and your masked surname and first name are stored on your card, which is then compared with the data stored in the back-end system as part of the authorisation to travel checks.
Disclosure to third parties:
We may use service providers as part of the account-based ticketing process. Data is only shared with these service providers to the extent necessary for the stated purposes. We will only disclose data that a service provider needs to fulfil its tasks for the BVG. These are
IT service provider for data storage and maintenance (HanseCom Public Transport Ticketing Solutions GmbH, Weidestraße 120 b, 22083 Hamburg)
IT service provider for data storage (Cronon AG, Pascalstraße 10, 10587 Berlin)
Service providers for ticket checks (B.O.S. Eltan GmbH, Bayreuther Straße 3, 10787 Berlin, Kötter Sicherheits- und Ordnungsdienst SE & Co. KG, Niederlassung Berlin, Am Borsigturm 100, 13507 Berlin)
IT service provider for the control app software solution is DB Vertrieb (Mosaik app).
Duration of storage:
We store the personal data concerning you for as long as it is required for the respective purposes for which it was processed. If there is a legal obligation to retain data (e.g. for tax reasons), we will process the personal data required for this purpose for the duration of this retention period.
3.7.4 Account-based ticketing
We offer account-based ticketing as part of our fare services. This involves the processing of your personal data.
The processing of your personal data is based on Article 6(1)(b) of the GDPR, as it is necessary for performance of the contract between you and us.
This section currently only applies to persons switching from existing subscription products to the 'Berlin subscription'.
Categories of personal data:
To use the account-based ticketing function, you will need a BVG account. This involves the processing of your personal data, in particular your surname, first name, email address, and password. For more details, see 'BVG account'.
Thanks to the account-based ticketing functionality, your personal data (surname, first name, authorisation to travel) is mainly stored in our back-end systems and therefore no longer needs to be stored on your card. Only a personal identifier and your masked surname and first name are stored on your card, which is then compared with the data stored in the back-end system as part of the authorisation to travel checks.
Disclosure to third parties:
We may use service providers as part of the account-based ticketing process. Data is only shared with these service providers to the extent necessary for the stated purposes. We will only disclose data that a service provider needs to fulfil its tasks for the BVG. These are
IT service provider for data storage and maintenance (HanseCom Public Transport Ticketing Solutions GmbH, Weidestraße 120 b, 22083 Hamburg)
IT service provider for data storage (Cronon AG, Pascalstraße 10, 10587 Berlin)
Service providers for ticket checks (B.O.S. Eltan GmbH, Bayreuther Straße 3, 10787 Berlin, Kötter Sicherheits- und Ordnungsdienst SE & Co. KG, Niederlassung Berlin, Am Borsigturm 100, 13507 Berlin)
IT service provider for the control app software solution is DB Vertrieb (Mosaik app).
Duration of storage:
We store the personal data concerning you for as long as it is required for the respective purposes for which it was processed. If there is a legal obligation to retain data (e.g. for tax reasons), we will process the personal data required for this purpose for the duration of this retention period.
3.7.5 Data stored on the VBB fahrCard
For customers with non-personalised, transferable tickets, the tariff product, the tariff area of validity, the time and geographical validity, and the card number are stored on the chip of the VBB fahrCard.
For customers with personalised, non-transferable tickets, the tariff product, the tariff area of validity, the time and geographical validity, and the card number are stored on the chip of the VBB fahrCard. In addition, your first name and surname are stored in encoded form (only the first and last letters are readable) in your electronic ticket. Your photo and your first name and surname are printed on the card.
When anything is written to the chip on the VBB fahrCard, this information is logged in a transparent and understandable way for the customer. This includes ticket issuing, ticket inspections, and the blocking of eTickets or the entire VBB fahrCard (application blocking). The log contains a maximum of ten entries. The following data is collected:
- Transaction type and name: issue/block
- Terminal ID
- Terminal ID number: indicates the type of terminal and terminal number
- Organisation ID number of the transport company to which the terminal belongs
- Transaction time: date and time of issue/block
- Transaction location ID
- Location type code: indicates the type of issue/block location (e.g. bus stop, railway station)
- Location number: unique ID number per issue/block location
- Organisation ID number of the transport company to which the issue/block location is assigned
- Authorisation ID
- Authorisation number of the issued/blocked ticket
- Organisation ID number of the transport company that issued the ticket
- Product ID
- Product number of the tariff product issued as an authorisation
- Organisation ID number of the tariff manager (usually VBB)
You may view the data from the log of your VBB fahrCard at any time at a customer centre of the BVG or another transport company. You can also view this data yourself at a customer information terminal, or info terminal, of your choice.
Info terminals are installed in the customer centres of the BVG and other transport companies, but can also be found in partner agencies. You can access the info terminals during the normal business hours of the customer centres or the agencies.
The VBB fahrCard can also be read using commercial smartphone apps, provided the smartphone has an NFC interface.
The eTicket can be read or written to contactlessly if the reader/writer is no more than one centimetre away from the card. This means that cards in jacket pockets or purses cannot usually be read. You may also fit a protective cover to your eTicket that prevents electronic contact with the card.
Please note that the protective cover must be removed for inspection processes at bus terminals and for mobile controls by inspection staff of the transport companies.
If you are checked with your VBB fahrCard outside the VBB area, the generated data records may differ. In this case, please contact the local transport company directly. At all transport companies, the only data that can be read out is that specified in the section ‘Type and scope of data collection’.
3.7.6 Communication data in the VBB background systems
For all communication processes (ticket issue, ticket inspection, and, if necessary, ticket blocking) that take place with the VBB fahrCard, data records are created by the issue and inspection terminals of the transport companies in the Verkehrsverbund Berlin-Brandenburg and transmitted to the background systems of the transport companies.
In the case of personal tickets, your first name and surname are encoded in the data records for ticket issue (only the first and last letters are readable).
All data records contain the time, place and type of communication process (ticket issue, ticket inspection, or ticket blocking) as well as the ID numbers for the ticket, for the tariff product on which the ticket is based, for the issue or inspection terminal, and the date and time of the start and end of validity of the ticket.
In the case of blocking procedures, the ID number of the line and the journey on which the communication process took place is also written into the corresponding data record.
If you are checked with your VBB fahrCard outside the VBB area, the generated data records may differ. In this case, please contact the local transport company directly. At all transport companies, the only data that can be read out is that specified in the section ‘Type and scope of data collection’.
Recipient of the data
The data collected via the terminals of the transport companies are processed by the sales background systems (issue/inspection systems) of the transport companies and transmitted to a central data control system of the VBB (issuing and control data records) as well as the central, Germany-wide blocking management system of VDV eTicket-Service GmbH & Co. KG (blocking data records).
The central data control system at the VBB receives the ticket inspection and issue data records (first name, surname and, if applicable, year of birth are erased before being entered into the system) directly from the systems of the transport companies as well as the ticket/card blocking data records that have been collected by the control systems of the transport companies via the blocking management system of VDV eTicket-Service GmbH & Co. KG in order to check them against each other so that system security can be guaranteed and, if necessary, errors in the systems can be detected and rectified.
Erasure of data
All communication data received by the sales background systems of the transport companies and the central data control system at the VBB are stored for the duration of the procedure. A precise specification of the storage duration and erasure periods is made in coordination with the data protection officers of VBB GmbH and the transport companies, based on a data protection impact assessment, external requirements, and technical possibilities of the systems.
3.7.7 Ticket inspections and penalty fares
Ticket inspections are carried out to check the validity of tickets. If the ticket is a personal ticket, it may be checked against official photo ID (e.g. for mobile and self-print tickets). Inspection staff who inspect fahrCards can see the following data stored on the cards:
- fahrCard maximum period of use
- Card number
- Customer contract partner
- Surname, first name (for personal tickets)
A penalty fare will be applied if the validity cannot be determined. In this case, the following data may be collected from you:
- Surname, first name
- Date of birth
- Gender
- Address
- Email address
- Bank details
- Name and address of legal guardian(s)
- Time, place, and other circumstances relevant to any legal action, including claims
The data processing required here is based on Section 4 of the regulation concerning the processing of personal data by the Berlin waste management company (BSR), the BVG, and the Berlin water authority (BWB) (BlnBetrDatVO). The data will be erased or blocked two years following the last relevant incident, but no earlier than the time at which the transaction – in this case receipt of payment – is completed.
In the event of ticket inspections, refusal to provide data may result in the identification of persons and the provision of necessary data having to be carried out with the assistance of the police.
3.7.8 BVG Club
If you have a BVG ticket subscription (except for school student, trainees and corporate tickets), you can register for the BVG Club. Registering for the BVG Club opens up access to the world of benefits via the platform of the company cb loyality GmbH, on which various providers have offers available.
Your surname, first name, e-mail address and the expiry date of the subscription will be transmitted to cb loyalty GmbH for the purpose of legitimisation or to prove that you are entitled to use the world of benefits. The legal basis for the data transfer is Article 6 (1) (a) GDPR.
Further data may be processed directly by cb loyalty GmbH as an independently responsible entity. For further information on data processing by cb loyalty, please visit https://www.cb-loyalty.com/datenschutz.html.
3.8 Ticket sales via third parties
You can purchase personalised 24-hour tickets and tourist products such as the BVG Berlin Welcome Card and Berlin City Tour Card as digital tickets from third-party providers. These third-party providers use agents (here: Distribusion or Tranzer) to make these digital tickets available to customers. The payments are processed directly via the third-party providers’ booking platforms. Their privacy policies apply. In order to be able to issue a digital ticket, the following customer data is transmitted to BVG via the agents:
- First name
- Surname
- Fare type
- Valid-from date
BVG then creates the digital ticket with the first name and surname of the customer. The BVG will process the following data required to process the transaction and to perform the contract:
Information on the order object:
- Ident (database id for a current request)
- IdentExternal (class)
- Description (product description)
- Product type
- Valid-from date
- Product manager
- Fare version
- Product group
- Number of authorisations
- Price
The digital ticket is then made available to the customer by the third-party provider used by the customer.
3.8.1 Disclosure to third parties
In order to create a digital ticket, the data of the contracted third-party provider is disclosed to our service provider Systemtechnik GmbH (Wielandstraße 12, 99610 Sömmerda) via our agents Distribusion Technologies GmbH (Wattstraße 10, 13355 Berlin) or Tranzer B.V. (Stationsplein 61, 3818 LE Amersfoort, Netherlands). Systemtechnik GmbH is the developer and system operator of the background system in which the ticket purchase data is processed in order to create the digital tickets. Systemtechnik and Distribusion or Tranzer process the customer data provided by the third-party providers on behalf of BVG and in accordance with the respective processing contract concluded pursuant to Article 28 of the GDPR. The processing of customer data within the scope of the third-party providers is carried out by the respective operator of the external booking platform as an independent responsible entity. Further information on this data processing can be obtained from the respective operator.
3.8.2 Data erasure and duration of storage
Your personal data will be stored as long as it is necessary for the fulfilment of the specific purpose. Subsequently, your data will be erased, unless there are legal obligations to retain the data beyond this time or other legal reasons to retain it. For tax-related reasons, ticket purchase data will be stored for a period of ten years and then erased.
3.9 Kombitickets
In cooperation with various event organisers, special tariff offers (special tickets or Sonderfahrausweise) with a limited period of validity and/or limited area of validity can be issued for special and major events. This also applies to our combination tickets (Kombitickets). These Kombitickets are admission tickets, theatre box office receipts, invitations, hotel passes, or participant passes with travel authorisation. Insofar as such event tickets with travel authorisation are issued online or digitally or made available as print tickets, they are personal tickets. For this purpose, the organiser shall only provide BVG with the surname and first name for the purpose of issuing this personal ticket for the event ticket.
BVG shall provide the organiser with personal download links for retrieving the ticket from the BVG ticket shop. When the event participant retrieves the ticket, the IP address is processed.
The mentioned personal data will be processed until full settlement with the organiser and then deleted. Legal basis Article 6 (1) (b) GDPR.
The BVG ticket shop is operated by eos.Uptrade (Schanzenstraße 70, 20357 Hamburg). eos.Uptrade processes the data on behalf of BVG and in accordance with the order processing agreement concluded with eos.Uptrade in accordance with Article 28 GDPR.
3.10 VBB customer card Berlin S
3.10.1 Purpose of data processing
To purchase the Berlin ticket S, a valid VBB customer card Berlin S with photograph is required. You can apply for the VBB customer card Berlin S by providing the required information (see 3.9.2) on the BVG’s web portal (www.vbb-kundenkarte-Berlin-S.de). The purpose of data processing is to check and process applications for the VBB customer card Berlin S and – if the requirements are met – to issue the VBB customer card Berlin S.
3.10.2 Categories of personal data
Application for VBB customer card Berlin S
- Surname
- First name
- Date of birth
- Period of eligibility
- Delivery address
- Where applicable, legal guardian (surname, first name)
- Email address
- Declaration of consent to data storage and processing
- IP address
- Proof of eligibility, with approved benefit period and barcode information for each person who receives benefits
- Photograph (passport photo (410 x 530 px) or a photo file in a common format)
- Copy of ID card or another ID document
Imprint on carrier card "VBB customer card erlin S"
- Surname
- First name
- Period of eligibility
- Photograph
- Card number (8 digits, taken from QR code or barcode sticker).
3.10.3 Legal basis for data processing
The data is required for the application and creation of the VBB customer card Berlin S. The legal basis is Article 6(1)(b) of the GDPR.
3.10.4 Data erasure and duration of storage
Your personal data will be stored for as long as is necessary to process your application and create the VBB customer card Berlin S. Once the card has been sent out, the data is retained for 90 days to ensure secure dispatch, processing mail returns and answering customer requests. Your data will subsequently be erased after no more than 30 days.
3.10.5 Disclosure to third parties
The web portal for applying for the VBB customer card Berlin S is provided by our service provider TCS CARDS & SERVICES GMBH (Kronacher Straße 61, D-96052 Bamberg). The dispatch of the customer card and the processing of returned mail is also carried out by the service provider TCS CARDS & SERVICES GMBH.
We have contracted the service provider Majorel (Wilhelmshaven GmbH, Olympiastraße 1, 26419 Schortens) to digitise the applications submitted in paper form and to answer telephone and written enquiries regarding the VBB customer card Berlin S.
The processing of personal data by our service providers for creation of the VBB customer card Berlin S is based on Article 28 of the GDPR in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
3.10.6 Use of cookies
The web portal for applying for the VBB customer card Berlin S uses session cookies that are automatically erased when the browser is closed.
3.10.7 Freindly Captcha
To protect the web portal from cyber attacks, we use the Friendly Captcha tool.
There is an order processing contract with Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee) in accordance with Art. 28 DSGVO. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
When you enter data in the web portal, a cryptographic puzzle is solved in the background. The following data is processed:
- Request headers User-Agent, Origin and Referer.
- The puzzle itself, which contains information about the account and website key it is related to.
- Version of the widget.
- Timestamp.
An anonymized counter per IP address is stored for dynamic puzzle difficulty on the edge network to detect malicious users and minimize blocking legitimate users. This data is stored entirely separately from the rest of the data and cannot be correlated to specific websites or anything else. We anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified.
More information on Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
The legal basis for data processing in connection with Friendly Captcha is Article 6(1)(b) of the GDPR.
3.11 Planning journeys
3.11.1 Categories of personal data
If you search for a connection, we will collect the following data:
- Starting stop or station
- Destination stop or station
- Depending on the request: date and desired departure/arrival time
- Depending on the request: changes, sections on foot, forms of transport, route numbers
- Time of request
- Device type (iPhone or Android)
- Location data (GPS data), if applicable
- IP address
3.11.2 Purposes of data processing
3.11.2.1 Planning journeys
We process this data in order to provide you with the journey planning information you request. For this purpose, we suggest possible connections and the ticket required for the route based on your search criteria. The legal basis is Article 6(1)(b) of the GDPR.
If you use the app for timetable information, only your IP address will be stored, and only for the time during which this information is requested and processed. We store the IP address separately from journey planning data for a further 90 days in order to quickly identify any IP addresses sending extremely high volumes of enquiries, which can not only cause disruptions but also violates the terms and conditions of use. It is then erased.
3.11.2.2 Crowdedness predictions
In order to allow you to use our services as comfortably as possible and to best provide these services in line with demand, we also use the journey planning requests we receive to evaluate how busy our services are and to predict and ensure smooth connections wherever possible. To allow us to carry out these evaluations, the data associated with your journey planning requests is separated from your IP address to prevent it from being used to identify you personally. Evaluation of requests we receive allows us to predict passenger numbers on our different forms of transport if you actually take the route we suggest.
The legal basis for this data processing is Article 6(1)(f) of the GDPR (legitimate interest). The BVG has a legitimate interest in providing efficient, economical, and demand-oriented transport services. It also has a legitimate interest in providing comfortable, pleasant transport for its customers, including during peak and rush hours.
3.11.2.3 Improvements to BVG services
We also use the journey planning requests we receive to carry out evaluations that allow us to provide passenger information and guidance, to optimise our services, for infrastructure planning, and to improve safety. Before these evaluations are carried out, the data associated with your journey planning request is separated from your IP address and device information and then stored on a separate server. We also take further steps to pseudonymise or aggregate the data. Pseudonymisation of request data is carried out to prevent you from being identified personally in the absence of further data.
Evaluating these pseudonymised requests allows us to estimate traffic flows on the assumption that at least some passengers will actually use the routes we suggest. We use this information to perform various tasks that are in the public interest and that the BVG is required to fulfil. Ultimately, it is used to better align the BVG’s services with customer requirements (e.g. demand-oriented route planning and smooth connections).
The legal basis for this data processing is Article 6(1)(e) of the GDPR (performance of a task carried out in the public interest) in conjunction with Section 24(1) of the Berlin Public Services Act (BerlBG). Specifically, the BVG, acting as the body responsible for providing public transport services in Berlin (Section 3(4) of the BerlBG in conjunction with Section 1(1)(a) of the BVG byelaws), assumes tasks relating to the development of public transport services set out in the Berlin Mobility Act (Sections 27(3), 1, 16(6)(3)) in conjunction with the Berlin Public Transport Plan and in conjunction with the Mobility and Transport Urban Development Plan. The BVG is responsible for providing passenger information and guidance during disruptions and engineering works, including the provision of replacement services. The BVG is also responsible for optimising its public transport services. This includes planning routes and services in line with demand, finding and closing gaps in the network, and improving the quality of connections. The BVG also performs tasks in the areas of infrastructure planning and passenger safety.
Supplementary to the information on your rights provided in section 5, we would like to point out that you have, in particular, the right to object to processing of your personal data for the performance of tasks that are in the public interest at any time, provided there are grounds relating to your particular situation. To exercise your right to object to processing, please use the contact details provided in section 6.2. If you exercise your right to object to processing, we will check whether the conditions of Article 21(1) of the GDPR are met. This means that we will check the grounds you state for objecting to processing and any grounds for further processing in the specific case as set out in Article 21(1)(2) of the GDPR, and, as necessary, weigh them against each other. We will inform you of the result of this check within the legal deadlines. If it finds in your favour, we will also uphold your objection within the legal deadlines.
We store the data collected for the aforementioned purposes for 90 days and the evaluations generated from the data for three years. After that time, we erase or anonymise the data. This means that the data will only be stored further if it is impossible or would involve disproportionate effort to use it to identify a natural person. The lawfulness of anonymisation is set out in Article 6(1)(e) of the GDPR in conjunction with the regulations set out above, and in Article 6(1)(f) of the GDPR. We have a legitimate interest in anonymising the data we collect in order to enable its long-term storage for transport planning purposes.
3.11.2.4 Processing of GPS data
In order to determine the nearest starting stop or station and any sections of the route to be taken on foot, you can set your browser to automatically enable location data. We process GPS data for this purpose, i.e. mobile sensor data generated by movement or direction.
For this purpose, you need to allow your browser to access location services through your device’s operating system and its permissions system (“location tracking”). In this case, however, we only collect the location determined by your device if you tap the location icon. Your device will indicate if location tracking is active. On an iPhone, for example, it is indicated by a compass symbol in the status bar. Android devices feature a similar function, as do browsers on local devices. The legal basis of this data processing is set out in Article 6(1)(b) of the GDPR, as your location is only determined and transmitted to us if you use journey planning functions that we can only provide if we are aware of your location. You can enable or disable this function at any time by going to your browser’s or operating system’s settings.
Please note that GPS data is also processed for the purpose of improving the BVG’s transport services. More information can be found in section 3.9.2.3.
3.11.2.5 Call-a-bus service
If you book a call-a-bus service by telephone, your telephone number will be stored for 24 hours on completion of the journey and then erased. This data is saved to ensure a record of booked and completed trips, and to notify you of information relevant to your trip, such as delays.
If you book a call-a-bus service online on the BVG website or in the Fahrinfo app, we will process the following data:
- Line
- Starting stop or station
- Departure day
- Departure time
- Name (optional)
- Telephone number
- Number of passengers
Your optionally provided name and telephone number will be stored for 24 hours on completion of the journey and then erased. The legal basis is Article 6(1)(b) of the GDPR.
Please note that the above-mentioned data (except name and telephone number) is also processed to help improve the BVG’s services. For more information, please see section 3.11.2.3 Improvement of BVG services.
We have contracted the service provider IT Service Omikron GmbH (Wilhelm-Kabus-Str. 9, D-10829 Berlin) to handle call-a-bus orders and have concluded a processing contract with this provider pursuant to Article 28 of the GDPR. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to third parties or processed for other purposes.
3.11.2.6 Door-to-door service
If you book the night-time door-to-door service online on the BVG website or in the Fahrinfo app, we will process the following data:
- Line
- Starting stop or station
- Departure day
- Departure time
- Destination stop or station
- Destination address (street, number), as applicable
- Number of passengers
The legal basis is Article 6(1)(b) of the GDPR. If you enter a destination address with street and house number, the house number will be stored and erased after 24 hours.
Please note that the above-mentioned data (except house number) is also processed to help improve the BVG’s services. For more information, please see section 3.11.2.3 Improvement of BVG services.
We have contracted the service provider IT Service Omikron GmbH (Wilhelm-Kabus-Str. 9, D-10829 Berlin) to handle door-to-door service orders and have concluded a processing contract with this provider pursuant to Article 28 of the GDPR. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed or processed for other purposes.
3.11.2.7 Troubleshooting
If a technical error occurs during the processing of data from journey planning requests in the technical systems used for this purpose (e.g. in the system used to improve the BVG’s services), we process information related to the error (including information on journey planning requests, if applicable). We do this in order to correct errors in the technical systems used to provide journey planning information and in which data from journey planning requests are processed, and to ensure system security.
This information is processed to allow us to pursue our legitimate interest in ensuring the stability and security of our IT systems (Article 6(1)(f) of the GDPR).
3.11.3 Duration of storage
Unless specifically stated otherwise, all data is stored for as long as is necessary to fulfil the stated purpose and then erased, provided there is no legal obligation to store it for a longer period.
3.11.4 Disclosure to third parties
For the aforementioned data processing operations, we use the service provider Hacon Ingenieurgesellschaft mbH (Lister Str. 15, D-30163 Hannover), with which we have concluded a processing contract as set out in Article 28 of the GDPR. This processing contract ensures that your personal data is only processed in accordance with the BVG’s instruction and is not disclosed or processed for other purposes.
Hacon uses sub-processors who also process personal but pseudonymized data in countries outside the European Union. Information on safeguards to ensure secure data transfer can be found in section 4.4 below.
3.12 Participation in competitions
3.12.1 General information
We organise competitions. Anyone is eligible to take part, unless the rules stipulate otherwise: employees of the BVG or its wholly-owned subsidiaries (hereafter: “BVG”), for example, may not be eligible to participate in certain competitions, or entry to the competition may be restricted to persons above a certain age. Details for each competition can be found in their conditions of participation.
3.12.2 Categories of personal data
In general, we process personal data in the form you use to provide it for the purpose of entering the competition. This means that we will store your postcard or your email address with the personal data they contain that is required to participate, determine the winner(s), and issue the prize. The data required is always dependent on the specifics of the competition, and may include your name, your contact details, your address or email address, your telephone number, as well as, for employees of the BVG or its wholly-owned subsidiaries, your organisation unit and company ID number. Any and all data you provide is on a purely voluntary basis. If you do not provide the required data, however, you cannot take part in the competition.
On competitions accessed via the “Profil” app (only for use by BVG employees), an email address must generally be provided. We also process the following personal data: data you enter when logging in (email address, first name, last name), a login time stamp, and your solution. The general information on data processing for use of the PROFIL app www.profil-app.de/legal/datenschutzerklaerung further applies.
We process personal data by storing it in analogue form (i.e. correspondence received by post) in a location that is only accessible to authorised personnel, or by storing emails, to which again only authorised BVG personnel have access. The data is processed exclusively for the purpose of running the competition, in particular to determine a winner. If you are a winner, we will contact you at the postal or email address you provided.
The legal basis is Article 6(1)(b) of the GDPR.
Your personal data is not used for any purpose other than the competition. In particular, your data will not be used for marketing purposes or disclosed to third parties.
We do, however, reserve the right to publish the first and last name of winners, as well as their place of residence and prize. This is a condition of participation in the competition. The legal basis is Article 6(1)(f) of the GDPR. The BVG’s legitimate interest is in making it transparent that the competition has taken place and a winner has been selected.
3.12.3 Duration of storage
In general, we only store personal data until the competition has ended and a winner has been selected. Following this, the postcards are destroyed (shredded) and emails are erased.
The only exception is if the winner is a BVG employee, in which case the following personal data must be processed further for tax-related reasons: last name, first name, value of prize. We only store this data for as long as is required by the relevant taxation law. The legal basis is Article 6(1)(c) of the GDPR in conjunction with the relevant tax regulations.
3.12.4 Disclosure to third parties
The personal data concerning you that is required for participation in a competition may be transmitted to service providers contracted by us to run competitions for the purpose set out above.
The disclosure of personal data to our service providers for running competitions is based on Article 28 of the GDPR, in each case in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
3.13 Market research
3.13.1 Purpose of data processing
We conduct market research through our website from time to time. Hyperlinks direct visitors interested in participating to the G3plus market research tool provided by our contracted company Rogator AG, Emmericher Str. 17, D-90411 Nürnberg (“Rogator”).
Anyone is eligible to take part, unless the market research exercise requires otherwise: employees of the BVG or its wholly-owned subsidiaries (hereafter: “BVG”), for example, may not be eligible to participate in market research exercises, or participation may be restricted to persons above a certain age. Details for each market research exercise can be found in their conditions of participation.
3.13.2 Categories of personal data
In general, we process and save personal data in the form you use to provide it for the purpose of entering the competition. The data required is always dependent on the specifics of the market research exercise. As a rule and in most cases, however, we do not request data such as your name, address, or email address when conducting market research.
On some projects, it may be necessary for us to request your name, contact details, address, or email address. In such cases, all information relevant to data protection will be listed separately and all necessary declarations of consent will be obtained before data is stored. Any and all data you provide is on a purely voluntary basis.
Data processing is carried out solely for the purpose of conducting and evaluating the market research exercise. The data will be stored on Rogator AG servers and, for the purpose of evaluation, on BVG servers, to which only authorised BVG personnel have access. The legal basis is Article 6(1)(a) of the GDPR.
3.13.3 Duration of storage
In general, personal data is stored for as long as it is required for the market research (i.e. the collection of data) and evaluation. The data is then erased.
3.13.4 Disclosure to third parties
The personal data concerning you that is required for a market research exercise and that you provide with your voluntary consent may be transmitted to other service providers contracted by us to conduct market research exercises for the purpose set out above.
The disclosure of personal data to these service providers for conducting market research is based on Article 28 of the GDPR, in each case in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
3.14 BVG prepaid card
The BVG prepaid card can be used to pay for tickets on BVG buses and in BVG customer centres. For this purpose, the BVG is cooperating with its partners AVS – Abrechnungs- und Verwaltungs-Systeme GmbH, part of Landesbank Hessen-Thüringen (Helaba), and transact Elektronische Zahlungssysteme GmbH. The partners each process the data under their own responsibility.
The BVG prepaid card is issued by Helaba. Helaba is the independent controller responsible for processing the data. Information on how Helaba processes data can be found on the Helaba website.
The prepaid card can be topped up at the e-pay website https://www.bvg-guthabenkarte.de, provided by transact Elektronische Zahlungssysteme GmbH. transact is the independent controller responsible for processing the data. Information about what data transact processes and for which purposes can be found in the transact privacy policy at https://www.bvg-guthabenkarte.de/datenschutz.
3.15 Lost property
If you report the loss of an item to us, we will collect the following personal information from you: title (if desired), first name, last name, address, telephone number, details of the lost item, ID document number (if applicable), and email address (if applicable). The latter is required for reports made on the web portal.
We process the data you provide in order to process your lost property report, to identify the lost property, and to contact you in connection with your lost property report. The legal basis is Article 6(1)(c) of the GDPR in conjunction with Section 965ff of the German Civil Code (BGB).
3.15.1 Use of cookies
If you report your loss via the web portal, we use session cookies. These cookies are automatically erased when you close your browser.
3.15.2 Duration of storage
In general, we only store personal data for as long as is necessary to fulfil the specific purpose. Subsequently, the data will be erased, unless there are legal obligations to retain the data beyond this time or other legal reasons to retain it.
3.15.3 Disclosure to third parties
The Fundinfo web portal is provided by our service provider RUBICON IT GmbH (GmbH, Gonzagagasse 16, AT-1010 Wien).
The disclosure of personal data to our service providers for the purpose of processing a lost property report is based on Article 28 of the GDPR, in each case in conjunction with a processing contract that ensures that your personal data is only processed in accordance with the BVG’s instructions and is not disclosed to any other parties or processed for other purposes.
3.16 BVG Brand Platform
3.16.1 Purpose of data processing
We use the Frontify AG brand platform to provide you with our brand-protected content and images suitable for use. In doing so, the platform gives us the opportunity to demarcate areas for certain user groups and thus to control the use of BVG materials to an appropriate extent.
3.16.2 Category of personal data
In order to gain access to our Frontify brand platform, both internal employees and external users (e.g. journalists) must register. We collect the following data:
- e-mail address
- password
While using the platform, we collect additional data in order to offer you the best possible service:
- IP address
- Date and time of access
- Browser type and version used
- Operating system used
- Improvement of our platform and our service
3.16.3 Legal basis for data processing
Your personal data is processed on the basis of the following legal bases
- Performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR
- Fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR
- Protection of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR
3.16.4 Storage period
We only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or as required by statutory retention periods.
3.16.5 Disclosure to third parties
Your personal data will only be passed on to third parties if this is necessary to fulfill our contractual obligations.
3.17 Automated decision-making
We do not use automated decision-making, including profiling.
4 Integrated third-party services
We integrate the services of third-party providers for some of the features on our website. In the following, we distinguish between functional services, analysis services, and marketing services.
4.1 Functional services
Functional services enable you to use our website smoothly and are mandatory for using our website.
4.1.1 Consent manager
4.1.1.1 Purpose and scope of data processing
We use the “Didomi” cookie consent manager (hereafter: “consent manager”) provided by Didomi SAS, 137 Boulevard de Sébastopol, 75002 Paris, France, to obtain consent for data processing or the use of cookies and comparable technologies. With the help of the consent manager, you can grant or deny your consent for all functions or grant your consent for specific purposes or specific functions.
Settings you make can be changed later (link in the footer of the BVG website). The purpose of integrating this service is to allow users of our website to decide whether to allow the use of non-functional cookies and to give them the option to adjust any settings they have made during further use of our website.
The consent manager stores your data for as long as your user settings are active. You will be prompted to provide your consent again if there are changes to the relevant cookies or other applications to which you have consented and which may result in changes to the processing of your data, or at the latest one year from the last time your user settings were processed. Your user settings will then be stored again for this period of time.
4.1.1.2 Use of cookies
The consent manager uses cookies. These cookies have a maximum lifetime of one year.
4.1.1.3 Processed data
The following categories of data are routinely processed:
- IP address
- User-ID
- Didomi-Token
- Time and duration of visit
- Device data, e.g. operating system, browser version, screen resolution
- Pages visited
- Consent information
4.1.1.4 Contract processor as set out in Article 28 of the GDPR
Didomi SAS
137 Boulevard de Sébastopol
75002 Paris
France
4.1.1.5 Relationship between the BVG and the data processor
The consent manager is used in connection with a processing contract as set out in Article 28 of the GDPR, under which consentmanager AB may only use your data in accordance with our instructions.
4.1.1.6 Legal basis for data processing, purpose of data processing
Legitimate interest (Article 6(1)(f) of the GDPR): ensuring that non-functional cookies are only used if consent has been granted.
4.1.1.7 Duration of data processing
All data is stored for as long as is necessary to fulfil the stated purpose and then erased, provided there is no legal obligation to store it for a longer period.
4.1.2 Google Tag Manager
4.1.2.1 Purpose of data processing
This website uses Google Tag Manager, provided by Google Ireland Limited (hereafter: “Tag Manager”).
We use Google Tag Manager to control the use of code snippets (tags), e.g. tracking code, on our website. Google Tag Manager allows us to replace website code quickly and easily using a web interface, without the need to access the source code.
If Google Tag Manager is used to perform other functions that may collect and process your data, details can be found in the relevant sections elsewhere (e.g. Google Analytics).
4.1.2.2 Use of cookies
Google Tag Manager does not use cookies.
4.1.2.3 Processed data
When you visit our website, Google Tag Manager will process and store user data. This includes the following:
- IP address
- Device data, e.g. operating system, browser version, screen resolution
4.1.2.4 Contract processor as set out in Article 28 of the GDPR
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Your data that Google uses may be processed in countries outside the European Union.
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. Google is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
4.1.2.5 Relationship between the BVG and the data processor
Google Tag Manager is used in connection with a processing contract as set out in Article 28 of the GDPR, under which Google may only use your data in accordance with our instructions.
4.1.2.6 Legal basis for data processing, purpose of data processing
Legitimate interest (Article 6(1)(f) of the GDPR): quick and easy management of website tags.
4.1.2.7 Duration of data processing
Google will anonymise your personal data after nine months, provided there is no legal obligation to store it for a longer period.
4.1.3 Contacting us using the chatbot
For the purposes of this privacy notice, "chatbot" refers to all service bots offered by BVG, such as the career bot, service bot and corporate ticket bot.
4.1.3.1 Purpose of data processing
The chatbot provides the fastest way for you to send and receive a reply to enquiries and is available 24 hours a day. You can also use online forms or text input boxes in the chatbot to send requests to the BVG for processing. Based on the content of your request, the chatbot will forward it to the relevant BVG agent to ensure it is dealt with as quickly as possible.
If you contact us using the chatbot, your conversation with the chatbot will be evaluated in order to determine your reason for contacting us, to allow us to assist or reply to you, and to enable resumption of the conversation at a later time.
4.1.3.2 Use of cookies
The chatbot uses cookies (local storage). Their lifetime is unlimited.
4.1.3.3 Data processed
If you use our chatbot, your data will be processed. These are:
- IP address
- UserID
- ConversationID
- if necessary any data you enter
When you use the chatbot for the first time, a randomly generated UserID will be assigned to you. The UserID is stored in your browser until you erase your browser history. If you want to use the bot again after deleting your browser history, a new UserID will be randomly generated. In this case, you may have to re-enter any answers you previously clicked on or any questions and other information you previously entered. When you use the bot again, your browser will transmit the UserID to the bot. This allows you to continue a previously interrupted conversation, search, or input in the bot at any time (similar to setting cookies on websites). Any conversations, searches, or inputs you started are also created and stored in your browser events. To help us constantly improve the bot, we record events such as “bot was displayed” and click events such as “user clicked on answer X”. For this purpose, we use ConversationIDs, which are generated within the bot’s database in a similar way to the UserID. They are used as an object identifier and are integral to the design of the bot, as database entries require a unique identifier.
The user data entered using the chatbot is collected by our service provider and made available to the BVG for further processing.
If you have consented to the analysis of your data or user behaviour, the following data will also be processed
- Usage history (click path, time spent in the chatbot, ratings)
- Use of data for further learning/development of the bot
- The processing of your personal data is based on your consent, Article 6(1)(a) of the GDPR. In particular, the data you enter as part of your enquiry will be processed, as well as the ‘Contact ID’ and ‘Session ID’ required for processing. Your data will be stored for a maximum of 90 days.
4.1.3.4 Contract processor as set out in Article 28 of the GDPR
Cognigy GmbH
Speditionstr. 1
D-40221 Düsseldorf
4.1.3.5 Relationship between the BVG and the data processor
The chatbot is used in connection with a processing contract as set out in Article 28 of the GDPR, under which Cognigy may only use your data in accordance with our instructions.
4.1.3.6 Legal basis for data processing, purpose of data processing
(1) Performance of a contract (Article 6(1)(b) of the GDPR): processing requests from customers with whom we have a contract. Answering queries in connection with an application and receiving application documents if they are uploaded there.
(2) Legitimate interest (Article 6(1)(f) of the GDPR): providing a smooth customer service experience, ensuring that our services function properly, improving and expediting our data processing processes, e.g. by means of optimised assignment functions.
(3) Consent (Article 6(1)(a) of the GDPR): Analysis of user behaviour (tracking) in the chatbot in order to make decisions relating to product and marketing optimisation.
(4) Consent (Article 6(1)(a) of the GDPR): Use of data for further development of the chatbot.
(5) Consent (Article 9(2)(a) of the GDPR): Processing of particularly sensitive data, e.g. medical certificates when applying for a subscription refund.
You have the right to withdraw your consent at any time with effect for the future by clicking on the "Withdraw" button. Please note, however, that this may mean that we are unable to process your request until you send us a new enquiry.
4.1.3.7 Duration of data processing
Your data will be stored for a maximum of 90 days. You can erase data stored on your device at any time via your browser. Where further processing takes place, please refer to the information in the relevant section of this privacy policy (e.g. for applications).
4.1.4 Crowdedness info
4.1.4.1 Purpose of data processing
The utilization info provides an overview of the average utilization of the BVG's means of transportation. The information on capacity utilization is based on data collected anonymously by the BVG from the Automatic Passenger Counting System (AFZS). These can be up to a few weeks old. The utilization information is provided to you as colored graphic table on a Microsoft Power BI page.
4.1.4.2 Use of cookies
Microsoft Power BI uses session cookies that are automatically deleted when the browser is closed. The ai_user cookie is deleted after one year and stores a unique identifier to recognize users on recurring visits over time. You can also manually delete the cookie from your browser at any time. Microsoft sets these cookies as a separate responsible party.
4.1.4.3 Data processed
For information about what data is processed by Microsoft and for what purposes, see Microsoft's Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.
4.1.4.4 Contracted service provider
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. Microsoft is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
4.2 Analysis services
Analysis services help us to better understand how our website is used.
4.2.1 Google Analytics
4.2.1.1 Purpose of data processing
This website uses functions of the web analytics service Google Analytics 4, provided by Google LLC. The responsible entity for users in the EU, the EEA and Switzerland is Google Ireland Limited.
We use Google Analytics to analyse user behaviour and, based on the results, make decisions relating to product and marketing optimisation.
In Google Analytics 4, the "IP anonymisation" function is activated by default. This means that Google will truncate your IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to and shortened by Google servers in the United States.
On behalf of the BVG, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider. Google states that it will not associate your IP address with any other data held by Google.
4.2.1.2 Consent to data processing
You can consent to the processing of your data by Google Analytics, prevent the collection of your data, or withdraw any consent you may have given with the help of our consent manager. To withdraw your consent, go to the cookie settings at the bottom of our website pages.
4.2.1.3 Use of cookies
Google Analytics uses cookies. These cookies have a maximum lifetime of two years. We will, however, request your consent again after a period of one year and only carry out analysis after this time if you provide this consent.
4.2.1.4 Processed data
The following categories of data are processed:
- Time of the request
- IP address (in truncated form)
- Online identifiers (incl. cookie IDs)
- Device identifiers
- User device data (e.g. browser type and version, device type, operating system)
- User behaviour (e.g. pages/content accessed, access of content from specific website areas, session duration/duration of visit, bounce rate)
- Use of specific website functions (e.g. journey planner, search queries, downloads)
- e-commerce activity (e.g. purchased products, sales)
- Referrer URL (the previously visited page)
4.2.1.5 Contract processor as set out in Article 28 of the GDPR
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Irland
The information processed by Google about your use of the website will generally be transmitted to and processed by Google on servers in the United States.
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. Google is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
4.2.1.6 Relationship between the BVG and the data processor
Google Analytics is used in connection with a processing contract in accordance with Article 28 of the GDPR.
We have no influence, however, over the type and scope of data processed by Google, how it is processed and used, or whether it is disclosed to third parties. As a result, we do not have an effective method of monitoring how Google uses your data. In particular, Google may use the data for any of its own purposes, for example to create profiles or to link it to other data held by Google, such as your Google account data.
4.2.1.7 Legal basis for data processing, purpose of data processing
Consent (Article 6(1)(a) of the GDPR): we will only store Google Optimize cookies and perform associated data processing operations if you have granted us your voluntary and revocable consent to do so.
4.2.1.8 Duration of data processing
Google will anonymise your personal data 14 months after your last activity, provided there is no legal obligation to store it for a longer period.
4.3 Marketing services
4.3.1 YouTube
4.3.1.1 Purpose of data processing
We use a YouTube channel provided by Google Ireland Limited for our promotional videos. We embed our YouTube videos on our website to provide you with a smooth video experience without the need to switch websites.
4.3.1.2 Consent to data processing
You can consent to the processing of your data by YouTube, prevent the collection of your data, or withdraw any consent you may have given with the help of our consent manager To withdraw your consent, go to the cookie settings at the bottom of our website pages.
4.3.1.3 Use of cookies
YouTube uses cookies. These cookies have a maximum lifetime of two years. We will, however, request your consent again after a period of one year and only carry out analysis after this time if you provide this consent.
4.3.1.4 Processed data
As soon as you access a video, Google will process your personal data (at minimum IP address, browser data, settings).
Prior to viewing the video, you will be asked for your consent to display the video and for Google to set cookies in your browser. Information about what data Google processes and for which purposes can be found in the Google LLC privacy policy: https://policies.google.com/privacy?hl=de&gl=de#infocollect.
We have no influence over the type and scope of data processed by Google, how it is processed and used, or whether it is disclosed to third parties. As a result, we do not have an effective method of monitoring how Google uses your data. In particular, Google may use the data for any of its own purposes, for example to create profiles or to link it to other data held by Google, such as your Google account data.
In all cases, Google will also receive information about the content you view, even if you have not created an account. This “log data” may include your IP address, browser type, operating system, information about the website and pages you previously visited, your location, your mobile provider, the device you are using (including device ID and application ID), the search terms you used, and cookie information.
4.3.1.5 Controller
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
It is possible that Google Ireland will transfer the data processed from you to a server operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and process this data there.
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. Google is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
4.3.1.6 Legal basis for data processing, purpose of data processing
Consent (Article 6(1)(a) of the GDPR): storage of the above-mentioned data and the cookies set in your browser, as well as associated data processing operations, will only be carried out if you have granted your voluntary and revocable consent prior to viewing our videos.
4.3.2 Google Ads
4.3.2.1 Purpose of data processing:
Google Ads conversion measurement
We use Google Ads to draw attention to our services on external websites using advertisements (‘Google Ads’). By analysing the data obtained in the advertising campaigns, we can determine the success of our advertising. We do this because our concern is to display advertising that is of interest to you, to make our website more attractive, and to enable a fair calculation of our advertising costs.
These advertisements are delivered by Google via ‘Ad Servers’. For this purpose, we use Ad Server cookies, which can be used to track certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google Ad, Google Ads will store a cookie on your system. These cookies usually expire after 30 days and are not used to identify you personally. The unique cookie ID, Google Click Identifier (gclid), number of ad impressions per placement (frequency), last impression (relevant to post-view conversions), and opt-out information (marking to indicate that the user does not want to be contacted again) are usually stored as analysis values for this cookie.
These cookies allow Google to recognise your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can see that the user has clicked on the ad and been redirected to that website. Each Ads customer is allocated a different cookie. This means that cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data on these advertising campaigns. We receive only statistical evaluations from Google. Using these evaluations, we are able to see which of our advertising is particularly effective. We do not receive any further data collected from the use of the advertising; in particular, we are unable to identify users from this information.
Based on the marketing tools used, your browser automatically makes a direct connection with the Google server. We have no influence on the scope and further use of data collected by Google by means of this tool and therefore inform you on the basis of our present knowledge that, by integrating Ads Conversion, Google receives the information that you have accessed a part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to obtain and store your IP address.
Google Ads remarketing
We use the remarketing function within the Google Ads service. This function allows us to show advertisements to users of our website based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, ‘Google Ads,’ or on other websites). It enables analysis of how users interact with our website, e.g. which services a user is interested in, in order to be able to display personalised advertising to users on other sites after they have visited our website. For this purpose, Google stores cookies on the systems of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a particular device, not to identify a person.
4.3.2.2 Recipient of the data
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
More information on Google’s data protection policies can be found here: https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/de.html. You can also visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
4.3.2.3 Use of cookies
Google Ads uses cookies. These cookies have a lifetime of up to 180 days (only cookies set via this website). You can find detailed information in the list available at the following link: https://business.safety.google/adscookies/.
4.3.2.4 Data processed
The following categories of data are processed:
-
Unique cookie ID
-
Google Click Identifier (gclid)
-
Number of ad impressions per placement (frequency)
-
Last impression (relevant to post-view conversions)
-
Opt-out information (marking that the user does not want to be contacted again)
-
User interaction on our website
-
IP address
4.3.2.5 Relationship between the BVG and the data processor
Google acts as a separate controller when processing data as part of Google Ads. Data may be transferred to third countries. More information on this can be found at the end of this privacy policy and here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
4.3.2.6 Legal basis for data processing
Consent (Article 6(1)(a), 49(1)(a) of the GDPR): we will only store Google Ad cookies and perform associated data processing operations if you have granted us your voluntary and revocable consent to do so. Your consent means that your data may be processed in the USA and other third countries outside the EU.
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. Google is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
You can consent to the processing of your data by Google Ads, prevent the collection of your data, or withdraw any consent you may have given with the help of our consent manager You can withdraw your consent – with effect for the future but without effect on data processing carried out in the past – in various ways:
a) by installing the plug-in provided by Google at the following link: https://support.google.com/ads/answer/7395996?hl=en ;
b) by changing your cookie settings at the bottom of our website pages (grant or withdraw consent).
4.3.2.7 Duration of data processing
All data is stored for as long as is necessary to fulfil the state.
4.3.3 X
4.3.3.1 Purpose of data processing
We display short messages (so-called tweets) on our website that we have published on our communication channels on X (embedded tweets). We integrate the messages we publish on X via frame on our website to provide you with a smooth access without the need to switch websites.
4.3.3.2 Consent to data processing
You can consent to the processing of your data by X, prevent the collection of your data, or withdraw any consent you may have given with the help of our consent manager. To withdraw your consent, go to the cookie settings at the bottom of our website pages.
4.3.3.3 Use of cookies
X uses cookies. These cookies have a maximum lifetime of 13 months. We will, however, request your consent again after a period of one year and only carry out analysis after this time if you provide this consent.
4.3.3.4 Processed data
Already when calling up the embedded tweet, X will process your personal data (at minimum the website you visited, your IP address, browser type, operating system and cookie information).
Prior to viewing the embedded tweet, you will be asked for your consent to display the tweet and for X to set cookies in your browser. Information about what data X processes and for which purposes can be found in the X privacy policy: https://x.com/en/privacy.
By including an appropriate code snippet, we have ruled out the possibility of Twitter also using your data to personalise content.
We have no influence over the type and scope of data processed by Twitter, how it is processed and used, or whether it is disclosed to third parties. As a result, we do not have an effective method of monitoring how Twitter uses your data. In particular, Twitter may use the data for any of its own purposes, for example to create profiles or to link it to other data held by Twitter, such as your Twitter account data.
In all cases, Google will also receive information about the content you view, even if you have not created an account. This “log data” may include your IP address, browser type, operating system, information about the website and pages you previously visited, your location, your mobile provider, the device you are using (including device ID and application ID), the search terms you used, and cookie information.
4.3.3.5 Controller
Twitter International Company
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07
IRLAND
It is possible that Twitter Ireland will transfer the data processed from you to a server operated by X Corp. (1355 Market Street, Suite 900, San Francisco, CA, 94103) and process this data there.
With regard to the level of data protection in the USA, the EU Commission has issued an adequacy decision on the EU/US Data Privacy Framework (DPF), which certifies that the USA has the same level of data protection as the European Union. In particular, safeguards have been included to restrict access by US authorities or authorities in other countries. This adequacy decision relates to certified companies that are listed in this DPF. X is listed in the directory of the Data Privacy Framework Program of the U.S. Department of Commerce (as of 18.04.2024).
For more information on the protective measures for securing data transfer, see Section 4.4 below.
4.3.3.6 Legal basis for data processing, purpose of data processing
Consent (Article 6(1)(a) of the GDPR): storage of the above-mentioned data and the cookies set in your browser, as well as associated data processing operations, will only be carried out if you have granted your voluntary and revocable consent prior to viewing our Tweets.
4.4 Transfer of personal data to third countries
Please note that data processed in other countries may be subject to foreign laws and may be accessible to the governments, courts, law enforcement authorities, and regulatory authorities of those countries. If your personal data is transferred to third countries, however, we will take appropriate measures to adequately secure your data.
Unless an adequacy decision has been adopted by the EU Commission for the recipient country, the transfer of your data to a third country is protected by the fact that EU standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) have been concluded with the recipient or that binding corporate rules exist. Otherwise, the data will only be transferred if a derogation as set out in Article 49 of the GDPR is applicable.
5 Facebook fan page
5.1 Purpose of data processing
We operate a Facebook fan page (‘fan page’) in order to draw attention to our services and offers and to enable visitors to the fan page to interact.
5.2 Recipient of the data
Facebook Ireland Limited (‘Facebook’)
4 Grand Canal Square,
Grand Canal Harbour
Dublin 2, Ireland
The BVG has no influence on whether Facebook transfers personal data within its area of responsibility to third countries, for example to Facebook Inc. in the USA, and processes it there. More information can be found in the Facebook Privacy Policy.
5.3 Use of cookies
Facebook sets cookies when you visit the fan page. More information can be found in the Facebook Cookie Policy.
5.4 Data processed
When you visit the fan page, Facebook will process your personal data. More information can be found in the Facebook Privacy Policy.
5.5. Controller
Independent processing by Facebook
When you visit our fan page, Facebook will collect usage data. Under data protection law, Facebook alone is responsible for this data processing. Facebook provides information on this in the Facebook Privacy Policy and its Cookie Policy.
Independent processing by the BVG
When you visit the fan page, you can contact us using the messaging function, the Like buttons, and comments, which we can associate with individual users. The BVG alone is responsible for this data processing.
Processing with Facebook and the BVG as joint controllers
Facebook also collects certain usage data in order to provide us with aggregated and anonymised usage statistics (‘page insights’). Page insights do not allow us to identify the behaviour of individual users, but merely provide us with an overview of the use of the fan page. We ourselves do not have access to the personal data processed for the generation of statistics. Facebook alone determines which usage actions are logged by Facebook; we cannot change or otherwise influence this. This function is a part of the usage agreement with Facebook that cannot be waived by us. This means that we cannot unilaterally decide whether the ‘insights’ data is collected or not.
The BVG and Facebook are jointly responsible for this part of the processing. The BVG and Facebook have concluded an agreement on joint controllership (page insights supplement), which stipulates that Facebook bears primary responsibility for the fulfilment of all obligations with regard to the processing of page insights, and in particular for the exercise of the rights of data subjects.
5.6 Legal basis for data processing:
Insofar as we process personal data when you visit the fan page: Legitimate interest (Article 6(1)(f) of the GDPR): Legitimate interest in tracking usage behaviour on our fan page and consequently being able to optimise the services offered on the fan page, as well as interacting with you.
5.7 Duration of data processing
All data is stored for as long as is necessary to fulfil the stated purpose and then erased, provided there is no legal obligation to store it for a longer period. With regard to the data processed by Facebook, we refer to the Facebook Privacy Policy.
6 Your data protection rights
Depending on the circumstances in your specific case, you have the right to:
- obtain access to the personal data processed by us and/or request copies of these data. This includes information concerning the purpose of usage, the category of data used, their recipients and authorised users, and, where possible, the planned period for which the data will be stored or, if that is not possible, the criteria used to determine that period;
- request the rectification, erasure, or restriction of processing of your personal data, provided that its use is impermissible under data protection law, in particular because (i) the data is incomplete or incorrect, (ii) the data is no longer required for the purposes for which they were collected, (iii) the consent on which processing is based was withdrawn, or (iv) you have made use of your right to object to processing of your personal data; in cases in which the data is processed by third parties, we will forward your request for rectification, erasure, or restriction of processing to these third parties, unless this proves to be impossible or would involve disproportionate effort;
- refuse consent or – without affecting the lawfulness of data processing carried out prior to withdrawal – to withdraw your consent to the processing of your personal data at any time;
- request the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us; you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible;
- take legal action or appeal to the data protection supervisory authorities, if you are of the opinion that your rights have been infringed due to processing of your personal data that is not in compliance with data protection regulations.
If you wish to assert your rights as a data subject, please send an e-mail to the e-mail address specially set up for this purpose info-datenschutz@bvg.de.
You also have the right to object to processing of your personal data at any time:
- where we process your personal data for direct marketing purposes
- where we process your personal data in pursuance of our legitimate interests and on grounds relating to your particular situation
- where we process your personal data to perform tasks that are in the public interest and on grounds relating to your particular situation
7 Other information
7.1 Privacy policy updates
We update this privacy policy to reflect modified functions or changes to the law. We therefore recommend that you read the privacy policy from time to time.
7.2 Contact
If you have any questions, suggestions, or comments on the topic of data protection, please feel free to contact our data protection officer.
Contact information:
Data protection officer
Berliner Verkehrsbetriebe (BVG)
Statutory public body
Holzmarktstraße 15-17
10179 Berlin
or
datenschutz@bvg.de
7.3 Supervisory authority
You can also contact the supervisory authority responsible for Berlin in all questions relating to data protection:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59 - 61 (Visitor entrance Alt-Moabit 60)
10555 Berlin
Phone: +49 (30) 13889-0
Fax: +49 (30) 2155050
E-mail: mailbox@datenschutz-berlin.de
Last updated: 27/11/2024