We welcome you to our web pages and would like to explain to you whether and when your personal data is collected and processed.The following data protection notice gives you an overview of how we collect and process your data.
Thank you for visiting our website. We want to provide transparency regarding the possible collection and processing of your personal data.
It is possible to use our website without providing personal data. If you wish to use certain special services that we offer via our website, however, it may be necessary for us to process your personal data. If it becomes necessary to process personal data and there is no legal basis for this processing (e.g. a contractual agreement), we will ask for your consent.
This privacy statement provides you with information about the data we collect from you, the way we use it and how to revoke your consent to the use of your data.
Who is responsible for collecting and processing data?
DB Regio AG is the controller and is therefore responsible for collecting and processing your data. If you have any questions or suggestions about this website, please contact:
DB Regio AG
60486 Frankfurt am Main, Germany
Ms Dr. Marein Müller is the appointed privacy officer.
If you have any questions or suggestions regarding privacy, please send an e-mail to datenschutz.Regio@deutschebahn.com.
What data do we collect, and why do we process your data?
We collect and process your data only for specific purposes. These purposes may result from technical requirements, contractual obligations or express wishes of the user.
When you visit this website, certain device-specific data is collected and processed automatically. This refers to what are known as server log files that are typically created when you visit a website.
As a rule, the following data is transmitted to us via these files:
- IP address
- Date and time of your request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of your request
- Access status/HTTP status code
- Volume of data transmitted
- Website (from which the request came)
- Operating system and its interface
- Language and version of browser software
It is not technically possible to use this website unless this data is processed.
The legal basis for this processing is Art. 6 (1) (f) GDPR.
If you contact us, we will process the personal data you have provided in the course of our correspondence with you. The legal basis for this processing is Art. 6 (1) (f) GDPR.
If we obtain your consent to process your personal data, this consent serves as the legal basis required under Article 6 (1) (a) GDPR.
If we process personal data that is required in order to perform a contract that we have signed with you, then the contract is the legal basis in accordance with Article 6 (1) (b) GDPR. Article 6 (1) (b) GDPR also applies to processing operations that are required in order for us to take steps before a contract is entered into; for example, in the event of enquiries relating to our products or services.
If our company is subject to a legal obligation that requires us to process personal data – such as a tax obligation – then the legal basis for this processing is Article 6 (1) (c) GDPR.
Legal basis for data processing
If we ask for and receive your consent to perform processing operations on your personal data, your consent is considered, in accordance with point (a) of Article 6(1) of the General Data Protection Regulation (GDPR), as the legal basis to perform such processing operations.
When personal data is processed that is required to fulfill a contract agreed with you, the legal basis, in accordance with point (b) of Article 6 (1) of the GDPR, is the contract. Point (b) of Article 6 (1) of the GDPR also applies to processing operations that are required to carry out precontractual measures, for example, in the case inquiries about our products or services.
If our company must process personal data to comply with legal obligations, for example, to fulfill tax obligations, the data is processed on the basis of point (c) of Article 6 (1) of the GDPR.
Is data passed on?
Implementation of a contract normally requires the involvement of instruction-dependent data processors such as data center operators, printing or shipping service providers or other parties involved in fulfilling the contract.
External service providers that process data on our behalf are carefully selected by us and strictly bound by contract. The service providers work as instructed by us, which is ensured through strict contractual provisions, technical and organizational measures and additional checks.
Your data is otherwise transmitted only if you have given us your explicit consent or if this is required by law.
The data is not transferred to third-party states outside the EU/EEA or to an international organization unless adequate guarantees are in place. These include standard contractual clauses of the EU as well as adequacy decisions of the European Commission.
Do we share your data with third parties?
Making the website available, or contract processing generally requires the involvement of data processors working on our instructions, e.g. data centre operators, maintenance, printing and shipping service providers or event/marketing service providers.
The external service providers that we use to process data on our behalf are carefully selected and subject to strict contractual obligations. The service providers follow our instructions, and this is guaranteed by strict contractual regulations, technical and organisational measures, and supplementary checks and controls.
Moreover, we share your data with third parties only when you have given your express consent or on the basis of a statutory requirement.
How long do we store your data?
We store your data only for as long as is necessary to fulfil the purpose for which the data was collected and/or to comply with legal requirements. For example, if we have a contractual relationship with you, we store your data at least until the contract period has come to an end. The data will then be retained for the duration of the mandatory retention period.
When are cookies used?
Cookies are small text files used to store personal data. Cookies may be sent to this website when it is visited, allowing the user to be identified. Cookies help make websites easier for users to navigate.
We distinguish between cookies that are essential for the website's technical functions and cookies that are not essential for the website's technical functions.
Here is some information about the types of cookies and how they are used on our website:
It is generally possible to use https://regiosignale.deutschebahn.com without cookies that serve non-technical purposes. You can therefore set your browser to prevent cookie-based tracking (using "do not track" or a tracking protection list) or block third-party cookies from being stored. We also recommend that you regularly check which cookies are stored on your system unless you have explicitly requested they be stored.
Please note: Deleting all cookies also deletes any opt-out cookies so you will need to reset the relevant opt-out functions.
Use of Matomo (formerly Piwik)
We use the Matomo analytics platform (formerly Piwik) on our website in order to analyse how people use the website and how we can improve it. The statistics we gain from this allow us to improve our offering and make it more interesting for users. Small text files (cookies) store information about how you use our website, including your IP address. This data is anonymised and stored on our servers.
The legal basis for the use of Matomo is Art. 6 (1) sentence 1 (f) GDPR.
Your deactivation options: If you want to opt out of user behaviour analysis, you can configure your browser to refuse analysis cookies. You can also decide whether to allow a unique web analysis cookie to be stored on your browser, allowing the operator of the website to record and analyse different statistical data. If you want to opt out, deselect the following option to store the Matomo deactivation cookie in your browser:
Please note: If you delete all cookies, your deactivation cookie will also be deleted, meaning you will have to opt out of user behaviour analysis again.
What rights do users of ideenzug.deutschebahn.com have?
- You can request information as to what data is stored about you.
- You can request the rectification, erasure, and restriction of processing (blocking) of your personal data, provided these actions are permitted by law and in compliance with existing contractual conditions.
- You have the right to file complaints with a supervisory authority.
- You have the right to the portability of data that you have made available to us on the basis of consent or a contract (data portability).
- If you have given us your consent to process your data, you can withdraw this consent at any time, using the same methods that you used to give your consent. Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.
- You may object to data processing for reasons associated with your particular situation if the data processing is performed on the basis of our legitimate interests.
- You can opt out of targeted advertising at any time. This takes effect for the future (advertising opt-out).
To exercise your rights, simply send a letter by post or e-mail to the above contact address.
What happens in the case of links to external websites?
If you click a link to an external website, you are leaving the pages of DB Regio AG. This means that DB Regio AG is not responsible for the content, services or products offered on the linked website, nor is it responsible for the data protection or technical security on the linked website.
Updating for new functionalities
We update our privacy statement whenever there are changes to functions or legislation. We therefore recommend that you review our privacy statement at regular intervals.
Last modified: May 2021