Our Data Protection
The use of our website is generally possible without providing personal data. However, if you wish to use special services of our company via our website or if you book a trip via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing (e.g. the implementation of a contractual agreement), we ask for your consent.
With this notice, we inform you about what data we collect from you, how we use it and how you can object to the use of data.
1.1 Who is responsible for data collection and processing?
DB Fernverkehr AG collects and processes your data as the responsible party.
The appointed data protection officer is Dr. Marein Müller.
If you have any questions or suggestions regarding data protection at the DB Regio Shop, please contact:
DB Fernverkehr AG
Europa-Allee 78-84
Keyword: "Data protection
60486 Frankfurt am Main
E-mail: p.d-datenschutz@deutschebahn.com
1.2 What data do we collect and how and why do we process your data?
We collect and process your data exclusively for specific purposes. These may result from technical necessities, contractual requirements or express user requests.
For technical reasons, certain data must be collected and stored when you visit dbregio-shop.de, such as the date and duration of your visit, the web pages used, the identification data of the browser and operating system type used, and the website from which you visit us.
In order to fulfill a contract, we require personal data from you. This data is required to make ticket bookings, payment processing, credit checks, in the case of postal delivery, delivery to the address given and to carry out the processing of cancellations and refunds, if necessary.
This concerns in detail:
- Full name and address
- Date of birth
- For the "German Rail Pass" offer, the passport no.
- For semester tickets, the personal matriculation number
- e-mail address
- Desired payment method
- Account details with IBAN (in case of SEPA direct debit)
- Credit card data (in case of credit card payment method, check digit will not be stored)
Booking of an online-ticket
For the control of online tickets on the train, contact and identification data are recorded at the time of booking. On the train, the information displayed on the ticket is displayed on the control device (mobile terminal).
Customer account
In order to create a customer account, the following mandatory data are collected. No personal account can be created without providing this data:
- Salutation
- First and last name
- address address
- e-mail address
No personal account can be created without providing this data. All other information about yourself and your travel profile is voluntary. We store your booking data and your login data in your customer account and also use them for internal analysis and market research purposes. We generally want to use findings from this to constantly improve our offer. This goal is also served by the storage and analysis of usage data from the online area on a pseudonymous basis. A connection to your personal data is not established here. You can object at any time to the pseudonymous use of data that is generated when you use the online services of Deutsche Bahn.
Payment data
For the processing of payments in connection with ticket bookings, payment data such as account or credit card data, contact and identification data are collected.
For the authorization of credit card payments, the check digit is requested for each payment transaction. This is not stored.
1.3 Legal basis of data processing
Insofar as we obtain consent from you for processing operations of personal data, this serves as the legal basis according to Article 6 (1) lit. a DSGVO.
When processing personal data that is necessary for the performance of a contract with you, the contract is the legal basis under Article 6(1) lit. b DSGVO. Article 6(1) lit. b DSGVO also applies to processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Article 6 (1) lit. c DSGVO.
In order to constantly improve our offer, we store and analyze usage data from the online area on a pseudonymous basis. The legal basis for this is Art. 6 para. 1 f) DSGVO.
1.4 Is data passed on?
As a rule, contract processing requires the involvement of instruction-dependent processors, such as data center operators, printing or shipping service providers or other parties involved in the fulfillment of the contract.
External service providers who process data on our behalf are carefully selected by us and strictly bound by contract. The service providers work according to our instructions, which is ensured by strict contractual regulations, by technical and organizational measures and by supplementary controls.
Otherwise, your data will only be transferred if you have given us your express consent to do so or on the basis of a legal regulation.
A transfer to third countries outside the EU/EEA or to an international organization does not take place unless there are adequate guarantees. These include the EU standard contractual clauses and an adequacy decision by the EU Commission.
A transfer may be necessary, for example, in the following constellations for the purpose of contract processing when booking in the DB Regio Shop:
- for payment processing by DVB LogPay GmbH, Schwalbacher Str. 72, 65760 Eschborn, Germany
- for processing customer support by DB Dialog GmbH, Bleicherufer 21, 19053 Schwerin, Germany.
1.5 How long is your data stored?
We only store your data for as long as it is required to fulfill the purpose for which it was collected (e.g., within the scope of a contractual relationship) or if this is provided for by law. Thus, in the context of a contractual relationship, we store your data at least until the complete termination of the contract. Afterwards, the data is stored for the duration of the statutory retention periods.
1.6 When are cookies used?
Cookies are small text files in which personal data can be stored. The cookies can be transmitted to a page when it is called up and thus enable the user to be identified. Cookies help to simplify the use of Internet pages for users.
We distinguish between cookies that are absolutely necessary for the technical functions of the website and those cookies that are not absolutely necessary for the technical functions of the website.
We want to give you the opportunity to make an informed decision for or against the use of cookies that are not absolutely necessary for the technical functions of the website. Please note that if you refuse cookies used for advertising purposes, you will receive advertising that is less tailored to your interests. However, the use of the website remains possible to the full extent.
We inform you here about the type and scope of the use of cookies on our pages:
The use of the DB Regio Shop is generally possible without cookies that serve non-technical purposes. You can therefore prevent tracking by cookies in your browser (Do-not-track, Tracking-Protection-List) or prohibit the storage of third-party cookies. In addition, we recommend that you regularly check the stored cookies, unless you expressly wish to do so.
Please note: When deleting all cookies, any set objection cookies (opt-out cookies) will also be deleted, so that you would have to exercise any declared objections again.
Cookies that are mandatory for the use of the site:
Cookie |
Beschreibung |
Ablauf |
Shop |
Notwendiger Cookie zur Nutzung des Online-Shops, u.a. für Registrierungen und Kaufprozesse |
1 Stunde |
Cookies that are not mandatory for the use of the site:
- None
1.7 What rights do users of dbregio-shop.de have?
- You can request information about what data is stored about you.
- You can demand correction, deletion and restriction of processing (blocking) as long as this is legally permissible and possible within the framework of an existing contractual relationship.
- You have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for DB Fernverkehr AG is: The Hessian Data Protection Officer, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, e-mail: poststelle@datenschutz.hessen.de.
- You have the right to transfer those data that you have provided to us on the basis of consent or a contract (data portability).
- If you have given us consent to process data, you may revoke this consent at any time by the same means by which you gave it. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- You may object to data processing for reasons arising from your particular situation if the data processing is based on our legitimate interests.
- You can object to being approached by advertising at any time with effect for the future (advertising objection).
- If you have set up a customer account, you can have it deleted.
To exercise your rights, simply send a letter by post to:
DB Fernverkehr AG
Europa-Allee 78-84
Keyword: "Online Ticketshop
60486 Frankfurt am Main
E-mail: p.d-datenschutz@deutschebahn.com
1.8 What happens with links to external pages?
When you click on a link to an external page, you are moving outside the pages of the DB Regio Shop. DB Fernverkehr AG is therefore not responsible for the content, services or products offered on the linked website, nor for data protection and technical security on the linked website.
1.9 Updating the data protection notice
We adapt the data protection notice to changed functionalities or changed legal situations. We therefore recommend that you take note of the data protection notice at regular intervals. If your consent is required or components of the data protection notice contain provisions of the contractual relationship with you, the changes will only be made with your consent.
Status: April 2023