Privacy Policy

Rhein-Main-Verkehrsverbund GmbH ("RMV") takes the protection of your personal data very seriously. We want you to know when we collect which data and how we use it. In the following, we inform you about the type, scope and purpose of the collection, processing and use ("processing") of personal data ("data") in the context of the use of our website and within external online presences, such as our social media profiles ("online presence"). 

Note on the responsible body

The responsible body for data processing on this website is:

Rhein-Main-Verkehrsverbund GmbH
Alte Bleiche 5 
65719 Hofheim am Taunus

Tel.: +49 6192 294-0
Fax: +49 6192 294-900
E-Mail: datenschutz@rmv.de

Data protection officer required by law

RMV has appointed an external data protection officer:

DSBOK
Oliver Krause (eDSB)
Untergasse 2
65474 Bischofsheim

Tel.: +49 6144 402197
E-Mail: info@dsbok.de
Website: www.dsbok.de

Data collection

Server log files

RMV automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and browser version
  • browser type and browser version
  • referrer URL
  • Time of the server request
  • IP-addresses are not saved

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.

  • Types of data processed: Content data (e.g. text entries), usage data (e.g. entry pages, access times), meta/communication data (e.g. device information).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal grounds: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Cookieless usage analysis via Matomo

This website uses the open source web analytics service Matomo. RMV has configured Matomo in such a way that Matomo does not store any cookies in your browser.

With the help of Matomo, we are able to collect and analyze anonymized data about the use of our website by website visitors. This enables us to find out, among other things, when and which page views were made and from which region they originated. We also collect various log files (e.g. URL accessed, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, downloads and the like).

Matomo is hosted exclusively on our own servers, so that all analysis data remains with us and is not passed on.

Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

The use of this analysis tool is based on Art. 6 (1) lit. f DSGVO. RMV has a legitimate interest in analyzing user behavior in order to continuously optimize the microsite for your user experience.

  • Types of data processed: Usage data (e.g. entry pages, interest in content, access times), meta/communication data (e.g. device information, anonymized IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 para. 1 lit. f. DSGVO).

 

Sending the Deutschlandticket newsletter

If you are interested in our Deutschlandticket newsletter and have entered your e-mail address in the form field and then verified it by double opt-in, we will send you the latest information and news about Deutschlandticket by e-mail. The newsletter is sent using our e-mail dispatch tool from Episerver GmbH, with whom we have a contract for the processing of orders.

  • Types of data processed: E-mail address
  • Data subjects: Communication partner.
  • Purposes of processing: We process the listed personal data for direct marketing purposes (newsletter dispatch on the Deutschlandticket).
  • Legal basis: The legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO (consent).
  • Recipients or categories of recipients: Within the scope of data processing for the newsletter, we use service providers who act as order processors for us. These are obligated to comply with the data protection requirements of the GDPR within the framework of an order processing agreement. It cannot be ruled out with a probability approaching certainty that personal data will be transferred to a third country through the use of processors. Within the framework of a processing contract, the processors are obligated to ensure that the requirements pursuant to Art. 44 et seq. DSGVO are fulfilled.
  • Deletion: Personal data processed by us in the context of the Deutschlandticket newsletter will be deleted no later than 3 months after the newsletter has been discontinued.

Company details of the JobTicket registration form

If you are interested in our JobTicket and fill in and send us the registration form provided for this purpose, we will store your transmitted data for the purpose of preparing an offer as well as for setting up and implementing the contract. 

  • Types of data processed: Company data (e.g. company, address, number of employees, etc.) and contact details of the contact person (e.g. name, e-mail address, telephone number).
  • Data subjects:  JobTicket interested parties and contractual partners.
  • Purposes of processing: We process the listed personal data for the purpose of cost calculation and for the conclusion or performance of the contract.
  • Legal basis: The legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO (fulfilment of a contract or for the implementation of pre-contractual measures).
  • Recipients or categories of recipients: In order to fulfil our contractual obligations, we use service providers who act as processors for us. Through the use of processors, it is possible that personal data may be transferred to a third country. Within the scope of a contract for commissioned processing, the processors are obligated to ensure that, in the event of a transfer to a third country, the requirements pursuant to Art. 44 et seq. DSGVO are fulfilled.
  • Deletion: After expiry of the statutory retention period (10 years from termination of the contract), your data will be deleted. 

Company details for the Deutschland-JobTicket

If you are interested in our Deutschland-JobTicket and fill in and send us the form provided for this purpose, we will store the data you provide for the purpose of preparing an offer and setting up and implementing the contract, or pass it on to the local transport company responsible.

  • Types of data processed: Company data (e.g. company, address, number of employees, etc.) and contact details of the contact person (e.g. name, e-mail address, telephone number).
  • Data subjects: Germany-JobTicket interested parties and contractual partners.
  • Purposes of processing: We process the listed personal data for the purpose of cost calculation and for the conclusion or performance of the contract.
  • Legal basis: The legal basis for the processing is Art. 6 Para. 1 lit. b) DSGVO (fulfilment of a contract or for the implementation of pre-contractual measures). The legal basis for the transfer of data to transport companies is Art. 6 para. 1 lit. f) DSGVO. The purpose of the transfer is to ensure proper customer and contract support. This is also our legitimate interest. 
  • Recipients or categories of recipients: In order to fulfil our contractual obligations, we use service providers who act as processors for us.
    Through the use of processors, it is possible that personal data may be transferred to a third country. Within the framework of a contract for commissioned processing, the processors are obligated to ensure that, in the event of a transfer to a third country, the requirements pursuant to Art. 44 et seq. DSGVO are fulfilled. Requests regarding Deutschland-JobTickets made from Frankfurt or Wiesbaden will be forwarded to the respective local transport company (Frankfurt: VGF- Stadtwerke Verkehrsgesellschaft Frankfurt am Main, Kurt-Schumacher-Straße 8, 60311 Frankfurt; Wiesbaden: ESWE Verkehrsgesellschaft mbH, Gartenfeldstraße 18, 65189 Wiesbaden). Requests from companies for less than 30 Deutschland-JobTickets will also be forwarded to the respective local transport company. The responsibility of the local transport company depends on the location of the requesting company.
  • Deletion: After expiry of the statutory retention period (10 years from termination of the contract), your data will be deleted.

 

Sweepstake form

If you take part in our competition, we store this data for the purpose of processing the competition, in particular for determining and notifying the winners.

  • Types of data processed: E-mail address.
  • Data subjects: Participants of the competition.
  • Purposes of processing: Your personal data will be processed for the purpose of administering the competition or promotion, in particular for determining and notifying the winners. For the purpose of sending and delivering prizes, we may subsequently collect and process further data, e.g. your postal address.
  • Legal basis: The legal basis for the processing is the fulfilment of the contractual relationship existing through participation in the competition or the promotion (Art. 6 para. 1 sentence 1 lit. b DSGVO).
    Recipients or categories of recipients: In order to fulfil our contractual obligations, we use service providers who act as processors for us. Through the use of processors, it is possible that personal data may be transferred to a third country. Within the framework of a contract for commissioned processing, the processors are obligated to ensure that, in the event of a transfer to a third country, the requirements pursuant to Art. 44 et seq. DSGVO are fulfilled.
  • Deletion: The processed data will be deleted after the end or expiry of the competition or the promotion and the dispatch of the prizes.

 

Participant details in the RMV Future Lab registration form

If you send us your registration for the RMV Future Lab using the registration form, your details from the enquiry form, including the data you provide there, will be stored by us for the purpose of processing the registration and in the event of follow-up questions. We do not pass on this data without your consent.

  • Types of data processed: contact data of the participant (e.g. name, e-mail address, telephone number), content data (entries in the online form).
  • Data subjects: Persons interested in participating in the RMV Future Lab.
  • Purposes of processing: Processing of registration for the RMV Future Lab and in the event of follow-up questions.
  • Legal basis: The processing of this data is based on Art. 6(1)(b) DSGVO if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.
  • Recipients or categories of recipients: Within the scope of registration for the RMV Future Lab, we use the service provider Rhein-Main-Verkehrsverbund Servicegesellschaft mbH, a 100% subsidiary of RMV, for support and processing. Information on data protection: www.rms-consult.de/datenschutz/ In accordance with Art. 28 DSGVO, we have concluded a contract processing agreement with Rhein-Main-Verkehrsverbund Servicegesellschaft mbH. No personal data is transferred within the scope of project responsibility by TU Dresden.
  • Deletion: The processed data will be deleted after the RMV Future Lab has been carried out or after follow-up questions have been clarified and the workshop materials and results have been sent.

 

Audio and video conferencing in the RMV Future Lab.

We use online conferencing tools for the RMV Future Lab. The tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the respective conference tool. For evaluation and documentation purposes, the event will be recorded in picture and sound.

  • Types of data processed: user details, meeting, meta data, text, audio and video data and recordings. The conference tools collect any data you provide/enter to use the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata). Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection. If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection declarations of the respective tools used, which we have listed below this text. For evaluation and documentation purposes, the events are recorded in picture and sound. 
  • Data subjects: Participants in the RMV Future Lab.
  • Purposes of processing: The conference tools are used to communicate with participants and to hold the event. For evaluation and documentation purposes, the event is recorded in sound and image.
    Legal basis: The legal basis for this is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Insofar as consent has been requested (recording & use), the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
    Recipients or categories of recipients: As part of the implementation of the RMV Future Lab, we use the service provider Rhein-Main-Verkehrsverbund Servicegesellschaft mbH, a 100% subsidiary of RMV, for the purpose of recording, processing or analysing the image and sound recordings. Information on data protection: www.rms-consult.de/datenschutz/ 
    In accordance with Art. 28 DSGVO, we have concluded a contract processing agreement with Rhein-Main-Verkehrsverbund Servicegesellschaft mbH. No personal data is transmitted within the scope of the project responsibility by TU Dresden.
    For the video and audio conferences, we use, among other things, tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
  • Conference tools used: Zoom
    We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom's privacy policy: zoom.us/de-de/privacy.html. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.
    • Commissioned processing: We have concluded a General Data Protection Agreement pursuant to Art. 44 et seq. DSGVO, we have concluded a contract on General Data Protection Clauses (SCC) with the provider named above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
  • Deletion: The data and recordings directly collected by us via the video and conference tools are stored by ours indefinitely or until revoked for evaluation and documentation purposes. The legal basis for this is the requested consent. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

 

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
  • Data subjects: Communication partners.
  • Purposes of processing: contact requests and communication.
  • Legal grounds: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Disclosure of personal data to third parties

Data that has been logged when accessing the RMV's internet service will only be passed on to third parties if we are obliged to do so by or on the basis of the law or an enforceable order of a court, authority or other body under public law, or if the passing on is necessary for legal or criminal prosecution in the event of attacks on the RMV's internet infrastructure. The data will not be passed on for other non-commercial or commercial purposes.

Security measures

We take appropriate technical and organisational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

  • Shortening of the IP address: If it is possible for us or if it is not necessary to store the IP address, we shorten your IP address or have it shortened. In the case of IP address shortening, also known as "IP masking", the last octet, i.e. the last two numbers of an IP address, are deleted (in this context, the IP address is an identifier individually assigned to an Internet connection by the online access provider). The shortening of the IP address is intended to prevent or make it significantly more difficult to identify a person by their IP address.
  • SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

Rights of the data subjects

As a data subject, you have various rights under the GDPR, in particular under Articles 15 to 18 and 21 of the GDPR:

  • Right to object:
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
     
  • Right of withdrawal of consent:
    Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
     
  • Right to information:
    You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
     
  • Right to rectification:
    You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be corrected.
     
  • Right to erasure and restriction of processing:
    In accordance with legal requirements, you have the right to request that data concerning you be deleted without delay or, alternatively, to request restriction of the processing of the data in accordance with legal requirements.
     
  • Right to data portability:
    You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
     
  • Right to restriction of processing:
    You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
    • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
    • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
    • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
    • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
       
  • Right to complain to competent supervisory authority:
    In the event of breaches of the GDPR, data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Amendment and update of the privacy policy

This privacy policy is current as of 17/11/2022.

As this website evolves and new technologies are implemented to improve our service to you, changes to this Privacy Policy may also be necessary. Therefore, we encourage you to review this privacy statement from time to time. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification