Privacy policy

Thank you for your interest in our company, our products and our services. Our privacy notice aims to let you know what data we collect from you, how we use this data and how you can object to the use of data.
It is basically possible to use our web pages without providing personal data. Certain services and activities provided by our company via our internet site may make it necessary to process personal data. The following privacy notice will provide you with detailed information about this. Please note that our web pages may contain links to other providers that are not covered by this privacy notice.

Who is responsible for collecting and processing data on this website?

The Deutsche Bahn Connect GmbH (DB Connect), Mainzer Landstraße 169, 60327 Frankfurt am Main collects and processes your data as the controller.
The official data protection officer of our company is Dr. Marein Müller. The Data Protection Officer can be reached
via E-Mail

If you have any general questions, suggestions or complaints regarding the processing of your personal data on this website please contact us via E-Mail at or by post at the address above.
If you have any questions, suggestions and/or criticism regarding the StadtRAD Lüneburg product, please contact us by e-mail at or by post at the address above.

What data do we collect and why are we processing your data?

All data collection and processing is undertaken for specific purposes. These may result from technical necessities, contractual requirements or explicit user requests.
For technical reasons, certain data must be collected and stored when visiting the StadtRAD Lüneburg website:
·        Date and duration of your visit
·        The websites you visited
·        recognition data of the browser and operating system type used
·        the website from which you are visiting us
We use this data exclusively for the purpose of technical administration of the application and to fulfil your wishes and requirements.
This concerns the following cases in detail:


A customer account is created as part of your registration at In addition to the mandatory information required for registration and use of StadtRAD Lüneburg, you have the option of providing further voluntary information. Below you will find a list of the corresponding data:
Mandatory information:
- Adress
- Contact Details (E-Mail-Adress, Mobile Phone)
- Date of birth
- Payment information (Credit Card Number and validity or IBAN and BIC)
Depending on the selected tariff, further data may be collected. (Example: VBB annual season ticket number, BVG annual season ticket number, S-Bahn Berlin annual season ticket number, name of the university attended, BahnCard number). For the authorization of the credit card payment, the check digit is requested for each payment transaction but won’t be stored.

Voluntary information:

- Contact Details: private and/or business phone number
We also store your booking data, which includes information about the existence of a BahnCard, your registration data and - if you order a newsletter as a registered customer - the information given there about your areas of interest in your customer account and, in addition to processing the contractual relationship with you, we also use it for internal analysis and market research purposes. We want to use the findings from this to constantly improve our offer. In addition, we want to optimally adapt our offers to your demand and needs. This goal is also served by the storage and analysis of usage data from the online area on a pseudonymous basis. A connection to your personal data is not being established. You can object to this pseudonymous use of data at any time. Please send your objection to
Participations in lotteries
In the context of lotteries, data is collected for their processing. You will find the details of data processing during the lottery in the privacy policy of the respective lottery


If you register for a newsletter from us, the following mandatory data will be collected:
-        E-Mail-Address
In this case, your e-mail address may be used by us for advertising purposes.
When you register for the newsletter, we store the IP address of your computer system used at the time of registration, as well as the date and time of registration, as assigned by your internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the email address of a data subject at a later date and therefore serves our legal protection.
You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the bottom of your newsletter.

Legal basis for data processing
- If we obtain your consent to perform processing operations involving your personal data this shall provide the legal basis pursuant to Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
- Where the processing of personal data is necessary for the performance of a contract with you, the contract provides the legal basis under Article 6(1) (b) GDPR. Article 6(1) (b) GDPR also applies to processing operations that are necessary for carrying out precontractual measures, such as in the case of inquiries about our products and services.
- Where our company is under a legal obligation which makes it necessary to process personal data, such as for example to comply with tax obligations, such processing is based on Art. 6 (1) (c) GDPR.
 - Where necessary, we process your data to an extent that goes beyond performance of the contract in order to protect our legitimate interests or those of third parties pursuant to Art. 6 (1) (f) GDPR). Examples of this include: the revision and improvement of procedures for business management and the development of products and services; advertising, market research and opinion polling - provided you have not objected to the use of your data; the assertion and defense of legal claims; prevention and investigation of criminal offenses; safeguarding IT security and IT operations; consultation and exchange of data with credit agencies to determine creditworthiness and default risk
 - We collect your personal data for recruitment procedures and within the framework of the employment contract on the basis of Art. 6 (1) (b), Art. 88 General Data Protection Regulation (GDPR) in conjunction with Section 26 (1), sentence 1 German Federal Data Protection Act (BDSG)
We may also use the e-mail address that we have received from you as a result of a business relationship with you for advertising purposes.
You can object to this promotional use of your data at any time with effect for the future. You can send us your objection by E-mail to

What rights do users of the website have?
- You can request information about the data that we have stored about you.
- You can require correction, deletion and the restriction of processing (blocking) of your personal data if this is permitted by law and possible within the scope of an existing contractual relationship.
- If you grant us consent to process your data, you can withdraw this at any time by the same method that you used to grant it. Withdrawal of consent shall not affect the lawfulness of processing which took place prior to withdrawal of consent. To exercise your rights, send a letter by post to the above-named controller.
- In addition, you have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory responsible for our company is: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, E-Mail:
To assert your rights, simply send a letter by post to Deutsche Bahn Connect GmbH), Mainzer Landstraße 169, 60327 Frankfurt am Main or via E-Mail to

How long is your data stored?
Your data will be deleted as soon as they are no longer required for the purpose for which they were collected (e.g. within the framework of a contractual relationship). Your data must also be deleted if it is not permissible to store them (particularly if the data are inaccurate and correction is not possible). Where legal or practical obstacles prevent deletion, the data are blocked (e.g. special archiving obligations).

Do we share your data with third parties?
Contract processing generally requires the deployment of direct-reporting contract processors, such as data center operators, shipping and freight forwarding service providers, and other parties involved in contract performance. External service providers, who are commissioned by us to process data, are carefully selected and placed under a strict contractual obligation e.g. by way of rigorous technical and organizational measures and supplementary checks. Your data will only be transferred if you have provided your express consent or on the basis of a statutory provision.
Personal data will not be transferred to third countries outside the EU or EEA, or to an international organization, unless appropriate safeguards are in place. These include the EU standard contractual clauses as well as an adequacy decision by the EU Commission.
Irrespective of this, transfer may be necessary:
- Debt collection
In the event of payment irregularities / non-payment, data may be passed on to a debt collection agency.
- Payment by credit card / Concardis AG
 If you choose to pay by credit card, the data you enter will be passed directly to the system of our payment service provider.
- Payment provider
We use the Payengine platform of our payment service provider ConCardis GmbH (Helfmann-Park 7, 65760 Eschborn) to process payments. Encrypted data is therefore transmitted to ConCardis during payment processing.
For more information on data processing at ConCardis, please refer to the ConCardis GmbH data protection declaration at

Is data transmission encrypted?
Data and emails sent via the internet are normally unencrypted and are therefore not protected against third-party access. Since we cannot guarantee the confidentiality of the information sent to us via email, we recommend that you only send confidential information by contact form or post.

What cookies are being used?
Cookies are small files that are stored on your PC. These cookies enable our server to recognize your computer and make it easier for you to navigate and use our web pages. We distinguish between cookies that are essential for the technical functions of the web page and cookies that are not essential for the technical functions of the web page.
The use of our web pages is generally possible without cookies that do not serve any technical purpose. Please note that if you refuse cookies used for advertising purposes, you will receive advertisements that are less personalized and less suited to your interests. You will, however, still be able to make full use of the web page.

What happens by clicking links to external websites?  
By clicking on a link to an external page, you are moving outside the ttps:// website. Deutsche Bahn Connect GmbH is therefore not responsible for the content, services or products offered on the linked website, nor for data protection and technical security on the linked website.

Updates to the data privacy notice
We update this privacy notice to reflect modified functionality or changes to the legal situation. We therefore recommend that you review the privacy notice periodically.

Updated: May 2021