1. Data protection at a glance
Data Privacy Statement for passengers
Data collection during ticket inspections on the 3-Ringzug train
In order to fulfil our information obligations in accordance with Art. 13 et seq. General Data Protection Regulation (GDPR), we would like to present our information on data protection below:
Who is responsible for controlling data?
Responsible in terms of data protection law is the Zweckverband Ringzug Schwarzwald-Baar-Heuberg, Am Hoptbühl 2, 78048 Villingen-Schwenningen, Germany.
You can find more information about our organisation, the persons authorised at our organisation to represent it and further options for contacting us in the Legal Notice on our website: https://mein-move.de/en/imprint/.
Which of your data do we process? And for what purposes?
If we have received data from you, then we will only process it for the purposes for which we have received or collected it. Data processing for other purposes only comes into consideration if the legal requirements required for this pursuant to Art. 6 (4) GDPR exist. In this case, we will adhere to any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR as a matter of course.
Under what legal basis does this take place?
Insofar as no other specific legal provisions exist, the legal basis for processing personal data is in principle Art. 6 GDPR. The following possibilities come into consideration in particular here:
- Consent (Art. 6 (1) (a) GDPR)
- Data processing for the fulfilment of contracts (Art. 6 (1) (b) GDPR)
- Data processing on the basis of a balance of interests (Art. 6 (1) (f) GDPR)
- Data processing to fulfil a legal obligation (Art. 6 (1) (c) GDPR)
If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time.
If we process data based on a balance of interests, you, as the data subject, have the right to object to personal data being processed taking into account the requirements of Art. 21. GDPR.
How long is the data saved for?
We process the data as long as this is required for the respective purpose. Insofar as there are legal obligations to retain data – e.g. under commercial or tax law – the personal data concerned will be stored for the duration of the obligation to retain. After the retention period has expired, a check is made to determine whether a further need for processing exists. If it is no longer necessary, the data is deleted.
As a matter of principle, we conduct a review of data towards the end of each calendar year to determine the need for further processing. Due to the volume of data, this review is conducted in relation to specific types of data or purposes of a processing operation.
You can, of course, request information about the data we have stored about youn at any time (see below) and, if it is not required, request that the data be deleted or its processing restricted.
Which recipients is the data disclosed to?
Your personal data will only be disclosed to third parties if this is necessary for fulfilling the contract with you, if disclosure is permissible on the basis of a balance of interests as defined in Art. 6 (1) (f) GDPR, if we are legally obliged to disclose the data or if you have given your consent to do so.
Where is the data processed?
We process your personal data exclusively in data centres located within the Federal Republic of Germany.
Your rights as data subject
You are entitled to receive information about the personal data we process on your person. In the event that you make a request for information other than in writing, please understand that we may ask you to prove that you are the person who you claim to be. Insofar as you are legally entitled to do so, you also have the right to have your data corrected or deleted, or have its processing restricted. You also have the right to object to its processing in accordance with the legal requirements. The same applies to the right to data portability.
In particular, you have the right to object to your data being processed in connection with direct marketing in accordance with Art. 21 (1) and (2) GDPR, if this is carried out on the basis of a balance of interests.
Our Data Protection Officer
We have appointed a data protection officer at our company. You can reach them using the following contact details:
Zweckverband Ringzug Schwarzwald-Baar-Heuberg
– Data Protection Officer –
Am Hoptbühl 2
Right to appeal
You have the right to appeal to a data protection supervisory authority concerning our processing of your personal data.
The collection of data on our website
Who is responsible for collecting data on this website?
Data is processed on this website by the website operator. The contact details for the website operator are published in the Legal Notice on this website.
How do you collect my data?
In the first instance, we collect your data in situations where you provide us with it. For example, this could be the data you enter in a contact form.
Our IT systems also collect other data automatically when you visit our website. This mainly concerns technical data, such as your Internet browser, operating system or when you called up the page. This data is collected automatically as soon as you enter our website.
What do you use my data for?
Some of the data is collected to make sure that the website functions without error. Other data may be used to analyse your user behaviour.
What rights do I have regarding my data?
You have the right to obtain information about the origin, recipient and purpose of the personal data stored about you at any time free of charge. You also have the right to request that this data be corrected, blocked or deleted. You can contact us at any time using the address provided in the Legal Notice if you have any questions concerning this or other issues relating to data protection. You also have the right to appeal to the competent supervisory authority.
Analysis tools and third-party tools
2. General and mandatory information
We would like to point out that transferring data over the Internet (e.g. when communicating by e-mail) can be vulnerable to security gaps. It is impossible to completely protect data against unauthorised access by third parties.
Information about the data controller responsible
The data controller responsible on this website is:
Am Hoptbühl 2
The data controller is the natural or legal person, alone or together with others, who decides on the purpose and means of processing personal data (e.g. names, email addresses, etc.).
Revoking your consent to data processing
Many data processing operations can only be performed with your express consent. You can revoke any consent you have already provided at any time. To do so, simply send us an informal email message. The legality of the data processing we perform up to the point of you revoking your consent remains unaffected by the act of revocation.
Right to appeal the competent supervisory authority
In the event of data protection law violations, the data subject has the right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection officer in the federal state in which our company is based. A list of data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (in German only).
Right to data portability
You have the right to have data that we process automatically, on the basis of your consent or in performance of a contract, handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of your personal data to another data controller, this only takes place insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of sensitive content, such as the orders or enquiries you send us as site operator. You can recognise an encrypted connection when you change the address line in your browser from “http://” to “https://” and by the lock icon in the address bar.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the relevant statutory provisions, you have the right to receive information free of charge at any time concerning personal data stored about you. This includes information on its origin, to whom it was sent, the purpose of its processing, and, if you wish, the right to rectify, block or delete this data. You can contact us at any time using the address provided in the Legal Notice if you have any questions concerning this or other issues relating to personal data.
Objecting to promotional emails
As part of our duty to provide a legal notice on this website, we hereby prohibit using the contact data published for sending unsolicited advertisements and information material. The operators of these pages reserve the express right to take legal action in the event that unsolicited promotional information, such as spam emails, is sent out.
3. The collection of data on our website
Most of the cookies we use are what are referred to as “session cookies”. They are automatically deleted once you leave our website. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser the next time you visit our website.
Server log files
The provider of this website automatically collects and stores information in what are referred to as server log files that your browser sends us automatically. This information includes:
- Browser type/version
- Operating system used
- Referring URL
- The host name of the computer accessing our website
- The time of the server request
- IP address
This data is not merged with other data sources.
Data processing is performed subject to Sec. 6 (1) (b) GDPR, which allows data to be processed in order to perform contractual or pre-contractual measures.
If you use our contact form to send us enquiries, we store the information you provide in this form along with the contact details you enter in it to precipitate processing your enquiry and handling any follow-up questions. We do not disclose this data without your consent.
As a result, the data entered into the contact form is processed subject to your consent alone (Sec 6 (1) (a) GDPR). You can revoke your consent at any time. To do so, simply send us an informal email message. The legality of the data processing operations we perform up to the point of you revoking your consent remains unaffected by the act of revocation.
The data you have entered in the contact form remains in our possession until you ask us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed in full). Mandatory statutory provisions – especially retention periods – remain unaffected by this.