Privacy Notice for App "S-Bahn Berlin Connect"

If you wish to use the services of our company via our app, it may be necessary to process personal data. This notice informs you about what data we collect from you, how we use it and how you can object to its use.

Who is responsible for data collection and processing?

The S-Bahn Berlin GmbH (Elisabeth-Schwarzhaupt-Platz 1, 10115 Berlin) collects and processes your data as the controller. Should there be any deviations from this in certain cases, you will be informed of this at the appropriate point in the further course of this privacy notice.

If you have any questions or suggestions regarding privacy in our app, please contact:
kundenbetreuung(at)s-bahn-berlin.de.

The appointed data protection officer is Chris Newiger: datenschutz.regio(at)deutschebahn.com.

What data do we collect and how and why do we process your data?

We collect and process your data for specific purposes only. They can result from technical necessity, legal requirements or an explicit user request.

For technical reasons, certain data is collected and saved every time you use our app (e.g. IP address).

We need your personal data to fulfill a contract. This data is needed to process ticket bookings, payment transactions, credit checks and if necessary, cancellations and refunds. The user name and the password will only be collected if you have logged in. This concerns in detail:

 

Contact by e-mail

When you contact us by e-mail, your e-mail address and, if it has been provided by you, your name and telephone number are processed in order to answer your questions. The legal basis is Art. 6 (1) (f) GDPR.

 

Customer account and ticket purchase

In order to purchase tickets you need a customer account, which can be created during the registration process.

During the registration process, the following information is collected or specified:

  • First name and surname
  • e-mail address
  • mobile phone number if applicable
  • Password key

If you need an invoice for the ticket purchase, we also store your postal address.

The processing of this information for the above-mentioned purposes is based on Art. 6 (1) (b) GDPR.

 

Payment

For the processing of payment transactions, additional information on the payment method and related information is required.

The payment processing and claims management is carried out by LogPay Financial Services GmbH, Schwalbacher Straße 72, D-65760 Eschborn, which does this on its own responsibility in accordance with Art. 4 No. 7 GDPR. For further information, see "Will data be passed on?".

 

Electronic tickets

When purchasing mobile phone tickets, the name of the user is processed. This is necessary to identify the ticket holder for electronic ticket inspections. Mobile phone tickets are stored in the background system and can be reloaded into the app even when using a different device.

 

Product improvement

In order to constantly improve our offer, we store and analyse usage data on an anonymous basis. A connection to your personal data is not established in this process. The legal basis is Art. 6 (1) (f) GDPR.

Access authorisation

Certain types of access authorization are necessary to ensure that the app can function. Specifically access authorization is required for accessing memory (changing or deleting storage contents) and accessing network connections, complete network access, calling up wifi connection) to enable the app to access information. The legal basis is Art. 6 (1)(f) GDPR.

 

Identifying your location

The app offers services and information regarding your current surroundings such as using your current position for a journey’s start/end of identifying mobility modalities in your vicinity. Your current location must be sent to the system so that you can use these functions. The app identifies your location only if and after you have authorised this in your device’s settings.

You can object to the processing of your location at any time in the following manner:

On Android, you can deactivate access to the location in the operating system settings in the menu sub-item "Apps/Connect/Access Rights".

For iOS, you can switch off access to the location in the operating system settings in the menu sub-option "Privacy/Location Services/Connect".

The legal basis for processing your location is your approval pursuant to is Art. 6 (1) (a) GDPR.

 

Push Notifications

We provide you with information about important events and updates as part of our customer service, even if you are not using the app. This information is sent via "Push Notifications".

The app sends you push notifications only if you have provided your explicit consent. When you first open the app, we ask if you want to receive alerts on your mobile end device. If you are using an Android phone, authorisation takes place when you confirm and download the app. If you are using an iPhone, you provide authorisation via a dialogue window that appears when you first use the app.

You can deactivate push notifications in the app's settings or your device’s settings and so revoke your consent at any time.

The legal basis for this data processing is your consent pursuant to Art. 6 (1) (a) GDPR.

 

Maps

The app uses the map service Google Maps from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which receives your current location, IP address as well as  device and/or network identification.

The relevant privacy policy is available at https://www.google.com/intl/de_de/policies/privacy/.

You can use https://www.google.com/intl/de_de/policies/technologies/product-privacy/ to select the privacy policy settings you want.

The legal basis for this is Art. 6 (1) (f) GDPR.

How long is your data stored?

We only store your data for as long as it is necessary to fulfil the purpose for which it was collected or if required by law. Thus, within the framework of a contractual relationship, we store your data at least until the complete termination of the contract. Afterwards, the data is stored for the duration of statutory retention periods.

Will data be passed on?

To process the contract and for the provision and improvement of the services offered in the app, it is necessary to involve data processors who must follow our instructions. These external service providers who process data on our behalf are selected carefully by us and have strict contractual obligations. The service providers work according to our instructions, which we ensure through strict contractual conditions, technical and organizational measures and by supplementary controls.

In any case, we will only pass on your data if you have given us your expressed consent to do so or if we are required to do so by law.

No data will be passed on to third countries outside the EU/EEC or to any international organisations unless appropriate guarantees have been provided. These include for example the Standard EU Contractual Clauses (SCC) and an adequacy decision by the European Commission.

 

Payment processing

We pass on your personal data (first name and last name, e-mail address, information on the payment method) provided by you during the registration or purchase and payment process and all changes to LogPay Financial Services GmbH, Schwalbacher Straße 72, D-65760 Eschborn, Germany, for the purpose of selling and assigning our claims against you, which arise in connection with your electronic purchase.

This takes place on the basis of Art. 6 (1) (1) (f) GDPR. The legitimate interest of S-Bahn Berlin is the outsourcing of payment and credit management operations. The legitimate interest of LogPay Financial Services is the collection of data for the purpose of processing payments, for credit management of receivables, the evaluation of the admissibility of payment methods used and to avoid payment defaults.

You can object to the transmission of this data to LogPay Financial Services GmbH at any time, but this means that a ticket purchase via this app will no longer be possible.

The privacy notice of LogPay Financial Services GmbH can be found at

https://www.logpay.de/DE/datenschutzinformationen/.

 

PayPal

The app offers payment via the online payment provider PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). If you select PayPal as your payment method, you will be redirected to PayPal's website and the personal data you enter will be transmitted to PayPal in encrypted form. This usually includes your first and last name, email address, IP address and other information necessary to process your specific order.

The processing of the personal data within the scope of the payment processing is carried out by PayPal as the controller in accordance with Art. 4 (7) GDPR.

Further information about data processing by PayPal can be found at

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

 

Payment defaults

In the event that you do not meet your payment obligations, your personal data will be passed on to a debt collection agency for the purpose of collecting the receivables (e.g. by means of payment reminders) and enforcing the claims (e.g. within the scope of a legal dunning procedure or cooperation with a law firm in the event of legal action).

Does the app use cookies?

The app does not use cookies.

Improving the user experience

In order to continuously improve the experience of our users, we produce statistics on the usage of the app. For this purpose we use the analysis tools Amplitude, Instabug and Sentry.

The tracking measures which we use and which are listed below are based on Art. 6 (1) (f) GDPR.

By using the relevant tracking measures, we want to ensure a demand-oriented design, the continuous optimization of our app and the technical stability of our service. Similarly, we use tracking measures to compile statistics regarding our app’s usage and evaluate these figures in order to optimise our service for you. These interests are legitimate in line with the aforementioned regulation.

 

Amplitude

Our app uses the analysis service Amplitude, provided by Amplitude, Inc., 501 2nd Street, Suite 100 San Francisco, CA 94107, U.S.. The interactions with the app are saved and subsequently evaluated for analysis purposes. For this purpose, device information such as installation ID, IP address as well as information on your user behavior are processed. This data is then transferred to the servers of the service provider in the U.S.. Further information about Amplitude can be found in Amplitude's privacy notice:

https://amplitude.com/privacy

 

Sentry

Our app uses the error diagnosis service Sentry, provided by Functional Software, Inc., 1501 Mariposa St #408, San Francisco, CA 94107, U.S.. If the app crashes during the use or if unexpected error occurs, specific information is sent to Sentry, namely device information such as the installation ID, IP address as well as device type, operating system version, date and time of the error, country from which the query originated and the language set for the operating system. This data is transferred to the servers of the service provider in the U.S.. For more information, please refer to Sentry‘s privacy notice:

https://sentry.io/privacy/

 

Instabug

Our app uses the error diagnostic service Instabug, provided by Instabug, Inc. 855 El Camino Real St., Suite 13A-111, Palo Alto, CA. 94301, U.S.. In the event of errors in the app or crashes of the app, a qualified error/crash report is displayed for debugging. In addition, you can also contact the support team in real time via the in-app functions (such as polls, attaching screenshots, video or audio recordings, live chats). This allows you to report, describe and evaluate errors directly and helps us improve the app. In addition to the information provided in this way, device information such as installation ID and IP address, your name, your e-mail address as well as information on your user behavior and data from the error log (stack trace, device logo) are processed. This data is transferred to the servers of the service provider in the U.S.. More information can be found in Instabug‘s privacy notice:

https://instabug.com/privacy

What rights do users of the S-Bahn Berlin Connect App have?

  • You can request information about what data we have stored about you.
  • You can request correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data, as long as this is legally allowed and possible within the framework of an existing contractual relationship.
  • You have the right to submit a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for S-Bahn Berlin is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, E-Mail: mailbox@datenschutz-berlin.de.
  • You have the right to portability of the data (Art. 20 GDPR) you have provided on the basis of a consent or a contract (data portability).
  • If you have given us your consent to process your data, you can withdraw it at any time through the same channel. The withdrawal of consent will not affect the lawfulness of the processing based on consent before its withdrawal.
  • You can object to data processing for reasons stemming from your personal situation if the data is processed based on our legitimate interest or to fulfill a public duty.
  • You can object to the receipt of promotional materials at any time with effect for the future (objection to promotional materials) (Art. 21 GDPR).

To exercise these rights, simply send a letter or an e-mail to:

S-Bahn Berlin GmbH,
Kundenbetreuung
Elisabeth-Schwarzhaupt-Platz 1
10115 Berlin, Germany

kundenbetreuung(at)s-bahn-berlin.de   

How up-to-date is this privacy notice?

We update the privacy notice to reflect new and changed functions as well as changes to the legal basis. We therefore recommend checking the privacy notice at regular intervals.

Version from: July 2020