bahn.com Privacy Notice
Use of our website is generally possible without providing personal data. If you wish to make use of special services offered by our company via our website or you are booking a trip via our website, we may need to process your personal data. If it is necessary to process personal data and there is no statutory basis for such processing (e.g. a contractual agreement), we will ask for your consent.
This Notice aims to inform you which data we will collect from you, how we will use it and how you can opt out of the use of your data.
Who is responsible for data collection and processing?
DB Vertrieb GmbH, Stephensonstr.1, 60326 Frankfurt is responsible for collecting and processing your data.
Ms Chris Newiger is the designated Privacy Officer. If you have any questions or comments about data privacy on bahn.com, please contact us at the following address:
DB Vertrieb GmbH
What data do we collect and how and why do we process your data?
We collect and process your data exclusively for specific purposes. These may arise due to technical necessity, contractual obligations or express requests on the part of users.
For technical reasons, certain data must be collected and saved when you visit bahn.de. This includes, for example, the date and duration of your visit, the web pages used, the identification data of your browser and type of operating system used as well as information on the website via which you were routed to our site.
In order to comply with a contract, we require certain personal data from you. This data is required for ticket bookings, processing payments, checking credit ratings, for delivery by post to the specified address, where applicable, and for dealing with any cancellations and refunds.
In this case, the contract pursuant to Article 6(1)(b) GDPR is the legal basis for the processing of your personal data. Article 6(1)(b) GDPR shall also apply to processing that is required in order to take steps prior to entering in to the contract , e.g. in cases of inquiries regarding our products and services.
Insofar that we obtain your consent for the processing of personal data (e.g. if you subscribe to our newsletter or use the Remain-logged-in option), this consent shall serve as the legal basis according to Article 6(1)(a) GDPR.
If our company is subject to a legal obligation that requires us to process personal data, for example to fulfil tax obligations, this processing shall be based on Article 6(1)(c) GDPR.
We would like to use your previous and current usage patterns of bahn.de to provide you with customised contents that will make our range of products more interesting to you as a user. For this we store and analyse pseudonymised usage data from online activities. We can then offer you special advantages such as ticket price reductions and free seat reservations the next time you book a ticket. The legal basis for this is Art. 6 (1) (f) GDPR.
We also do this in order to maintain customer relations with you and to provide you with information and offers which we think will correspond to your travel preferences and interests. We therefore process your data on the basis of Article 6(1)(f) GDPR (including with the help of service providers) in order to send you information and offers. We use your contact data (name, address and e-mail address which we have received from our business relationship with you) for advertising by post and for similar goods or services by e-mail, and in particular for market research, unless you object to such use.
You can object at any time to the future use of your data for such advertising purposes. Send your objection by e-mail to firstname.lastname@example.org (Advertising Objection).
In the following you will find a more detailed description of the data processing that can take place when booking a ticket on bahn.de. Further information, for example on data processing at ticket machines or if you visit our pages on social networks, can be found at: www.db-vertrieb.com/datenschutz
Specific examples are as follows:
- Registering on bahn.com
The following mandatory information is required when users create a customer account on bahn.com:
- User name and password
- First name and surname
- E-mail address
- Security question in case of forgotten password along with your corresponding answer
It is not possible to create a personal account without supplying this information. All other personal information and details pertaining to the user's travel profile are optional. We store your booking data (which includes information on whether you have a BahnCard, your registration data and - if you are a registered customer who receives our newsletter - information which you have provided on your areas of interest) in your customer account, and also use it for internal analyses and market research purposes. We do this to obtain general insights that help us to improve our content. Storing and analysing pseudonymized usage data from online activities also helps us to achieve this aim. We do not create a link between these activities and your personal data. In addition, we want to adjust our content to meet your needs and requirements in the best way possible. You can at any time opt out of the pseudonymized use of data generated when you use Deutsche Bahn's online services.
Further information can be found in the "Are cookies used?" section.
- Payment data on bahn.com
To ensure that your payments are processed securely, payment-related data (amount, booking reference, booking description, payer) is forwarded to a payment service provider. The legal basis for this is Art. 6(1)(b) GDPR.
The payment service provider performs the following: processing of credit card data in order to perform payments and store details in your customer account; application of security measures used by your card’s issuer (such as 3D Secure and strong customer authentication). No other institution handles your data. We do not receive access to your full credit card data. Instead, we merely save a reference in the form of an abbreviated credit card number so that you can identify it.
To prevent cases of fraud, a processor is used to process your device or browser fingerprint along with your payment-related data. This serves to protect you and us by preventing the misuse of your financial details when making payments via bahn.de. The legal basis for this is Art. 6 (1) (f) GDPR.
- Booking a digital ticket
When booking a digital ticket, address details as well as surname and first name are saved. During ticket inspections on trains, the information on the ticket (first name and surname) is displayed on the scanner (mobile terminal).
- Purchasing a BahnCard
When you buy a BahnCard, our system records your contact and identification data (e.g. date of birth). Further information on data processing in connection with the BahnCard can be found at: www.db-vertrieb.com/datenschutz
- Enquiry regarding your booking on bahn.com
When you send us an enquiry regarding your booking using the contact form on our website, your details from the enquiry form, including the contact details you provide there, will be processed by us for the purpose of handling the enquiry and any follow-up queries that may arise. The legal basis for this is Art. 6(1)(b) GDPR.
- Offers relating to similar products and services
We also use your e-mail address collected during registration or due to contractual commitments (e.g. booking a digital ticket) to inform you by e-mail about our own similar products and services. In this case, the e-mail address will be processed on the basis of our overriding legitimate interest in advertising our products and services (Article 6(1)(f) GDPR).
You can object at any time to the future use of your data for such advertising purposes. You can submit your objection via the objection link in any e-mail received for this purpose or by sending an e-mail to email@example.com (Advertising Objection).
Using the subscription portal
In order to use the subscription portal, a customer account on bahn.de and a valid subscription are required. In the subscription portal, the customer account and subscription details are linked with each other. You can unlink them at any time.
Ordering subscriptions online
Contact and payment details are collected when ordering a season ticket as a subscription. Depending on the offer, identification data such as date of birth or a photograph may also be required.
- Newsletter registration
If you sign up for one of our newsletters, the e-mail address will be collected as mandatory information.
In this case, we may use your e-mail address for advertising purposes. The legal basis for this is Article 6(1)(a) GDPR. Sie When you register for a newsletter, we store the IP address assigned by the Internet Service Provider (ISP) to your end-user device used at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to trace (possible) subsequent misuse of the e-mail address of the person concerned and it therefore serves our legal protection. We want to be able to provide you with information that is relevant to you, so we analyse your interest in the contents of the bahn.de newsletter based on clicks and the display of content via customised links.
You may unsubscribe from the newsletter at any time at firstname.lastname@example.org or by clicking the relevant link at the bottom of the newsletter.
If you object to your data being used for promotional purposes, your data will only be used anonymously for statistical purposes.
- Participating in competitions
When we run competitions, we collect data for managing the process. The precise details, i.e. what data is collected and for what purpose, are available on the web page of the relevant competition.
- Virtual chat assistants
Virtual chat assistants (also known as chatbots) are used on bahn.de. They are part of our sales channel and help you find information on bahn.com and in DB Navigator. They are familiar with our websites' contents and provide keyword-based answers to customers' questions, recommend links to relevant websites or suggest using a different channel if someone wants to contact us.
We are constantly upgrading our chatbots, which help website and app users to navigate our website and mobile services. At the moment, they cannot process queries about specific contract-related issues. Anyone who has questions of this type can continue to contact us via live chat, phone or e-mail. Users should not provide any personal information when interacting with chatbots.
Our chatbots store customers' queries for max. 34 days so their self-learning feature can optimise how they operate. They do not process personal data. Usage-related metrics like chat duration, information timestamps, number of dialogues and user's approximate location are stored only for statistical purposes. We process user information only in order to handle their queries and for internal purposes, e.g. managing and improving processes related to our business and services (Art. 6(1)(b) GDPR).
- Booking a digital ticket after visiting a partner website (as part of affiliate marketing activities)
Do you disclose data to third parties?
Contract processing generally requires the involvement of order processors who are subject to our instructions, such as e.g. computer centre operators, printing or mail-order service providers or other agents involved in contractual performance.
External service providers who process data on our behalf are carefully selected and placed under strict contractual obligations. Service providers follow our instructions and this is guaranteed by technical and organisational measures, as well as by means of supplementary checks and controls.
In addition, we only disclose your data when you have given us your express consent or where we are under a statutory obligation.
Transmission to third countries outside the EU/EEA or to an international organisation, will not take place unless we have been given reasonable guarantees. These include the EU standard contractual clauses and an adequacy decision from the EU Commission. For example, we may be required to forward data in the following circumstances for the purpose of contract processing when users book services on bahn.com:
- Travel insurance from our partner Europäische Reiseversicherung AG
- Hotel services from our hotel reservations partner HRS
- Use of DB's car hire offers from the leasing firms DB Rent, Europcar and Sixt
- Credit rating checks by Infoscore Consumer Data GmbH when registering for direct debit services
- When making use of services for travellers with reduced mobility, your data is sent to the appropriate offices of the DB Group departments involved.
- When you purchase a BahnCard on bahn.com, you enter into a contract with DB Fernverkehr AG. To complete this process, we forward the data, which you provide, to DB Fernverkehr AG. Further information is available in the relevant General Terms and Conditions. We merely handle the payment process and store the data provided for this purpose.
- In the case of payment irregularities / payment default, details of the account receivable may be sent to a debt collection agency.
- When you use the contact form on bahn.com for communicating with DB Fernverkehr or DB Regio, the details you supply are forwarded to the customer dialogue units of the relevant transport companies. bahn.com merely serves as the platform hosting these forms.
You purchase our partners' services on bahn.com directly from these partner companies. Further information on this is available under "Do you incorporate data from third parties?"
How long is your data stored?
We only store your data for as long as necessary to achieve the purpose for which it was collected (e.g. in the context of a contractual relationship) or insofar as permitted by law. Thus, in the context of a contractual relationship, we store your data until final completion of the contract. Thereafter, the data will be stored for the statutory storage period.
Your user account will be automatically deleted if left inactive for 24 months.
Are cookies used?
Generally speaking, it is possible to use bahn.de without the cookies that serve non-technical purposes. This means that you can prevent tracking via cookies in your browser (do not track, tracking protection list, etc.) or block the storage of third-party cookies. We also recommend regular checks of stored cookies that have not been expressly requested.
Please note: Deleting cookies also deletes any opt-out cookies you might have set so you will need to reactivate any opt-out function when using the relevant services.
- Cookies that are essential for using the website:
We use session cookies in the booking dialogue and ""My Bahn"" service area for providing certain additional services (e.g. managing your routes). These cookies are automatically deleted when you close your browser.
- Cookies that are not essential for using the website:
If you use the Remain-logged-in option, you will be recognised the next time you visit bahn.de and addressed by your name. You can use bahn.de faster and receive personal offers on the website. Use of the "Remain-logged-in option" does not enable direct access to your personal customer account. In order to access your data such as e.g. address, account or booking information or personal offers, you must always log into your customer account with your user name and password. bahn.de will be pre-set with your user name every time you log in. Our aim is to provide a faster and more convenient login. We will never pre-set your password. If your end-user device is used by several people, please make sure that the Auto-fill-in option in your browser is switched off in order to avoid misuse. .
If you wish to use the "Remain-logged-in option", we need your consent in accordance with Art. 6 (1) (a) GDPR. You can give your consent to the "Remain-logged-in option" on registration and when logging in to your user account. By entering your user name and password, ticking the "Remain-logged-in" box and clicking the "Login" button, you consent to the option. You have to give your consent for every end-user device and every browser used. Following your consent, we place two cookies on your browser.
These are first-party cookies that can only be read by bahn.de. One cookie allows us to give your browser a randomly generated ID and thereby enables us to clearly recognise it and/or you as user of the browser. The other cookie indicates whether the "Remain-logged-in option" has been set in your browser. If this is the case, the randomly generated cookie ID from your browser is decoded in our systems and allocated to your customer account. This only takes place by way of encrypted connections. Both cookies thereby enable us to recognise you on subsequent visits to bahn.de and to address you by your name. These cookies are not used to collect usage data from your browser or to link this usage data with data from other browser sessions. The cookies for the "Remain-logged-in" option have a lifetime of 24 months. After every login to your user account with your user name and password, the lifetime of the cookies will be extended by a further 24 months as from this login.
You can opt out of the "Remain-logged-in option" via the link "You are not [Vorname][Nachname]? Opt out". You will find the link by clicking on your name which is displayed on the website. In addition, in your customer account on the "Change login data" page, you can opt out of the “Remain-logged-in option” on all browsers or end-user devices on which you gave consent, in a single step. This opt-out option is only displayed in the customer account, however, if consent to the "Remain-logged-in option" was given on at least one end-user device. If you delete the cookies on your browser you will also opt out of the option. If a third-party uses your end-user device (browser) and logs in to his/her bahn.de customer account, the "Remain-logged-in option" will also be deleted.
In order to be able to measure the effectiveness of our measures to improve the functionalities and your user experience, we continuously collect necessary statistics on the usage of bahn.de. For this we use the analysis tools Adobe Analytics, Optimizely, Qualtrics and m-pathy. If your IP address needs to be processed, it will be made anonymous. All service providers are contractually obliged to handle your data in accordance with privacy requirements.
- Use of Tealium
In order to ensure the dynamic adaptability of bahn.de and to manage the dynamic content, we use the Tag Management service Tealium iQ (Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121). The cookies used for this purpose are stored on your end device for 12 months.
- Use of Adobe Analytics
In order to optimise our offers, we use the web analysis service of Adobe Systems Software Ireland Limited (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). The relevant cookies have a lifetime of 24 months. The information generated by the cookie is transferred to and stored on an Adobe server in the USA. We use this information to measure and evaluate the use of the website and to create statistics. This enables us to assess how often different sections and texts on our web pages are read, and whether or not our website design influences the extent of website usage. The statistics obtained enable us to improve our content and make it more interesting for you as a user. This data has no personal content and cannot be traced back to an individual.
- Use of Optimizely
In order to be able to show you our website with slightly different content, we carry out so-called A/B testing using the web analysis service "Optimizely". For this purpose, cookies are stored on your end device with a lifetime of 24 months. The analysis service provider is Optimizely (631 Howard Street, Suite 100, San Francisco, CA 94105, United States). The anonymised data is usually processed on a server of Optimizely in the USA.
- Use of Qualtrics
In order to ensure continual improvement of our content and services, we invite users of our website to take part in surveys. For these we use technology from Qualtrics LLC (333 W. River Park Drive, Provo UT 84604, USA). Data is collected anonymously. The purpose of the cookies used by Qualtrics is to prevent users from participating multiple times within a certain period of time. The relevant cookies have a lifetime of 12 months. Participation in the surveys is voluntary.
- Use of m-pathy
This website uses m-pathy, a technology of Verint Systems GmbH (Ziegelteich 29, 24103 Kiel, Germany), to collect and store session and interaction data of website visitors. This information is used for improving the content and usability of the web pages. Cookies are stored for this purpose and have a lifetime of 24 months.
- Use of CrossEngage
If you have a bahn.de customer account, personal offers and promotions can be displayed when you are logged in. In order to be able to design and display this content, we have to place a cookie on your browser when you use bahn.de. It has a lifetime of 12 months. The data collected via the cookie is processed pseudonymised on servers of our service provider CrossEngage GmbH (Gontardstr. 11, 10178 Berlin).
- Cookies that are not essential for using the website:
Use of Exactag
This website uses the analysis service from Exactag GmbH (Philosophenweg 17, 47051 Duisburg, Germany). Cookies are used to store data on how you use bahn.de. The cookie set by Exactag has a lifetime of 12 months. The legal basis for this is Art. 6 (1) (f) GDPR. If you want to opt out: Click on the following link to install Exactag's opt-out cookie in your browser: www.exactag.com/datenschutz/optout
- Use of AdForm
• Identifying the number of visitors to bahn.de
• Identifying the sequence in which different web pages are accessed by visitors to bahn.de
• Optimising the website
On behalf of DB Vertrieb GmbH, AdForm uses this information for more targeted, usage-based online advertising. In order to be able to use the advertising space from other websites, the cookies are synchronised with the following platforms: Google, Doubleclick, Appnexus, DataXu, Mediamath, TURN, TheTradeDesk, Active Agent, TheAdex. The legal basis for this is Art. 6 (1) (f) GDPR.
If you want to opt out: Click on this link site.adform.com/datenschutz-opt-out to set an opt-out cookie to prevent any further collection of data.
What rights do users of bahn.com have?
- You can request information to find out what information is stored about you.
- You may request the correction, deletion and restriction of the processing (blocking) of your personal data as long as this is legally permissible and possible within the framework of an existing contractual relationship.
- You have the right to file complaints with the supervisory authority. The supervisory authority responsible for DB Vertrieb GmbH is: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, e-mail: email@example.com
- You have the right to transferability of the data that you have submitted to us based on consent or under a contract (data transferability).
- If you have given us your consent to data processing, you can withdraw it at any time by the same means by which it was given. Withdrawal of consent does not affect the legitimacy of processing carried out on the basis of consent prior to its withdrawal.
- You can object to the data processing for reasons arising from your particular situation, if the data processing is based on our legitimate interests.
- You can opt out of advertising messages at any time with future effect (advertising opt-out).
To exercise your rights, simply write to us at the following address:
DB Vertrieb GmbH
or send an e-mail to firstname.lastname@example.org
Do you incorporate information from third parties?
We incorporate data from third parties into our website in order to provide you with offers along the entire length of the mobility chain (partner offers). This requires you to submit your information directly on the relevant third parties' websites. These are integrated into bahn.com and have been modified to suit our website's visuals. Third-party content always features its own site notice and data privacy information.
We incorporate content from the following partners:
- AMEROPA -> rail holidays and city breaks
- FlyLoco -> city breaks by air
- Weg.de -> all-inclusive flights and last-minute journeys
- HRS -> hotel provider
- Eventim -> tickets for concerts and other events
- ERV -> travel insurance
- Avis -> car hire
- Europcar -> car hire
- Sixt -> car hire
- Ypsilon.Net -> car hire price comparison
- Auto Europe -> car hire broker in Ypsilon.Net care hire price comparison
What happens with links to external websites?
When you click on a link to an external website, you leave the bahn.com website. As a result, DB Vertrieb GmbH is not responsible for the content, services or products available on this linked website. Similarly, DB Vertrieb GmbH is not responsible for data privacy or technical safety on the linked website.ple, we may be required to forward data in the following circumstances relating to contractual obligations when users book services on bahn.com:
How up-to-date is this data privacy information?
We update our Privacy Notice to bring it into line with new functionalities or legal requirements. We therefore recommend that you regularly check the Privacy Notice. Where your consent is required, or components of the Privacy Notice involve provisions contained in our contract with you, changes shall only take place with your consent.
Last updated: September 2020