We understand that the security of your personal data is important to you which is why it is also important to us. We are therefore taking this opportunity to inform you about issues such as the personal data we collect, the reasons why we collect this data, and how you can withhold your consent from data collection.
Who is responsible for data collection and processing?
DB Vertrieb GmbH is responsible for collecting and processing your data.
DB Vertrieb GmbH
When does bahn.com collect and process personal data?
We are fully aware of the importance you attach to the careful treatment of your personal data when you use our services. We greatly appreciate your visit to our website, and we wish to disclose, with full transparency, when and how your personal data is collected and processed. Data is collected and processed only for specific reasons. These may be matters related to technical necessity, contractual obligations or requests on the part of users.
For technical reasons, certain data must be collected and saved when you access bahn.com (the date and duration of the visit, the webpages used, the recognition data of the browser and operating system type, the website via which you were routed to our site). We use this data only for purposes relating to the technical administration of the website and to comply with your requests.
For contractual reasons, we also need personal data to provide our services and comply with the obligations arising from contractual agreements concluded with you. This data is used for booking tickets, managing customer data , handling payments and assessing creditworthiness.
Specific examples are as follows.
- Registering on bahn.com
The following mandatory information is required when users create a customer account on bahn.com. It is not possible to create a personal account without this information being supplied. All other personal information and details pertaining to the user's travel profile are optional:
- Title/form of address
- First name and surname
- E-mail address
We store your booking data (which includes data indicating if you have a BahnCard or not), your registration data and - if you are a registered customer who receives our newsletter - the interests you have indicated in your customer account, and we also use them for internal analyses and market research activities.
We do this to generate general insights that help us to continuously improve our offering. Storing and analysing pseudonymised usage data from online activities also helps us work towards this objective. We do not create a link between these activities and your personal data. Furthermore, we want to adjust our offerings so that they form the best match with our requests and needs. If you wish, you can withdraw your consent to the pseudonymised use of data generated when you use Deutsche Bahn's online services.
- Payment data on bahn.com
We collect payment details such as account or credit card numbers, contact details and identification-related information so that we can process payments made for tickets and BahnCard reservations.
Each transaction made using a credit card requires the user to provide the CVV code on the back of the card as authorisation. We do not store the CVV code.
- Buying online and mobile phone tickets
We collect users' contact details and identification information during the booking process so that online and mobile phone tickets can be inspected on board trains.
- Booking luggage service
We collect contact and delivery details (e.g. number of items of luggage and delivery time) when passengers want to use our luggage transport service.
- Booking BahnCards
We collect contact details and identification information (e.g. date of birth) when users buy a BahnCard.
- Newsletter registration
- E-mail address
If you register for one of our newsletters, we are entitled to use your e-mail address for advertising purposes. You may unsubscribe from the newsletter at any time by clicking the relevant link at the bottom of the newsletter.
- Participating in competitions
When we run competitions, we collect data for managing the process. The precise details, i.e. what data is collected and for what purpose, are available on the given competition's webpage.
- Offers related to your booking
We reserve the right to contact you after you have made a booking, sending offers of similar products and services to the e-mail address you used in the booking. You can revoke permission for this at any time by unchecking the box in the booking or by clicking on the unsubscribe link in the e-mail.
When will my data be deleted?
We delete your data once it is no longer required for the purpose for which we originally stored it (e.g. as part of a contractual relationship). Your data will also be deleted if its storage is prohibited (especially if the data is incorrect and cannot be updated). Data may be blocked instead of deleted as a result of legal or technical issues (e.g. mandatory retention periods due to taxation or trade laws).
Your user account will be automatically deleted if left inactive for 24 months.
What rights do users of bahn.com have?
- You can request information as to what personal data is stored.
- You can request that we correct, delete or block your personal data provided these actions are permitted by law and in compliance with existing contractual conditions.
- You can request the deletion of any customer account you have created.
- You may withdraw your consent to receiving advertising material.
To exercise your rights, simply contact us at the following address
DB Vertrieb GmbH
or by e-mail to email@example.com.
Do you encrypt data?
Data and e-mails are often forwarded without encryption in the internet, which means they are not protected from third-party access. In order to safeguard the information in your user account, the connection with your account is always encrypted by means of TLS. Since the confidentiality of transmitted information is not guaranteed during transmission if you send us an e-mail, however, we recommend that you send confidential information solely by post.
Do you forward data to third parties?
We do not forward, sell or transfer your personal data to a third party in any way unless this is required for contractual reasons or you have provided your express permission.
For example, we may be required to forward data in the following circumstances relating to contractual obligations when users book services on bahn.com:
- Travel insurance from our partner Europäische Reiseversicherung AG
- Hotel services from our hotel reservations partner HRS
- Use of DB's car hire offerings from leasing firms DB Rent, Europcar and Sixt
- Creditworthiness checks by Infoscore Consumer Data GmbH when registering for direct debit services
Other external service providers that process data on our behalf are contractually obliged to maintain strict confidentiality as per Article 11 of Germany's Federal Data Protection Act (§ 11 BDSG). DB Vertrieb GmbH retains responsibility for safeguarding your information in such circumstances. The service providers follow the instructions of DB Vertrieb GmbH, and this is guaranteed by technical and organisational measures, as well as by means of supplementary checks and controls. As a result, these external service providers do not count as third parties for data privacy purposes.
You purchase our partners' services on bahn.com directly from these partner companies. Further information is available in ""Do you include information from third parties?""
When you book a BahnCard on bahn.com, you enter into a contract with DB Fernverkehr AG. To complete this process, we forward the data you supply to DB Fernverkehr AG. Further information is available in the relevant terms and conditions. We merely handle the payment process and store the data provided for this purpose.
When you use the contact form on bahn.com for communicating with DB Fernverkehr or DB Regio, the details you supply are forwarded to the customer dialogue units of the relevant transport companies. bahn.com merely serves as the platform hosting these forms.
Are cookies used?
Cookies are small text files used to store personal data.
We distinguish between cookies that are essential for technical functions on the website and optional cookies.
Generally speaking, it is possible to use bahn.com without the cookies that serve non-technical purposes. This means that you can prevent tracking via cookies in your browser (do not track, tracking protection list, etc.) or prohibit the saving of third-party cookies.
We also recommend that users regularly check and delete cookies that have been automatically stored if they have not expressly requested the cookies' storage. Please note: Deleting cookies also deletes any opt-out cookies you might have set. As a result, you will need to expressly select the relevant opt-out functions again when using the relevant services.
Cookies that are essential for using the website:
We use session cookies in the booking dialogue and My Bahn service area for providing additional services (e.g. managing your routes). These cookies are automatically deleted when you close your browser.
Cookies that are not essential for using the website:
We want to give you the option of making an informed decision for or against using cookies that are not essential for the technical functions of the website. Please note that rejecting cookies designed for commercial purposes means that any advertising you receive will not be as closely tailored to your interests as would otherwise be the case. However, you will still be able to make full use of the website.
Information about the type and scope of intended cookie usage on our website:
Remain logged in
When you select the option of remaining logged in, the system will recognise you the next time you visit bahn.de, and you will be addressed by name. You will be able to use bahn.de faster, and the website will present you with customised offerings.
Activating this option does not give you access to your personal customer account. If you want to access personal data such as address, account details and booking details, or if you want to make use of customised offerings, you need to log in using your user name and password.
Every time you log in, the system automatically inserts your user name in the log-in box on bahn.de. This is a way of making the log-in process faster and more convenient. Our system never automatically inserts your password. If several people use your end device, make sure that your browser's auto fill-in option is not activated. This will prevent any misuse of different accounts.
Declaration of consent
If you would like to activate the ""Remain logged in"" function, you need to provide your consent.
You can do so when registering to use the website or when you log into your user profile. After adding your user name and password, tick the checkbox ""Remain logged in"" and then click the button ""Login"" to activate the option.
You will need to repeat this step on every end device or browser that you use. Once you consent to the option's activation, we will install two cookies on your browser. These are first party cookies that only bahn.de can use. Using one of these cookies, we assign your browser a randomly generated ID that enables us to unambiguously identify either it or you as the user of the browser. The other cookie records if the remain logged in option has been activated on your browser. If this is the case, our system decrypts the randomly generated cookie ID from your browser and assigns it to your customer account. This process makes use of encrypted connections only.
Together, these two cookies make it possible for our system to recognise you and address you personally when you visit bahn.de at a later date. NB: These cookies are never used for collecting personal data. Furthermore, we do not deploy the cookies to collect usage-related data from your browser and link this data with information from other browser sessions.
The cookies for the remain logged in function remain in place for 24 months. Every time you log into your user profile with your user name and password, the system automatically extends the cookies' validity by 24 months again.
You can deactivate the ""Remain logged in"" option via the link ""> Not [first name][surname]? Log off"". To access this function, find where your name is displayed on the website, and click your name. The ""Change login details"" option on your user profile also provides you with a one-step function to log out of all browsers and end devices on which you have activated the ""Remain logged in"" feature. The relevant option is visible in your user profile only if you have previously activated ""Remain logged in"" on at least one end device.
Deleting cookies from your browser also deactivates the option. Similarly, if another person uses your end device (browser) to log into their bahn.de account, our system deactivates the ""Remain logged in"" option for you.
Interest-based online advertising
The advertisements displayed on our website are based on interest that customers have shown in certain products. We collect information about our users' surfing patterns in order to provide them with interest-based online advertising. This requires cookies with multi-digit ID numbers to be set on a user's computer. If you to not consent to the analysis of how you use our website, you can set your browser so that it does not install an analysis cookie.
Using the online advertising program Google AdWords form Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"), advertisements for offerings are displayed on bahn.com and thematically sorted according to the keywords used in a Google search. For this, Google sets a cookie in the browser when a user clicks an advertisement in the Google search network or advertising network.
Click here to opt out of this: https://www.google.com/ads/preferences
Using the AdWords cookie and conversion methods, Google can assess the number of people who have opted for an advertised offering after clicking on a relevant AdWords advertisement. If Google's advertisements link to offerings on bahn.com, Google provides bahn.com with statistics about the number of purchases that users make after they click a Google AdWords advertisement.
If you want to opt out of this, you can set your browser so that it blocks the cookies from being forwarded from the domain googleadservices.com or third parties in general. You can also delete the Google conversion cookie using your browsers cookie settings.
You can withdraw your consent from Google's interest-based advertising and other advertising networks via the advertisers' websites:
We use retargeting technology as part of our work with advertising partners. This enables us to tailor our offerings to better suit your interests and thereby win you back as a potential customer for our products and offerings. Again, we use a cookies-based analysis to track users' previous surfing patterns by creating pseudonymised user profiles.
Criteo is the provider that operates as our partner for retargeting technology (Criteo SA, 32 Rue Blanche, 75009 Paris, France). Commissioned data processing agreements oblige this provider to handle your data as per privacy requirements. Your IP address is anonymised in the server prior to processing. The relevant cookies remain in place for 12 months.
You can withdraw your consent regarding Criteo's service at http://www.criteo.com/privacy
Interest- and usage-based website analyses
Your usage and surfing patterns on bahn.com forms the basis for our website's design. Using information derived from your previous and current visits, we want to provide you with customised content that could be of particular relevance to you.
Use of CrossEngage
With the aim of designing and displaying our content so that it forms the best possible match with the interests and requests of our users, cookies are stored and evaluated in our users' browsers when they access certain pages on bahn.com. The relevant cookie remains in place for 12 months.
We forward the information generated by this cookie to our service provider CrossEngage GmbH (Gontardstr. 11, 10178 Berlin, Germany) for evaluation. To this end, we have concluded a commissioned data processing agreement with CrossEngage.
Use of Adobe Analytics
Commissioned data processing agreements concluded with Adobe Analytics oblige this provider to handle your data as per privacy requirements. Your IP address is anonymised in the server prior to processing, in particular for geolocation and range measurement activities. The relevant cookie set by Adobe remains in place for 12 months. If you to not consent to the use of this analysis service, follow the relevant instructions at https://st.bahn.de/optout.html?locale=en_US
Use of Optimizely
This website makes use of Optimizely, a web analysis service from Optimizely Inc. (631 Howard Street, Suite 100, San Francisco, CA 94105, United States) for simplifying and performing A/B tests with the aim of further improving the website and its features. A cookie generates information about your website usage. This information is generally transferred to and stored on an Optimizely server in the USA. The relevant cookie set by Optimizely remains in place for 10 months.
You can withdraw your consent from Optimizely's tracking activities if you wish. Instructions are available at https://www.optimizely.com/opt_out.
Use of Exactag
This website makes use of the analysis service from Exactag GmbH (Philosophenweg 17, 47051 Duisburg, Germany). Cookies store information about how you use our website, including your IP address. The relevant cookie set by Exactag remains in place for 12 months.
You can withdraw your consent from this if you wish. Simply follow these instructions to install Exactag's deactivation cookie in your browser to opt out of its tracking service: https://www.exactag.com/datenschutz/optout/
Use of AdForm
The data is used for the following purposes:
- Identifying the number of visitors to our website
- Identifying the sequence of webpages accessed by visitors to our website
- Identifying which sections of our website require modification
- Optimising the website
If you wish to withdraw your consent, simply install an opt-out cookie to prevent the further collection of data: http://site.adform.com/privacy-policy-opt-out
Use of m-pathy
This website uses m-pathy, a product from m-pathy GmbH (Königsbrücker Str. 34, 01099 Dresden, Germany), to collect and store session- and interaction-related data about our website's visitors. This information is used for improving the content and usability of the webpages. Cookies may also be used to achieve this objective. Users can withdraw their consent to the collection of data on this website whenever they wish: Consent withdrawn. If you use this opt-out function, your decision is stored in a cookie that does not identify you personally.
Do you include information from third parties?
We incorporate data from third parties into our website in order to provide you with offerings along the entire length of the mobility chain (partner offerings). This entails you using the relevant third parties' websites/webpages to submit your information. These websites/webpages are integrated with bahn.com and have been modified to ensure that they suit our website's visuals. Third party content always features its own publishing details and data privacy information.
We include content from the following partners:
- AMEROPA - rail holidays and city breaks
- FlyLoco - city breaks via air travel
- Weg.de - all-inclusive flights and last-minute journeys
- HRS - hotel provider
- Eventim - tickets for musicals and other events
- ERV - travel insurance
- BerlinLinienBus - long-distance coach travel
- Avis - car hire
- Europcar - car hire
- Sixt - car hire
- Ypsilon.Net - car hire price comparison
- Auto Europe - car hire broker within Ypsilon.Net comparison service
What happens with links to external websites?
When you click a link to an external website, you are forwarded to a page outside of DB's website. As a result, DB Vertrieb GmbH is not responsible for the content, services or products available via this external website. Similarly, DB Vertrieb GmbH is not responsible for your data privacy or technical safety when you are on this external website.
How up-to-date is this data privacy information?
The last update took place in April 2018
Changes to the version dated April 2018:
Addition Offers related to your booking
Changes to the version dated December 2017:
Modification to fundamentals of data privacy for the "Remain logged in" function
Changes to the version dated June 2017:
Section name changed from ""Website analytics"" to ""Interest- and usage-based website analyses""
Inclusion of CrossEngage as partner for interest- and usage-based website analysis
Removal of section about onsite bannering using performance media
Removal of Clicktale as partner for UX analyses
Inclusion of m-pathy as partner for UX analyses
Changes to the version dated February 2017:
Inclusion of Performance Media as partner with technology from ADITION technologies AG for onsite bannering
Changes to the version dated February 2016:
Inclusion of Performance Media as partner with technology from ADITION technologies AG for onsite bannering
Changes to the version dated October 2016:
Removal of Xplosion as partner for retargeting technology
Additions regarding anonymised statistical evaluations