We look forward to your visit to our website and would like to transparently explain if and whn your personal data is collected and processed.
The following data privacy information will give you an overview of how your data is collected and processed.
Who is responsible for collecting and processing your data?
What data do we collect and why do we process your data?
The purposes for which personal data is processed in the online Integrated Report
We collect and process your data only for specific purposes that are, these may arise from technical requirements,, contractual requirements, or explicit user requests.
1. Visiting our website
For technical reasons, we must collect and store certain data when you visit our website (the date and duration of the visit, the webpages called up, the identification data for your browser and operating system, and the website which led you to ours).
For contractual reasons, we also need additional personal data from you (for example, your contact information) in order to provide you with services and fulfil the contractual relationships we have with you. This data is used to carry out the delivery to the specified address and, if necessary, the processing of cancellations or to make reimbursements. If you provide us with data as part of a contract, we use your data without your express consent only to be able to carry out the contract concluded with you. When the contract has been executed, your data will be blocked and erased after expiry of tax and commercial law retention periods unless you have expressly consented to continued use of your data.
3. Newsletter data / order form
If you subscribe to a newsletter/ reports we offered on our website, we will use the registration data you provided only to send you the newsletter / reports unless you approve a more extensive use. You may cancel your subscription at any time using the unsubscribe option provided in the newsletter.
4. Contact form
If you send us a request via our contact form, we will store and process the information you provide in the contact form, including your contact information, only to process your request and to answer any follow-up questions. After that time, your data will be deleted or blocked until the expiry of tax and commercial law retention periods and then deleted, unless you have expressly consented to continued use of your data.
When are cookies used?
Cookies are small text files in which personal data can be stored. When a website is called up, cookies can be sent to it to allow the user to be classified. Cookies help simplify website usage for users.
We distinguish between cookies that are mandatory for technical website functions and those that are not.
We will now inform you regarding the nature and extent to which cookies are used on our website:
The use of online Integrated Reports is generally possible without employing cookies that do not serve technical purposes. Thus, you can set your browser to prevent being tracked by cookies and/or to prevent the saving e of third-party cookies.
We use the following cookies:
- Typo3 session cookies -> session ID storage
- GA cookies -> tracking data storage
- Cookie hint cookie -> stores whether the cookie hint was agreed to
- PHP session cookie -> session ID storage
- In addition, we use a notice tool to store notices in your browser.
We also recommend that you regularly monitor the cookies saved on your system and delete any you do not expressly want.
Please note: If you delete all cookies, you will also delete any opt-out cookies, which means that you will have to exercise your opt-out options again.
When will your data be deleted?
We store your data for the time it takes to fulfil the purpose for which they were collected (for example, as part of a contractual relationship) or during any statutory retention period. We thus store data related to a contractual relationship at least until the contract has been fulfilled. Afterwards, we retain the data for the legally required period.
What rights do online Integrated Report users have?
- You can request information on what data about you has been stored.
- You can request that your personal data be corrected or deleted, or that their processing be restricted (blocked), provided it is permitted by law and your existing contractual relationship.
- You have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for Deutsche Bahn AG is: Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Commissioner for Data Privacy and Freedom of Information], Friedrichstr. 219, 10969 Berlin, email: email@example.com
- You have the right to the portability of the data you have provided in the course of granting consent or entering into a contract (data portability).
- You have the right to withdraw your consent to the processing of your data at any time in the same way that you granted consent. Your withdrawal of consent shall not affect the legality of processing based on consent before its withdrawal.
- You may object to the processing of your data for reasons related to your particular situation if the data processing is based on our legitimate interests or is required to fulfil a public service.
- You can object to promotional communications at any time with future effect (right to object to promotional communications).
To exercise your rights, you need only send a letter to:
Deutsche Bahn AG
Potsdamer Platz 2
or an email to firstname.lastname@example.org.
Do we pass on your data?
In order to perform contracts, we generally need to use processors who act upon our instructions, such as operators of data centres, printing or shipping service providers, or other entities involved in contract performance.
We select the external service providers who process data for us carefully and subject them to strict contractual requirements. These service providers act upon our instructions, and this is ensured via strict contractual arrangements, technical and organisational measures, and supplementary monitoring.
In addition, we only transfer your data if you have expressly granted us consent to do so or if it is required by law.
We do not transfer your data to countries outside the EU/EEA or to international organisations unless appropriate safeguards are in place. These include standard EU contractual provisions and an adequacy decision by the European Commission.
Update in the case of new functions
We update our data privacy information to reflect changing functionalities or legal frameworks. We therefore recommend that you regularly review this data privacy information. Modifications are made only with your approval if your consent is required or the data privacy information in question includes provisions of the contract we have with you.