The responsible party and data controller – as defined by the General Data Protection Regulation and other data protection laws of the Member States as well as other data protection regulations – is:
Allianz pro Schiene e.V.
Reinhardtstraße 31
10117 Berlin
Tel. +49 30 2462599-0
Fax +49 30 2462599-29
E-Mail: info@allianz-pro-schiene.de
Authorised Representative Board Members:
Alexander Kirchner, Manfred Fuhg, Richard Mergner, Karl-Peter Naumann
Special Representative under Section 30 BGB (German Civil Code): Dirk Flege, managing director
The data protection officer representing the controller is:
Attorney Jan Marschner
Markt 9
04109 Leipzig
Tel: +49 341 – 26 18 93 73
Fax: +49 341 – 26 18 93 74
E-Mail: jm@datenschutzbeauftragter-leipzig.de
Website: www.datenschutzbeauftragter-leipzig.de
As a matter of principle, we collect and use the personal data of our users only as far as it is required for providing a properly functioning website, including content and website performance. The collection and processing of our users’ personal data will occur regularly only with users’ consent.
Insofar as we obtain consent for for processing a data subject’s personal data, Article 6 (1) point (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis.
For the processing of any personal data necessary for the performance of a contract to which the data subject is party, Article 6(1) point (b) GDPR shall serve as the legal basis. This also applies to the processing of personal data that is necessary prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which the our organisation is subject, Article 6(1) point (c) GDPR shall serve as the legal basis.
In cases where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1) point (d) GDPR shall serve as the legal basis.
Where the processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party and where these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1) point (f) GDPR shall serve as the legal basis.
The data subject’s personal data will be erased or restricted as soon as the purpose for collecting it has been fulfilled. The retention period can be extended if there is a requirement to store the personal data under EU regulations, laws or rules passed by European or Member State lawmakers to which the controller is subject. The data will then also be restricted or erased upon the expiry of a statutory retention period as defined by the regulations referred to, unless there is a necessity to continue to store the data for the purpose of concluding or fulfilling a contract.
We transfer your data to service providers, whom we use for efficiently ensuring contractual performance with you or for fulfilling our contractual obligations. Unless otherwise explicitly stated below, the service providers referred are Email providers and Web hosting providers that we use for communicating by E-Mail and via the Website.
Every time our Website is accessed, our system automatically collects data and information about the computer system accessing the Website. The following data are collected:
(1) Information about the browser type and browser version
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) The date and time of access
(6) The Website from which the user accessed our Website
These data will also be stored in our system’s log files. This does not concern the user’s IP address or other data that enable the data to be related to a specific user. These data will not be combined with personal data from other sources.
The legal basis for temporarily storing these data is Article 6 (1) point (f) GDPR.
The temporary storage of the IP address by the system is necessary to enable the delivery of the Website’s pages to the user’s computer system. For this reason, the users IP address has to be stored for the duration of the session.
It is for these purposes that we also have a legitimate interest in collecting and processing these data pursuant to Article 6 (1) point (f) GDPR.
The data will be erased as soon the purpose of collecting the data has been fulfilled and collection is no longer necessary. In the case of collecting the data for the purpose of making the Website available, this will be the case when each session is ended.
The collection of data for the purpose of making this Website available and storing the data in log files is a basic necessity for operating this Website. It is therefore not possible for the user to object.
Our Website uses cookies. Cookies are small text files that are stored in the Webbrowser or by the Webbrowser on the user’s computer system. If a user accesses a Web page, a Cookie may therefore be saved on the the user’s operating system. This Cookie will contain a distinctive sequence of characters that make it possible to uniquely identify the Web browser the next time it accesses the Website. We use cookies to ensure that our Website is user-friendly. In addition, for some features on our Website, accessing another page means that the browser requesting access must be identified. In addition, we use cookies on our Website to enable us to analyse users’ surfing behaviour. An info-banner will inform users visiting our Website about our use of cookies for analysis purposes. In this context, there will also be a message about how the storing of cookies can be deactivated in the browser’s settings or preferences.
The legal basis for processing personal data by means of cookies is Article 6 (1) point (f) GDPR.
The purpose of using technically necessary cookies is to simplify the user experience on the Website. Without using cookies, some of the features on our Website cannot be provided. For these features to function correctly, it is necessary that the browser is recognised after the user clicks to another page on the Website. The purpose of using analysis cookies is to improve the quality of our Website and its content. The analysis cookies help us to understand how the Website is used, which enables us to continuously improve our content.
It is for these purposes that we also have a legitimate interest in collecting and processing these data pursuant to Article 6 (1) point (f) GDPR.
Cookies are stored on the user’s computer, from where they are transferred to our Website. As a user you therefore have full control over how cookies are used. By making changes to your Web browser’s settings you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. This can also be automised. If cookies used by our Website are deactivated, it is possible that not all the features offered on our Website will be fully functional.
Our Website uses the Matomo software to analyse the surfing behaviour of our users. This software stores a cookie on the user’s computer system (for cookies please see the details already set out above). When individual pages on our Website are accessed, the following data are stored:
(1) The Web page being accessed
(2) The Website from which the user accessed our Website (referrer)
(3) Other Web pages that are accessed from the page initially accessed
(4) The duration of the visit on the Web page
(5) The frequency with which the Web page is accessed
The legal basis is Article 6 (1) point (f) GDPR
The purpose of processing users’ personal data allows us to analyse the surfing behaviour of our users. An analysis of the collected data puts us in a position to compile information about the usage of the individual elements on our Website. This helps us to continuously improve our Website and its user-friendliness. It is for these purposes that we also have a legitimate interest in collecting and processing these data pursuant to Article 6 (1) point (f) GDPR. Anonymising the IP address sufficiently takes into account the interest of the user to have their personal data protected.
The data will be erased as soon as they are no longer required for our tracking purposes.
Cookies are stored on the user’s computer, from where they are transferred to our Website. As a user you therefore have full control over how cookies are used. By making changes to your Web browser’s settings you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. This can also be automised. If cookies used by our Website are deactivated, it is possible that not all the features offered on our Website will be fully functional.
We use DoubleClick, a tool provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. With every impression, click or other activity on our Website, data is sent to the DoubleClick server, which triggers a cookie request to the data subject’s browser. If the browser accepts the request, DoubleClick stores a cookie on the users computer.
The legal basis is Article 6 (1) point (f) GDPR as long as the personal reference set by the DoubleClick cookie is assigned.
The purpose is optimising and displaying advertising relevant to the user and to evaluate our advertising campaigns. It is for these purposes that we also have a legitimate interest in collecting and processing these data pursuant Article 6 (1) point (f) GDPR.
The data will be erased as soon as they are no longer required for our tracking purposes.
Cookies are stored on the user’s computer system, from where they are transferred to our Website. As a user you therefore have full control over how cookies are used. By making changes to your Web browser’s settings you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. This can also be automised. If cookies used by our Website are deactivated, it is possible that not all the features offered on our Website will be fully functional.
This Website has a contact form which can be used to contact us electronically. Should a user make use of this contact form, the data entered into the input mask will be sent to us and stored.
At the moment the message is sent, the user’s IP address and the date and time of the registration will be stored.
Before you send your message, we will ask you to give your consent to allow us to process your data. We will also refer you to our privacy policy.
Alternatively it is also possible to contact us using the E-Mail address provided. In this case the personal data sent in the E-Mail will be stored.
In this context, no data will be passed on to third parties. The data will be used for the sole purpose of communicating with the user.
If the user has given their consent for processing the data, the legal basis is Article 6 (1) point (a) GDPR.
The legal basis for processing data that has been sent to us by E-Mail is Article 6 (1) point (f) GDPR. If the purpose of the E-Mail contact was for contractual reasons, then an additional legal basis for processing the data is Article 6 (1) point (b) GDPR.
The purpose of processing the personal data entered in the input mask is only for dealing with the approach made to us via the contact form. This also applies in cases where the approach was made to us by E-Mail, which gives us the necessary legitimate interest in processing the data.
Other personal data collected during the contact process serves the purpose of preventing the misuse of the contact form and to ensure the security of our information technology systems.
The data will be erased as soon the purpose of collecting the data has been fulfilled and collection is no longer necessary. For personal data collected in the input mask on the contact form and for data sent to us by E-Mail, this is the case when the individual conversation with the user has concluded. The conversation will also be considered to have concluded when it is apparent from the circumstances that the matter in question has been finally been clarified.
Any additional personal data collected during the contact process will be erased after a period of seven days at the latest.
Users may, at any time, revoke their consent for us to processing their personal data. Users who have contacted us by E-Mail can, at any time, withdraw their consent for us to store their data. In this case, it will no longer be possible to continue a conversation.
All personal data that was stored during the contact process will, in this case, be erased.
You can use the comments feature on our Website to comment on our articles. To this end, it is necessary to enter a comment text as well as a name and a valid E-Mail address, although only the name and comment will be published.
The legal basis is Article 6 (1) point (a) GDPR.
The publication of the name and comment serves the purpose of presentation and communication. We require the E-Mail address in order to be able to contact you if there any complaints from third parties.
The data will be erased as soon as you revoke your consent.
The user can, at any time, ask us to erase any comments that they have made. They will be erased without delay.
If your personal data are being processed, you are defined for the purposes of the GDPR as the “data subject”, which gives you the following rights vis-à-vis the controller:
You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed.
Where that is the case, you have the right to be given the the following information by the controller:
(1) the purposes of processing the personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the planned period for which your personal data will be stored, or, if providing exact details is not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of your processing of personal data by the controller or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed about whether your personal data are transferred to a third country or to an international organisation. In this context you can demand to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
You have the right to obtain from the controller the rectification and/or completion of inaccurate personal data concerning you if it is inaccurate or incomplete. The controller must carry this out without undue delay.
You have the right to obtain from the controller the restriction of processing where one of the following applies:
(1) if you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you opposes the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
(4) if you have objected to processing pursuant to Article 21(1) GDPR and verification is still pending as to whether whether the legitimate grounds of the controller override your grounds.
Where the processing of your data has been restricted, the data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained the restriction of processing pursuant to the above, you shall be informed by the controller before the restriction of processing is lifted.
You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase the personal data without undue delay where one of the following grounds applies:
(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) Your personal data have been unlawfully processed;
(5) Your personal data have to be erased for compliance with a legal obligation in the Union or a Member State law to which the controller is subject;
(6) Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers that are processing your personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with point (h) and point (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, in so far as the right referred to in paragraph (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
If you have established your right vis à vis the controller to have your data rectified or erased or to have processing of your personal data restricted, the controller is obliged to communicate this rectification, erasure or restriction to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller is obliged to inform you about those recipients.
You have the right to receive any personal data that you have provided to a controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and
(2) the processing is carried out by automated means.
In exercising your right to data portability you have the additional right to have the personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data that is based on point (e) or point (f) of Article 6(1) GDPR. This includes profiling based on those provisions.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal for such marketing. This includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
You have the possibility, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
You have the right to withdraw your declaration of consent to our privacy policy at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or similarly significantly affect you.
This does not apply if the decision:
(1) is necessary for entering into, or the performance of, a contract between you and the data controller;
(2) is authorised by EU or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or point (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) above, the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the General Data Protection Regulation (GDPR).
The supervisory authority where the complaint was lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.