Data Privacy statement of

The use of our web pages without providing personal data is possible as a general rule. However, if you want to use special services provided by our company via our web page, it may be necessary to process personal data. If processing personal data is required and there is no legal basis for such processing (for example, carrying out a contractual agreement, we must ask for your consent.
In this notice, we will inform you about what data we collect on you, how we use it and how you can raise an objection to the use of the data.

Who is my personal data collected and processed by?
Deutsche Bahn Connect GmbH (DB Connect), Mainzer Landstrasse 169, 60327 Frankfurt am Main, collects and processes your data as the data controller. 
Ms Chris Newiger has been appointed data privacy officer. 
If you have any questions or comments on data privacy on, please contact us:
Deutsche Bahn Connect GmbH, Raffineriestrasse 28, 06112, Halle Saale
Phone: 0049 (0)69 42727700

 Legal basis of data processing:
To the extent that we have obtained your consent to process personal data, the legal basis is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
When personal data is processed that is required to fulfil a contract agreed with you, the legal basis is the contract in accordance with Article 6 (1) (b) of the GDPR. Article 6 (1) (b) of the GDPR also applies to processing activities that are required in order to perform contract activities prior to the contract, for example in cases where requests are made about our products and/or services. 
If our company is subject to a legal obligation when requires the processing of personal data, for example fulfilment of tax requirements, this is considered processing in accordance with Art. 6 (1) (c) of the GDPR. 
We are continually improving our offering by saving and analysing user data from online on a pseudo-anonymised basis. The legal basis for this is Art. 6 (1) (f) of the GDPR.
It is within our interest to maintain the customer relationship with you and to send you information and offers that we believe match your travel wishes and interests. For this reason, we process your data on the basis of Article 6 (1) (f) of the GDPR (also with the help of service providers) to send you information and offers. We use your contact data (last name, first name, postal address) to send advertising by post and for market research if you do not opt out of this kind of use of your data. Likewise, we can also use the e-mail address that you provide to us in the context of our business relationship with you to send targeted advertising.
You can opt out of the use of your data for targeted advertising at any time, taking effect for the future. You can opt out by sending us an e-mail to

What are my rights as a user of
- You may request information on what data we store about you.
- You can request the correction, deletion and blocking of your personal data as long as this is permitted by law and possible within the scope of an existing contractual relationship.
- You have the right to lodge a complaint with a data protection supervisory authority. 
The supervisory authority responsible for Deutsche Bahn Connect GmbH GmbH is

Hessische Datenschutzbeauftragte
Postfach 31 63
65021 Wiesbaden
- You have the right to portability of the data which you have provided to us based on a declaration of consent or a contract (data portability). 
- If you grant us consent to use your data, you can withdraw it at any time using the same method you used to grant it. Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.
You can exercise your rights by sending a letter by post to Deutsche Bahn Connect GmbH, Raffineriestrasse 28, 06112, Halle Saale
 or e-mail us at

 How long do you store my data?
We store your data only for as long as is necessary to fulfil the purpose for which the data was to collected (for example in the context of a contractual relationship), or to comply with statutory requirements. In a contractual relationship, for example, we save your data at least until the contract has been terminated fully. Thereafter, the data will be stored for the statutory storage period. 

What data do we collect and how and why do we process your data?
We collect and process your data exclusively for specific purposes. This may include technical requirements, contractual requirements or express user requests.
When you visit this website, certain device-specific data is collected and processed automatically. In this case, this refers to what are known as server log files that are typically created when you visit a website. 

As a rule, the following data is transmitted to us via these files: 
•IP address
•Date and time of your request
•Time zone difference to Greenwich Mean Time (GMT)
•Content of your request
•Access status/HTTP status code
•Data quantity transmitted
•Website (from which the request came)
•Operating system and its interface
•Language and version of browser software

The use of this website without processing this data is not technically possible.

When you contact us, we process the personal data you share with us to process the correspondence.
To fulfil a contract, you must provide personal data to us. These data are required to book bicycles, settle payments, check creditworthiness, make a postal delivery if necessary to the specified address and to perform reversals and reimbursements.
Specifically, this affects the following:

A customer account is created in the context of registration with In addition to the mandatory information required for registration with and use of Call a Bike, you have the option to provide optional information. The following is a list of the corresponding data:
Mandatory data:
address (title, last name, first name, street, house number, postal code, city, country)
contact data (e-mail address), mobile phone 
date of birth 
payment details (credit card number and expiration date or IBAN and BIC) 
Depending on the fee you select, additional data may be collected. (E.g: VBB annual subscription number, BVG yearly pass number, S-Bahn Berlin yearly pass number, name of the educational institution you attend, BahnCard number). Each transaction made using a credit card requires the user to provide the CVV code on the back of the card as authorisation. We do not store the CVV code.

Private and business phone contact data

We also save your booking data, which includes the information about whether or not you have a BahnCard, your registration data and – if you order a newsletter as a registered customer – any information you provided on your areas of interest in your customer account. In addition to using this data to fulfil the contractual relationship with you, we also use this data for internal analysis and market research purposes. We intend to use what we learn from this to continuously improve our offering. In addition, we intend to adjust our offerings optimally to meet your wishes and requirements. Storing and analysing pseudonymised usage data from online activities also helps us work towards this objective. We do not create a link between these activities and your personal data. You can opt out of the pseudo-anonymous use of your data at any time. Please direct your wish to opt out to

Co-branding with Call a Bike
You have the option of using our Call a Bike co-branding product. To send you an offer, we store your e-mail address, your address details and your complete title (Mr/Mrs, academic, other). We will then generate an offer based on your own product configuration choices. We delete the data submitted to this website from our system once you have made a decision to accept the offer we send, or if you do not accept the offer within a period of 3 months. 

Participation in competitions
In the context of competitions, data is collected in order to run the contest. The precise details, i.e. what data is collected and for what purpose, are available on the given competition's webpage.

If you register for our newsletter, we use the e-mail address you stored to send the newsletter to you.
In this case, you are allowing us to use your e-mail address for advertising purposes. 
When you register for the newsletter, we save the IP address from the computer system in use provided by your internet service provider (ISP) at the time of registration, and the date and time of registration. The collection of these data is mandatory to detect (potential) misuse of the e-mail address of an affected person at a later point in time and therefore provides us with a legal safeguard.
You can unsubscribe from the newsletter at any time under or by clicking the unsubscribe link at the bottom of the newsletter. 
If you object to the use of your data for advertising purposes, your data will be anonymised for use in statistical evaluations only. 

By sending a message to start to the company named in the publishing details (hereinafter "Sender"), I agree, in line with Art. 6.1(a) of the GDPR, that the Sender may use my personal details (e.g. given name and surname, phone number, messenger ID, profile image, news) for the purposes of direct communication using the selected form of messenger and for the neces-sary data processing. A pre-existing messaging account with the relevant provider is necessary for using this service.
In the case of Whatsapp, the provider responsible for the messenger is
WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA 
and its privacy policy is available at
I am aware that the relevant provider receives personal data (communication meta-data, in par-ticular), which may be processed on servers in non-EU states (e.g. USA) where it is not possi-ble to guarantee an appropriate level of privacy. However, Whatsapp Inc. and Facebook Inc. are certified in line with the Privacy Shield agreement and therefore provide a guarantee that Euro-pean privacy law is upheld. Further information is available in the above-mentioned privacy poli-cy of the relevant messenger. The Sender has neither precise information about nor influence over the data processing activities of the relevant provider.
You can opt out of this data processing at any time you so wish by entering "STOP" into the relevant messenger. 
In order to delete all of your details saved by our service provider, use your messenger to send the following messenger: "DELETE ALL DATA".
Technical service provider WhatsBroadcast GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany, is tasked with performing this service as the Sender's data processor.

 Are data forwarded?
For contract processing, it is typically necessary to involve instruction-based data processing companies, for example data centre operators, print or dispatch service providers or other parties involved in contract fulfilment. 
The external service providers, who we hire to process data, are carefully selected and subject to strict contractual obligations. The service providers work in accordance with the instructions we provide and this is verified by technical and organisational actions and supplementary checks. 
Furthermore, transmission of your data only takes place where you have given your express approval or on the basis of a statutory requirement.
Transmission to third countries outside the EU/EEA or to an international organisation will not take place unless appropriate guarantees have been provided. These include the EU standard contractual clauses and an adequacy decision from the EU Commission. 
Data may be forwarded in the following situations, for example, where it is required for the purpose of contract processing for a booking made on

- Debt collection
In the event of irregular payments or defaulting on payments, we may send debt claim data to a debt collection agency.

- Payment with credit card / Concardis AG
If you decide to pay with a credit card, the data you enter will be sent directly to the system of our payment service provider

- Payment service provider

For payment processing, we use the Payengine platform of our payment service provider ConCardis GmbH (Helfmann-Park 7, 65760 Eschborn). Encrypted data transmission to ConCardis therefore occurs as part of the payment processing. For more information about data processing at ConCardis, please refer to the data protection declaration of ConCardis TaTGmbH at

 Use of cookies
Cookies are small text files used to store personal data. Cookies can be sent to this website when it is called, allowing the user to be identified. Cookies help users to use internet sites more easily.  
We differentiate between cookie that are mandatory for the technical functions of the website and those that are not mandatory. 
We want to give you the option of making an informed decision for or against using cookies that are not essential for the technical functions of the website. Please note that rejecting cookies designed for commercial purposes means that any advertising you receive will not be as closely tailored to your interests as would otherwise be the case. The use of this website in its entirety will not be affected by this.
This is a notification of how and in what manner cookies are used on our sites:
Generally speaking, it is possible to use without cookies that serve no technical purpose. This means that you can prevent browser tracking by cookies (do-not-track, tracking protection list) or block storage of third-party cookies. In addition, we recommend checking the saved cookies regularly if they are not expressly desired. 
Please note that when you delete all cookies, you are also deleting any opt-out cookies, meaning that you must opt out again.

Cookies that are not mandatory for the use of the site include:

Use of Matomo
We use the Matomo analytics platform on our web page in order to analyze the use of our web page and regularly improve it. The statistics we obtain from this allow us to improve our content and make it more interesting for users. Information about how you use our web page, including your IP address, is stored by way of small text files (cookies). This data is anonymized and stored on our servers.
The legal basis for the use of Matomo is Art. 6 (1) Clause 1 (f) of the GDPR.
Your deactivation options: If you object to the analysis of your user behavior, you can configure your browser at any time to prevent the setting of analysis cookies. You can also decide whether your browser is allowed to store a unique web analysis cookie that enables the web page operator to record and analyze various statistical data. If you want to opt out, click the following link to store the Piwik deactivation cookie in your browser:
You can decide whether your browser is allowed to store a unique web analysis cookie that enables the web page operator to record and analyze various statistical data. If you want to opt out, remove the following tick to store the Matomo deactivation cookie in your browser:
Please note: If you delete all of your cookies, the deactivation cookie will also be deleted. This means that you will have to reactivate your opt-out of user behavior analysis.
Use of LinkedIn Insight Tag 
LinkedIn Insight Tag from the service provider LinkedIn Ireland Unlimited Company is used on this website. The legal basis for this is Art. 6.1(f) of the GDPR. This feature serves to display interest-based advertisements to people visiting our website or using our ads within the context of a visit to the LinkedIn social network. This feature also serves to collect measurement-related data on the ads generated by DB Connect.
If you visit our fanpage or use our advertising offers in the LinkedIn timeline, LinkedIn Ireland Unlimited Company collects, saves and processes your personal data in line with its privacy policy. This privacy policy is available here:
If you visit our pages or click a DB Connect ad in your LinkedIn timeline, the remarketing tags (Pixel) are used to establish a direct link between your browser and the LinkedIn server. This provides LinkedIn with notification that you have visited our website via your IP address, ena-bling LinkedIn to correlate your visit to our site with your user account. However, we do not re-ceive any of your additional personal details (name, e-mail address, etc.). DB Connect or LinkedIn can use the information transmitted in this way for advertising purposes and show you relevant overlays.

How are links to external site handled? 
If you click a link to an external website, you are leaving the pages of This means that Deutsche Bahn Connect is not responsible for the content, services or products offered on the linked website, nor is it responsible for the data protection or the technical security on the linked website.

Update to the data privacy notice
We adjust the data privacy notice to reflect changes to functionalities or changes to the legal situation. We therefore recommend that you review the data privacy notice at regular intervals. If your consent is required or parts of the data privacy notice are contained within rules of the contractual relationship, changes will be made only with your consent.

Version dated: 12/2020