The internet portal of FlixMobility GmbH and the booking portal integrated therein (hereinafter collectively referred to as “website”) are operated by FlixMobility GmbH, Birketweg 33, 80639 Munich (hereinafter referred to as “FlixMobility” or “we”). We attach great importance to the protection of your personal data. For this reason, data protection at FlixMobility GmbH has a high priority, and we strictly adhere to the legal provisions of the European Data Protection Policy and the United States Federal Data Protection Act in collecting, processing and using data.
1. Collection, processing and use of personal data
The processing of your personal data is based on the following legal basis:
1.1 Contractual relationship pursuant to Art. 6 (1) letter b of GDPR
We process the personal data voluntarily communicated to us (name, pursuant to Article 6 (1) letter b of GDPR) for the contractual processing of ticket orders, for carrying out transport and opening of a customer account or in the context of pre-contractual measures.
To do this, we need your first name, surname and mobile telephone number. For the required payment processing, the following data may be required in addition: For payment of a booked trip with the credit card, FlixMobility requires your full name, email address and credit card data.
1.2 Legitimate interests pursuant to Art. 6 (1) letter f of GDPR
Due to a legitimate interest in accordance with Art. 6 (1) letter f and possibly letter b of GDPR, we process the necessary data for the following purposes:
- The data stored for the contract processing and for carrying out the bus trips is forwarded to the operating bus companies and other third parties (e.g., service providers for IT, transport, customer service, sending emails and newsletters, and payment processing) in the course of registration and for processing the ticket sale. In justified cases (e.g., damage to the buses), we reserve the right to forward the customer data to the respective bus transport partners. The data forwarded in this way may only be used by our service providers to fulfil their task and not for other purposes. Insofar as orders are processed, processing takes place in compliance with the requirements for order processing pursuant to Art. 28 of GDPR.
- In addition to processing ticket orders, FlixMobility GmbH also uses your data for advertising purposes and for market and opinion research to inform you about offers tailored to your interests via regular mail or newsletters. To this end, we conduct advertising scoring for interest-based advertising based on legitimate interests pursuant to Art. 6 (1) letter f of GDPR. You may withdraw consent for the use of your data for advertising purposes, market and opinion research and advertising scoring can be countermanded at any time by a communication to FlixMobility GmbH, Birketweg 33, 80639 Munich or to firstname.lastname@example.org.
- In the context of payment processing, your data may be forwarded to the following payment service providers. The credit card number or other bank details are not stored at FlixMobility and forwarded directly to the payment service provider:
- Payments are processed by our partner Adyen BV, Simon Carmiggeltstraat 6 – 50, 1011 DJ Amsterdam. To prevent and detect fraud, we send your IP address to our partner Adyen BV, Simon Carmiggeltstraat 6 – 50, 1011 DJ Amsterdam. Your IP address is stored by Adyen BV in this context. All data is transmitted in encrypted form.
- The payment methods of credit card, Giropay and iDeal are handled by Heidelberger Payment GmbH, with its registered office at Gaisbergstr. 11-13, 69115 Heidelberg. In addition, PAY.ON AG, with its registered office at Lucille-Grahn-Str. 37, 81675 Munich, has contact with the payment data. Heidelberger Payment GmbH is a payment institution within the meaning of the Payment Services Supervisory Act (Zahlungsdiensteaufsichtsgesetz [ZAG]) and is registered with the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht [BaFin]), Graurheindorfer Str. 108, 53117 Bonn (registration number 122914).
- The payment method PayPal is processed by PayPal (Europe) S.à r.l. & Cie, P.C.A., 5th Floor, 22-24 Boulevard Royal, L-2449 Luxembourg. You can find additional information about PayPal data protection in the Data Protection Declaration of PayPal.
1.3 Consent pursuant to Art. 6 (1) letter a of GDPR
In the context of your ticket order, if you choose the direct debit payment method, you consent to the transfer your personal data (name, address, date of birth, email address and current bank account data) and that of the ticket order, for the purpose of identity and credit check as well as contract processing, to RatePAY GmbH, RatePAY GmbH, Schlüterstraße 39, 10629 Berlin. To do this, we assign our payment request to RatePAY. You can find all details in the Additional General Terms and Conditions and the Data Protection Note for RatePAY payment methods
2. User login/customer account
You have the possibility to create a personal customer account with us. In the password protected area of the customer account, you can conveniently manage your bookings and store your data for future trips.
The fields (*) marked as mandatory, which contain personal data, are used only for managing and processing the user account. Only the email address is initially required. We use it to verify your identity. As part of the registration, you can voluntarily enter your name, address, or your bank account details.
This data is used both for billing and for the automatic pre-filling function in future bookings. In addition, you can also voluntarily store your mobile telephone number for contact in case of delay or change of the trip itinerary.
Provided you have consented to these provisions, the “remain logged in” feature will store persistent cookies on your terminal, which are used to ensure that you do not have to log in again at the following visits to our website. This feature is not available to you if you have deactivated cookies of this type from being saved in your browser’s settings.
You can update or delete your customer account—and consequently your stored personal data—at any time through your personal customer account.
A deletion does not affect the personal data required by legal storage periods for the implementation of the contract.
The personal data collected at registration of the newsletter with your consent pursuant to Art. 6 (1) letter a of GDPR is used for communication with you (e.g., service messages, system notifications, email confirming your registration, sending user account information, information about your tickets and itineraries, or your travel profiles) as well as for mailing newsletters.
When we receive your email address in connection with the sale of goods or services and you have not opted out of this, we reserve the right to send you offers regularly via email for products from our range that are similar to those already purchased.
You can withdraw consent for the use of your email address and the processing and use of the data to create user profiles at any time by sending a message to email@example.com
or via the cancel registration link of the newsletter.
4. Data security
We protect the privacy of users on our website and the connected systems using technical and organisational measures. To ensure secure transfer of personal data, we use the encryption protocol SSL 3.0 (RSA-2048 is used as the underlying encryption method for the public key infrastructure.) This procedure is used successfully throughout the World Wide Web. All personal data (name, address, payment data, etc.) are thereby encrypted and consequently securely transmitted on the internet. You can see via a symbol (closed padlock) in the lower window bar of your browser that you are in a secure area.
5. Data transfers to third countries
Data is processed on principle in Germany or countries of the European Union. Where processing in third countries is planned in certain cases, processing shall only be carried out if the appropriateness of the level of data protection in the third country has been established by the EU Commission under Art. 45 of GDPR or on the basis of standard EU contractual clauses.
6. Data storage period
We store the data as long as it is required for the respective processing purposes (e.g., contract processing, advertising purposes) and for fulfilling the trade and tax legal retention provisions pursuant to Art. 6 (1) letter c of GDPR and Section 257 (1) of the German Commercial Code (Handelsgesetzbuch [HGB]) and Section 147 (2) of the Tax Code (AO).
7. Contact details of the person responsible
The entity responsible for processing personal data is FlixMobility GmbH, Birketweg 33 80639 Munich, email address firstname.lastname@example.org
, represented by the Managing Directors André Schwämmlein, Arnd Schwierholz, Daniel Krauss, and Jochen Engert.
8. Information and complaint rights
Pursuant to the basic data protection regulation, you have a right to free information about your stored data and, where applicable, a right to rectification, deletion, limitation of processing and objection to your stored data. In this context, please contact FlixMobility GmbH, Birketweg 33, 80639 Munich or send us an email at email@example.com
You can contact our data protection officer at firstname.lastname@example.org
In addition, you have a right to complain about data protection to the supervisory agency responsible for us.
In addition, we use third-party cookies for retargeting and remarketing technologies to optimise our web offerings as well as interest-based marketing purposes. The stored surfing behaviour is analysed using an algorithm, so that targeted interest-related product recommendations in the form of advertising banners or advertisements can then be displayed on third party websites. Without the express consent of the person concerned, the pseudonymised user profiles will not be combined with the personal data of the user of the pseudonym.
Comprehensive information about how to accomplish this on a wide variety of browsers can be found on the following websites: youronlinechoices
, Network Advertising Initiative
and/or Digital Advertising Alliance
. You can also find information there about how to delete cookies from your computer as well as general information about cookies.
9.1 Google AdWords
To optimise our web offerings as well as for product recommendations, we use the technology provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to create pseudonymised user profiles about the surfing behaviour of the website visitors for marketing purposes. For this purpose, cookies may be used, which make it possible to recognise an internet browser on a return visit. The stored surfing behaviour is analysed using an algorithm, so that targeted interest-related product recommendations in the form of advertising banners or advertisements can then be displayed on third party websites. Without the express consent of the person concerned, the pseudonymised user profile will not be combined with the personal data of the user of the pseudonym. The creation of pseudonymised user profiles for interest-based advertising/ad preferences can be refused at any time by visiting the https://www.google.com/settings/ads page
. You can find more information about interest-related advertising at http://www.google.com/policies/technologies/ads/
9.2 Facebook Custom Audiences
This website uses the Retargeting-Pixel Custom Audience of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. With the help of the Remarketing Pixel, it is possible to use the visitors of our website as a target group for the advertisements of Facebook ads. For this purpose, a Facebook cookie is stored on your PC. Please refer to the data protection (privacy settings) provisions of Facebook for information about the purpose and scope of data collection as well as the further processing and use of data by Facebook and your options for privacy settings at https://facebook.com/policy.php
You can object to the use of Custom Audiences at www.youronlinechoices.com/de/praferenzmanagement
or for users with a Facebook account here.
9.3. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files, which are stored on your computer and enable analysis of your use of the website. In addition, this website uses the Google AMP Client ID API to link user activities to AMP pages with those on non-AMP pages via Google Analytics. The Google tracking codes of this website use the “_anonymizeIp()” function. As a result, the IP address within Member States of the European Union or in other States of the Agreement on the European Economic Area is only processed further abbreviated to exclude a direct personal reference. The complete IP address is only transmitted to a server from Google in the USA in exceptional cases and abbreviated there. On behalf of the operator of this website, Google uses this information to evaluate your use of this website, create reports about the website activities and provide other services connected with use of the website and Internet for the website operator. The IP address transmitted from your browser within the context of Google Analytics will not be associated with other Google data. You can prevent storage of cookies on your computer via the corresponding setting of your browser software. However, we advise that this may mean that you are you unable to use all functions of this website to their full extent. You can also prevent Google recording data generated by a cookie with respect to your use of the website (incl. IP address) as well as Google processing of this data by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de
This website/app also uses, among other things, the analysis technology “adjust” of adjust GmbH (“adjust”). adjust runs the analysis using the IP and Mac addresses of users, however, only used in an anonymised form. This makes it impossible to draw conclusions about a natural person. By using this website/app for analysis purposes, you declare your consent to the anonymised data collected being processed in the manner described above and for the purpose cited above. You may object, at any time, to the collection and storage of data by adjust, with effect for the future. Do so by clicking on the following link: https://www.adjust.com/opt-out/
For the statistical evaluation of the websites, we use the technologies of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin. With the help of Webtrekk’s services, we collect statistical information about the use of our website. Webtrekk GmbH was certified by TÜV in the Web Controlling area. In particular, the collection and processing of tracking data was checked and certified with respect to data protection compliance and data security. Information transmitted by your browser is collected and evaluated in the context of the use of this website. This is done by cookie technology and pixels, which are incorporated on each web page. Direct reference to people is excluded at all times. The data collected in this way is used to create anonymous user profiles that form the basis for web statistics. Without the express consent of the person concerned, data collected with Webtrekk technology is not used to identify the user of this website personally and is not linked with personal data via the holder of the pseudonym at any time.
Permission for Webtrekk to collect and store data may be revoked at any time with future effect. For more information on data protection at Webtrekk, please visit the following link: http://www.webtrekk.com/index/datenschutzerklaerung/opt-out.html
9.6 AdClear Campaign Tracking
We use the services of AdClear GmbH, Robert-Koch-Platz 4, 10115 Berlin (“AdClear”) to collect statistical information for campaign tracking and consequently optimise the service offering for our customers accordingly. Cookies are also used for this purpose. Data is collected in a purely anonymous form. Personal data will not be sent to AdClear. AdClear GmbH is certified for data protection in the field of campaign tracking systems by TÜV Saarland.
If you disagree with the data collection by the AdClear Campaign Tracking, a cookie with the name “adclearoptout” is set for this.
You have not refused permission for data collection by AdClear.Refuse permission for data collection by AdClear.
9.7 AB Tasty
. This page also provides guidance on how to disable tracking at any time.
To improve your user experience on our internet pages we use software by Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Using the software, we can measure and evaluate user behaviour (mouse movements, clicks, keystrokes, scroll height, etc.) on our websites. For this purpose, cookies are placed on users’ terminals and data from users such as browser information, operating system, time spent on the page, etc. can be stored. You can find more information about the processing of data by hotjar at http://www.hotjar.com/privacy
. You can object to the use of Hotjar’s services at https://www.hotjar.com/opt-out
10. Social Plugins
Our website uses social plugins for the social networks Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, Twitter, Inc., 795 Folsom St., Suite 600 San Francisco, CA 94107, USA, Google Inc., 1600 Amphitheatre Parkway Mountain View, California, 94043, USA, Pinterest, Inc., 635 High Street, Palo Alto, CA, USA, and Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
The plugins are located on our product page and are disabled in their initial state. If you click the appropriate button, you are then prompted in a new window to sign in to the social media provider. In this case, a cookie is placed on your computer. If you do not click the button or are not logged in to the social media provider, no cookie is placed on your computer.
If you are a user of the respective social media provider and are logged in and click the button, this information is sent to your profile at the respective social media provider. If you interact with the plugins, for example by pressing the “Like” button on Facebook or by posting a comment, the corresponding information is also transmitted directly from your browser to the social network and stored there. Please refer to the data protection (privacy settings) provisions of the following providers for information about the purpose and scope of data collection as well as the further processing and use of data by the provider and your rights and setting options for protecting your privacy: