Data protection

privacy statement

Downloads

NAME AND CONTACT DETAILS OF THE CONTROLLER

Salzburger Verkehrsverbund GmbH (hereafter referred to as SVG)
Schallmooser Hauptstraße 10, 5020 Salzburg, Austria
Tel.: +43 (0)662 8757-87
E-mail: datenschutz@salzburg-verkehr.at
www.salzburg-verkehr.at
Company number: FN 135832 d | Registered office: Salzburg / VAT ID no: ATU 41038603 / Tax ID no.: DE: 182/124/20219

SVG is a transport association organisation company in line with § 17 of the Austrian federal law on the regulation of local and regional public passenger transport (ÖPNRV-G 1999). SVG is responsible for the supply and organisational implementation of a public and regional passenger transport provision in line with demand in the federal state of Salzburg. As part of Salzburger Verkehrsverbund (SVV) SVG also operates an online ticket shop.

NAME AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER

JANDL Datenschutz GmbH
Dr Franz Jandl
Au bei Brandstatt 25, 4070 Eferding, Austria
E-mail: datenschutz@franz-jandl.at

DATA PROCESSED

I CUSTOMER DATA

  1. Forename, surname, title, addresses (main residence, domicile, delivery address), telephone numbers, e-mail addresses
  2. Date of birth, gender, nationality
  3. Language of communication
  4. Bank details, account details, credit rating data, credit card data, payment method
  5. Route, location data, motion data, validity period, transferability, passenger rights
  6. Customer number, card numbers, QR code, AZTEC code
  7. School code, name and address of the school / apprenticeship business, teaching profession, school attendance / apprenticeship duration, order number
  8. College/university, student number, enrolment confirmation
  9. Passport photograph, portrait photograph
  10. Image data (passenger checks, quality checks, video surveillance data, competitions)
  11. Purchaser parent/guardian, payer, invoice recipient
    Forename, surname, date of birth, address, telephone numbers, e-mail addresses, account data, credit rating data, credit card data, payment method
  12. Complainant and complaint content
  13. Applicant in connection with rights of data subjects (art. 15 to art. 21 GDPR)
  14. IP address

II BUSINESS PARTNER DATA

  1. Company data
  2. Contact: Forename, surname, address, telephone numbers, e-mail addresses
  3. Link personnel: Forename, surname, address, telephone numbers, e-mail addresses, log data
  4. Customer centre: Forename, surname, address, telephone numbers, e-mail addresses, log data
  5. Bank details, account details, credit rating data
  6. Invoices and invoice numbers
  7. Video conferencing data

III DATA FROM STAKEHOLDER / COMPETITION PARTICIPANTS

  1. Forename, surname, title, addresses (main residence, domicile, delivery address), telephone numbers, e-mail addresses
  2. Date of birth, gender
  3. Image data (video surveillance data, competitions, events, PR work)
  4. Bank details, account details

PURPOSES OF THE DATA PROCESSING

  1. Issue of the respective physical ticket and facilitating generation of a digital ticket
  2. Processing of the payment transaction by credit card or bank transfer with the involvement of financial service providers and billing with cooperation partners
  3. Provision of the transport services in SVV regular services and demand-based traffic, as well as associated ancillary services (incl. scheduling and communication with the link personnel and customer centre)
  4. Ticket inspection and confirmation of validity
  5. Prevention, detection and investigation of services potentially used without authorisation
  6. Complaint system and complaint processing
  7. Processing of requests in connection with rights of data subjects (art. 15 to art. 21 GDPR)
  8. Adaptation, measurement and improvement of services as well as contents and promotional materials
  9. Promotion and marketing: Information about services and new products (e-mail newsletters and postal mailings), marketing activities of cooperation partners
  10. Implementation of competitions
  11. Implementation of video conferences
  12. Video surveillance
  13. Events, PR work
  14. Analysis of use frequency and calculation of the capacity use of SVV routes

WEBSITE, ONLINE MEDIA, SALZBURG VERKEHR APP, SALZBURG VERKEHR 2GO APP, COMPETITION:

  1. Server log files

We collect data on every access to our provision (server log files). The access data include: name of the accessed website, file, date and time of access, data volume transmitted, notification of successful access, browser type and version, operating system of the user, referrer URL (the linking page visited previously), IP address of the user; anonymised device identification.

We use the log data only for statistical analyses for the purpose of operating, ensuring and optimising our provision. However, we reserve the right to check the log data subsequently in order to analyse potential errors that occur and in the case of specific evidence that gives rise to legitimate suspicion of unlawful use.

  1. AWStats

For continuous improvement of our information provision, the following information is collected, stored and analysed: web browser, operating system, country, date, time, access duration, IP address, access status, content and pages accessed. The free analysis software AWStats is used for the purpose of analysis. This is used to analyse log files created by web servers on the basis of visitor requests. AWStats does not use cookie files for the analysis. The statistical analysis is performed using the log files, which also contain IP addresses. With AWStats, unlike other statistics programmes, no data are transmitted to external servers. The programme is installed on internal servers. Transmission of data to third parties or abroad is therefore also avoided.

  1. Salzburg Verkehr App

If you are looking for connections, including footpath routes from your current location and stops near you, and if you want to see your location on the map, our app needs access to the address book of your device. After installing our app, you can decide whether or not to allow access to the address book of your device. You can allow or remove access at any time with settings in the app. The following processes are possible in the app with your consent:

  • Location / tracking: identification of the network-based location or tracking via GPS allows routing from or to the current location.
  • Network communication: this is required for internet access by the app.
  • Access to contacts (phone book): within the app, this allows use of contacts/addresses from the phone book for searches (e.g. entry of start and destination address or search using the map).
  • Access to storage: this is required in order to save downloaded files in the device storage.
  • Deactivation of standby mode (system tools): allows the app to send you push notifications.
  • Installation of links (system tools): allows the creation of shortcuts on the home screen.
  • Your accounts: required in order to be able to use the web-based interfaces of third-party providers.
  • Access to hardware control elements: allows use of the device vibration function for push notifications.
  • Access to camera: Allows photos for personal favourites and contacts.
  1. Salzburg Verkehr 2GO App

How the Sbg2GO app works:

To use Sbg2GO the customer must “check in” to the system before starting the journey and thus purchase a valid travel ticket. This is done by “swiping” over the check-in button (check-in). With the Sbg2GO system unlike classic sale processes on local and regional public transport the customer purchases an electronically verifiable travel ticket before departure in order to use the mode of transport. Using GPS technology and motion technology it is possible to identify whether and for how long customers remain on the mode of transport as well as which route they have covered. Multiple single journeys can therefore be made with one check-in. When alighting the customer must “swipe” again to end the journey in the system (check-out). The ticket products themselves are generated for the customer only subsequently in the course of best price billing and displayed in the app as information. The services provided are billed on a weekly basis via the SEPA direct debit mandate issued by the customer in the course of registration.

  1. Salzburg Verkehr Shuttle App:

The SVG journey arrangement programme allows registered customers to make firm bookings for specific journeys in the SVV Shuttle App or web application or by calling the hotline, and to enter into a contract of carriage with the executing transport company. Journeys generally take place in vehicles with up to nine seats and will potentially be shared with other passengers. They always start and end at stops or collection points. If safe boarding or alighting is not possible at a stop or collection point, the crew is entitled to stop the vehicle at the nearest safe boarding/alighting opportunity.

Depending on the booking channel used, payment is made through the specified payment service provider or in cash.

  1. External services

Above and beyond our website and apps, we provide various content operated by third parties on social networks and in app stores operated by third parties. These external services are linked from our website and our app in such a way that no data are transmitted to the external services when using our website or our app. A connection to the respective external service is established only when the link is actually clicked.

Please note that these external services are operated by third parties and not by SVG.

  1. Competition

The personal data (name, address, e-mail address) used in the course of the competition are stored in the database only for the duration of the competition.

Otherwise, please refer to the conditions for participation in competitions.

LEGAL BASES

  1. Performance of a contract (art. 6 par. 1 letter b GDPR)
  2. Consent (art. 6 par. 1 letter a GDPR and art. 9 par. 2 letter a GDPR)
  3. Legal obligation (art. 6 par. 1 letter c GDPR)
  4. Legitimate interest (art. 6 par. 1 letter f GDPR)
    Justification: for complaint management, for protection from theft and burglary

RECIPIENTS

  1. Transport companies
  2. IT service providers
  3. Online service providers
  4. Online platforms
  5. Media and marketing companies, tourism businesses
  6. Video conferencing providers
  7. Printing and delivery service providers
  8. Financial service providers, banks
  9. Credit checking companies
  10. Payment service providers
  11. Debt collection companies
  12. Cooperation partners
  13. Funding agencies
  14. Inspection service providers
  15. Regulatory bodies
  16. Call centres
  17. Akzente Jugendinfo Salzburg (youth information centre)
  18. Authorities and public bodies
  19. Office of Salzburg state government, State of Salzburg
  20. Courts
  21. Solicitors
  22. Tax consultants
  23. Insurance

SOURCES

  1. Customers
  2. Stakeholders, competition participants
  3. Photographers, film-makers
  4. Creditor protection associations
  5. Credit checking companies
  6. Inspection service providers
  7. Transport companies
  8. Business partners
  9. Complainants
  10. Applicants (art. 15 to art. 21 GDPR)

RETENTION AND STORAGE

  1. Data are retained in accordance with the statutory retention obligation.
  2. Data are retained and stored for as long as required for order fulfilment or for the duration of the business relationship.
  3. Data are retained and stored in order to be able to guarantee proper complaint management.
  4. Data are retained and stored in order to be able to guarantee proper processing of requests in connection with the rights of data subjects (art. 15 to art. 21 GDPR).
  5. Data are retained and stored in order to be able to handle court and official proceedings properly.
  6. Data are retained and stored in order to be able to handle passenger legal proceedings properly.
  7. Data are retained and stored in order to be able to implement competitions properly.
  8. Data collected from video surveillance are retained/stored in order to be able to implement the surveillance properly.
  9. Data are retained and stored in order to be able to undertake PR work in an appropriate and targeted way.

RIGHTS OF DATA SUBJECTS

The GDPR grants the following rights to data subjects:

  1. Right of access (art. 15 GDPR)
  2. Right to rectification (art. 16 GDPR)
  3. Right to erasure (art. 17 GDPR)
  4. Right to restriction (art. 18 GDPR)
  5. Right to data portability (art. 20 GDPR)
  6. Right to object (art. 21 GDPR)

Right to revocation at any time

If the processing is based on consent in accordance with art. 6 par. 1 letter a) or art. 9 par. 2 letter a) GDPR, the issued consent can be revoked at any time.

ASSERTION

Rights of data subjects and the right to revoke an issued consent can be asserted at the following address:

Salzburger Verkehrsverbund GmbH
Schallmooser Hauptstraße 10, 5020 Salzburg, Austria
Tel.: +43 (0)662 875787-0 / E-mail: datenschutz@salzburg-verkehr.at

RIGHT TO LODGE A COMPLAINT

Every data subject also has the right to lodge a complaint with the competent supervisory authority or another supervisory authority within the EU if the data subject considers that his or her personal data are being processed unlawfully.

The competent supervisory authority in Austria is the data protection authority:

Austrian Data Protection Authority
Barichgasse 40 – 42, 1030 Vienna, Austria
E-mail: dsb@dsb.gv.at
Tel.: +43 (0)1 52152-0 / www.dsb.gv.at