Data protection

privacy statement


Salzburger Verkehrsverbund GmbH (hereafter referred to as SVG)
Schallmooser Hauptstraße 10, 5020 Salzburg, Austria
Tel.: +43 (0)662 875787
E-mail: /
Company number: FN 135832 d | Registered office: Salzburg / VAT ID no: ATU 41038603 / Tax ID no.: DE: 182/124/20219

SVG is a transport association organisation company in line with § 17 of the Austrian federal law on the regulation of local and regional public passenger transport (ÖPNRV-G 1999). SVG is responsible for the supply and organisational implementation of a public and regional passenger transport provision in line with demand in the federal state of Salzburg. As part of Salzburger Verkehrsverbund (SVV) SVG also operates an online ticket shop.


JANDL Datenschutz GmbH
Dr Franz Jandl
Au bei Brandstatt 25, 4070 Eferding, Austria


1. Forename, surname, title, addresses (main residence, domicile, delivery address), telephone numbers, e-mail addresses
2. Date of birth, gender, nationality
3. Language of communication
4. Bank details, account details, credit rating data, credit card data, payment method
5. Route, location data, motion data, validity period, transferability, passenger rights
6. Customer number, card numbers, QR code, AZTEC code
7. School code, name and address of the school / apprenticeship business, teaching profession, school attendance / apprenticeship duration, order number
8. College/university, student number, enrolment confirmation
9. Passport photograph, portrait photograph
10. Image data (passenger checks, quality checks, video surveillance data, competitions)
11. Purchaser parent/guardian, payer, invoice recipient, forename, surname, date of birth, address, telephone numbers, e-mail addresses, account data, credit rating data, credit card data, payment method
12. Complainant and complaint content
13. Applicant in connection with rights of data subjects (art. 15 to art. 21 GDPR)

1. Company data
2. Contact: forename, surname, address, telephone numbers, e-mail addresses
3. Bank details, account details, credit rating data
4. Invoices and invoice numbers
5. Video conferencing data

1. Forename, surname, title, addresses (main residence, domicile, delivery address), telephone numbers, e-mail addresses
2. Date of birth, gender
3. Image data (video surveillance data, competitions)
4. Bank details, account details


1. Issue of the respective physical ticket and facilitating generation of a digital ticket
2. Processing of the payment transaction by credit card or bank transfer with the involvement of financial service providers
3. Provision of transport services as well as the associated ancillary services
4. Ticket control
5. Prevention, detection and investigation of services potentially used without authorisation
6. Complaint system and complaint processing
7. Processing of requests in connection with rights of data subjects (art. 15 to art. 21 GDPR)
8. Adaptation, measurement and improvement of services as well as contents and promotional materials
9. Promotion and marketing: Information about services and new products (e-mail newsletters and postal mailings)
10. Implementation of competitions
11. Implementation of video conferences
12. Video surveillance


1. Server log files
We collect data on every access to our provision (server log files). The access data include: name of the accessed website, file, date and time of access, data volume transmitted, notification of successful access, browser type and version, operating system of the user, referrer URL (the linking page visited previously), IP address of the user; anonymised device identification.
We use the log data only for statistical analyses for the purpose of operating, ensuring and optimising our provision. However, we reserve the right to check the log data subsequently in order to analyse potential errors that occur and in the case of specific evidence that gives rise to legitimate suspicion of unlawful use.

2. AWStats
For continuous improvement of our information provision, the following information is collected, stored and analysed: web browser,
operating system, country, date, time, access duration, IP address, access status, content and pages accessed. The free analysis software AWStats is used for the purpose of analysis. This is used to analyse log files created by web servers on the basis of visitor requests. AWStats does not use cookie files for the analysis. The statistical analysis is performed using the log files, which also contain IP addresses. With AWStats, unlike other statistics programmes, no data are transmitted to external servers. The programme is installed on internal servers. Transmission of data to third parties or abroad is therefore also avoided.

3. Salzburg Verkehr App
If you are looking for connections, including footpath routes from your current location and stops near you, and if you want to see your location on the map, our app needs access to the address book of your device. After installing our app, you can decide whether or not to allow access to the address book of your device. You can allow or remove access at any time with settings in the app. The following processes are possible in the app with your consent:
• Location / tracking: identification of the network-based location or tracking via GPS allows routing from or to the current location.
• Network communication: this is required for internet access by the app.
• Access to contacts (phone book): within the app, this allows use of contacts/addresses from the phone book for searches (e.g. entry of start and destination address or search using the map).
• Access to storage: this is required in order to save downloaded files in the device storage.
• Deactivation of standby mode (system tools): allows the app to send you push notifications.
• Installation of links (system tools): allows the creation of shortcuts on the home screen.
• Your accounts: required in order to be able to use the web-based interfaces of third-party providers.
• Access to hardware control elements: allows use of the device vibration function for push notifications.
• Access to camera: allows photos for personal favourites and contacts.

4. Salzburg Verkehr 2GO-App
How the Sbg2GO app works: To use Sbg2GO, the customer must “check in” to the system before starting the journey and thus purchase a valid travel ticket. This is done by “swiping” over the check-in button (check-in). Unlike classic sale processes on local and regional public transport, with the Sbg2GO system the customer purchases an electronically verifiable travel ticket before departure, in order to use the mode of transport. Using GPS technology and motion technology, it is possible to identify whether and for how long customers remain on the mode of transport, as well as which route they have covered. As such, several single journeys can be made with one check-in. When alighting, the customer must “swipe” again to end the journey in the system (check-out). The ticket products themselves are generated for the customer only subsequently in the course of best price billing and displayed in the app as information. The services provided are billed on a weekly basis via the SEPA direct debit mandate issued by the customer in the course of registration.

5. External services
Above and beyond our website and apps, we provide various content operated by third parties on social networks and in app stores
operated by third parties. These external services are linked from our website and our app in such a way that no data are transmitted
to the external services when using our website or our app. A connection to the respective external service is established only when the link is actually clicked. Please note that these external services are operated by third parties and not by SVG.

6. Competition
The personal data (name, address, e-mail address) used in the course of the competition are stored in the database only for the duration of the competition. Otherwise, please refer to the conditions for participation in competitions.


1. Performance of a contract (art. 6 par. 1 letter b GDPR)
2. Consent (art. 6 par. 1 letter a GDPR and art. 9 par. 2 letter a GDPR)
3. Legal obligation (art. 6 par. 1 letter c GDPR)
4. Legitimate interest (art. 6 par. 1 letter f GDPR) Justification: for customer feedback, for protection from theft and burglary


1. Transport companies
2. IT service providers
3. Online service providers
4. Print media
5. Video conferencing providers
6. Printing and delivery service providers
7. Financial service providers, banks
8. Credit checking companies
9. Payment service providers
10. Debt collection companies
11. Cooperation partners
12. Funding agencies
13. Inspection service providers
14. Regulatory bodies
15. Call centres
16. Akzente Jugendinfo Salzburg (youth information centre)
17. Authorities and public bodies
18. Office of Salzburg state government
19. Courts
20. Solicitors
21. Tax consultants
22. Insurance companies


1. Customers
2. Stakeholders, competition participants
3. Creditor protection associations
4.Credit checking companies
5. Inspection service providers
6. Transport companies
7. Complainants
8. Applicants (art. 15 to art. 21 GDPR)


1. Data are retained in accordance with the statutory retention obligation.
2. Data are retained and stored for as long as required for order fulfilment.
3. Data are retained and stored in order to be able to guarantee proper complaint management.
4. Data are retained and stored in order to be able to guarantee proper processing of requests in connection with the rights of data subjects (art. 15 to art. 21 GDPR).
5. Data are retained and stored in order to be able to handle court and official proceedings properly.
6. Data are retained and stored in order to be able to handle passenger legal proceedings properly.
7. Data are retained and stored in order to be able to implement competitions properly.
8. Data collected from video surveillance are retained/stored in order to be able to implement the surveillance properly.


The GDPR grants the following rights to data subjects:
1. Right of access (art. 15 GDPR)
2. Right to rectification (art. 16 GDPR)
3. Right to erasure (art. 17 GDPR)
4. Right to restriction (art. 18 GDPR)
5. Right to data portability (art. 20 GDPR)
6. Right to object (art. 21 GDPR)


If the processing is based on consent in accordance with art. 6 par. 1 letter a) or art. 9 par. 2 letter a) GDPR, the issued consent can be
revoked at any time.


Rights of data subjects and the right to revoke an issued consent can be asserted at the following address:
Salzburger Verkehrsverbund GmbH
Schallmooser Hauptstraße 10, 5020 Salzburg, Austria
Tel.: +43 (0)662 875787-0 / E-mail:


Every data subject also has the right to lodge a complaint with the competent supervisory authority or another supervisory authority
within the EU if the data subject considers that his or her personal data are being processed unlawfully.
The competent supervisory authority in Austria is the data protection authority:

Austrian Data Protection Authority
Barichgasse 40 – 42, 1030 Vienna, Austria
Tel.: +43 (0)1 52152-0 /