Ticket app privacy policy

Thank you for your interest in our Ticket app. This app can be used in the full version or via the App Clip (for iOS only). All of the following terms apply to the full version. For App Clip only the following sections apply: [A, B, C, D IV., D VI. up to and including No. 1, D VII., E to G].

We take the protection of your personal data very seriously. The personal data you provide when using the Ticket app and our services is treated confidentially and in accordance with both statutory data protection regulations and this privacy policy. We would like to give you detailed information about what personal data we process, for what purposes we process it, whom we share it with, and what control and information rights you may have. We therefore recommend that you read through this privacy policy carefully.

Berliner Verkehrsbetriebe AöR, Holzmarktstraße 15-17, 10179 Berlin (referred to below as “BVG” or “we” or “our” or “us”) is responsible for the Ticket app. If you have any questions regarding this privacy policy or the processing of your personal data, please feel free to contact us by email. If you wish to contact our data protection officer directly, please see section H for details of how to do so.

If you have any questions, suggestions, or criticisms relating to our services, please contact us by email at appsupport@bvg.de.

The Ticket app provides a convenient way for customers to buy digital tickets for use on their mobile devices. We collect personal data from our users only to the necessarily extent to ensure a functioning Ticket app and provide our content and services, only upon you having given your consent for us to employ other data processing functions.

• If the Ticket app is used purely for informational purposes (i.e. no user registration), we process data about your device to enable use of the app. The legal basis for this data processing is Article 6(1)(b) of the GDPR.
• We also evaluate usage data with Google Analytics to enable optimisation of our app and provide you with a better user experience, if you provide your express consent. The legal basis for this data processing is Article 6(1)(a) of the GDPR (see also VI.).
• We process data for troubleshooting purposes to ensure the stability and security of the app and our IT systems. The legal basis in this case is Article 6(1)(f) of the GDPR (see also D.I).
• We send in-app and push notifications to let you know about disruptions, updates, and other relevant information. Some of these services are optional and are only used if you have enabled them. The legal basis for this data processing is Article 6(1)(f) of the GDPR. The data is required to ensure that we can provide you with the selected functions and to allow us to perform the contract without hindrance. We also have a legitimate interest in notifying you of technical malfunctions (see also D.II.).
• You can create a customer account in the Ticket app, or otherwise sign in with an existing BVG account. In these cases, we process all the data required for registration and login (e.g. name, email address, login data). The legal basis for this data processing is Article 6(1)(b) of the GDPR (see also D.III.).
• You may use the Ticket app to purchase tickets. If you do so, we will process the data required to provide you with your desired ticket in the app (ticket type, starting location, fare information and information on selected payment method, first name and surname, validity period). The legal basis for this data processing is Article 6(1)(b) of the GDPR (see also D.IV.).
• If you contact our customer service, we will process data for the purpose of dealing with your request (e.g. name, email address, reason for contacting us). The legal basis for this data processing is Article 6(1)(b) of the GDPR (see also D.V.).
• We use external service providers for some of these data processing operations. This is particularly the case for payment processing (see also D.VI.). 

Definitions

Personal data means any information relating to an identified or identifiable natural person (Article 4(1) of the GDPR). This includes information such as your name, your email address, your postal address, and your telephone number. It does not include information that cannot be linked directly to your identity, such as the number of users of a website.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

I.    Processing of your data for troubleshooting purposes

If there is a problem with the connection between the app and the background system or if the connection is lost, we will save the data associated with the error (request, error) in your Ticket app account. This data is collected and processed to troubleshoot the error, optimise the app, and ensure system security. The Google Play Store collects anonymised crash reports (number of crashes only), as does the Apple AppStore, if you have provided Apple with your consent. We can view the crash reports on a dashboard in the Google Play Store.

This information is processed to allow us to pursue our legitimate interest in ensuring the stability and security of both the app and our IT systems (Article 6(1)(f) of the GDPR). The data is erased when it is no longer needed, unless a longer period of storage is justified or required by law (see also F.).

II.    Notification services

You have the option to enable in-app notifications within the Ticket app, allowing us to inform you when a new version of the app is available. You can also enable push notifications. In this case, we will notify you of upcoming events; for example, a holder of a monthly ticket will be informed a few days before it expires. For the purpose of sending in-app notifications and push notifications, we process information on the validity of your season ticket and the iOS device token. The legal basis is Article 6(1)(b) of the GDPR. The data is required in order to provide you with this service. You can disable and enable the functions at any time by going to the app settings.

We also use in-app notifications to inform our users about technical malfunctions. In the event of a malfunction, for example, all users who open the app during a period of time specified by us will be shown a one-off pop-up with information on the current status of the malfunction. In connection with this, we save the notification ID once you have read the notification. This service is always enabled, since it is required for us to fulfil our obligations arising from the contractual relationship. We also have a legitimate interest in notifying our users if the app is not working as it should. We assume that this is also in our users’ interest. The legal basis is Article 6(1)(f) of the GDPR.

The data is erased when it is no longer needed, unless a longer period of storage is justified or required by law (see also F.).

III.    Processing of your data during registration and/or use of a customer account

You may create a customer account in the Ticket app or sign in using an existing BVG account. You can erase your customer account at any time. A customer account is required in order to purchase tickets.

1. Registration process

We provide the option for you to register or create a customer account, which requires you to enter personal data.We provide the option for you to register or create a customer account, which requires you to enter personal data. BVG uses the so-called single sign-on for registration. You can also use this account to sign into the other BVG apps as well as the Abo-Online self service. The single sign-on service is provided by our service provider akquinet AG (see also . D. VI).

During the registration process, we will process the following personal data, which you provide on an input form:

• name
• first name
• email address

We use the double opt-in procedure for sign-ups, i.e. your sign-up is not completed until you have confirmed that you wish to sign up by clicking on the link in a confirmation email we send you for this purpose. If your confirmation is not received within 24 hours, the personal data you provided is automatically erased from our database.

You may also register through the purchase process. For this purpose, you can choose between  the third-party payment providers “Google Pay”, “Apple Pay”, or “PayPal”. If you do so, the BVG will receive the data associated with your payment method (first name, surname, address, email address) from the provider for the purpose of registration. The third-party provider may collect further data for its own purposes, but this data will not be processed by the BVG. The double-opt-in procedure does not apply in these cases.

The legal basis for this data processing is Article 6(1)(b) of the GDPR. The data is used to provide customer account functions and for management of your customer account. We will also process your contact data, including your email address, in order to provide you with information on contract-related changes connected to the services we offer in compliance with relevant legislation and provide you with other information required by law.

2. Signing in with an existing BVG customer account

You can also use an existing BVG account to sign into the Ticket app. To do so, please enter the email address and password you use to sign into our other BVG services, e.g. the BVG Fahrinfo app, the BVG Jelbi app, or BVG.de. Your BVG account will then be associated with the Ticket app and the above data from your BVG account (surname, first name, login, password) will be used (“single sign-on”, SSO). The SSO service is provided by our service provider akquinet (see also D.VII.).

We store the data you provide in your personal customer account ( BVG-Account) within the Ticket app. You can manage and change any of the data you provide in your password-protected customer account, although you may need to contact customer service to change some information (see also D.V.).

The legal basis of this data processing is set out in Article 6(1)(b) of the GDPR, as this information is required for the purpose of signing in with an existing account.

3. Erasing your customer account

You can erase your Ticket app customer account by logging in to your account on the BVG website and selecting the “Erase account” option. Your request for erasure will then be processed by our customer service team. You can also erase individual items of data directly within your customer account. If you decide to erase your customer account, your account data will first be blocked from further processing, with the exception of processing that is required in compliance with legal obligations or rights (see F. below) and then permanently erased. Your request for erasure may conflict with statutory provisions or rights on the part of the BVG. As such, your data may not be erased if the BVG is required to comply with legal obligations to retain data (e.g. for commercial or tax law reasons) or if processing of your data is required for the establishment, exercise, or defence of legal claims, e.g. if we initiate legal proceedings against you for misconduct during use of our services or for payment reasons. In such cases, we will notify you of the reasons conflicting with your right to erasure.

IV.    Ticket purchases

You can buy BVG tickets directly within the Ticket app and download them to the app for later use.

1.   Purchase

The BVG will process the following data required for ticket sales:

• For individual purchases/shopping carts:
  • Information on the product that was ordered:
    • Ident (database id for a current request)
    • IdentExternal (class)
    • Description (product description)
    • Product type
    • Product manager
    • Fare version
    • Product group
    • Number of authorisations
    • Price
    • Start fare points (TariffPointRelation), if start parameters were set
    • "Berlin pass” number when purchasing the Berlin S ticket
• Under "Place order" (ticket generated based on provided data):
  • Information on the product that was ordered (see above)
• Under "Pay order" (payment)
  • Information on the product that was ordered (see above)
  • Data on used payment method
    • Owner
    • External reference number
    • Information on, for example, credit card or direct debit
    • Ident from our database (database ID of payment method in our database, used by us for identification only)
    • External customer number of financial service providers
    • Type of payment method
    • Depending on payment method, validity, masked credit card number or IBAN (visibility of the last four digits, country code and verification number)
• Payment information, name and email address if payment is made using express checkout (Google Pay, Apple Pay, and PayPal, see also III.1.): We collect this data and send it (except: in the case of PayPal, by PayPal) to our background system and for billing to LogPay;
• If you wish to receive an invoice via the Ticket App for tax reasons, you must provide your postal address (street, house number, postal code, city).

This data is required in order to process your ticket purchase. The legal basis is Article 6(1)(b) of the GDPR. The data will be stored for a period of ten years.

2.   Payment methods

Full payment information is not transmitted to the BVG for the purpose of billing ticket purchases; only information on the selected payment service and the masked credit card number and IBAN is transmitted. BVG needs this information to execute the contract and for customer support. Your payment information will be processed by LogPay, acting as the controller (see D.VI.1), or by PayPal, if you select this payment method (see D.VI.2). Minors with restricted legal capacity may only select the “prepaid” method to purchase tickets in the Ticket app. This requires legal representatives of minors to transfer credit to the minor’s prepaid account in their app or top it up using GiroPay or eps prior to making an order. Minors may only submit orders if they have sufficient credit in their prepaid accounts. Adult customers can also use the “prepaid” payment method. When using the “prepaid” payment method, information regarding the credit available in the prepaid account and account information relating to the bank transfer will be processed. Processing is carried out solely for the purpose of enabling payment from prepaid credit. The legal basis is Article 6(1)(b) of the GDPR.

If the Amazon Pay, SEPA and credit card payment service are selected, BVG will also collect the date of birth in addition to the registration data (see III.1. above). The payment service Amazon Pay, SEPA and credit card are offered via the payment service provider Logpay. Logpay requires the date of birth to identify the person. The legal basis is Article 6(1)(b) of the GDPR.

3.   Enabling authentication using biometric data

You have the option to enable verification by fingerprint/biometric data in the app. When setting up a payment method, we recommend securing it with a PIN, a fingerprint, or “Face ID”. If the user agrees, the fingerprint or Face ID will be requested and confirmed by the device. The Ticket app receives information from the device regarding whether the result of the scan was successful. You can verify your purchase in this way for all payment processes; the Ticket app itself will only receive information from the device regarding whether authentication was successful or not.
You may disable this optional authentication method at any time by going to the Ticket app settings. You can use verification with biometric data to confirm purchases in the app. This form of verification replaces the need to enter a password. The legal basis is Article 6(1)(b) of the GDPR, as without this data the function cannot be provided.

4.   Location services

Instead of manually entering a starting location, you have the option to allow the app to determine your location using the location services on your mobile device. We will then suggest stops or stations located nearest to your location. In the case of GPS positioning, however, we only collect the location determined by your device if the app is open. Your device will indicate if location tracking is active. On an iPhone, for example, it is indicated by a compass symbol in the status bar. Android devices feature a similar function. If you enter your location manually, we will store only this information. The legal basis of this data processing is set out in Article 6(1)(b) of the GDPR, as your location is only determined and transmitted to us if you use this app function. You can enable or disable this function (automated positioning) at any time by going to your operating system’s settings. In this case, you can continue to use the Ticket app with manual entry of your starting location.

5.   Storing and displaying the ticket

The ticket is displayed and saved in the ticket store within the Ticket App. After expiration it automatically disappears from the ticket store.
If you are using an Apple iOS device, you can also store the ticket in the Apple Wallet of your device. The following data will be transmitted to the Apple Wallet with the ticket:

• First and surname,
• Starting location (if available),
• Start and end day and time of the ticket,
• Fare product,
• Product class (regular/reduced fare),
• Fare zone
• Ticket ID,
• Price,
• Fare Class

If you want the ticket to be stored in the Apple Wallet, you will have to manually move the ticket from the Ticket App to the Wallet. This transfer of the ticket to the wallet is done locally on your device. Tickets saved in the Apple Wallet must be deleted manually by you; the Ticket App has no access to them.

If you would like the ticket to be displayed on additional iOS devices in your Apple Wallet, the ticket data will be sent to your device, e.g. Apple Watch, via the iCloud. This function must first be activated on your device.

As part of the storage of the ticket data in the iCloud, encrypted data is transferred to involved sub-service providers in third countries, among others. This data is transmitted in encrypted form, and according to the information provided by Apple on the iCloud, these sub-services do not receive the key. For more information about the Apple Wallet, please visit https://support.apple.com/en-gb/HT204003.

The legal basis is Article 6(1)(b) of the GDPR. This data is required to create and deliver a valid ticket.

6.   Fraud analysis/ prevention

In the course of ticket sales, fraudulent activity may occur during the payment process. In order to track and in future prevent these fraudulent activities, we process your personal data, in particular master data (e.g. surname, first name, address), label data (e.g. fraud label, label time, label details), payment data (e.g. payment method, shopping cart, order time), customer account data (e.g. account creation date, sales history), and potentially also customer journey data and risk data. For processing of your personal data, we work closely with our service provider Risk.Ident GmbH (Risk Ident), An Sandtorkai 50, D-20457 Hamburg. In cooperating with Risk Ident, we have concluded a processing agreement pursuant to Article 28 of the GDPR for GDPR-compliant processing of your personal data.

We process your personal data on the basis of our legitimate interest, in particular our interest in preventing fraudulent activities, Article 6(1)(f) of the GDPR.

We process your personal data until the purpose of processing no longer applies.

V.    Processing of your data when you contact customer service

If you contact us using the BVG chatbot, email, or the BVG contact form, we will process your personal data in order to determine your reason for contacting us and to allow us to assist or reply to you. This may include, for example, processing of your purchase history in order to find tickets for reimbursement.

1.   Contacting the customer service

The chatbot provides the fastest way for you to send and receive a reply to enquiries and is available 24 hours a day. You can also use online forms or text input boxes in the chatbot to send requests to the BVG for processing. Based on the content of your request, the chatbot will forward it to the relevant BVG agent to ensure it is dealt with as quickly as possible.

When you use the chatbot for the first time, a randomly generated “universally unique identifier” (UUID) will be assigned to you. The UUID is stored in your browser until you erase your browser history. If you want to use the bot again after deleting your browser history, a new UUID will be randomly generated. In this case, you may have to re-enter any answers you previously clicked on or any questions and other information you previously entered. When you use the bot again, your browser will transmit the UUID to the bot. This allows you to continue a previously interrupted conversation, search, or input in the bot at any time (similar to setting cookies on websites). Any conversations, searches, or inputs you started are also created and stored in your browser events. To help us constantly improve the bot, we record events such as “bot was displayed” and click events such as “user clicked on answer X”. For this purpose we use conversation IDs, which are generated within the bot’s database in a similar way to the UUID. They are used as an object identifier and are integral to the design of the bot, as database entries require a unique identifier. Both IDs are used exclusively to ensure smooth support and the continuous quality improvement of the chatbot. In addition, we store the device model and the operating system of the device in order to be able to detect and rectify device-specific errors. The data entered using the chatbot is collected by our service provider (Dixa GmbH, Tempelhofer Ufer 1, D-10961 Berlin) and made available to the BVG for evaluation.

The chatbot hands over the data entered in the text input boxes to the Customer Care Tool (seealso VI).

2.   Contact via contact form

If you contact us using the contact form of the chatbot we will save the reason for your contact, your email address, and your name for the purpose of responding to your questions.

The legal bases for the data processing operations set out above are Articles 6(1)(b) and (f) of the GDPR. Article 6(1)(b) of the GDPR is the legal basis for processing requests from customers with whom we have a contract. In addition, we have a legitimate interest in ensuring a smooth customer service experience. We also use your data to ensure that our services function properly and to improve and expedite our data processing processes, e.g. by means of optimised assignment functions.

If the reason for data processing ceases to apply, all personal data you have entered will be erased. This, however, does not apply to data that is required for contract processing or is subject to statutory retention periods (e.g. for tax reasons).

3.   Contact via email

If you contact us by email we will save the reason for your contact, your email address, and your name for the purpose of responding to your questions. To allow us to diagnose and correct errors, the following technical information is also collected: device model, operating system (iOS or Android), app version, device type, customer number, Error Log and Full Crash Log.

The legal bases for the data processing operations set out above are Articles 6(1)(b) and (f) of the GDPR. Article 6(1)(b) of the GDPR is the legal basis for processing requests from customers with whom we have a contract. In addition, we have a legitimate interest in ensuring a smooth customer service experience. We also use your data to ensure that our services function properly and to improve and expedite our data processing processes, e.g. by means of optimised assignment functions.

If the reason for data processing ceases to apply, all personal data you have entered will be erased. This, however, does not apply to data that is required for contract processing or is subject to statutory retention periods (e.g. for tax reasons).

VI.    Disclosure of your data

Contracted service providers Personal data may be disclosed to our contracted service providers for processing in accordance with the purposes for which it was originally provided, e.g. to provide offered services, evaluate user behaviour on our website and app, or for technical support. Under statutory agreements (Article 28 of the GDPR), we contractually oblige our contracted service providers to use personal data solely for the agreed purposes and not to disclose your personal data to other parties without our consent, unless this is required by law. We make use of the following external service providers to process your data:

• Dixa GmbH (Tempelhofer Ufer 1, 10961 Berlin, Germany) – provision of the chatbot (see D.V.).
• RingCentral Engage Digital (RingCentral Engage Digital, 32 rue de Trévise, 75009 Paris, France) – customer care tool.
• SYSTEMTECHNIK GmbH, (Wielandstraße 12, 99610 Sömmerda, Germany) – development of the Ticket app front end and background system, where ticket purchases are saved (see retention periods).
• akquinet AG – (Paul-Stritter-Weg 5, 22297 Hamburg) – provision of single sign-on. Single sign-on makes it possible to access our various products with one-time registration, e.g. the BVG Account on our website, the Fahrinfo app, the Jelbi app, and the Ticket app. For this purpose we process the data categories in accordance with the information on the registration process (see also D.III.1.). We use the solution provided by akquinet for this purpose.
• Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland) – use of Google Analytics. We use Google Analytics for tracking and analysing user behaviour regarding the use of the Ticket App. For Google Analytics, data about the use of the app, such as app version, device information, location data, user ID and information on individual requests within the app (events) are processed. The data is used to analyse user behaviour and to help make decisions regarding product and marketing optimisation based on the results. The legal basis is your consent (Art. 6 (1) a) DSGVO).
• Google acts as our processor pursuant to Art. 28 DSGVO, however, it is not excluded that Google uses the tracking and analysis data obtained from you for its own purposes, e.g. for profiling and for linking with other data available at Google, such as your Google Account data. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. In this respect, we have no effective means of control. If you agree to tracking and analysis, then you also consent to your data being sent to the USA. The USA is considered to be a country with an insufficient level of data protection according to EU standards. There is a risk that US authorities can access your data even without legal protection.

We also disclose data to the following third parties, which act as separate controllers when processing the data:

1.   LogPay Financial Services GmbH

When using any payment method, except PayPal (i.e. SEPA direct debit, credit card, prepaid, Amazon Pay), your customer data (first name and surname, date of birth, address, gender, email address) will be transmitted to our external financial services provider (currently LogPay Financial Services GmbH, Schwalbacher Straße 72, 65760 Eschborn, referred to below as “LogPay”). The payment method data (account details, credit card details, information on your ticket purchases) is collected directly by LogPay, as claims against you are assigned to LogPay when you purchase a ticket.

When paying via the express checkout with Google Pay, Apple Pay, or PayPal, we will also collect your payment information and transmit it to LogPay. The legal basis for the data transmission is Article 6(1)(b) and (f) of the GDPR. We have a legitimate interest in outsourcing the handling of payments and the management of claims for the purpose of efficient invoicing.

LogPay is the sole controller responsible for processing your personal data. More information on how LogPay processes data can be found at https://www.LogPay.de/DE/datenschutzinformationen.

Please note: as set out in these policies, if you are not yet a customer of LogPay, LogPay will transmit your data to credit agencies (e.g. Schufa) in order to check your details and creditworthiness to prevent payment defaults.

2.   PayPal

You can pay for purchases in the Ticket app using the online payment service provider PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A.., 22-24 Boulevard Royal, L-2449, Luxembourg (referred to below as “PayPal”). If you select PayPal as your payment method, you will be redirected to the PayPal website and the personal data you have entered will be transmitted to PayPal in encrypted form. These data include your name, your address, your telephone number, your IP address, your email address, and order amount.

PayPal is the controller responsible for processing your personal data. The legal basis for the data processing when using PayPal is Article 6(1)(f) of the GDPR. We have a legitimate interest in offering you a wide range of payment options and outsourcing payment processing.

If required for the purpose of completing the order, PayPal may also disclose data to third parties. PayPal will also transmit personal data to credit agencies, e.g. SCHUFA, in order to establish your identity and creditworthiness.

More information on how PayPal processes data can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

3.   Google Maps

We use the Google Maps service via an API. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland)  (“Google”). Google Maps can easily and accurately determine the location of a user and thus allow us to suggest a starting stop or station. Information regarding the starting stop or station is only relevant to single tickets. Your IP address must be disclosed to use Google Maps functions. This information is typically sent to and stored on Google servers in the USA. We have no influence over this data transmission.

Google Maps opens if you tap the “Starting stop” button during your ticket purchase. This is done in the interest of increasing the attractive and ease of use of our app, and represents a legitimate interest as set out in Article 6(1)(f) of the GDPR. We assume that an increase in user-friendliness is also in your interest. More information on how Google handles user data can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy. Instead of Google Maps, you may tap on the location icon to enter your starting stop or station via GPS positioning.

4.   Disclosure of personal data to the authorities

We will only transmit your personal data to public authorities if the information is requested on the basis of statutory requests for information or if the BVG is otherwise legally obliged to transmit the data (Article 6(1)(c) of the GDPR).

5.   Disclosure of data within the BVG

We reserve the right to allow another company in the BVG Group to operate the Ticket app in the future; in the event of such a change of operator, user data will also be disclosed to the new operator. The new operator will then assume all relevant rights and obligations and process personal data in accordance with this privacy policy.

VII.    Transfer of personal data to third countries

Please note that data processed in other countries may be subject to foreign laws and may be accessible to the governments, courts, law enforcement authorities, and regulatory authorities of those countries. If your personal data is transferred to third countries, however, we will take appropriate measures to adequately secure your data.

Unless an adequacy decision has been adopted by the EU Commission for the recipient country, the transfer of your data to a third country is protected by the fact that EU standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) have been concluded with the recipient or that binding corporate rules exist. Otherwise, the data will only be transferred if a derogation pursuant to Article 49 of the GDPR is applicable.

The App Clip is a reduced version of the ticket app exclusively for iOS users. The App Clip can only be downloaded via a QR code scan or a link. The App Clip can only be used if the ticket app is not already installed on the mobile device. Further information on the Apple App Clip can be found at https://support.apple.com/de-de/guide/iphone/iphb3a73ec53/ios.

The App Clip will automatically delete itself from your end device if you have not used it for 30 days.

During the usage period, the data mentioned in chapter D IV 1. will be processed.

Upgrade to the ticket app

You can switch from the App Clip to the full version of the Ticket App at any time and download it from the App Store. If the App Clip is still installed on the end device, the App Clip can transfer the data mentioned in Chapter D. VI. 1. as well as the following data to the full version of the Ticket App via a locally shared data container:

• First name
• Last name
• Active ticket (if available)
• Ticket history
• Payment type

If the App Clip has already been deleted during the installation of the full version, no data will be transferred, as it has already been removed from your end device. If you need an invoice for a purchase via the App Clip, have questions or suggestions, please contact appsupport@bvg.de.

Your personal data will be stored as long as it is necessary for the fulfilment of the specific purpose. Subsequently, your data will be erased, unless there are legal obligations to retain the data beyond this time or there is legal justification to do so. The following time limits for storage and erasure generally apply:

• Starting stop search history: The data is stored locally on the user’s device. If the user erases/uninstalls the app, this data is also removed from the device.
• Customer account data: Storage while account is active
• Ticket purchase data: Storage for 10 years
• Data on selected payment method: Storage while account is active
• Data from customer service queries: Storage for a maximum of three years following handling of the request (time starts at end of respective calendar year)

Depending on the circumstances in your specific case, you have the right

• to obtain access to the personal data processed by us and/or request copies of these data. This includes information concerning the purpose of usage, the category of data used, their recipients and authorised users, and, where possible, the planned period for which the data will be stored or, if that is not possible, the criteria used to determine that period;
• to request the rectification, erasure, or restriction of processing of your personal data, provided that its use is impermissible under data protection law, in particular because (i) the data is incomplete or incorrect, (ii) the data is no longer required for the purposes for which they were collected, (iii) the consent on which processing is based was withdrawn, or (iv) you have made use of your right to object to processing of your personal data; in cases in which the data is processed by third parties, we will forward your request for rectification, erasure, or restriction of processing to these third parties, unless this proves to be impossible or would involve disproportionate effort;
• to refuse consent or – without affecting the lawfulness of data processing carried out prior to withdrawal – to withdraw your consent to the processing of your personal data at any time;
• to request the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us; you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible;
• to take legal action or appeal to the data protection supervisory authorities, if you are of the opinion that your rights have been infringed due to processing of your personal data that is not in compliance with data protection regulations.

You also have the right to object to processing of your personal data at any time, free of charge, and with effect for the future:

• where we process your personal data for direct marketing purposes
• where we process your personal data in pursuance of our legitimate interests and on grounds relating to your particular situation

If you have any questions, suggestions, or comments on the topic of data protection, please feel free to contact our data protection officer.
Contact information:

Data protection officer

Berliner Verkehrsbetriebe (BVG)
Anstalt des öffentlichen Rechts
Holzmarktstraße 15–17
10179 Berlin, Germany

or

datenschutz@bvg.de.

You can also contact the supervisory authority responsible for Berlin in all questions relating to data protection:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59 - 61 (Visitor entrance Alt-Moabit 60)
10555 Berlin
Phone: +49 (30) 13889-0
Fax: +49 (30) 2155050
E-mail: mailbox@datenschutz-berlin.de