Privacy statement

DB Systel GmbH, Jürgen-Ponto-Platz 1, 60329 Frankfurt am Main, Germany, collects and processes your data as the data controller. 

The appointed data protection officer is Mr. Gerald Freitag. 

If you have any questions or comments regarding privacy, please use the following details to contact us:

DB Systel GmbH, Der Datenschutzbeauftragte, Jürgen-Ponto-Platz 1, 60329 Frankfurt am Main, E-Mail: db.systel.datenschutz@deutschebahn.com.

We collect and process your data for specific purposes only. These purposes may result from technical requirements, contractual obligations or express wishes of the user.

When you use the internet access service, the following data is processed in order to set up and maintain the service and to provide the service in accordance with the contract:

• MAC address of the access device 
• allocated connection number
• IP address used to connect the access device to the internet
• start and end of the relevant connection (date and time) as well as the corresponding usage time 
• the volume of transmitted data incl. average packet size
• technical features for setting up/terminating the connection
• name of the corporate department to which the access point used is assigned
• type of hardware and manufacturer of the access device 
• identification data of the operating system used
• identification data of the browser used
• language and time zone of the browser used

The MAC address of the access device used is processed for the simplified RE-LOGIN service pursuant to Clause 3 of the General Terms and Conditions of Trade (GTC).

If we obtain your consent to perform processing operations on your personal data, this consent serves as the legal basis required under Article 6 (1) (a) GDPR.

If we process personal data that is required in order to perform a contract that we have concluded with you, the said contract shall form the legal basis required under Article 6 (1) (b) GDPR. Article 6 (1) (b) GDPR also applies to processing operations that are required in order for us to take steps prior to entering into a contract; for example, in the event of enquiries relating to our products or services. 

For the purposes of technical realisation, we may need to deploy processors, who are obliged to follow instructions. In such cases, DB Systel GmbH shall remain responsible for the processing of your data. 

In addition, in order to establish internet access, data will be shared with other independently responsible telecommunications network operators in order to set up and/or maintain telecommunications connections (e.g. as part of establishing internet access). Any other transmission of your data only takes place where you have given your express consent or on the basis of a statutory requirement. Data will not be transferred to third countries outside the EU/EEA or to an international organisation.

We store your data only for as long as necessary in order to fulfil the purpose for which the data was collected (for example in the context of a contractual relationship), or to comply with statutory requirements. The data is deleted after 7 days. 

• You can request information as to what personal data relating to you has been stored.
• You can require us to correct, delete or restrict (block) the processing of your personal data, provided these actions are permitted by law and in compliance with existing contractual conditions.
• You have the right to file complaints with a supervisory authority. The supervisory authority responsible for DB Systel GmbH is: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Poststelle@datenschutz.hessen.de
• You have the right to portability of the data which you have made available to us on the basis of consent or a contract (data portability). 
• If you have given us your consent to process your data, you can withdraw this consent at any time, using the same methods that you used to give your consent. Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.
• You have the right, on grounds relating to your particular situation, to opt out of the processing of personal data concerning you that is based on our legitimate interest or is necessary for the performance of a task carried out in the public interest.

To exercise this right, simply send a letter to the above-named controller or an e-mail to db.systel.datenschutz@deutschebahn.com.