Thank you for visiting our website www.tolltickets.com and for your interest in our company and our services. Despite carefully reviewing their content, we cannot accept any liability for external links to third party websites as we have not initiated the transmission of such information, and have not selected or modified the receiving party for the transmitted information or the transmitted information itself.
Protecting your personal information which is collected, processed, and used when you visit our website is an important concern. We collect, process, and use your personal data in accordance with the law, which you can obtain more information about on www.bfd.bund.de.
In the following document, we will explain the kinds of information we collect when you visit our website, and how we use it:
1. Collecting and saving personal data, and the type and purpose of data usage
a) When you visit our website
Each time a customer (or other visitor) accesses our website, the web browser they use on their device (computer, laptop, tablet, smartphone, etc.) automatically transmits information to our website servers. This information is temporarily saved in a log file (protocol file).
The following data is recorded without any action on your part, and is saved until it is automatically deleted:
We have a justifiable interest to collect data according to Art. 6 para. 1 clause 1 lit. f GDPR for the following purposes: To ensure a smooth connection and comfortable use of our website, to evaluate system security and stability, and for other administrative purposes.
We will never use collected data to draw conclusions about you personally.
b) When using our contact form
If you have questions of any kind, you may contact us using the contact form provided on our website. You must provide at least the following information when doing so: Travel destination, name and e-mail so we know who the inquiry comes from and can answer it. Further information may be provided voluntarily.
Data processing for the purpose of contact with us is completed according to Art. 6 para. 1 clause 1 lit. a GDPR based on your freely granted consent.
Personal data collected by us to use the contact form is automatically deleted after we have finished answering your inquiry.
c) When concluding a contractual relationship
When concluding a contractual relationship on our website, we request the following personal information from you:
This data is processed to carry out the contractual relationship. Data is processed based on Art. 6 para. 1 lit. b GDPR. The term for which data is saved is restricted to the contractual purpose and the legal and contractual retention deadlines, if applicable.
d) Use of payment service providers
We also work with payment service providers to process contracts concluded with us that require payment. We transmit your payment information as part of the payment processing procedure – in order to complete your payments – to commissioned payment service providers when necessary. The legal basis for transmitting your data is Art. 6 para. 1 lit. b GDPR.
e) Obtaining credit reports
tolltickets regularly checks your credit status on contracts and in certain cases where there is a legitimate interest. Therefor we cooperate with Creditreform Rosenheim Karl & Kollegen KG, Oberaustraße 16, 83026 Rosenheim, from whom we receive the necessary data. For this purpose, we will send your name and contact details to Creditreform. Further information on the data processing at Creditreform can be found in the detailed information sheet “Creditreform Information gem. Art. 14 EU-DSGVO” which you can find at www.creditreform-rosenheim.de/EU-DSGVO.
2. Transmission of personal data
Your data is never transmitted to third parties for reasons other than the following.
We only transmit your data to third parties if:
In such cases, however, the scope of data transmitted is restricted only to the necessary minimum.
Our Data Protection Provisions conform to applicable data privacy laws, and data is only processed in the Federal Republic of Germany / European Union. Data is not transmitted to third party countries, nor do we intend to do so.
3. Rights of data subjects
Upon request, we will be happy to inform you whether and what personal information we have saved on you (Art. 15 GDPR), in particular regarding the purposes of processing, categories of personal information, categories of recipients to whom your data was or will be disclosed, planned storage terms, the existence of a right to correct, delete, restrict processing, or object to use of your data, the existence of a right to submit complaints, the origin of your data if we did not collect it, as well as regarding the use of automated decision-making processes and profiling.
You also have the right to correct any incorrect personal information collected or to supplement incomplete collected data (Art. 16 GDPR).
Furthermore, you have the right to request that we restrict processing of your data if there are legal requirements in this respect (Art. 18 GDPR).
You have the right to receive your personal information in a structured, accessible, and machine-readable format or to request it be transmitted to another responsible entity (Art. 20 GDPR).
Furthermore, you have the “right to be forgotten,” meaning that you can request we delete your personal information if the legal requirements are fulfilled (Art. 17 GDPR).
Independent of this, we automatically delete your personal information if the purpose of data processing is eliminated or if data was processed improperly.
According to Art. 7 para. 3 GDPR, you have the right to revoke any consent you have granted to us at any time. If you do so, we will no longer be able to carry out data processing based on this consent in the future.
You also have the right to object to processing of your personal information at any time, if your right to object is stipulated by law. If you effectively object to such processing, we will automatically delete your personal information (Art. 21 GDPR).
If you would like to assert your right to object or right to submit complaints, please send an e-mail to: email@example.com.
In case of violations against data privacy law provisions, according to Art. 77 GDPR you may submit complaints with a supervising authority.
4. Duration of data storage
We save collected data as long as this is necessary to carry out any agreements concluded with us, or as long as you have not exercised your right to deletion or your right to transfer data to another company.
We use session cookies to detect if you have already visited sub-pages of our website in the past. If you have registered with us, your password is saved on our website while you visit the site and switch between sub-pages, so you don’t have to enter it each time. These session cookies are automatically deleted after you leave our website.
We use temporary cookies to optimize user-friendliness. These are saved on your device for a set period of time. If you visit our page once again to take advantage of our services, these cookies automatically detect you have visited in the past and recall your inputs and settings so you do not have to enter them once again.
Java Applets and Java Script are used to provide our web services. If you would like to deactivate these programs or active content for security reasons, you should deactivate the relevant settings in your browser.
We offer you the opportunity to register for our free newsletter via our website. We use rapidmail, a service of rapidmail GmbH, Augustinerplatz 2, 79098 Freiburgi.Br., Germany, hereafter referred to as ‘rapidmail’, to send our newsletter.
Rapidmail guarantees that the General Data Protection Regulation (GDPR) are observed when processing personal data. In addition, rapidmail offers further information regarding data protection at https://www.rapidmail.com/data-protection.
If you register for our newsletter, the data requested during the registration process, such as your e-mail address and your name, will be processed by rapidmail. In addition, your IP address and the date and time of your registration will be stored. As part of the following registration process, your consent will be obtained for the newsletter to be sent, its content will be described in detailed terms and reference will be made to this data protection declaration.
The newsletter subsequently sent via rapidmail also contains a so-called pixel tag, also known as ‘web beacon’. With the help of this pixel tag we can evaluate whether and when you have read our newsletter and whether you have followed any links contained in the newsletter. Further technical data, such as the data of your computer system and your IP address, are stored by rapidmail, so that we can optimise our newsletter offer and respond to our readers’ wishes. The data will therefore contribute to increasing the quality and attractiveness of our newsletters.
The legal basis for the dispatch of the newsletter and the analysis is Art. 6 (1) lit. a.) of the GDPR.
In accordance with Art. 7 (3) of the GDPR, you may revoke your consent to the sending of the newsletter at any time. All you have to do is inform us of your revocation or click on the unsubscribe link contained in each newsletter.
7. Online marketing / analytic tools
We use tracking measures in accordance with Art. 6 para. 1 clause 1 lit. f. GDPR, Sec. 15 para. 3 Telemedia Act (TMG). We use these tracking measures to design our website based around user needs and ensure ongoing optimization. We furthermore use tracking measures to record statistical information on the use of our website and to analyze and optimize our web services. These interests are considered justified in the sense of the above regulations.
Google Adwords / Conversion Tracking
We also use the online advertising program “Google AdWords” and conversion tracking. Google conversion tracking is an analytic service provided by Google. If you click on an ad displayed by Google, a conversion tracking cookie is saved on your device. These cookies become invalid after 30 days, do not contain any personal information, and cannot be used to personally identify you. If you visit specific pages on our website and the cookie has not yet expired, Google and we can detect you clicked on the ad and were transferred to this page. Every Google AdWords customer receives a unique cookie. This means cookies cannot be tracked across the websites of different AdWords customers. The information obtained using conversion cookies is used to prepare conversion statistics for AdWords customers who have elected to participate in conversion tracking. Customers learn the total number of users who clicked on the ad and were transferred to a page with a conversion tracking tag. However, they do not receive information that could be used to personally identify the user. We have a justifiable interest in data processing in relation to these purposes. The legal basis for using Google Adwords / conversion tracking is Sec. 15 para. 2 Telemedia Act (TMG) in conjunction with Art. 6 para. 1 lit. f GDPR.
If you do not want to participate in tracking, you can object to this use by changing the settings in your browser software to prevent cookies installed by the domain “googleadservices.com” (deactivation option). You will then no longer be included in conversion tracking statistics. Further information and the Google Data Privacy Declaration are available at: www.google.com/policies/technologies/ads/, www.google.de/policies/privacy/.
Our website uses the “G+1” button for the Google+ social network provided by Google. You can recognize the Google+ plug-in by the word “Google+” or the characters “G+1.” if you click on this plug-in, this creates a connection to Google Plus servers. Plug-in content is transmitted directly from Google to your browser, and your browser integrates it into the website. This means information that you have visited our website is transmitted to Google+.
We hereby inform you that we, as the page providers, do not have any information regarding the content of data transmitted or its use by Google+. According to Google, no personal information is collected if you do not click on the plug-in. If you are logged into your Google+ account, data including your IP address are collected and processed. If you would like to prevent such data transmission, you should log out of your Google+ account before vising our website.
Social plug-ins from the social network Facebook are used on our website, operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”). When you open our website with the plug-in, this creates a direct connection to Facebook servers through your browser. This connection is used to transmit information to Facebook that you accessed the page.
If you are logged into your Facebook account, clicking the plug-in directly associates your visit to our website with your profile. Even if you do not have a profile, it is possible that Facebook saves your IP address.
If you are a Facebook member and do not want Facebook to collect data on you through our website and link it to your member data saved at Facebook, you must log out of your user account before visiting our website and delete relevant Facebook cookies. You can also block Facebook social plug-ins with browser add-ons, such as the “Facebook blocker.”
Our website also integrates functions of the web service Twitter. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Using Twitter and the “re-tweet” function links websites you visit to your Twitter account and discloses these websites to other users. Data is also transmitted to Twitter during this process. We hereby inform you that we, as the page providers, do not have any information regarding the content of data transmitted or its use by Twitter. You can find further information on this topic in the Twitter data privacy declaration at twitter.com/privacy. You can change your data privacy settings on Twitter in your account settings at twitter.com/account/settings. Please log out of your Twitter account before visiting our website to prevent Twitter from collecting data on your visit. You can prevent Twitter’s general access to your data via websites by excluding Twitter social plug-ins using a browser add-on (such as “Twitter blocker” disconnect.me).
In order to inform prospective customers as much as possible and helpful and to constantly improve our service, we use the service spoteffect of the German company XAD spoteffects GmbH, Knorrstr. 69, 80807 Munich, Germany.
In this process, individual pages are hosted by webeffect for activities or advertising campaigns and an evaluation of the activities of the interested parties is transmitted. Your browser communicates directly with webeffects so that your IP address is transmitted and cookies can be set.
Also all information that is entered by the user on these websites are stored by webeffects.
For more information about webeffects and privacy protection at webeffects, see: www.spoteffects.de/footer/impressum/#c730.
8. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We use reCAPTCHA to determine whether data input on our website (for instance into a contact form) was entered by a human or an automated program. To do so, reCAPTCHA analyzes the behavior of website users based on different features. This analysis starts automatically once the website visitor accesses the page. reCAPTCHA uses different information to analyze their visit (such as the visitor’s IP address, time spent on the website, or mouse movements made by the user). Data recorded during the analysis are transmitted to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not informed that analysis is taking place.
Data is processed based on Art. 6 para. 1 lit. f GDPR. The website operator has a justifiable interest in protecting its web services from misuse through automatic spying and SPAM.
For further information on Google reCAPTCHA and the Google Data Privacy Declaration, please see the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.
Google Web Fonts
This pages uses web fonts provided by Google to ensure fonts appear uniform across the entire page. When you access our page, your browser uploads the required fonts to your browser cache to display text and fonts correctly.
Your browser must connect to Google servers for this purpose. This means Google receives information that your IP address accessed our website. Google web fonts are used to ensure our online pages are displayed in a uniform and attractive manner. We have a justifiable interest in doing so according to Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, your computer will display a standard font.
Further information on Google web fonts is available at developers.google.com/fonts/faq and in the Google Data Privacy Declaration: www.google.com/policies/privacy/.
This page uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address must be saved to use the Google Maps function. Typically, this information is transmitted to a Google server in the USA and saved there. The provider of this website has no influence over this data transmission.
Google Maps are used in order to provide an attractive online service and to make it easier for users to find locations we indicate on the website. We have a justifiable interest in doing so according to Art. 6 para. 1 lit. f GDPR.
For more information on how user data are handled, please see the Google Data Privacy Declaration: www.google.de/intl/de/policies/privacy/.
We have taken all necessary technical and organizational security measures to save your personal information so it is not accessible to either third parties or to the general public. If you want to contact us via e-mail, we would like to note that it will not be possible to fully guarantee the confidentiality of transmitted information using this communication method. Therefore, we recommend you send confidential information to us exclusively via postal mail.
Updates and changes to this Data Privacy Declaration
This Data Privacy Declaration is current and valid.
We may need to amend this Data Privacy Declaration due to further developments of our website and services, or due to changed legal or official regulations. You can always access and print out our current Data Privacy Declaration at the www.tolltickets.com/en/datenschutzerklaerung.
Name and contact information of the entity responsible for processing
This data privacy information applies to data processing by:
tolltickets GmbH Kaiserstraße 28 83022 Rosenheim Germany
Tel. +49 (0)8031 94144-44
Data Protection Officer:
Thomas Neuwert neto consulting Prinzregentenstr. 7 83022 Rosenheim
Tel.: +49 8031 79 87 66 – 0