The protection of your personal data is very important to us. In the sections below, we would like to briefly explain how we protect your data and what it means for you when you make use of our online services.
The protection of your privacy is of the greatest importance to us. In accordance with the applicable regulations on the protection of personal data, all personal data which is produced is only collected, processed and used for the purpose of performing the contract and pursuing our legitimate business interests by advising and supporting our customers and tailoring our products to meet their needs. It therefore goes without saying that we comply with the applicable statutory regulations, such as the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Bavarian Data Protection Act (BayDSG).
It is also important that you are aware at all times of the data which we store and of the way in which we use it. If you have any questions, suggestions or comments relating to data protection, please do not hesitate to contact us by sending an email to email@example.com.
VGN and VAG are committed to complying with all statutory data protection regulations. Compliance is monitored by the data protection officer.
VAG Verkehrs-Aktiengesellschaft Nürnberg
Südliche Fürther Str. 5
Telephone: 0911 283-4646
Fax: 0911 283-4800
Personal data is any information concerning personal or material circumstances which enables an individual to be directly or indirectly identified. This includes information such as your name, your email address, IP address, your postal address or your telephone number. This does not apply to information which is not directly associated with your true identity, such as the number of people using a website.
In compliance with statutory regulations a distinction is made between personal data which is classified as "master data" or "usage data".
Users are all those persons who make use of the mobile application (app) or the VGN online shop.
Data collected by the VGN Journey Planner & Tickets app
You can use the VGN Journey Planner & Tickets app to retrieve timetable information and to buy tickets.
Downloading the app
When you download the app, the required information is transferred to the app store you are using (Apple App Store or Google Play Store) – notably, your user name, email address, the customer number for your account, the download date and time, payment information, and your individual device identifier. We have no control over what data these app stores gather, and cannot take responsibility for them. We process these data only so far as is necessary in order to download the mobile app to your mobile device. You can find out more information in the app store operators’ data privacy policies:
- for the Apple App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, available at https://www.apple.com/de/privacy/privacy-policy/, and
- for the Google Play Store: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, available at https://www.google.de/intl/de/policies/privacy/.
Our VGN Fahrplan & Tickets app uses the “Firebase” tracking service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Firebase uses tracking technology that makes it possible to analyse your use of our app for such purposes as performance monitoring, error logs and user behaviour analyses – for example, which screens you navigate to, what functions are used, and how often. Firebase is used in our app to analyse crashes (“crashlytics”) so that we can regularly add improvements to the app. This data is processed on the legal basis of Art. 6(1)(f) of the GDPR, as we have a legitimate interest in analysing, optimising and cost-effectively operating our app, and it is necessary to process data in order to pursue these interests.
Firebase gathers information about how our app is used, and transmits it to Google in Ireland or the USA, where it is stored. Data are gathered and sent to Firebase only in anonymised form. They are not linked to other user data.
Google will use this information to analyse your use of our app, and to provide us with further services associated with app use.
Google has adopted the EU-US Privacy Shield for personal data transferred to the USA: www.privacyshield.gov/participant.
You can find out more about Google Firebase and data protection at www.google.com/policies/privacy/ and firebase.google.com.
The following rights are needed in order to call up timetable information:
Unlimited internet access
Access to the internet is needed to allow the app to connect to the information system servers.
Read contact data
You can change the settings of the VGN Journey Planner & Tickets app to give it access to your contacts to make it easier for it to use the addresses stored there as places from which to start or at which you will end your journey. When a contact is selected only the selected address is sent to the VGN information system. Our timetable information cannot tell whether the address has been taken from your contacts or has been entered manually.
The default setting when the app is installed is for access to your contacts to be deactivated. You may be required to agree to provide this permission prior to installation whether you activate access to your contacts or not.
Read call log
With Android Version 2 only one permission was needed to read contacts and to access the telephone list. Read call log permission is needed if you wish to install the app on these older Android versions.
The call log is not accessed.
Permission for the diary is needed so that you can store a connection in the diary.
You can also use VGN Journey Planner & Tickets to see which are nearest stops to where you are. You can also enter your current location as the starting point of the connection. The app will need access to the location function in order to do this.
The apps for Android and iOS have their own map. Map tiles are downloaded and stored on your smart phone once to cut down on data volumes and to speed up the display of maps. You can have these map tiles deleted from the app at any time. Permission for read and write access to local storage is therefore required.
Unfortunately some platforms group app permissions into groups of related permissions so that, in some cases, the app has to request more rights than it actually needs. Android, for example, grouped access to photos/media/files under a single permission.
The app can be used to store calculated journeys in a diary or, e.g., to send them to 3rd parties by email or WhatsApp. The available functions depend on the services which have been installed in the smart phone and are subject to the applicable data protection principles. Access to diaries is write only and existing entries are therefore not read out. Contact data are only used to send messages; data are not processed further by applications or servers, nor are data stored.
Buying tickets on the VGN Online Shop and with the VGN Fahrplan & Tickets app
Verkehrsverbund Großraum Nürnberg GmbH (VGN) has contracted the operating of the VGN Online Shop to VAG Verkehrs-Aktiengesellschaft Nürnberg (VAG). This means that tickets are sold by VAG. Customers therefore contract with VAG.
You will need to register if you wish to buy tickets using the app or on the VGN Online Shop The data protection regulations and the VGN Online Shop general terms and conditions apply as soon as you have registered.
If you do not wish to register, you can buy tickets through other sales channels. All the available purchase options are detailed here.
When you register you will be asked to provide your name, your date of birth, your email address and your postal address (or alternatively a delivery address). You can change the information you provide when you register in your personal account at any time.
Any personal information you provide with your registration will only be collected, processed and used for the purpose of performing the contract in compliance with Art. 5 GDPR. Information is only passed on to third parties if this is necessary for the purpose of performing the contract, settling accounts or if you have given your permission in advance.
Processing of payment
We pass on your personal data (first name, last name, date of birth, address, email address, account details, credit card data, mobile phone data, if applicable, and data on your ticket purchases) and all other changes to LogPay Financial Services GmbH for the purpose of selling and assigning our claims against you that have arisen in connection with your ticket purchase. This process is covered by Art. 6 para. 1 p. 1 f of GDPR. Our legitimate interest relates to the outsourcing of payment processing and the management of receivables. The legitimate interest of LogPay Financial Services GmbH involves the collection of data for the purpose of processing payments, managing receivables, assessing the permissibility of types of payment and avoiding payment risks.
You can revoke permission to transfer this data to LogPay Financial Services GmbH at any time but then it is no longer possible to place orders via the electronic sales channel.
You can access the data protection information for LogPay Financial Services GmbH at https://landingpage.logpay.de/mobility_dsgvo_2018/
Art. 6 para. 1 f GDPR is the legal basis for transferring data relating to receivables. Here the "justified interest of a third party" exists, as has been ruled in the high court (FCJ, NJW 2011, 2204, 2206), that an information service and "the provision of information on creditworthiness is of considerable importance for the economy to function".
Appropriate attention is paid to your legitimate needs when using your personal information.
Web analysis and tracking
Data generated with etracker is processed and stored by etracker on behalf of this website provider. This is undertaken exclusively in Germany and is thus subject to the strict German and European data protection legislation and standards. etracker has been independently inspected, certified and awarded the ePrivacyseal quality seal.
The legal basis for processing data relies on Art. 6 para. 1 f (legitimate interest) of the EU General Data Protection Regulation (EU-GDPR). Our legitimate interest consists in optimising our online offer and our website. As our visitors' privacy is particularly important to us, etracker anonymises the IP address at the earliest possible opportunity and login and device identifications at etracker are converted to a unique code but not one that can be linked to a person. etracker does not use data in any other way, combine it with other data or pass it on to third parties.
You can revoke permission for data to be processed in this way at any time, providing it is related to a person. Your objection will not result in any disadvantages for you....
If you delete your cookies, the objection cookie will also be deleted. You must object to data being collected and stored again in order to deactivate data collection and storage.
If you visit our website, it is likely that we will store information on your computer in the form of cookies. Cookies are small files transferred by an internet sever to your browser and then stored on your computer's hard disk. Only the Internet Protocol address is stored: no personal data is stored for this. This information stored in the cookies ensures that, when you next visit our website, you will automatically be recognised, which will make it easier for you to use our site.
You can, of course, visit our website without accepting cookies. If you do not wish your computer to be recognised the next time you visit the site, you can also block cookies by changing the settings on your browser to reject cookies. You will find the procedure for doing this in the instructions for your browser. However, if you block cookies, it may restrict functionality for how you use some areas of our website.
Whenever you buy a ticked using the VGN Journey Planner & Tickets app you also have the option of identifying your point of departure using the current location.
We have taken technical and administrative security measures to protect your personal data from loss, irreparable damage, tampering and unauthorised access. All our employees and all service providers who work for us have committed to adhere to the current data protection laws.
Whenever we collect and process personal data, this data is encrypted before it is transferred. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are continuously being revised. Please make sure that you have the latest version.
Your right to data correction, deletion, limitations in the processing and transmission of data, and objection
If you have given us your personal data, you can at any time have this corrected (Art. 16 GDPR), deleted (Art. 17 GDPR) or limit its processing (Art. 18 GDPR). In addition to this, you have the right to data portability (Art. 20 GDPR) and a right to object to matters relating to the processing of your personal data (Art. 21 GDPR). Just send an email to firstname.lastname@example.org
Your right to information
You have the right as set out in Art. 15 GDPR to be provided with a summary of the information stored on you at any time (section 34, Federal Data Protection Act, Provision of information to the data subject).
How secure are our transactions on the internet?
We have been using established SSL (Secure Socket Layer) technology with our web sales for many years. We use this technology to encrypt all your personal and payment data, such as address data, credit card number or account number, to prevent others from gaining access to your data during a purchase transaction.
Our right to revise this policy with prior notice
We retain the right to modify this policy at any time in compliance with data protection rules. If you have any further questions, please send an email to email@example.com.
Data protection officer and complaints procedure
All interested parties and visitors to our website can contact us about data protection issues at:
VAG Verkehrs-Aktiengesellschaft Nürnberg
Data protection officer
Südliche Fürther Straße 5
Telephone: 0911 283-4646
Fax: 0911 283-4800
Under Article 77 GDPR you also have the right to raise complaints with the relevant data protection supervisory authorities for your federal state.
Last updated: 18/12/2018