Data Privacy statement of

The use of our web pages without providing personal data is possible as a general rule. However, if you want to use special services provided by our company via our web page or in our mobile app, it may be necessary to process personal data. If processing personal data is required and there is no legal basis for such processing (for example, carrying out a contractual agreement, we must ask for your consent. In this notice, we will inform you about what data we collect on you, how we use it and how you can raise an objection to the use of the data.

Who is my personal data collected and processed by?
Deutsche Bahn Connect GmbH (DB Connect), Mainzer Landstrasse 169, 60327 Frankfurt am Main, collects and processes your data as the data controller. Ms Chris Newiger has been appointed data privacy officer available 
via E-Mail and
via phone: 030 / 29762557

If you have any questions or comments about data privacy on this website, please contact us via E-Mail or via mail at the address above. If you have any question or comments about the product Call a bike, contact us
via E-Mail or
via phone: 069 42727700

 Legal basis of data processing:
To the extent that we have obtained your consent to process personal data, the legal basis is Article 6 (1) (a) of the General Data Protection Regulation (GDPR). 

When personal data is processed that is required to fulfil a contract agreed with you, the legal basis is the contract in accordance with Article 6 (1) (b) of the GDPR. Article 6 (1) (b) of the GDPR also applies to processing activities that are required in order to perform contract activities prior to the contract, for example in cases where requests are made about our products and/or services.

If our company is subject to a legal obligation when requires the processing of personal data, for example fulfilment of tax requirements, this is considered processing in accordance with Art. 6 (1) (c) of the GDPR.

We are continually improving our offering by saving and analysing user data from online on a pseudo-anonymised basis. The legal basis for this is Art. 6 (1) (f) of the GDPR. 

It is within our interest to maintain the customer relationship with you and to send you information and offers that we believe match your travel wishes and interests. For this reason, we process your data on the basis of Article 6 (1) (f) of the GDPR (also with the help of service providers) to send you information and offers. We use your contact data (last name, first name, postal address) to send advertising by post and for market research if you do not opt out of this kind of use of your data. Likewise, we can also use the e-mail address that you provide to us in the context of our business relationship with you to send targeted advertising.

You can opt out of the use of your data for targeted advertising at any time, taking effect for the
future. You can opt out by sending us an e-mail to

What are my rights as a user of the website or the app?

- You may request information on what data we store about you.
- You can request the correction, deletion and blocking of your personal data as long as this is permitted by law and possible within the scope of an existing contractual relationship.
- You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for Regionalverkehre Start Deutschland GmbH is 
Hessische Datenschutzbeauftragte 
Postfach 31 63
65021 Wiesbaden

- You have the right to portability of the data which you have provided to us based on a declaration of consent or a contract (data portability).
- If you grant us consent to use your data, you can withdraw it at any time using the same method you used to grant it. Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.

You can exercise your rights by sending a letter by post to Deutsche Bahn Connect GmbH, Mainzer Landstraße 169, 60327 Frankfurt
or e-mail us at

 How long do you store my data?

We store your data only for as long as is necessary to fulfil the purpose for which the data was to collected (for example in the context of a contractual relationship), or to comply with statutory requirements. In a contractual relationship, for example, we save your data at least until the contract has been terminated fully. Thereafter, the data will be stored for the statutory storage period.

What data do we collect and how and why do we process your data?

We collect and process your data exclusively for specific purposes. This may include technical requirements, contractual requirements or express user requests.

On our website

When you visit this website, certain device-specific data is collected and processed automatically. In this case, this refers to what are known as server log files that are typically created when you visit a website. As a rule, the following data is transmitted to us via these files:
•IP address
•Date and time of your request
•Time zone difference to Greenwich Mean Time (GMT)
•Content of your request
•Access status/HTTP status code
•Data quantity transmitted
•Website (from which the request came)
•Operating system and its interface
•Language and version of browser software

The use of this website without processing this data is not technically possible.

 Use of cookies

Cookies are small text files used to store personal data. Cookies can be sent to this website when it is called, allowing the user to be identified. Cookies help users to use internet sites more easily.

We differentiate between cookie that are mandatory for the technical functions of the website and those that are not mandatory.

We want to give you the option of making an informed decision for or against using cookies that are not essential for the technical functions of the website. Please note that rejecting cookies designed for commercial purposes means that any advertising you receive will not be as closely tailored to your interests as would otherwise be the case. The use of this website in its entirety will not be affected by this.

This is a notification of how and in what manner cookies are used on our sites:

Generally speaking, it is possible to use without cookies that serve no technical purpose. This means that you can prevent browser tracking by cookies (do-not-track, tracking protection list) or block storage of third-party cookies. In addition, we recommend checking the saved cookies regularly if they are not expressly desired. 

Please note that when you delete all cookies, you are also deleting any opt-out cookies, meaning that you must opt out again.

Cookies that are not mandatory for the use of the site include:

Use of LinkedIn Insight Tag

The LinkedIn Insight Tag of the service provider LinkedIn Ireland Unlimited Company is used on this website. The legal basis for this is Art.6 (1) f GDPR. This function is used to present interest-based advertisements to visitors to our website or users of our advertisements when visiting the social network LinkedIn and to measure the ads played through DB Connect.

If you visit our fan page or use our advertising offers in the LinkedIN timeline, LinkedIn Ireland Unlimited Company, collects, stores and processes your personal data in accordance with its privacy policy. The privacy policy can be found here:

When you visit our pages or click on DB Connect advertisements from your timeline in LinkedIn, a direct connection is established between your browser and the LinkedIn server via the remarketing tags (pixels). LinkedIn thereby receives the information that you have visited our site with your IP address. This enables LinkedIn to assign the visit to our pages to your user account. However, we do not transmit any further personal information (name, e-mail address, etc.) from you. The information obtained in this way can be used by DB Connect or LinkedIn for the display of advertising in order to be able to show you suitable advertisements.LinkedIn members can control the use of their personal data for advertising purposes through their account settings.

For more information on privacy on LinkedIn, see the LinkedIn privacy policy.

Use of Adobe Analytics

In order to be able to optimize our offers comprehensively, we use the web analysis service of Adobe Systems Software Ireland Limited (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). The cookies are being saved for 24 months. The information generated by the cookie is transmitted to an Adobe server in the USA and stored there. With your consent, we use this information to measure and evaluate the use of the website and compile statistics. In this way we can see which sections and texts on our website are read and used and whether the design of our website has an influence on the extent of use.

You can prevent the processing of the data generated by the cookie (including your IP address) by downloading the browser plug-in available at the following link .html.

In our Call-a-Bike-App

Downloading the app
When downloading the app, your user name, e-mail address and customer number, the time of download, payment information and the individual device number are transmitted to the app store. We have no influence on this data processing and are not responsible for it.

Basic functions of the app
For this app to work, it must be able to store and transmit data. For this purpose, it requires the authorisations to change or delete the content of the memory and to retrieve data from the internet. The legal basis is Art. 6 para. 1 lit. b) GDPR.

Default settings (privacy by default) 
Services that are not absolutely necessary for the operation of the app or that do not serve to improve it are deactivated by default.

Location data
In the Call-a-bike app, we offer you functions with which we provide you with special services that are tailored to your respective location. In order for you to use these, it is necessary that your current location is transmitted. For the purposes of service provision, it is therefore necessary that the app is allowed to access the location data of your device. The location is only accessed after you have granted the app access authorisation. The legal basis for the location processing is Art. 6 para. 1 lit. b) GDPR. You can object to the processing of your location at any time as follows:

For Android, you can switch off access to the location in the settings of the operating system in
the menu sub-item "Apps/CallaBike/Access rights".

For iOS, you can switch off access to the location in the operating system settings in the menu
sub-item "Data protection/Location services/CallaBike".

This app offers you the possibility to be informed about important events and news within our service, even if you do not have our app open. We use so-called push services for this purpose. For the purpose of sending you these messages, we process pseudonymous data on servers of your operating system provider, which may also be located in the US. The legal basis for the use of push services is Art. 6 para. 1 lit. f) GDPR.
You will only receive push messages if you activate this function as described below.

For Android, you can switch on the receipt of notifications in the settings of the operating system
in the menu sub-item "Apps/CallaBike/Notifications".

For iOS, you can switch on the receipt of notifications in the operating system settings in the
menu sub-item "CallaBike/Messages".

Further data processing in general

Regardless of whether you use our website or our app, further data processing is necessary in
the following cases.

When you contact us, we process the personal data you share with us to process the correspondence.
To fulfil a contract, you must provide personal data to us. These data are required to book bicycles, settle payments, check creditworthiness, make a postal delivery if necessary to the specified address and to perform reversals and reimbursements.
Specifically, this affects the following:

A customer account is created in the context of registration with In addition to the mandatory information required for registration with and use of Call a Bike, you have the option to provide optional information. The following is a list of the corresponding data:

Mandatory data:

  • address (title, last name, first name, street, house number, postal code, city, country)
  • contact data (e-mail address), mobile phone
  • date of birth
  • payment details (credit card number and expiration date or IBAN and BIC)
  • Depending on the fee you select, additional data may be collected. (E.g: VBB annual subscription number, BVG yearly pass number, S-Bahn Berlin yearly pass number, name of the educational institution you attend, BahnCard number). Each transaction made using a credit card requires the user to provide the CVV code on the back of the card as authorisation. We do not store the CVV code.
Private and business phone contact data

We also save your booking data, which includes the information about whether or not you have a BahnCard, your registration data and – if you order a newsletter as a registered customer – any information you provided on your areas of interest in your customer account. In addition to using this data to fulfil the contractual relationship with you, we also use this data for internal analysis and market research purposes. We intend to use what we learn from this to continuously improve our offering. In addition, we intend to adjust our offerings optimally to meet your wishes and requirements. Storing and analysing pseudonymised usage data from online activities also helps us work towards this objective. We do not create a link between these activities and your personal data. You can opt out of the pseudo-anonymous use of your data at any time. Please direct your wish to opt out to

Participation in competitions
In the context of competitions, data is collected in order to run the contest. The precise details, i.e. what data is collected and for what purpose, are available on the given competition's webpage.

If you register for our newsletter, we use the e-mail address you stored to send the newsletter to you.

In this case, you are allowing us to use your e-mail address for advertising purposes.

When you register for the newsletter, we save the IP address from the computer system in use provided by your internet service provider (ISP) at the time of registration, and the date and time of registration. The collection of these data is mandatory to detect (potential) misuse of the e-
mail address of an affected person at a later point in time and therefore provides us with a legal safeguard.

You can unsubscribe from the newsletter at any time under or by clicking the unsubscribe link at the bottom of the newsletter. 

If you object to the use of your data for advertising purposes, your data will be anonymised for use in statistical evaluations only.

 Are data forwarded?

For contract processing, it is typically necessary to involve instruction-based data processing companies, for example data centre operators, print or dispatch service providers or other parties involved in contract fulfilment.

The external service providers, who we hire to process data, are carefully selected and subject to strict contractual obligations. The service providers work in accordance with the instructions we provide and this is verified by technical and organisational actions and supplementary checks.

Furthermore, transmission of your data only takes place where you have given your express approval or on the basis of a statutory requirement. 

Transmission to third countries outside the EU/EEA or to an international organisation will not take place unless appropriate guarantees have been provided. These include the EU standard contractual clauses and an adequacy decision from the EU Commission.

Data may be forwarded in the following situations, for example, where it is required for the
purpose of contract processing for a booking made on

- Debt collection
In the event of irregular payments or defaulting on payments, we may send debt claim data to a
debt collection agency.

- Payment with credit card / Concardis AG
If you decide to pay with a credit card, the data you enter will be sent directly to the system of our payment service provider


 Is data transmission encrypted?

Data and emails sent via the internet are normally unencrypted and are therefore not protected against third-party access. In order to protect your data on our web pages, your connection to our server is transport encrypted by default. Since we cannot guarantee the confidentiality of the in-formation sent to us via email, we recommend that you only send confidential information by con-tact form or post.

How are links to external site handled? 

 If you click a link to an external website, you are leaving the sphere of Call a bike. This means that Deutsche Bahn Connect is not responsible for the content, services or products offered on linked websites, nor is it responsible for the data protection or the technical security on the linked website.

Update to the data privacy notice
We adjust the data privacy notice to reflect changes to functionalities or changes to the legal situ-ation. We therefore recommend that you review the data privacy notice at regular intervals. If your consent is required or parts of the data privacy notice are contained within rules of the contractual relationship, changes will be made only with your consent.

Version dated: 7/2021