Data protection

Data protection information in accordance with the EU General Data Protection Regulation

In accordance with the EU General Data Protection Regulation (GDPR) applicable from May 25, 2018, we are providing you with this data protection notice to inform you about the processing of your personal data by us and the rights to which you are entitled in this context.


Who is responsible for data processing and who can I contact?

Responsible body:
ATG Alster-Touristik GmbH
Anleger Jungfernstieg
20354 Hamburg
Telephone: (040) 357424-0
E-mail: info@alstertouristik.de

You can contact our company data protection officer at:
Hamburger Hochbahn AG
Data Protection Officer
Steinstraße 20
20095 Hamburg
Telephone: (040) 3288-2316
E-mail: Datenschutzbeauftragter@hochbahn.de

You can contact the official data protection officer at:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg
Telephone: (040) 428 54 4040
E-mail: mailbox@datenschutz-hamburg.de

What data do we process?

We process personal data that we receive from you as part of our business relationship. We also process personal data that we legitimately receive from other companies in the Hamburg Transport Association HVV or from other third parties, insofar as this is necessary for the provision of our service.
In addition to contract data, we process your communication data that we receive when you contact us (e.g. contact form, customer dialog). We also process your personal data in connection with online or print applications in the context of job vacancies.
Video surveillance in our facilities and vehicles is an important preventive measure for your safety. However, the video recordings are automatically deleted after a short time if no incident has been reported.

Specifically, we process the following data:

  • Contract data (depending on the product and service, this includes name, address details, date of birth, telephone number, e-mail address, bank details, billing and payment data, photo)
  • Communication data (name, address, e-mail address, telephone number/mobile number if applicable)
  • Correspondence (e.g. correspondence with you)
  • Video data
  • Advertising and sales data (e.g. products of potential interest to you)
  • Applicant data (name, address details, telephone number, e-mail address, date of birth, application documents)

What do we process your data for (purpose of processing) and on what
legal basis?

Below we inform you about the purposes for which we process your data and the legal basis on which we do so.

  1. To fulfill contractual obligations (Art. 6 para. 1 letter b GDPR)
    Your personal data will be processed for the performance of contracts with you (subscription, purchase of products) or pre-contractual measures.
  2. As part of the balancing of interests (Art. 6 para. 1 letter f GDPR)
    We also process your data, where necessary, to protect our legitimate interests or those of third parties. This is done for the following purposes, for example:
  • Ensuring IT security and IT operations
  • Advertising or market and opinion research, unless you have objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • Consultation of and data exchange with credit agencies (e.g. Schufa) to determine creditworthiness and default risks
  • Video surveillance to prevent, deter and investigate crime, improve passengers' sense of security and reduce damage caused by vandalism
  • In connection with the processing of customer inquiries, complaints, etc.
  • Competitions for special occasions
  • Online reservations and inquiries
  1. Based on your consent (Art. 6 (1) (a) GDPR)
    If you have given us your consent to process personal data for specific purposes, the lawfulness of the processing is based on your consent. You can withdraw your consent at any time. This also applies to consent given before the GDPR came into force, i.e. before May 25, 2018. Please note, however, that the revocation only takes effect for the future.
  1. For the purposes of the employment relationship (§26 BDFG)

Your data will be processed here, among other things, for the establishment, implementation and termination of an employment relationship.

  1. Due to legal requirements (Art. 6 para. 1 letter c GDPR)
    We also process your data to fulfill legal obligations, e.g. for the proof of commercial or tax retention periods. These include, for example, the German Commercial Code and the German Fiscal Code.

Who receives my data?

Within ATG Alster-Touristik GmbH, those departments that require your data to fulfill the stated purposes and legal bases will receive it. All relevant employees are obliged to comply with the data protection regulations. Processors employed by us may also receive data for these purposes. These are, for example, companies from the categories of IT services, financial service providers, corruption prevention, document processing, archiving, file disposal, debt collection, consulting, marketing and sales, creation and distribution of customer cards, performance of data analyses for the purpose of demand and/or supply analysis or the further optimization of the HVV transport offer or from the category of printing services.
Within the framework of separate contracts, the processors are obliged to confirm and comply with all measures required under data protection law.

How long will my data be stored?

As your contractual partner, ATG Alster-Touristik GmbH processes and stores your personal data only for as long as is necessary for the fulfillment of contractual and legal obligations. It should be noted that our business relationship in the subscription is a continuing obligation, which is usually designed for several years.
If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:

  • Compliance with retention periods under commercial or tax law: These include, for example, the German Commercial Code and the German Fiscal Code. The retention and documentation periods stipulated there are up to 10 years.
  • Preservation of evidence within the framework of the statute of limitations: According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods are generally 3 years, but can also be up to 30 years in individual cases.

Applicant data is generally deleted after 12 months. To enable us to contact you at a later date for other vacancies, you have the option of giving us your written consent to store your data for a total of 24 months. After the aforementioned periods have expired, your data will be completely deleted.
The images from the video surveillance in our facilities and vehicles are recorded on a so-called "ring buffer" for 24 or 72 operating hours (depending on the vehicle type or operating facility). This data is therefore constantly and automatically overwritten if no removal or securing of the recording for the investigation of criminal offenses or special incidents is recorded within 24 or 72 operating hours.

In the case of competitions on the ATG Alster-Touristik GmbH website, the data is collected solely for the purpose of running the competition and is not used for any other purpose. The data will be deleted after the competition has been completed. The same applies to competitions run by ATG Alster-Touristik GmbH on social media (Facebook, Twitter).


Is data transferred to a third country or to an international organization?

We only transfer your data to countries outside the EU or EEA (so-called third countries) if this is required by law or if you have given us your consent. This does not currently take place.


What data protection rights do I have?

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG)


To what extent is there automated decision-making in individual cases?

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish and conduct a business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.


To what extent will my data be used for profiling?

We do not use automated processing to make a decision on the establishment and execution of a contractual relationship or a business relationship.


Information on your rights of objection

Individual right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (balancing of interests).
If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally and should be addressed to the "Controller" named above under 1.
ATG Alster-Touristik GmbH
Anleger Jungfernstieg
20354 Hamburg

.

Use of cookies

ATG Alster-Touristik GmbH uses cookies on its Internet pages to determine the frequency of use, the number of users and their preferences and to further individualize the Internet offer. The information is processed exclusively in anonymized form. Cookies are small files that are stored on your PC by our web servers and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. In principle, you can use the ATG Alster-Touristik GmbH website without cookies by adjusting your browser settings accordingly. You may then be asked to re-enter certain functions.
Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Here you can adjust your current cookie settings:

[borlabs-cookie type="btn-cookie-preference" title="Cookie Einstellungen"/]

Use of analysis tools

Google Analytics

Our website uses functions of the web analysis service Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 letter f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website:

[borlabs-cookie type="btn-switch-consent" id="google-tag-manager" title="Google Analytics"/]

Please note: The objection (opt-out) is stored in the form of a cookie. If you delete your cookies, you will have to object to web tracking again.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Google AdWords

This website uses Google AdWords, an analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, and conversion tracking as part of Google AdWords. Google AdWords places a cookie for conversion tracking on your computer's hard disk (so-called "conversion cookie") when you click on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages on our website, Google and we can recognize that you have clicked on the ad and have been redirected to this page. The information obtained using conversion cookies is used to compile statistics for AdWords customers who use conversion tracking. These statistics tell us the total number of users who have clicked on the ad placed by Google and accessed a page with a conversion tracking tag. In addition to conversion tracking, we also use the functions

  • Remarketing
  • Target groups with common interests
  • User-defined target groups with common interests
  • Ready-to-buy target groups
  • Similar target groups
  • demographic and geographical focus.

We use Google's remarketing function to reach users who have already visited our website. This allows us to present our advertising to target groups who are already interested in our products or services. AdWords also uses user behavior on websites in Google's advertising network ("Display Network") over the last 30 days and the contextual search engine to determine the common interests and characteristics of users of our website. Based on this information, AdWords then finds new potential customers for marketing purposes whose interests and characteristics are similar to those of the users of our website. Target group-specific remarketing is carried out through the combined use of cookies, such as Google Analytics cookies and Google DoubleClick cookies.

The storage of "conversion cookies" and the use of this tracking tool are based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your browser under usage settings.

Further information on terms of use and data protection in the context of Google AdWords can be found at this link: http://www.google.de/policies/technologies/ads/.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our websites. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters our website. For the analysis, reCaptcha evaluates various information (e.g. IP address, duration of the visit to our website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in protecting our website from abusive, automated spying. Further information on Google reCAPTCHA can be found at the following link: https//www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Plugin / YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. YouTube can also store various cookies on your device. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your end device until you delete them. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

Tickets