- Name and contact details of the controller and the internal data protection officer
This data protection information applies to data processing by:
person responsible: Manuel Mang
telephone: +49 (0) 30 916076 - 0
- Collection and storage of personal data and nature and purpose of its use
When using mobile applications
When opening the mobile application (app) "InLineMobile.SEV", you will be asked for permissions on your end device that are necessary for using the app.
The "InLineMobile.SEV" app requires the "InLineMobileGPS.Service" service to function correctly. The "InLineMobileGPS.Service” collects time and location information and hands it over to the "InLineMobile.SEV" app to enable tracking of road-based rail replacement service (SEV) trips. The data is transmitted to the landside customer server of the control center and enables it to monitor the position of the SEV vehicle in order to inform accompanying transports. In addition, the data collected is stored in compliance with Article 5 of the General Data Protection Regulation (GDPR) for audit-proof verification of service provision.
Before time and location information is transmitted from the "InLineMobileGPS.Service" service and to the "InLineMobile.SEV" app, the "InLineMobile.SEV" app must be set up for secure communication with the control center. This requires temporary authorization to use the camera to scan a QR code. After the connection to the customer server of the control center has been set up, the user is requested to do a user login.
Time and location information is temporarily used locally when the app is active to simplify SEV trip registration for the user.
Data storage and transmission does not take place until the user performs the SEV ride registration after the personal login. In this case, the time and location information is always collected and transmitted when the app is started or when it should be active in the background.
When the app is closed, no data is collected, stored or transmitted.
The apps use third-party services that may collect information that can be used for identification.
The legal basis for the processing of data is Art. 6(1) sent. 1(f) of the General Data Protection Regulation (GDPR).
- Disclosure of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
- you have given your express consent in accordance with Art. 6(1) sent. 1(a) of the GDPR,
- disclosure is necessary in accordance with Art. 6(1) sent. 1(f) of the GDPR to establish, exercise or defend legal claims and no grounds exist for the assumption that you have overriding interests in your data not being disclosed which require protection,
- in the case of a legal obligation to disclosure in accordance with Art. 6(1) sent. 1(c) of the GDPR, and
- this is legally permissible and necessary for the performance of a contract with you in accordance with Art. 6(1) sent. 1(b) of the GDPR.
- Rights of data subjects
You have the right:
- under Art. 15 of the GDPR, to request information on the personal data on you we have processed. In particular, you can request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data are or were disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if they were not collected by us, as well as whether automated decision-making is in use, including profiling and, where applicable, clear information on the details of these;
- under Art. 16 of the GDPR, you can request without undue delay the rectification of inaccurate information or the completion of your personal data we have stored;
- under Art. 17 of the GDPR, you have the right to request the erasure of your personal data we have stored provided that the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- under Art. 18 of the GDPR, you have the right to request the restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose the erasure of it and we no longer need the data but you require them to establish, exercise or defend legal claims or have opposed the processing in accordance with Art. 21 of the GDPR;
- under Art. 20 of the GDPR, you have the right to request to receive your personal data which you have provided to us in a structured, commonly-used and machine-readable format or to transmit your data to another controller;
- under Art. 7(3) of the GDPR, you have the right to withdraw your consent at any time. The consequence of this is that we will no longer be allowed to continue the data processing that is based on this consent and
- pursuant to Art. 77 of the GDPR, lodge a complaint with a supervisory authority. You can typically contact the supervisory authority responsible for your place of residence or workplace or the one responsible for the location of our offices.
- Right to object
Provided that your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1) sent. 1(f) of the GDPR, you have the right under Art. 21 of the GDPR to object to the processing of your personal data if grounds arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object which we will implement even without you having to specify your special situation. If you would like to make use of your right to withdraw your consent or to object, it is sufficient to send an email to [
- Data security
We appreciate your trust in us to provide your personal information, so we strive to use commercially acceptable means to protect it. However, please remember that no transmission method over the Internet or electronic storage method is one hundred percent secure and reliable, and we cannot guarantee its absolute security.
For data exchange with the shore-side client server, we use SSL encryption using client/server certificates.
Apart from this, we also use appropriate technical and organisational security measures to protect your data from accidental or intentional tampering, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continually being improved according to developments in technology.