Customer satisfaction is our top priority. This means that protecting your data is particularly important. We would like to thank you for the trust you place in us by submitting your data to us for processing. As a sign that we respect your rights as well as your privacy, we have formulated our policy, which applies when processing your data:
The privacy statement applies to all those who book and / or use a “Postbus Shuttle” service, make a journey request or contact us. A journey can be booked electronically via the app or, depending on the region, by telephone.
We are constantly developing our performance, services and support. For this reason, we will also continually adapt the data protection declaration. However, we will ensure that the latest version is always available for you.
Österreichische Postbus Aktiengesellschaft, company number 250198p, Am Hauptbahnhof 2, 1100 Vienna, telephone +43 5 1717, is the controller under data protection law according to Article 4 Clause 7 GDPR. GDPR defines a controller as a natural person or legal entity, authority, institution or other body, which, on its own or in conjunction with others, decides on the purposes and means of processing personal data.
If you have any questions regarding data protection or the processing of your personal data, you can get in touch with our data protection officer at any time.
Contact details of the data protection officer:
Am Hautbahnhof 2, 1100 Vienna
E-mail: postbus.datenschutz@postbus.at
By personal data we mean all information relating to an identified or identifiable natural person (hereinafter “data subjects”). A natural person is regarded as identifiable if said person can be identified as precisely this natural person, in particular through allocation of an identifier such as a name, identification number, location data, online identification data or one or more other special features in the particular individual case (e.g. voice). Thus this includes, at the least, the data that can be associated with you as a customer. For example, your name, email address, telephone number, booking code, ticket code or your customer number are personal data.
The legal basis of data processing according to Article 6 GDPR comprises either the fulfilment of the contract, the fulfilment of a statutory obligation, your prior consent or our overriding legitimate interests, which may also include processing for a further purpose.
Data that can be assigned to your person can be derived from the following occasions, purposes and sources:
As the data controller under data protection law pursuant to Article 13 of the GDPR, Österreichische Postbus Aktiengesellschaft collects and processes personal data in the following cases and for the purposes specified in each instance:
Our service is also offered through selected cooperation partners. In this case, data collection is carried out by the cooperation partner pursuant to Article 14 GDPR. We currently use ÖBB-Personenverkehr AG as a cooperation partner. When booking a ticket for a specific train journey (i.e. booking a ticket to your destination and back), you will automatically be offered the ÖBB Transfer Service if this service is available at your destination. The transfer service is provided by Österreichische Postbus Aktiengesellschaft or by third parties commissioned by us. Another cooperation partner is iMobility GmbH, which facilitates the booking of Postbus Shuttle trips via wegfinder. In the context of these cooperations, ÖBB-Personenverkehr AG (PV AG) and iMobility (iMob) provide the following data:
If we do not provide the service ourselves, we use third parties (for example local taxi companies at the destination) to provide the service, to whom the following data may be disclosed where necessary.
ÖBB-Personenverkehr AG as well as Österreichische Postbus Aktiengesellschaft and any third party commissioned by us (as far as the transfer service is concerned) shall carry out this service under their own responsibility under data protection law. As a consequence, you must in particular exercise your claims/rights under data protection law (e.g. a request for information under data protection law) against Österreichische Postbus Aktiengesellschaft, ÖBB-Personenverkehr AG and the commissioned third parties.
In case of complaints and other inquiries, we will, if you wish, also forward them to ÖBBPersonenverkehr AG or to the commissioned third party.
When required, and depending on the intended use, the data processed for these purposes are disclosed to the following categories of recipients:
To
Our data processing therefore takes place in particular on the basis of the following summarised legal framework (as amended):
We do not intend to transfer personal data to a third country or to an international organization.
Storage period: In general, personal data are only stored by us to the extent that is absolutely necessary, and in principle, they are deleted after expiry of the legal civil limitation period of three years (e.g. customer correspondence) or in the case of invoice-relevant data, after seven, maximum ten years (e.g. booked tickets, yearly tickets) in accordance with § 212 UGB or §§ 132f in conjunction with 207ff BAO. A longer storage period is only implemented in justified individual cases, for example as a result of an ongoing civil law or regulatory dispute.
In detail we would like to highlight the following different topics:
Your rights
1. You, as the person concerned in the individual case, are entitled to assert the following rights of data subjects against us if we are the data controller
If you wish to assert a data subject right, please contact us. To do so, the following contact options are available to you:
Österreichische Postbus Aktiengesellschaft
Am Hauptbahnhof 2
1100 Vienna
E-mail: postbus.datenschutz@postbus.at
Please include the following information in your request:
This is because we have to verify your identity before we can respond to your request or take the necessary steps. The purpose of this identity check is to enable us to establish your actual status as a data subject, in order to ensure that personal data is not disclosed to unauthorised third parties (risk of misuse). As soon as we receive your request and you have proven your identity to us, we will respond to your request within four weeks. In the event that we have specific questions in the course of answering, we will contact you and ask for your cooperation and assistance.
2. In addition, you have the right to lodge a complaint with the data protection authority in accordance with §§ 24ff DSG and Articles 77ff DSGVO if you believe that we are in breach of our obligations under the Basic Data Protection Regulation.
contact details:
Austrian data protection authority,
1030 Vienna, Barichgasse 40-422
Phone +43 1 521 52-25 69
e-mail: dsb@dsb.gv.at
www.dsb.gv.at
3. Revocation of granted consent
If you have granted us your consent to the processing of your data for a specific purpose, you may withdraw that consent at any time, with effect for the future, and without giving a reason.
You can also view the privacy statement in the app itself during the registration process and at any time after registration in the app menu under “Legal”.
When designing our service, we have taken care to ensure that data is only collected and processed to the extent absolutely necessary.
Essential in this context are the following when using our app
To use our app, you must create a Postbus Shuttle account. Therefore, bookings or ride requests cannot be made without first creating a Postbus Shuttle account. In order to create a Postbus Shuttle account, we will need at least the following information about you:
During the registration process, you will receive an activation code by text message to the mobile number you have provided. After entering and confirming the activation code, your account will be activated. Once you have successfully registered, Postbus Shuttle will send you confirmation and contact details to the e-mail address you have provided. When you open the app in the future, you will automatically be logged in with your account.
You can log out of your account from within the app. To do this, select the “Log out” option in the app menu.
If you wish to deactivate your account/registration, please write to postbus.shuttle@postbus.at. Your registration will be cancelled and your access data, e-mail address, and mobile number will be deactivated.
In order to book a trip with the Postbus Shuttle by telephone (where available), please use the telephone number(s) provided on our website (https://www.postbusshuttle.at/) to be connected to the relevant customer centre. If you are not yet a Postbus Shuttle customer, you will need to provide the information required for registration at the Customer Center—just as you would when registering via the Postbus Shuttle app.
To make a booking, you need to tell the Customer Centre your departure and arrival addresses (or departure and arrival stops) and the time and date of your journey. The Customer Centre will use this information to check for availability and book the trip for you if required.
To cancel a trip that has already been booked, you must contact the Customer Centre and inform them of the cancellation. The trip will then be cancelled.
If there are any changes to your journey, such as delays, you will be notified automatically in the app or, if you do not have an app account, by e-mail to the e-mail address you have provided or by text message to your mobile phone number. The mobile phone number provided will also be used if you do not show up at the pick-up point or have difficulty finding it.
Once your ride has finished, you can voluntarily rate it via the app. This feedback is stored anonymously. If you would like to provide us with detailed feedback, please feel free to send us an e-mail at postbus.shuttle@postbus.at.
You have the option of booking the trip through one of our partners. Partners include doctors, hotels, local authorities and others. Booking through our partners can be done by visiting or calling the partner.
In this context, we or our partners will collect the following information:
The partner is not authorised to use the data entered for the customer as part of the booking for any other purpose.
By payment information we mean information that we require for processing the payment. As a matter of principle, we will never store any payment information, such as credit or debit card numbers, expiry date, the card validation code (CVC) or user account and password data.
In all other cases, payment information (e.g. expiry date or the card validation code (CVC)) will be processed and used by a tested and certified payment service provider (Terminal Service Provider and Payment Service Provider).
In order to handle the payment process, we employ tested and PCI-certified payment service providers who process and use the payment information (e.g. CVC code or expiry date) to complete the booking. The data will only be processed for the purpose of payment processing in connection with the ticket booking. These payment service providers generally operate independently and therefore process your data under their own responsibility under data protection law.
In order to clearly authorise a payment, the payment service provider will require various pieces of information from us, such as e.g. identification data for browser and operating system type, which are saved by us and forwarded to the payment service provider for processing the payment.
Further information related to this is also provided to you by the payment service provider itself.
For the purposes of payment risk management, as required in the specific case and as part of the purchase transaction, personal data may be transmitted in the absolutely necessary extent to the payment service provider, which then uses this data to conduct a risk assessment. Payment-related data will also be consulted for anonymised analyses.
By information security we understand:
In order to guarantee information security, we have established organisational framework conditions and protective measures that correspond to the state of the art.
These include:
Our employees are only granted access rights in accordance with their roles and to an extent that is absolutely necessary. The use of these access rights is recorded.
The app is distributed via the Apple App Store and the Google Play Store (hereinafter referred to as “Store”). Inclusion, distribution and use of the app is therefore additionally subject to the separate conditions of these two stores, over which we have no influence, and which are compiled and asserted at the sole responsibility of the stores.
Cookies are small text files or codes that contain information units. These text files are stored on your hard disk or in the memory of your browser when you visit one of our websites. Thanks to cookies, the content of our web pages can be structured more easily and those devices can be recognised via which our web pages were previously visited. We use cookies to gain a better understanding of how applications and websites work and to analyse and optimise the user experience when using our websites online and on the move.
We do not use cookies for our app; however, our shuttle interface uses cookies that are necessary for its operation. These are necessary to ensure that the Shuttle Interface can be used as intended and that all features are available. Without such cookies the requested services cannot be provided. These cookies do not record information about you and do not store Internet locations. Absolutely necessary cookies cannot be deactivated on our site. However, you can disable them at any time via the browser you are using. Apart from this cookie, which is necessary for operational purposes, no others are used.
Data processors pursuant to the GDPR are natural and legal entities that are commissioned by us to provide a specific service.
We have contracted an external service provider to handle the deployment and technical operation of our app and Shuttle Interface. This service provider processes personal data exclusively in accordance with our instructions and on the basis of a data processing agreement pursuant to Article 28 of the GDPR.
The service provider specifically assists us with the technical deployment, maintenance, hosting and error analysis of the app. This may include the processing of the following data, among others: Device and usage data, log data, technical identifiers, and the data you enter within the app.
Data is processed exclusively for the purposes specified in this privacy statement. We will not pass on your data to third parties unless we are legally required to do so or you have given us your explicit consent.
To provide this service, Österreichische Post AG engages
We have provided you with comprehensive information on the purposes of our data processing, categories of data recipients, the legal basis and legal framework, the storage period as well as the rights you are entitled to and the scope of data processing. In all data processing, we have taken care to ensure that data collection and data scope are limited to the extent that is absolutely necessary. Therefore, if we ask you to provide data, this is necessary so that:
If you do not or not fully comply with our request for data disclosure, it cannot be guaranteed that we will be able to comply with or process your aforementioned purchase or other request(s).