Protecting your personal data is a particular concern of ours. We therefore exclusively process your data on the basis of statutory regulations (in particular based on the provisions of the General Data Protection Regulation, the national Data Protection Act and the Telecommunications Act). We wish to inform you of the most important aspects of data processing on our website in this Data Privacy Statement.
Our Data Privacy Statement applies to anyone who makes use of one of our products or services, vists our websites or makes contact with us. We have drafted separate data privacy statements for special services, which specifically govern data processing and the associated data protection issues. This Data Privacy Statement is therefore only applicable where specific data privacy statements do not contain more specific provisions in the individual case. There are special data protection statements for the online distribution of tickets or for the Postbus shuttle.
We are also continually developing our performance, provision and services. As a result we also continuously adapt the data privacy statement. However, we shall ensure that the latest effective version is always available to you.
We provide online forms in various sections on www.postbus.at if you wish to contact us via our website or by email. Contact shall be made:
ÖBB-Postbus GmbH operates a web shop at https://www.viennaairportlines.at/de/, providing you with the opportunity to purchase tickets for Vienna Airport Lines online. A special data privacy statement has been drafted for data processing based on ticket purchase, which is available for inspection at https://www.viennaairportlines.at/de/info/375.
We began a pilot operation for micromobility in the municipality of Lustenau in November 2018. This pilot operation, for which a data privacy statement has also been executed, is subject to internal conditions of participation. The conditions of participation and the special data privacy statement are available under the following link: https://www.postbus.at/unsere-leistungen/postbus-shuttle.html
In order to improve our products and services and adapt them to customer requirements, we conduct surveys with different target groups: on the one hand with people who do not use the bus and on the other hand with people who use a bus (irrespective of which one) or people who use the ÖBB-Postbus. We thereby commission market research companies or conduct the surveys ourselves. Persons to be surveyed can be selected either completely randomly or based on social statistics or usage-specific factors. Contact with participants can be implemented via the pools of respondents for market research companies ‒ carried out without our input at the sole responsibility of partner operators. Or we invite people with a general interest, without addressing individual participation in the survey. In case of specific survey topics we also address customers.
Establishing personal reference is not intended for any surveys. All surveys are conducted completely anonymously. This is true even if we write to you directly as customer or you have declared your consent in advance to participate in a survey.
We only receive or compile an overall evaluation of data, which do not show individual interviews or persons.
If we address our customers directly, we will then exclusively contact people who have given consent thereto.
Should we conduct the survey in cooperation with a market research company in specific cases, we shall conclude a separate confidentiality agreement with said company in advance of a customer survey, laying down the secure handling of your data specifically for the individual case. In particular, this Agreement shall ensure that the company will not transfer your data to other market research institutions and other third parties for surveys for their own purposes.
In any case you are not obliged to take part in any of our customer surveys.
If you contact us by email with requests, suggestions or criticism, we would like to ensure that we have performed our service to your satisfaction. After replying to your concerns, we will therefore ask how satisfied you were with our service.
This constitutes an internal quality assurance measure. For reasons of objectivity and automated processing, we employ a processor for this purpose, to draft and send the reply and automated request on our behalf. In the event of a request, we will solely hand over your email address and customer number to the processor. We shall not provide this processor with the opportunity to inspect your data, to use your data for other purposes or transfer them to third parties.
Before employing a processor, we have assured ourselves that it will provide a sufficient guarantee for lawful and secure use of data.
Data are generally collected and processed for the purpose of contract implementation (e.g. in the event of concluding a transport arrangement, when renting or selling a bus), handling and responding to your queries, checking any applications for reimbursement and compensation, your voluntary participation in a customer survey, sending a newsletter, sending queries within the scope of quality measurement.
Data processed for these purposes shall be disclosed as required and according to the intended use to the following categories of recipients:
We therefore carry out data processing in particular based on the legal framework conditions summarized again below (as amended):
We shall not transmit personal data to a third country or an international organization.
In the event of any questions on data protection or the use of your personal data, feel free to contact our data protection officers.
Contact data for data protection officers:
Am Hautbahnhof 2
In general personal data are only stored by us to the extent that is absolutely necessary and are essentially deleted following expiry of the statutory period of limitations under civil law of three years (e.g. customer correspondence) or in the event of invoice-relevant data after seven years (e.g. booked tickets, customer cards), according to § 212 UGB or §§ 132 et seq. BAO. A longer storage period is only implemented in justified individual cases, for example as a result of an ongoing civil law or regulatory dispute.
(1) Rights of data subjects
As the data subject in the individual case, you are entitled to assert the following rights of data subjects against us, if we are the controller for data processing:
You have the right of a data subject to raise an objection to data processing, provided the requirements of Article 21 GDPR are in place.
If you wish to assert a right of a data subject, please contact us. The following contact options are available:
(Subject: assertion of rights of data subjects)
Am Hauptbahnhof 2
Please attach a copy/scan of an official photo ID to your application, indicating your date of birth (e.g. identity card, driving licence or passport). This is because we have to check your identity before we can reply to your request or make the necessary arrangements. The purpose of this identity check is to enable us to establish your actual capacity as a data subject, in order to ensure that personal data are not disclosed to unauthorized third parties (risk of misuse).
Once we have received your request and you have proven your identity, we will respond to your request within four weeks. In the event that we have specific questions as part of the reply, we will contact you and ask you to cooperate and assist.
Furthermore, you have the right to submit a complaint to the data protection authority, according to §§ 24 et seq. DSG [Data Protection Act] and Article 77 et seq. GDPR if you believe that we have breached obligations under the General Data Protection Regulation.
Austrian Data Protection Authority,
1030 Vienna, Barichgasse 40-42,
Tel.: +43 1 52 152-0
(3) Withdrawal of consent
If you have consented to your data being processed for a specific purpose, you have the right to withdraw your consent at any time, without indicating reasons.
Operationally necessary cookies
These cookies are necessary to allow you to use our websites as intended and make all functions available to you. Without such cookies the requested services cannot be provided. These cookies do not record information about you and do not store Internet locations. Absolutely necessary cookies cannot be deactivated on our site. However, they can be deactivated at any time on the browser that you use.
These cookies are necessary for certain applications or functions of the website, allowing them to be duly executed. This may for example include cookies, which store implemented settings such as a visitor’s language setting or even – assuming your prior consent – pre-completed forms.
Storage period: in the event of a session cookie for the period of the session, or in the event of your prior consent for the period of your consent.
These cookies collect information on user behaviour for visitors to our websites. For example, a record is kept of which websites are most frequently visited and which links are clicked on. All recorded data are stored anonymously with information for other visitors. Using data obtained by these cookies, we can compile analytical evaluations on our website using Piwik and thereby continually improve the user experience.
Storage period: in the event of a session cookie for the period of the session, in all other cases (for example for our web analysis service PIWIK) for a maximum three years.
How long are cookies stored on my device?
The time that a cookie stays on your device depends on whether it is a persistent cookie or a session cookie. Session cookies only remain on your device until your browser session is finished. Persistent cookies remain stored on your device, even after you have completed a browser session, until such time as the preset time for the cookie has expired or it has been deleted.
For this purpose, usage information generated by the cookie (including your abbreviated IP address) will be transferred to our server and stored for usage analysis purposes, which on our part serves for website optimization. Your IP address is immediately anonymized in this operation, meaning that you remain anonymous to us.
Information generated by cookies on the use of our websites shall not be transferred to third parties.
For technical reasons, specific data and information must be collected and stored for visits to our websites, e.g. websites used, time and duration of visit and data made available by the used browser (e.g. on the operating system and used system settings). We use such data and information anonymously in order to design our offer in a user-friendly way and technically optimize our offer.
Should you provide personal data or information on our websites, we can continue to use them within the framework of the legal requirements of TKG [Telecommunications Act] without your further consent. Use for advertising or marketing purposes, or transfer to third parties, which requires your separate prior consent, shall be exempt from this. We will separately inform you about any communications to other ÖBB affiliated companies (e.g. in the event of a concern, complaint, etc.).
Should you access the abovementioned offers on our websites or switch to these websites, we will share data provided by the browser with such operators. We are generally not responsible for contents offered on these external sites, both with regard to data protection and to the technical security of the data and information provided. Please note in this context that external providers use technologies for personalization of advertising.
If we provide a contact option through an input screen on our website, this communication shall be encrypted on the https protocol. Please note that the confidentiality of other communications on the Internet, in particular via email, is not guaranteed, and we therefore recommend not transmitting confidential data and information by email.
By information security we mean: confidentiality of data, data integrity and data availability.
In order to guarantee information security, we have established organizational framework conditions and protective measures, which conform to the latest technology. This includes:
Access rights are only granted to our employees to the absolutely necessary extent, specifically for the role. The use of such access rights is recorded in writing.
Your data shall be protected by a secure online connection (TLS) between your PC and our servers, depending on the browser configuration, with at least 128 Bits.
By processors we mean our contractual partners, who process personal data on our behalf (example: maintenance of our databases).
We only employ processors for our lawfully conducted data processing. We always assure ourselves in advance that the individual processor is suited to service performance, in particular that the processor provides a sufficient guarantee of secure and lawful use of data.
Processors that we have selected only receive personal data from us to the extent that is absolutely necessary.
Our processors have contractually undertaken:
Before employing a processor, we conclude a written agreement with it, in which special obligations are imposed on the processor and its employees, and they again are subject to a separate confidentiality obligation. We impose certain data security measures on the processor to ensure that customer data and data processing are sufficiently protected.