Data Privacy Statement Österreichische Postbus Aktiengesellschaft

Protecting your personal data is a particular concern of ours. We therefore exclusively process your data on the basis of statutory regulations (in particular based on the provisions of the General Data Protection Regulation, the national Data Protection Act and the Telecommunications Act). We wish to inform you of the most important aspects of data processing on our website in this Data Privacy Statement.

Our Data Privacy Statement applies to anyone who makes use of one of our products or services, vists our websites or makes contact with us. We have drafted separate data privacy statements for special services, which specifically govern data processing and the associated data protection issues. This Data Privacy Statement is therefore only applicable where specific data privacy statements do not contain more specific provisions in the individual case. There are special data protection statements for the online distribution of tickets or for the Postbus shuttle.

We are also continually developing our performance, provision and services. As a result we also continuously adapt the data privacy statement. However, we shall ensure that the latest effective version is always available to you.

ÖBB-Postbus Aktiengesellschaft, FN 248742 y, Am Hauptbahnhof 2, 1100 Vienna, tel.: +43 (0)5 1717 is the controller under data protection law, as defined in Article 4(7) GDPR.

We provide online forms in various sections on www.postbus.at if you wish to contact us via our website or by email. Contact shall be made:

• in the event of lost objects (lost and found)

• in case of customer queries (customer feedback) if you contact our customer service or

• in the event of renting or selling buses

Our customer service

You are welcome to contact us with your concerns, applications, complaints, wishes (eg applications, complaints, wishes (e.g. the transmission of travel information) and other suggestions or for advice on services). and other suggestions or for advice on services. Our customer advisors are available to you either by telephone or by e-mail:

Phone: +43 (0) 5 17 17 or
E-Mail: service@postbus.at

The ÖBB customer service of ÖBB-Personenverkehr AG, which we use as a trustworthy contract processor and through which the data processing takes place on our behalf, acts as a customer consultant.

The data provided by you in connection with your request (in particular first and last name, address data, e-mail address, documents and other information) will be used exclusively for case processing and therefore not for any other purpose. By using the ÖBB customer service, not only a quick and professional processing of your request is ensured, but also a procedure in accordance with the data protection regulations, because employees strive for your request, who pay the utmost attention to compliance with data protection aspects.

Under the heading "Use of contract processors" in our data protection declaration, we have generally explained the framework conditions under which contract processors are used by us. We refer to these remarks, which also apply without restriction to ÖBB customer service.

You have the opportunity to purchase Vienna Airport Lines tickets online at https://tickets.postbus.at/ im Wege eines Onlinekaufes zu erwerben.

With Vienna Airport Lines you can book bus journeys from Vienna to Vienna Airport and back.

The Thermenlandbus offers bus connections from Vienna Central Station to the thermal spas H2O Kindertherme, Heiltherme Bad Waltersdorf, Rogner Bad Blumau and Therme Loipersdorf, as well as to the thermal capital Fürstenfeld and back.

You can easily purchase tickets for your trip through the following distribution channels:

• On the bus, directly from the driver or

• at the ÖBB-Postbus customer office in Fürstenfeld and a local sales partner

• online in our ticket shop at https://tickets.postbus.at/

You have the choice between single tickets, tickets for return journeys, weekly/monthly tickets or a combination ticket which already includes the admission price to the thermal bath.

We have compiled more detailed information for you on our website at https://www.postbus.at/ zusammengestellt.

The Postbus Shuttle creates a mobility offer in certain Austrian communities where no corresponding public transport is available. The Postbus Shuttle is a mixture of call bus and shared taxi, a "public taxi".

If this service is available in your community, trips can be booked via the Postbus Shuttle App. A special data protection declaration has been drawn up for data processing, which you are welcome to view here.

The legal basis for data processing in accordance with Article 6 DSGVO is either the fulfilment of a contract, the fulfilment of a legal obligation, your prior consent or our over-riding legitimate interests, which may also include processing for a further purpose.

Data that can be assigned to your person can be derived from the following causes, purposes and sources:

• If you purchase a product of Österreichische Postbus Aktiengesellschaft for the Vienna Airport Lines, Thermenlandbus or an annual ticket (e.g. ticket purchase)

• If you use ours for timetable information

• In case of contact in case of loss of items

• If you are interested in renting or selling buses

• If there are outstanding receivables that have not been paid

• In case of an emergency, if it should be necessary to contact you (e.g. in the event of a large-scale failure of buses).

• If you wish to receive advertising (e.g. newsletters, product and offer information etc.) or other information from us or wish to participate in our other activities and campaigns (e.g. prize draws, customer surveys, promotions or discounts, etc.).

• If you are asserting your rights as a passenger, if you are claiming a fare, or if you have submitted an application for reimbursement / compensation.

• When a fare claim is made

• If you contact the ÖBB Customer Service with questions, requests, suggestions and criticism and we ask you about our internal quality assurance in order to constantly improve our service

• For statistical investigations to improve our services or systems, whereby the results of these investigations in no way allow any conclusions to be drawn about your person, and for internal company risk analysis.

Data are generally collected and processed for the purpose of contract implementation (e.g. in the event of concluding a transport arrangement, when renting or selling a bus), handling and responding to your queries, checking any applications for reimbursement and compensation, your voluntary participation in a customer survey, sending a newsletter, sending queries within the scope of quality measurement.

Die ÖBB-Postbus Aktiengesellschaft FN 250198p, Am Hauptbahnhof 2, 1100 Vienna, Telephon +43 5 1717 is the person responsible for data protection within the meaning of Article 4 item 7 DSGVO.

Data processed for these purposes shall be disclosed as required and according to the intended use to the following categories of recipients:

To

• the responsible banking institution / payment service provider for the purpose of handling payments (for the purposes of executing the contract, Article 6(1) b) GDPR).

• the regulatory authorities in the event of arbitration proceedings (for the purposes of compliance with railway legislation and rights, Article 6(1) c) GDPR).

• the assigned legal representative in the event of disputes under civil law (based on our legitimate interests in defending legal claims, Article 6(1) f) GDPR).

• the locally competent administrative authority in the individual case (in particular tax authorities, driving licence authorities, Rundfunk und Telekom Regulierungs-GmbH or trade authorities) for the purposes of observing statutory regulations and rights, Article 6(1) c) GDPR.

• the locally competent courts in the individual case or other competent authority in the individual case (based on our legitimate interests in the defence of legal claims, Article 6(1) f) GDPR).

• the debt collection agency assigned by the controller for the recovery of outstanding debts based on our legitimate interests in the defence of legal claims, Article 6(1) f) GDPR).

• the chartered accountant for the purpose of auditing (in order to observe statutory regulations, in particular applicable provisions of stock corporation law, Article 6(1) c) GDPR).

• to our commissioned processors, if they process personal data on our behalf. (Based on our legitimate interests, in particular in improving, simplifying and maintaining our database systems, Article 6(1) f) GDPR).

We therefore carry out data processing in particular based on the legal framework conditions summarized again below (as amended):

• Regulation (EU) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR), in particular Article 6(1) a) (consent), b) (execution of contract), c) GDPR (statutory right or obligation), f) (legitimate interests) and (4) (processing for other purposes).

• Federal Act on the regular carriage of persons by motor vehicle (Kraftfahrliniengesetz - KfG), Federal Law Gazette I No. 203/1999 as amended;

• Order of the Federal Minister of Public Economy and Transport on the access to the trade of transporting persons by motor vehicle (job access ordinance on scheduled and non-scheduled motor vehicle services - BZP-VO), Federal Law Gazette No. 889/1994 as amended;

• Concessions of the contracting authority that entitle him to provide motor vehicle services on the respective licensed route;

• Directive on the General Conditions of Carriage for Motor Vehicle Services (Federal Law Gazette II No. 47/2001 as amended;

• Regulation No. 181/2011 of the European Parliament and of the Council of 16 February 2011 on the rights of passengers in bus and coach transport and amending Regulation (EC) No. 2006/2004;

• Trade Act 1994;

• In case of an occasional event: Code of Criminal Procedure 1975,

• Introductory Act to the Administrative Procedures Act 2008

• Administrative Penalties Act 1991

• General Administrative Procedure Act 1991

• General Civil Code for all German hereditary lands of the Austrian Monarchy

• Telecommunications Act 2003

• Federal Act on General Regulations and Procedures for Fees Administered by the Tax Authorities of the Federal Government, Regional States and Municipalities (Federal Fiscal Code, BAO)

• Federal Act on Special Regulations of Civil Law for Companies (Austrian Commercial Code, UGB)

• General Terms and Conditions and other conditions of participation of Österreichische Postbus Aktiengesellschaft.

• Federal Act of 21 January 1959 on Liability for the Compensation of Damages from Accidents in the Operation of Railways and the Operation of Motor Vehicles (Railways and Motor Vehicles Liability Act – EKHG) BGBl. [Federal Law Gazette] No. 48/1959, as amended.

• Federal Act on distance sales and contracts concluded outside business premises (FAGG) BGBl. I No. 33/2014, as amended by BGBl. I No. 83/2015, as amended.

• Federal Act of 8 March 1979, by means of which provisions are adopted on the protection of consumers (Consumer Protection Act – KSchG), BGBl. No. 140/1979 as amended.

• EU Directive on Payment Services in the Internal Market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010 and repealing Directive 2007/64/EC (PSD2)

We shall not transmit personal data to a third country or an international organization.

In the event of any questions on data protection or the use of your personal data, feel free to contact our data protection officers.

Contact details of the data protection officer:

Österreichische Postbus Aktiengesellschaft
Am Hautbahnhof 2
1100 Vienna

E-mail: postbus.datenschutz@postbus.at

In general personal data are only stored by us to the extent that is absolutely necessary and are essentially deleted following expiry of the statutory period of limitations under civil law of three years (e.g. customer correspondence) or in the event of invoice-relevant data after ten years (e.g. booked tickets, customer cards), according to § 212 UGB or §§ 132 et seq. BAO. A longer storage period is only implemented in justified individual cases, for example as a result of an ongoing civil law or regulatory dispute.

In detail we would like to highlight the following different topics:

• In so far as billing-relevant data is concerned due to other ticket purchases, the purchase of a VAL annual pass tickets for the Thermenlandbus, applications for reimbursement, additional fare claims, this data will be stored for ten years.

• Otherwise, we will retain the data attributable to you for a period of three years, such as customer correspondence, use of other services, mere participation in competitions, campaigns or customer surveys.

• Revocation of a declaration of consent or assertion of an objection to direct marketing in accordance with Article 21f DSGVO (black list): This information cannot be deleted, particularly as we keep it as a negative list and thus ensure that you do not receive any promotional offers from us at the moment.

(1) Rights of data subjects

As the data subject in the individual case, you are entitled to assert the following rights of data subjects against us, if we are the controller for data processing:

Right of access (Article 15 GDPR)

You have the right to demand information on which personal data are collected about you and held by us.

Right to rectification and erasure (Article 16 GDPR)

You have the right to rectify any incorrect data concerning your person (e.g. spelling mistakes).

Right to erasure (Article 17 GDPR)

You have the right for personal data to be deleted, provided such deletion is covered by the cases set out in Article 17 GDPR, for example if we were to wrongfully process data.

Right to restriction (Article 18 GDPR)

You have the right of a data subject to demand that the controller restrict the processing of personal data about you if the requirements under Article 18 GDPR are in place.

Right to data portability (Article 20 GDPR)

You have the right of a data subject to receive the data provided by you in an interoperable format.

Right to object (Article 21 GDPR)

You have the right of a data subject to raise an objection to data processing, provided the requirements of Article 21 GDPR are in place.

You have the right of a data subject to raise an objection to data processing, provided the requirements of Article 21 GDPR are in place.

Contact data:

Österreichische Postbus Aktiengesellschaft
(Subject: Assertion of rights of data subjects)
Am Hauptbahnhof 2
1100 Vienna
E-mail: postbus.datenschutz@postbus.at

Please attach a copy/scan of an official photo ID to your application, indicating your date of birth (e.g. identity card, driving licence or passport). This is because we have to check your identity before we can reply to your request or make the necessary arrangements. The purpose of this identity check is to enable us to establish your actual capacity as a data subject, in order to ensure that personal data are not disclosed to unauthorized third parties (risk of misuse).

Once we have received your request and you have proven your identity, we will respond to your request within four weeks. In the event that we have specific questions as part of the reply, we will contact you and ask you to cooperate and assist.

(2) Complaints

Furthermore, you have the right to submit a complaint to the data protection authority, according to §§ 24 et seq. DSG [Data Protection Act] and Article 77 et seq. GDPR if you believe that we have breached obligations under the General Data Protection Regulation.

Contact data:

Austrian Data Protection Authority,
1030 Vienna, Barichgasse 40-42
Telefon: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
www.dsb.gv.at

(3) Withdrawal of consent

If you have consented to your data being processed for a specific purpose, you have the right to withdraw your consent at any time, without indicating reasons.

In designing our service,

we have paid attention to the fact that data is only collected and processed to the extent that is absolutely necessary.

The following are essential in this context

• First name, surname, gender and user name incl. password

• Customers and User ID,

• Indication of age

• Contact details (e-mail address, telephone number),

• Role of the person concerned

• Consents given to the GTCs,

• Ticket and voucher information incl. type of purchase as well as information on the booked trip incl. information on the travellers,

• Device information and IP address (when logging on and logging off as well as changing the data provided),

• Favorites,

• Details of consents given

• Payment-relevant data including booking status and billing information

• Real-time information before, during and after the journey (in particular change of departure and arrival times, total loss, exit information),

• Location information for the purpose of ticket booking or connection enquiry, if the functionality has been approved,

• logging data

• Information on a communicated concern of the person concerned, assessment by the person responsible and outcome of the proceedings, including any compensation amount / voucher.

• validation data

Ticket sales by third parties via external booking platforms

We have extended our distribution channels for you. This means that you can now also find our connections on partner platforms and can, in part, also book your ticket directly on the platform of our partner. If the booking is made through a partner, we exchange only the schedule and ticket information with the partner that is required for the creation of the ticket. The respective partner is responsible for the protection of the data processed on the partner platform of the partner.

Use of payment information

By payment information we mean information that we require for processing the payment. We will never store any payment information, such as credit or debit card numbers, expiry date, the card validation code (CVC) or user account and password data. We will only store payment information to a limited extent, i.e.

• if we cannot implement cancellation automatically but have to transfer the cancellation amount retrospectively (in this case we will store the name of the applicant, IBAN, BIC, name of the bank and the address (postcode, city, country, street and house number);

• in case of a specific booking, we will store the payment method (PayPal) or card type (VISA, MasterCard, etc.) and the last 4 numbers.

In all other cases, payment information (e.g. expiry date or the card validation code (CVC)) will be processed and used by a tested and certified payment service provider (Terminal Service Provider and Payment Service Provider).

In order to handle the payment process, we employ tested and PCI-certified payment service providers who process and use the payment information (e.g. CVC code or expiry date) to complete the booking. Data will be processed only for the purposes of com-pleting payments on certified payment terminals (e.g. ticket machine, ticket desk, etc.) or at tickets.oebb.at or via the ÖBB app. These payment service providers are usually independent entities and therefore process your data in accordance with their own privacy policy.

In order to clearly authorise a payment, the payment service provider will require various pieces of information from us, such as e.g. identification data for browser and operating system type, which are saved by us and forwarded to the payment service provider for processing the payment.

The European Banking Authority (EBA), Regulatory Technical Standards (RTS) and the revised Payment Services Directive (PSD2) prescribe strict authentication methods for combating online fraud. PSD2 aims at preventing online fraud with strict customer authentication rules applied to an increased number of transactions.

So-called Strong Customer Authentication (SCA) is an obligatory part of PSD2 and ensures a high level of customer protection and increased payment security. SCA is there-fore required whenever you, the customer, start an electronic payment process or perform a transaction that poses a risk of fraud or other misconduct. In this case, you will be required to complete an identification process by providing a password and another identification factor as determined by the payment service provider. In certain exceptional cases, this authentication can be dispensed with. The decision to apply SCA or dispense with authentication rests with the payment service provider.

besondereWe are required to provide the payment service provider with the relevant data requested in order to secure your payment transaction (see in particular https://doc.wirecard.com/CreditCard.html#CreditCard_PSD2).

More information on this can also be found on the payment service provider’s own website (see, for example, https://www.wirecardbank.de/DSGVO or https://www.wirecardbank.de/datenschutzbestimmungen/).

For the purposes of payment risk management, as required in the specific case and as part of the purchase transaction, personal data may be transmitted in the absolutely necessary extent to the payment service provider, which then uses these data to conduct a risk assessment. Payment-related data will also be consulted for anonymised analyses.

In order to use the WiFi and the onboard portal with all its functions, you as the user must agree to the conditions of use when you connect to the WiFi. The conditions of use also inform you of the use of cookies in the Vienna Airport Lines onboard portal. In the course of the use of the Vienna Airport Lines onboard portal, no personal data of the customer is collected or used by us.

When using our website tickets.postbus.at your ticket purchase data is stored in your web browser by means of HTML storage. This ensures that all functions can also be used if you choose to use our software without registering. We will only store personal data for quicker processing of future purchases if you wish us to do so.

UIn order to improve our products and services and adapt them to customer requirements, we conduct surveys with different target groups. We thereby commission market research companies or conduct the surveys ourselves. Persons to be surveyed can be selected either completely randomly or based on social statistics or usage-specific factors. Contact with participants can be implemented via the pools of respondents for market research companies ‒ carried out without our input at the sole responsibility of partner operators. Or we invite interested persons in general, without individually addressing participation in the survey. In case of specific survey topics we also address customers of ÖBB PV AG.

Establishing personal reference is not intended for any surveys. All surveys are conducted completely anonymously. This is true even if we write to you directly as customer or you have declared your consent in advance to participate in a survey

We only receive or compile an overall evaluation of data, which do not show individual interviews or persons.

If we address our customers directly, we will then exclusively contact people who have given consent thereto.

Should we conduct the survey in cooperation with a market research company in specific cases, we shall conclude a separate confidentiality agreement with said company in advance of a customer survey, laying down the secure handling of your data specifically for the individual case. In particular this Agreement shall ensure that the company will not transfer your data to other market research institutions and other third parties for surveys for their own purposes.

In any case you are not obliged to take part in any of our customer surveys.

We use personal data to send you information, offers and recommendations from us or our cooperation partners. This, however, only if you give us your consent in advance that we may contact you by e-mail, telephone, SMS or other channels (e.g. by post) in order to inform you about interesting offers, new developments and services in a timely manner. Depending on the content of your consent, you will receive offers and other information about the Vienna Airport Lines, our Postbus Shuttle, information about other services, competitions and customer surveys as well as information about the ÖBB Group, i.e. other affiliated companies (e.g. information about travel offers from Rail Tours Touristik GmbH or about car sharing offers from Rail Equipment GmbH or ÖBB-Personenverkehr AG) and our other cooperation partners. You can revoke your consent at any time without giving reasons. In this case, we will not send you any offers or information by e-mail or SMS, or contact you by telephone for this purpose. To do this, please click on the unsubscribe link in a newsletter, and we will then no longer send you electronic mail. It can take up to 24 hours for the activation of a revocation in the systems to be completed.

In all other cases, please contact our ÖBB Customer Service at the following email address: postbus.datenschutz@postbus.at

Cookies are small text files or codes, which contain information units. These text files are stored on your hard drive or in the main memory of your browser if you visit one of our websites. Thanks to cookies, the contents of our websites can be structured more easily and devices on which you have previously visited our websites can be identified. We use cookies to gain a better understanding of the functioning of applications and websites and to analyse and optimize the user experience when using our websites online and on mobile devices.

Cookie categories

We primarily use cookies from the following categories on our websites:

Operationally necessary cookies

These cookies are necessary to allow you to use our websites as intended and make all functions available to you. Without such cookies the requested services cannot be provided. These cookies do not record information about you and do not store Internet locations. Absolutely necessary cookies cannot be deactivated on our site. However, they can be deactivated at any time on the browser that you use.

Functional cookies

These cookies are necessary for certain applications or functions of the website, allowing them to be duly executed. This may for example include cookies, which store implemented settings such as a visitor’s language setting or even – assuming your prior consent – precompleted forms.

Storage period: in the event of a session cookie for the period of the session, or in the event of your prior consent for the period of your consent.

Analytical cookies

These cookies collect information on user behaviour for visitors to our websites. For example, a record is kept of which websites are most frequently visited and which links are clicked on. All recorded data are stored anonymously with information for other visitors. Using data obtained by these cookies, we can compile analytical evaluations on our website using Piwik and thereby continually improve the user experience.

Storage period: in the event of a session cookie for the period of the session, in all other cases (for example for our web analysis service PIWIK) for a maximum three years.

How long are cookies stored on my device?

The time that a cookie stays on your device depends on whether it is a persistent cookie or a session cookie. Session cookies only remain on your device until your browser session is finished. Persistent cookies remain stored on your device, even after you have completed a browser session, until such time as the preset time for the cookie has expired or it has been deleted.

Our websites and digital dialogue with our customers use Piwik, a web analysis service. Piwik uses cookies, which allow us to conduct an analysis of the use of our websites.

For this purpose, usage information generated by the cookie (including your abbreviated IP address) will be transferred to our server and stored for usage analysis purposes, which on our part serves for website optimization. Your IP address is immediately anonymized in this operation, meaning that you remain anonymous to us.

Information generated by cookies on the use of our websites shall not be transferred to third parties.

You can prevent the use of cookies through an appropriate setting in your browser software. However, in this case it may happen that not all functions of our websites can be used in full.

If you do not agree to the storage and evaluation of data in relation to your visit and the use of our websites, storage and usage may be objected to at any time (see terms of use for the website www.postbus.at/). In this case a so-called opt-out cookie is stored in your browser, resulting in Piwik not collecting session data.

For technical reasons, specific data and information must be collected and stored for visits to our websites, e.g. websites used, time and duration of visit and data made available by the used browser (e.g. on the operating system and used system settings). We use such data and information anonymously in order to design our offer in a userfriendly way and technically optimize our offer.

Should you provide personal data or information on our websites, we can continue to use them within the framework of the legal requirements of TKG [Telecommunications Act] without your further consent. Use for advertising or marketing purposes, or transfer to third parties, which requires your separate prior consent, shall be exempt from this. We will separately inform you about any communications to other ÖBB affiliated companies (e.g. in the event of a concern, complaint, etc.).

Should you access the abovementioned offers on our websites or switch to these websites, we will share data provided by the browser with such operators. We are generally not responsible for contents offered on these external sites, both with regard to data protection and to the technical security of the data and information provided. Please note in this context that external providers use technologies for personalization of advertising.

If we provide a contact option through an input screen on our website, this communication shall be encrypted on the https protocol. Please note that the confidentiality of other communications on the Internet, in particular via email, is not guaranteed, and we therefore recommend not transmitting confidential data and information by email.

By information security we mean: confidentiality of data, data integrity and data availability.

In order to guarantee information security, we have established organizational framework conditions and protective measures, which conform to the latest technology. This includes:

• load distribution;

• firewalls;

• encryption;

• security tests;

• system reviews; and

• ongoing monitoring.

Access rights are only granted to our employees to the absolutely necessary extent, specifically for the role. The use of such access rights is recorded in writing.

Your data shall be protected by a secure online connection (TLS) between your PC and our servers, depending on the browser configuration, with at least 128 Bits.

By processors we mean our contractual partners, who process personal data on our behalf (example: maintenance of our databases).

We only employ processors for our lawfully conducted data processing. We always assure ourselves in advance that the individual processor is suited to service performance, in particular that the processor provides a sufficient guarantee of secure and lawful use of data.

Processors that we have selected only receive personal data from us to the extent that is absolutely necessary.

Our processors have contractually undertaken:

• to solely use personal data for the purpose of the contract;

• to delete personal data once the purpose of the contract is complete;

• not to share personal data with third parties;

• not to use personal data for their own purposes; and

• to comply with new obligations under the General Data Protection Regulation (e.g. keeping a register of processing activities, conducting a data protection follow-up assessment as required, etc.).

Before employing a processor, we conclude a written agreement with it, in which special obligations are imposed on the processor and its employees, and they again are subject to a separate confidentiality obligation. We impose certain data security measures on the processor to ensure that customer data and data processing are sufficiently protected.

In the course of the previous sections we have informed you comprehensively about the purposes of our data processing, categories of recipients, the legal basis and legal framework, the storage period and the rights to which you are entitled. In all data processing, we have taken care to ensure that data collection and data scope is limited to the absolutely necessary extent. Therefore, if we ask you to disclose your data, this is necessary so that we can

• you purchase one of our products,

• you in case of loss of an object or rental / sale of buses can contact you or

• we will be able to contact you in the event of a default or any outstanding debt,

• we can answer your complaint / inquiry

• you can assert your rights as a passenger or under the DSGVO

• we will be able to include you - provided you have given your consent in advance - in our direct advertising measures or involve you in our quality assurance or customer surveys.

If you do not or not fully comply with our request for data disclosure, it is not ensured that we will be able to comply with or process your aforementioned request.