Protecting your personal data is a particular concern of ours. We therefore exclusively process your data on the basis of statutory regulations (in particular based on the provisions of the General Data Protection Regulation, the national Data Protection Act and the Telecommunications Act). We wish to inform you of the most important aspects of data processing on our website in this Data Privacy Statement.
Our Data Privacy Statement applies to anyone who makes use of one of our products or services, vists our websites or makes contact with us. We have drafted separate data privacy statements for special services, which specifically govern data processing and the associated data protection issues. This Data Privacy Statement is therefore only applicable where specific data privacy statements do not contain more specific provisions in the individual case. There are special data protection statements for the online distribution of tickets or for the Postbus shuttle.
We are also continually developing our performance, provision and services. As a result we also continuously adapt the data privacy statement. However, we shall ensure that the latest effective version is always available to you.
We provide online forms in various sections on www.postbus.at if you wish to contact us via our website or by email. Contact shall be made:
Our customer service
You are welcome to contact us with your concerns, applications, complaints, wishes (eg applications, complaints, wishes (e.g. the transmission of travel information) and other suggestions or for advice on services). and other suggestions or for advice on services. Our customer advisors are available to you either by telephone or by e-mail:
Phone: +43 (0) 5 17 17 or
The ÖBB customer service of ÖBB-Personenverkehr AG, which we use as a trustworthy contract processor and through which the data processing takes place on our behalf, acts as a customer consultant.
The data provided by you in connection with your request (in particular first and last name, address data, e-mail address, documents and other information) will be used exclusively for case processing and therefore not for any other purpose. By using the ÖBB customer service, not only a quick and professional processing of your request is ensured, but also a procedure in accordance with the data protection regulations, because employees strive for your request, who pay the utmost attention to compliance with data protection aspects.
Under the heading "Use of contract processors" in our data protection declaration, we have generally explained the framework conditions under which contract processors are used by us. We refer to these remarks, which also apply without restriction to ÖBB customer service.
You have the opportunity to purchase Vienna Airport Lines tickets online at https://tickets.postbus.at/ im Wege eines Onlinekaufes zu erwerben.
With Vienna Airport Lines you can book bus journeys from Vienna to Vienna Airport and back.
The Thermenlandbus offers bus connections from Vienna Central Station to the thermal spas H2O Kindertherme, Heiltherme Bad Waltersdorf, Rogner Bad Blumau and Therme Loipersdorf, as well as to the thermal capital Fürstenfeld and back.
You can easily purchase tickets for your trip through the following distribution channels:
You have the choice between single tickets, tickets for return journeys, weekly/monthly tickets or a combination ticket which already includes the admission price to the thermal bath.
We have compiled more detailed information for you on our website at https://www.postbus.at/ zusammengestellt.
The Postbus Shuttle creates a mobility offer in certain Austrian communities where no corresponding public transport is available. The Postbus Shuttle is a mixture of call bus and shared taxi, a "public taxi".
f this service is available in your community, trips can be booked via the Postbus Shuttle App. A special data protection declaration has been drawn up for data processing, which you are welcome to view on our website under "Legal".
The legal basis for data processing in accordance with Article 6 DSGVO is either the fulfilment of a contract, the fulfilment of a legal obligation, your prior consent or our over-riding legitimate interests, which may also include processing for a further purpose.
Data that can be assigned to your person can be derived from the following causes, purposes and sources:
Data are generally collected and processed for the purpose of contract implementation (e.g. in the event of concluding a transport arrangement, when renting or selling a bus), handling and responding to your queries, checking any applications for reimbursement and compensation, your voluntary participation in a customer survey, sending a newsletter, sending queries within the scope of quality measurement.
Die ÖBB-Postbus Aktiengesellschaft FN 250198p, Am Hauptbahnhof 2, 1100 Vienna, Telephon +43 5 1717 is the person responsible for data protection within the meaning of Article 4 item 7 DSGVO.
Data processed for these purposes shall be disclosed as required and according to the intended use to the following categories of recipients:
We therefore carry out data processing in particular based on the legal framework conditions summarized again below (as amended):
We shall not transmit personal data to a third country or an international organization.
In the event of any questions on data protection or the use of your personal data, feel free to contact our data protection officers.
Contact data for data protection officers:
Österreichische Postbus Aktiengesellschaft
Am Hautbahnhof 2
1100 Wien 1100 Vienna
In general personal data are only stored by us to the extent that is absolutely necessary and are essentially deleted following expiry of the statutory period of limitations under civil law of three years (e.g. customer correspondence) or in the event of invoice-relevant data after ten years (e.g. booked tickets, customer cards), according to § 212 UGB or §§ 132 et seq. BAO. A longer storage period is only implemented in justified individual cases, for example as a result of an ongoing civil law or regulatory dispute.
In detail we would like to highlight the following different topics:
(1) Rights of data subjects
As the data subject in the individual case, you are entitled to assert the following rights of data subjects against us, if we are the controller for data processing:
Right of access (Article 15 GDPR)
You have the right to demand information on which personal data are collected about you and held by us.
Right to rectification and erasure (Article 16 GDPR)
You have the right to rectify any incorrect data concerning your person (e.g. spelling mistakes).
Right to erasure (Article 17 GDPR)
You have the right for personal data to be deleted, provided such deletion is covered by the cases set out in Article 17 GDPR, for example if we were to wrongfully process data.
Right to restriction (Article 18 GDPR)
You have the right of a data subject to demand that the controller restrict the processing of personal data about you if the requirements under Article 18 GDPR are in place.
Right to data portability (Article 20 GDPR)
You have the right of a data subject to receive the data provided by you in an interoperable format.
Right to object (Article 21 GDPR)
You have the right of a data subject to raise an objection to data processing, provided the requirements of Article 21 GDPR are in place.
You have the right of a data subject to raise an objection to data processing, provided the requirements of Article 21 GDPR are in place.
Österreichische Postbus Aktiengesellschaft
(Subject: assertion of rights of data subjects)
Am Hauptbahnhof 2
Please attach a copy/scan of an official photo ID to your application, indicating your date of birth (e.g. identity card, driving licence or passport). This is because we have to check your identity before we can reply to your request or make the necessary arrangements. The purpose of this identity check is to enable us to establish your actual capacity as a data subject, in order to ensure that personal data are not disclosed to unauthorized third parties (risk of misuse).
Once we have received your request and you have proven your identity, we will respond to your request within four weeks. In the event that we have specific questions as part of the reply, we will contact you and ask you to cooperate and assist.
Furthermore, you have the right to submit a complaint to the data protection authority, according to §§ 24 et seq. DSG [Data Protection Act] and Article 77 et seq. GDPR if you believe that we have breached obligations under the General Data Protection Regulation.
Austrian Data Protection Authority,
1030 Vienna, Barichgasse 40-42
Telefon: +43 1 52 152-0
(3) Withdrawal of consent
If you have consented to your data being processed for a specific purpose, you have the right to withdraw your consent at any time, without indicating reasons.
In designing our service,
we have paid attention to the fact that data is only collected and processed to the extent that is absolutely necessary.
The following are essential in this context
Ticket sales by third parties via external booking platforms
We have extended our distribution channels for you. This means that you can now also find our connections on partner platforms and can, in part, also book your ticket directly on the platform of our partner. If the booking is made through a partner, we exchange only the schedule and ticket information with the partner that is required for the creation of the ticket. The respective partner is responsible for the protection of the data processed on the partner platform of the partner.
Use of payment information
By payment information we mean information that we require for processing the payment. We will never store any payment information, such as credit or debit card numbers, expiry date, the card validation code (CVC) or user account and password data. We will only store payment information to a limited extent, i.e.
In all other cases, payment information (e.g. expiry date or the card validation code (CVC)) will be processed and used by a tested and certified payment service provider (Terminal Service Provider and Payment Service Provider).
In order to clearly authorise a payment, the payment service provider will require various pieces of information from us, such as e.g. identification data for browser and operating system type, which are saved by us and forwarded to the payment service provider for processing the payment.
The European Banking Authority (EBA), Regulatory Technical Standards (RTS) and the revised Payment Services Directive (PSD2) prescribe strict authentication methods for combating online fraud. PSD2 aims at preventing online fraud with strict customer authentication rules applied to an increased number of transactions.
So-called Strong Customer Authentication (SCA) is an obligatory part of PSD2 and ensures a high level of customer protection and increased payment security. SCA is there-fore required whenever you, the customer, start an electronic payment process or perform a transaction that poses a risk of fraud or other misconduct. In this case, you will be required to complete an identification process by providing a password and another identification factor as determined by the payment service provider. In certain exceptional cases, this authentication can be dispensed with. The decision to apply SCA or dispense with authentication rests with the payment service provider.
besondereWe are required to provide the payment service provider with the relevant data requested in order to secure your payment transaction (see in particular https://doc.wirecard.com/CreditCard.html#CreditCard_PSD2).
More information on this can also be found on the payment service provider’s own website (see, for example, https://www.wirecardbank.de/DSGVO or https://www.wirecardbank.de/datenschutzbestimmungen/).
For the purposes of payment risk management, as required in the specific case and as part of the purchase transaction, personal data may be transmitted in the absolutely necessary extent to the payment service provider, which then uses these data to conduct a risk assessment. Payment-related data will also be consulted for anonymised analyses.
When using our website tickets.postbus.at your ticket purchase data is stored in your web browser by means of HTML storage. This ensures that all functions can also be used if you choose to use our software without registering. We will only store personal data for quicker processing of future purchases if you wish us to do so.
UIn order to improve our products and services and adapt them to customer requirements, we conduct surveys with different target groups. We thereby commission market research companies or conduct the surveys ourselves. Persons to be surveyed can be selected either completely randomly or based on social statistics or usage-specific factors. Contact with participants can be implemented via the pools of respondents for market research companies ‒ carried out without our input at the sole responsibility of partner operators. Or we invite interested persons in general, without individually addressing participation in the survey. In case of specific survey topics we also address customers of ÖBB PV AG.
Establishing personal reference is not intended for any surveys. All surveys are conducted completely anonymously. This is true even if we write to you directly as customer or you have declared your consent in advance to participate in a survey
We only receive or compile an overall evaluation of data, which do not show individual interviews or persons.
If we address our customers directly, we will then exclusively contact people who have given consent thereto.
Should we conduct the survey in cooperation with a market research company in specific cases, we shall conclude a separate confidentiality agreement with said company in advance of a customer survey, laying down the secure handling of your data specifically for the individual case. In particular this Agreement shall ensure that the company will not transfer your data to other market research institutions and other third parties for surveys for their own purposes.
In any case you are not obliged to take part in any of our customer surveys.
We use personal data to send you information, offers and recommendations from us or our cooperation partners. This, however, only if you give us your consent in advance that we may contact you by e-mail, telephone, SMS or other channels (e.g. by post) in order to inform you about interesting offers, new developments and services in a timely manner. Depending on the content of your consent, you will receive offers and other information about the Vienna Airport Lines, our Postbus Shuttle, information about other services, competitions and customer surveys as well as information about the ÖBB Group, i.e. other affiliated companies (e.g. information about travel offers from Rail Tours Touristik GmbH or about car sharing offers from Rail Equipment GmbH or ÖBB-Personenverkehr AG) and our other cooperation partners. You can revoke your consent at any time without giving reasons. In this case, we will not send you any offers or information by e-mail or SMS, or contact you by telephone for this purpose. To do this, please click on the unsubscribe link in a newsletter, and we will then no longer send you electronic mail. It can take up to 24 hours for the activation of a revocation in the systems to be completed.
In all other cases, please contact our ÖBB customer service using the following e-mail address: email@example.com
Operationally necessary cookies
These cookies are necessary to allow you to use our websites as intended and make all functions available to you. Without such cookies the requested services cannot be provided. These cookies do not record information about you and do not store Internet locations. Absolutely necessary cookies cannot be deactivated on our site. However, they can be deactivated at any time on the browser that you use.
These cookies are necessary for certain applications or functions of the website, allowing them to be duly executed. This may for example include cookies, which store implemented settings such as a visitor’s language setting or even – assuming your prior consent – precompleted forms.
Storage period: in the event of a session cookie for the period of the session, or in the event of your prior consent for the period of your consent.
These cookies collect information on user behaviour for visitors to our websites. For example, a record is kept of which websites are most frequently visited and which links are clicked on. All recorded data are stored anonymously with information for other visitors. Using data obtained by these cookies, we can compile analytical evaluations on our website using Piwik and thereby continually improve the user experience.
Storage period: in the event of a session cookie for the period of the session, in all other cases (for example for our web analysis service PIWIK) for a maximum three years.
How long are cookies stored on my device?
The time that a cookie stays on your device depends on whether it is a persistent cookie or a session cookie. Session cookies only remain on your device until your browser session is finished. Persistent cookies remain stored on your device, even after you have completed a browser session, until such time as the preset time for the cookie has expired or it has been deleted.
For this purpose, usage information generated by the cookie (including your abbreviated IP address) will be transferred to our server and stored for usage analysis purposes, which on our part serves for website optimization. Your IP address is immediately anonymized in this operation, meaning that you remain anonymous to us.
Information generated by cookies on the use of our websites shall not be transferred to third parties.
For technical reasons, specific data and information must be collected and stored for visits to our websites, e.g. websites used, time and duration of visit and data made available by the used browser (e.g. on the operating system and used system settings). We use such data and information anonymously in order to design our offer in a userfriendly way and technically optimize our offer.
Should you provide personal data or information on our websites, we can continue to use them within the framework of the legal requirements of TKG [Telecommunications Act] without your further consent. Use for advertising or marketing purposes, or transfer to third parties, which requires your separate prior consent, shall be exempt from this. We will separately inform you about any communications to other ÖBB affiliated companies (e.g. in the event of a concern, complaint, etc.).
Should you access the abovementioned offers on our websites or switch to these websites, we will share data provided by the browser with such operators. We are generally not responsible for contents offered on these external sites, both with regard to data protection and to the technical security of the data and information provided. Please note in this context that external providers use technologies for personalization of advertising.
If we provide a contact option through an input screen on our website, this communication shall be encrypted on the https protocol. Please note that the confidentiality of other communications on the Internet, in particular via email, is not guaranteed, and we therefore recommend not transmitting confidential data and information by email.
By information security we mean: confidentiality of data, data integrity and data availability.
In order to guarantee information security, we have established organizational framework conditions and protective measures, which conform to the latest technology. This includes:
Access rights are only granted to our employees to the absolutely necessary extent, specifically for the role. The use of such access rights is recorded in writing.
Your data shall be protected by a secure online connection (TLS) between your PC and our servers, depending on the browser configuration, with at least 128 Bits.
By processors we mean our contractual partners, who process personal data on our behalf (example: maintenance of our databases).
We only employ processors for our lawfully conducted data processing. We always assure ourselves in advance that the individual processor is suited to service performance, in particular that the processor provides a sufficient guarantee of secure and lawful use of data.
Processors that we have selected only receive personal data from us to the extent that is absolutely necessary.
Our processors have contractually undertaken:
Before employing a processor, we conclude a written agreement with it, in which special obligations are imposed on the processor and its employees, and they again are subject to a separate confidentiality obligation. We impose certain data security measures on the processor to ensure that customer data and data processing are sufficiently protected.
In the course of the previous sections we have informed you comprehensively about the purposes of our data processing, categories of recipients, the legal basis and legal framework, the storage period and the rights to which you are entitled. In all data processing, we have taken care to ensure that data collection and data scope is limited to the absolutely necessary extent. Therefore, if we ask you to disclose your data, this is necessary so that we can
If you do not or not fully comply with our request for data disclosure, it is not ensured that we will be able to comply with or process your aforementioned request.