Fahrradweg mit Fahrradsymbol und Richtungspfeil

Cycle Network

Find your way through the city

Radparken

Discover all offers
Mann öffnet die Tür einer Radstation, um sein Fahrrad dort drin wegzuschließen

Bike stations (Radstationen)

Rent your bike parking space at underground & S-Bahn stops
Fahrradbox

Parking your bike in your neighbourhood

Find out more about the bike boxes pilot project
Fahrradwegsymbol auf Straße

Data Privacy

Data privacy statement for the Radkultur Hamburg website

The purpose of this data privacy statement is to inform you, pursuant to Directive (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR) about how we process your personal data and what rights you have as a data subject affected by our processing of your data.

A. Who is responsible for data processing and who can I speak to?

The responsible body (“Data Controller”) for processing your data is:

P + R-Betriebsgesellschaft mbH
Steinstraße 20
20095 Hamburg

Phone: (040) 3288-2553
E-Mail: moin@radkultur.hamburg

You can reach the designated Data Privacy Officer at:

Hamburger Hochbahn AG
Stabsstelle Datenschutz
Steinstraße 20
20095 Hamburg
E-Mail: datenschutzbeauftragter@hochbahn.de

B. What data do we process and for what purpose? In the following we describe what purposes we process your data for and how we do it. We will inform you here about: Use of our website www.radkultur.hamburg Collecting and processing of data at radkultur.hamburg You can find further data privacy information on video surveillance in the buildings and vehicles of P + R-Betriebsgesellschaft mbH and for communication with P + R-Betriebsgesellschaft mbH under https://www.pr.hamburg/service/kontakt/datenschutz/

B.1 Use of our website radkultur.hamburg

Provided that you have given your consent to the processing of your data, we process your personal data based on Art. 6 Par. 1 (a) GDPR or Art. 9 Par. 2 (a) GDPR if special categories of data as defined in Art. 9 Par. 1 GDPR are processed. If you have given your explicit consent to data being transferred to third countries, processing will in addition be carried out based on Art. 49 Par. 1 (a) GDPR. Provided that you have given your consent to the storing of cookies or allowed access to information on your end device (e.g. through device fingerprinting), processing will in addition be carried out on the basis of § 25 Par. 1 of the Law on Data Privacy in Telecommunications and Telemedia (Telekommunikation-Telemedien Datenschutz-Gesetz (TTDSG)). Such consent can be revoked at any time. If your data are needed for the fulfilment of contractual purposes or for the implementation of pre-contractual measures, we process your personal data based on Art. 6 Par. 1 (b) GDPR. In addition we process your data if they are needed for the fulfilment of a legal requirement on the basis of Art. 6 Par. 1 (c) GDPR. Data may also be processed according to Art. 6 Par 1 (f) (Overriding Legitimate Interest) based on our legitimate interest. The following paragraphs will inform you concerning the relevant legal grounds for processing in individual cases.

B.1.1 Hosting

We host the contents of your website with the following provider: Servd Hosting, Pomegranate Consulting 6th Floor, 49 Peter Street, Manchester, M2 3NG, United Kingdom (hereinafter servd). You can see details in this context in the privacy statement of servd at: https://servd.host/privacy. servd is used based on Art. 6 Par. 1 (f) GDPR. We have a legitimate interest in the most reliable presentation possible of our website. B.1.2 SSL or TLS encryption For reasons of security and to protect the transmission of confidential information such as e.g. orders or enquiries which you send to us as the operator of the website, this site uses SSL or TLS encryption. You can spot an encrypted link by the switch from “http://” to “https://” in the address field of your browser and the lock icon in your browser line. When the SSL or TLS encryption is activated, the data you send to us cannot be read by third persons.

B.1.3 Cookies

Our web pages use so-called “cookies”. Cookies are small files that do not damage your end device. They are either stored temporarily for the duration of your visit to the website (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them or your browser automatically deletes them. In some cases, cookies from third party companies may be stored on your end device when you enter our website (third party cookies). These enable us or you to use certain services offered by these third-party companies (e.g. cookies for processing payment service transactions). Cookies have different functions. Many cookies are technically necessary since certain website functions will not work without them (e.g. displaying videos). Other cookies are used to evaluate user behaviour or to show advertising material. Cookies required for the implementation of electronic communication transactions (necessary cookies) or to deliver specific functions you have asked for (functional cookies) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 Par. 1 (f) GDPR where no other legal grounds are given. The operator of the website has a legitimate interest in storing cookies to ensure the technically flawless and optimized delivery of their services. If you have been asked to give your consent to the storing of cookies, the cookies in question will only be stored exclusively based on such consent (Art. 6 Par. 1 (a) GDPR and § 25 Par. 1 TDDDG); consent can be revoked at any time. You can choose your browser settings so that you are informed about the placing of cookies and allow cookies only in individual cases, as well as exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies whenever you close your browser. If you deactivate cookies, the functionality of this website may be restricted. If cookies of third parties or for analytical purposes are used, we will inform you separately elsewhere in this data privacy statement and ask for your consent where needed.

B.1.4 Giving consent with Cookiebot

Our website uses consent technology from Cookiebot to obtain your consent to storing certain cookies on your end device or the use of certain technologies and to document these in compliance with data privacy regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”). When you visit our website a link is created to the servers of Cookiebot to obtain your consent and other declarations concerning the use of cookies. After that, Cookiebot places a cookie in your browser to be able to allocate the consent you have given or its revocation to you. The data collected in this way are stored until you instruct us to delete them, delete the Cookiebot cookie yourself or the purpose for which the data were stored has ceased to exist. Mandatory legal retention requirements are not affected by this. Cookiebot is used to obtain the consent for the placing of cookies prescribed by law. The legal basis for this is Art. 6 Par. 1 (c) GDPR. This website uses cookies. We employ cookies to personalize your contents and advertising material, to offer functions for social media and to analyse visits to our website. In addition we pass on information on your use of our website to our partners for social media, advertising and analysis. Our partners may possibly combine such information with further data which you have provided to them or which they have collected in connection with your use of their services. Cookies are small files used by websites to make user experience more efficient. According to law, we may store cookies on your device if they are absolutely necessary for the operation of this website. For all other types of cookies we need your consent.

B.1.5 Contact form

When you send us enquiries using our contact form, the details you give on the contact form including your contact data there are stored by us for the purpose of processing your enquiry and for any follow-up questions which may come. We will not pass on this data without your consent. Processing of such data is done based on Art. 6 Par. 1 (b) GDPR insofar as your enquiry has to do with the fulfilment of contractual purposes or is necessary for the implementation of pre-contractual measures. In all other cases processing of your data is based on our legitimate interest for effective processing of enquiries addressed to us (Art. 6 Par. 1 (f) GDPR) or on your consent (Art. 6 Par. 1 (a) GDPR) if this was asked for; consent can be revoked at any time. The data you enter on the contact form remain with us until you instruct us to delete them, revoke your consent to storing them or the purpose for which the data were stored has ceased to exist (e.g. when the processing of your enquiry has been completed). Mandatory legal requirements – in particular retention periods - are not affected by this.

B.1.6 Integration of Mapbox API

We have integrated the card service Mapbox into our website to enable you to use our products simply and reliably. The provider is Mapbox Inc. with its head office in 740, 15th Street NW, Washington DC, 20005, USA. To use the functions of Mapbox, we need to store your IP address. In addition to this, information on your device and location data will be collected and stored temporarily. This information will normally be transferred to a Mapbox server in den USA and may be processed there. To find out more about data processing by Mapbox, go to https://www.mapbox.com/privacy/. You decide actively whether you want to help improve OpenStreetMap and Mapbox maps by collecting anonymised data on their use. Mapbox uses location data taken from all integrated services to improve your maps, route descriptions and journey times and to deliver aggregated findings. To do this, we ask for your consent via our consent tool (see B.1.4). Provided that such consent has been asked, processing will be done exclusively on the basis of Art. 6 Par. 1 (a) GDPR and § 25 Par. 1 TDDDG to the extent that the storing of cookies or the access to information in the user’s end device (e.g. device fingerprinting) as defined by the TDDDG is involved. You have the option to adjust your consent at any time using the privacy settings of the website. Mapbox is in possession of an “EU-U.S. Data Privacy Framework” certification You can find additional information under C. EU-U.S. Data Privacy Framework.

B.1.7 Integration of YouTube videos

This website integrates videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland. We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about the user on this website before they have viewed the video. It is not necessarily excluded by the extended data protection mode that data may be passed on to YouTube partners. The extended data protection mode does not, on the other hand, necessarily exclude the passing on of data to YouTube partners. So, for instance, YouTube activates a link to the Google DoubleClick Network – irrespective of whether you have watched a video or not. As soon as you start a YouTube video on this website a link is created to the servers of YouTube. With this, information about which of our web pages you have visited is transmitted to the YouTube server. If you are logged in to your YouTube account you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. In addition, YouTube can store various cookies on your end device or use comparable recognition technologies after you start a video. In this way YouTube can receive information about the visitors to this website. Such information is used, among other things, to create statistical data about video use, to improve user friendliness and to prevent any attempted fraudulent use. After the start of a YouTube video, further data processing may be triggered over which we have no influence. YouTube is used in the interests of providing an attractive presentation of our website products. This constitutes a legitimate interest as defined by Art. 6 Par. 1 (f) GDPR. Provided that such consent has been asked, processing will be done exclusively on the basis of Art. 6 Par. 1 (a) GDPR and § 25 Par. 1 TDDDG to the extent that the storing of cookies or the access to information in the user’s end device (e.g. device fingerprinting) as defined by the TDDDG is involved. Your consent can be revoked at any time. You can find further information about data privacy at YouTube in their data privacy statement at: https://policies.google.com/privacy?hl=de. Google is in possession of a certification according to the “EU-U.S. Data Privacy Framework”. You can find additional information under Point C. EU-U.S. Data Privacy Framework.

B.1.8 Use of analysis tools and advertising

This website uses the open-source web analysis service Matomo. Matomo helps us to collect and analyse data about the use of our website by the visitors to it. With this, we can, among other things, elicit when which pages were accessed and from what region. In addition we record various log files (e.g. IP addresses, HTTP referrers, the browsers used and the operating systems) and can measure whether visitors to our website carry out certain actions (e.g. clicks, orders etc.). The use of this tool is based on Art. 6 Par. 1 (f) GDPR. The operator of the website has a legitimate interest in analysing user behaviour in order both to optimize their web services and their advertising material. Provided that such consent has been asked, processing will be done exclusively on the basis of Art. 6 Par. 1 (a) GDPR and § 25 Par. 1 TDDDG to the extent that the storing of cookies or the access to information in the user’s end device (e.g. device fingerprinting) as defined by the TDDDG is involved. Your consent can be revoked at any time. IP anonymization We employ anonymization of IPs when using Matomo. In this, your IP address is shortened before analysis takes place, so that it can no longer be clearly assigned to you. Cookieless analysis We have configured Matomo in such a way that Matomo cannot store any cookies in your browser. Hosting We host Matomo in the Matomo Cloud, an eb analysis service from InnoCraft Ltd. 150 Willis St 6011 Wellington New Zealand Data Processing Agreement We have a data processing agreement to use the services of the contractor given above. Your visit to this website is currently being recorded by Matomo web analysis. Deselect this checkbox to opt out.

B.1.9 Friendly Captcha

We use Friendly Captcha on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee. Friendly Captcha is intended to check whether the entry of data on this website (e.g. in a contact form) comes from a human being or an automated program (a robot). To do this, Friendly Captcha analyses the behaviour of the website visitor by means of different features. In this analysis, Friendly Captcha evaluates different information (e.g. anonymized IP addresses, http referrers, visit times etc.). You can find more information about this at: https://friendlycaptcha.com/legal/privacy-end-users/. Storage and analysis of the data is based on Art. 6 Par. 1 (f) GDPR. We have a legitimate interest in protecting our web products from misuse of the data which might arise due to spying out the internet transfer and/or from spam. Provided that such consent has been asked, processing will be done exclusively on the basis of Art. 6 Par. 1(a) GDPR and § 25 Par. 1 TDDDG to the extent that the storing of cookies or the access to information in the user’s end device (e.g. device fingerprinting) as defined by the TDDDG is involved. Your consent can be revoked at any time.

B.2 Data collection and processing at radkultur.hamburg

B.2.1 Ordering the authorization to use our bike parking facilities

A fee is charged for use of our bike parking facilities. In this context we offer subscription arrangements enabling the use of our locked bike parking facilities. In such cases our business relationship with you is deemed to be a continuing obligation so that we need certain basic information such as your name, address and bank details (master data) on a continuous basis and need to process it. These personal data are necessary in order for you to have a contract for the use of a bike parking facility. Without such data, no contract can be concluded, so that the processing of such data is based on Art. 6 Par. 1 (b) GDPR.

B.2.2 Participation in the pilot project bicycle lockers (Radboxen)

You can register for participation in our pilot project bicycle lockers (Radboxen) via this form. The application form is online from to May 20th, 2024. When you register, you will be pooled with other applicants to check your data. The legal basis for belonging to the applicant pool is your consent pursuant to Art. 6 Par. 1 (a) GDPR. The application to be a part of the applicant pool is voluntary and is deemed to exist as of the time you send the application form. You can revoke your consent to participate in the project at any time (Art. 7 Par. 3 GDPR). This can be done by a short message to this effect to radboxen@radkultur.hamburg. The data recorded in the applicant pool will then be deleted. We will select 200 persons by lot out of the participants registered in the applicant pool. These 200 test persons will then participate in a two-tier evaluation process (an online questionnaire) during the test rental period. Since there will be two test cycles, two test groups of 100 persons each will take part (test cycle A: July– December 2024, test cycle B: January – June 2025; subject to possible project delays). A contract will be concluded with the selected persons. The legal basis for the processing of this data is Art. 6 Par. 1 (b) GDPR (fulfilment of contractual purposes or implementation of pre-contractual measures). The data of the test persons will be deleted after the relevant test cycles. The data of those persons who were not selected will remain stored until the start of test cycle B. If persons should decide at short notice not to take up their slot in the bicycle lockers they have been assigned, we can thus choose who can move up from this reserve list. The continued storage of the data in the applicant pool is based for the reasons given above on our overriding legitimate interest (Art. 6 Par. 1 (f) GDPR. Since you can revoke your consent to your data being stored at any time, we see no contrary interest here.

C. EU-U.S. Data Privacy Framework

We also use service providers who are certified according to the “EU-U.S. Data Privacy Framework” (EU-U.S. DPF). The EU-U.S. DPF is an agreement between the European Union and the US guaranteeing that data processing in the USA will be performed in compliance with European standards. Every company certified according to the EU-U.S. DPF undertakes to comply with these data processing standards. You can find further information about this under the following link: https://www.dataprivacyframework.gov/. If a company is certified according to the EU-U.S. DPF the transmission of data to the USA is carried out pursuant to Art. 45 GDPR on the basis of an adequacy decision by the European Commission of 10.07.2023. Such an adequacy decision enables the transmission of personal data from the EU to the third country in question without the need for further transmission instruments or additional measures.

D. Storage period

If no specific instructions were given in connection with the individual types of processing mentioned above, P + R-Betriebsgesellschaft as your contract partner will only process and store your personal data for the period of time necessary to fulfil our contractual and legal obligations. We distinguish here between different categories of data. If data stored to directly fulfil contractual and legal obligations are no longer needed, for instance when they refer to sales turnover which has already been settled, they will be regularly deleted, unless it is necessary to prolong their storage (for a limited time) for the following purposes: fulfilment of commercial or tax retention periods, e.g. under the German Commercial Code (“Handelsgesetzbuch”) and German Tax Code (“Abgabeordnung”). The retention and documentation periods stipulated in these regulations are up to ten years; preservation of evidence within the scope of the statute of limitations: according to §§ 195 ff. of the German Civil Code (BGB), these periods of limitation are generally three years, but can also be up to 30 years in individual cases.

E. Data privacy rights

The GDPR grants data subjects whose personal data are processed by us certain rights, about which we would like to inform you here. If you have any further questions concerning this or about other aspects of data privacy at Hamburger Hochbahn AG, you are welcome to get in touch with us as the Data Controller or with our Data Privacy Officer. You can find the contact details for this in Section A.

E.1 Information, access, erasure and rectification

You have the right at any time, free of charge, to request from us information on your personal data stored by us. This includes information on the purposes of the processing for which the personal data are intended, the category of the data used, its recipients and the planned period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period. In addition you have the right to the erasure or rectification of personal data concerning you, in particular if such data are incomplete or inaccurate, are no longer needed for the purposes for which they were collected or if you have withdrawn your consent to their processing.

E.2 Revocation of consent

Where the processing is based on your consent, you have the right to withdraw consent at any time. To do this, a simple email without formal requirements is sufficient. This shall not affect the lawfulness of processing based on consent before its withdrawal.

E.3 Right to object

If the processing takes place based on a legitimate interest of ours, you have the right to object, on grounds relating to your particular situation, at any time to processing of such personal data. (Art. 21 Par. 1 GDPR).

E.4 Right to Restriction of Processing

You have the right to obtain from us the restriction of processing your personal data where one of the following applies:

  • When you contest the accuracy of the personal data stored by us, we will normally need some time to check this. For the period needed by us to verify the accuracy of the personal data, you have the right to request that we restrict the processing of such personal data.
  • When the processing of your personal data was or is unlawful, you have the right to request the restriction of their use instead of their erasure.
  • When we no longer need your personal data for the purposes of the processing, but we still need them for the establishment, exercise or defence of legal claims, you have the right to request the restriction of their use instead of their erasure.
  • When you have objected to processing pursuant to Art. 21 Par. 1 GDPR, the comparative merits of your and our interests must be considered. You have the right to request the restriction of your personal data pending the verification of whether our legitimate grounds override your rights as data subject.

E.5 Right to data portability

You have the right to have personal data which we process in automated form on the basis of your consent or in fulfilment of contractual obligations made available to you or a third party by us in a structured, conventional and machine-readable format. If you ask us to transfer such data directly to another data controller, we will only comply with you request if it is technically feasible. E.6 Right of complaint to the regulatory authorities You have the right – without prejudice to any other administrative or judicial remedy - to lodge a complaint with the competent regulatory authority if you are of the opinion that the processing of your personal data infringes data protection law. The competent regulatory authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22
20459 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de
Internet: https://www.datenschutz-hamburg.de

As per: May 2024