Data protection

MVV GmbH processes the data provided by the customer when placing an order for the purpose of processing that order. The legal basis for this is Article 6(1)(b) of the GDPR. The recipients of this data are the employees of MVV GmbH involved in processing the order. The data will be deleted after ten years in accordance with commercial law requirements. No contract can be concluded without the provision of this data.

The special terms and conditions for mobile and online ticketing apply, available at 

Terms and Conditions for Mobile and Online Tickets, Section 12

The data provided by the customer in the online application form is processed for the purpose of issuing the customer card. This data (where marked with an *) is required to issue the customer card, which in turn is essential for using the student fare. Without this data, the service cannot be used.

The personal data to be provided when completing the application form for a customer card under the student fare scheme is used solely by employees of MVV GmbH, and in the case of orders placed via the S-Bahn München website also by employees of DB Vertrieb GmbH, for the purposes of verifying, creation, printing and dispatch of customer cards under the student fare scheme, as well as for the settlement of corresponding state compensation funds and for sales statistics (quantities only). The legal basis for the processing is Article 6(1)(b) of the GDPR; the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.

The data is stored for as long as it is necessary for the purposes stated; as a rule, it is deleted two years after the card is issued.

Data provided to MVV GmbH in connection with a suggestion or complaint will be stored and analysed in anonymised form for the purpose of processing the matter and improving quality. The data will be processed by employees of MVV GmbH; where the suggestion or complaint is forwarded to the relevant transport company for a response or to clarify the facts of the matter, the personal data provided will also be forwarded. The user expressly consents to this. The legal basis for the processing is Article 6(1)(a) of the GDPR (consent). Without the provision of the data, the complaint or matter cannot be processed.

To protect against spam, MVV GmbH uses the reCAPTCHA service provided by Google Inc. (“Google”). This service involves the transmission of your IP address and, where applicable, other data required by Google for the reCAPTCHA service to Google. The separate data protection provisions of Google apply to this data. Further information on Google reCAPTCHA’s privacy policy can be found at policies.google.com/privacy.

Enquiries sent outside the contact form will also be forwarded to the relevant transport company if necessary to answer the enquiry or clarify the facts; in such cases, the personal data provided will also be forwarded.

The data is usually deleted twelve months after processing.

When ordering MVV brochures online, the data provided by the customer is processed by employees of MVV GmbH for the purpose of fulfilling the order. The legal basis for the processing is Article 6(1)(f) of the GDPR. The legitimate interest of MVV GmbH, the transport operators and the public transport authorities lies in the (free) distribution of information material to encourage more people to switch to public transport. An order cannot be placed without providing the data. The data will be deleted two months after dispatch.

The MVV Partner Area serves as a data exchange platform for employees of transport companies and transport authorities. The data provided during registration is used by MVV GmbH staff to verify the user’s identity upon login and for functions related to the MVV platform. It is not processed for any other purposes. This data is not disclosed to third parties, unless this is necessary to achieve the purpose of the disclosure. The legal basis for the processing is Article 6(1)(f) of the GDPR. The legitimate interest of MVV GmbH, the transport authorities and the transport companies lies in the smooth transmission of information required by the employees of transport companies, transport authorities and MVV GmbH for their daily work. The personal data of the registered person will be deleted once they have logged out or are logged out. Registration is not possible without providing the data.

No personal data is processed in connection with enquiries made via the MVV Enquiry Service and the MVV Cycle Route Planner – apart from brief, technically necessary temporary storage in the context of IP-based communication and when using one of the ticket shops offered to purchase MVV OnlineTickets. When using a ticket shop offered for MVV OnlineTickets, personal data is processed in accordance with the data protection regulations applicable to the respective ticket shop. The regulations applicable to the sale of mobile and online tickets via the MVV GmbH ticket shop can be found in Section 12 of the General Terms and Conditions and Data Protection Principles.

When using timetable enquiries, the following data is stored on the end device: history of recently used locations, connections and routes, settings made, downloads (e.g. orientation maps, timetable displays and timetable book pages), server content received (map sections, journey information) as well as technically necessary cookies, described in more detail below.

To ensure secure operation, calculations for the electronic timetable enquiry service (departures, journey information, etc.) are logged on the timetable enquiry servers. The logs relate exclusively to the calculations performed and comply with the data protection principles of MVV GmbH. No personal data is transmitted or stored in the process; it is not possible to draw conclusions about the user or query patterns.

Where the user provides an email address, this is also stored temporarily for technical reasons only and is automatically deleted once the information has been sent; it is not used for any other purpose. The legal basis for processing is Article 6(1)(f) of the GDPR, to enable you, as a user, to access public transport more easily.

MVV Information and the MVV Cycle Route Planner use so-called functional, i.e. technically necessary, cookies. These cookies enable us to recognise and temporarily store information, such as language settings or your preferred method of accessing our mobile information portal. In addition, the cookies set optimise the processing of your connection requests on our server infrastructure (so-called session cookies). No personal data is collected or passed on in the process.

To improve the quality of the timetable information, MVV GmbH and/or IT service providers also compile anonymised usage statistics based on server requests. These are used solely for product improvement and do not contain any personal information. We do not use any tracking or advertising cookies in the MVV Timetable Information or the MVV Cycle Route Planner.

The mobile MVV information portal allows location data to be used for timetable enquiries. To use this function, you must explicitly consent to the use of location data in your browser. This data is used to determine waypoints in the route as well as nearby stops and departures. Location data is not stored permanently or passed on to third parties.

A code will be generated based on the information you provide to integrate the MVV timetable information into your website. This code is not stored permanently but is deleted once your enquiry has been processed. No personal data is collected, as, in particular, no IP address is stored.

Any documents you send us as part of an application will be reviewed by us to assess their suitability. The legal basis for this processing is Article 6(1)(b) of the GDPR; the processing is necessary for the implementation of pre-contractual measures. Unless otherwise agreed, these documents will be deleted (paper applications will be shredded) six months after a rejection.

The data you provide will be used solely for the purposes of the project. The data will not be passed on to third parties and will only be processed anonymously; we are unable to link it to any specific individual. Once the project has been completed, the raw data will be deleted, meaning that it will no longer be possible to link it to any specific individual.

As part of our competitions, we process personal data that you provide to us voluntarily (e.g. name, email address). This data is used solely for the purpose of running the competition and notifying the winners. For any deviating provisions, please refer to the terms and conditions of the respective promotion.

Purpose and legal basis of the processing:

The processing of your personal data is based on your consent in accordance with Article 6(1)(a) of the GDPR. Your data will only be stored for the duration of the competition and for the subsequent notification of winners. Afterwards, the data will be deleted, unless statutory retention obligations prevent this.

Data disclosure:

Your data will not be passed on to third parties and will not be used for advertising purposes.

Withdrawal of consent:

You have the right to withdraw your consent to data processing at any time with effect for the future. Withdrawal may be made by email to datenschutz(at)mvv-muenchen.de. Following withdrawal, your data will be deleted unless there are statutory retention obligations.

Prohibition of linking:

You are not required to consent to the anonymous statistical analysis of app data in order to take part in the competition.

MVV GmbH uses the data you provide solely for the purpose of sending the newsletter. Your data will not be passed on to third parties. The data is used in anonymised form by employees of MVV GmbH solely for statistical analysis of the newsletter distribution. The legal basis for processing is Article 6(1)(a) of the GDPR (consent). Your data will be deleted when you unsubscribe from the newsletter. Without the provision of this data, no newsletter can be sent.

To book on-demand services (MVV Ruftaxi, FLEX) online or by telephone, you must register by providing your name, telephone number and email address (this may not be required if you book by telephone). This data is used exclusively for the organisation, scheduling and execution of the booked journeys, as well as for contacting you in connection with the journeys you have booked (e.g. changes to journey times, enquiries regarding space requirements), and is passed on electronically via encrypted transport systems to the call-a-taxi centre and the relevant transport company for the same purpose. The legal basis for the processing is Article 6(1)(b) – the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures – and (f) of the GDPR. The legitimate interests of MVV GmbH, the transport operators and the public transport authorities lie in providing you, as a user of the MVV app, with better access to public transport and facilitating timetable enquiries and the purchase of MVV Mobile Tickets. Without the provision of this data, no booking can be made via the booking tool.

The data will be deleted no later than two years after the last use or booking. Furthermore, the data will be deleted within 30 days upon the customer’s express request by email to kundendialog@mvv-muenchen.de, provided that no statutory retention obligations prevent this.

The protection of your data is important to Münchner Verkehrs- und Tarifverbund GmbH (MVV, hereinafter referred to as MVV GmbH), Thierschstraße 2, 80538 Munich (hereinafter referred to as “we”). In addition to the so-called customer contract partners (MVG, S-Bahn München), we also process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Bavarian Data Protection Act (BayDSG) and all other relevant data protection laws.

Below, we explain how we, as MVV GmbH, process your personal data in connection with the use of electronic tickets (eTickets) on smart cards and what rights you have. In addition, our general data protection information applies. You can find this at https://www.mvv-muenchen.de/footer/datenschutz/index.html. You can find out how the customer contract partners process your personal data at

MVG: https://www.mvg.de/datenschutz-eticket.html

DB Vertrieb: https://www.bahn.de/p/view/home/datenschutz/schutz.shtml

1. Data controller

The controller responsible for the protection of your data entering and leaving the MVV GmbH backend system, in accordance with Article 4(7) of the GDPR, is Münchner Verkehrs- und Tarifverbund GmbH (MVV), Thierschstraße 2, 80538 Munich, email: info@mvv-muenchen.de. For further information on so-called joint controllers pursuant to Article 26 of the GDPR, see Section 5.2.

MVV GmbH has an external data protection officer. You can contact them by email at Datenschutz@mvv-muenchen.de or by post at DSBOK, Data Protection Officer for MVV GmbH, Untergasse 2, 65474 Bischofsheim.

2. Categories of data, as well as the purpose and legal basis of data processing

The partners in the Munich Transport and Tariff Association (MVV) are gradually switching their subscriptions from paper tickets to electronic tickets (eTickets for short). You can find out which subscription products this applies to in detail in our FAQs on the chip card at https://www.mvv-muenchen.de/tickets/zeitkarten-abos/isarcard-chipkarte/index.html. The booked electronic ticket (the travel authorisation or the ticket) is stored on a chip card.

Your personal data is processed in the back-end systems of the customer contract partners, as this is necessary for the performance of the season ticket contract with you. This processing is described in the privacy policy of the respective customer contract partner with whom you have concluded your contract.

Making changes via the online procedure

One advantage of the eTicket on a chip card is that no customer data is printed on the chip card itself (as was the case with paper tickets); furthermore, the card can be blocked in the event of loss or theft, and you can request changes (e.g. adding or reducing zones) yourself online and have the change applied directly to your chip card. The previous exchange of tokens is no longer necessary. If you do not make a change to your ticket in the Customer Centre using the chip card, but instead do so by telephone via the hotline of your contract partner (MVG or S-Bahn München) or online, the following procedure must be followed to ensure your change is stored on your chip card:

To ensure that your (amended) ticket is accepted as a valid travel document by all partners within the MVV, even though the partners within the MVV do not have access to each other’s back-end systems, it must be ensured that all partners within the MVV are informed of the change. The partners listed under section 5.2 have therefore opted for the Germany-wide standard “(((eTicket Deutschland” as so-called joint controllers for the chip card. This standard is considered particularly secure with regard to misuse, manipulation or forgery. The standard was developed in close cooperation with the Conference of Federal and State Data Protection Commissioners. In the “(((eTicket Deutschland” standard (so-called VDV core application), particular emphasis was placed on data protection, data minimisation and consumer protection. Under the “(((eTicket Deutschland” standard, the change you have made is stored in a so-called action list at MVV GmbH. In this process, only the change request (e.g. extension of the ticket’s geographical validity) is processed in conjunction with the chip card number and the travel authorisation number. Only pseudonymised data is therefore exchanged between partners; no other personal data relating to you is shared with partners within the MVV network. It makes no difference which MVV partner you are a customer of; the personal data required to fulfil your season ticket contract is held solely by your direct contractual partner. All partners within the MVV can access the action list and thus ensure that your chip card is automatically updated the next time it interacts with a ticket validator (e.g. during a ticket inspection), a ticket machine with the (((e-logo or a cash register in the customer centre, and that, for example, the new travel authorisation is stored on the chip card. Once updated, your change will be deleted from the action list.

Data in/on the chip card

The following data is stored on the chip card itself with access protection: ticket number, number of the issuing transport company, geographical and temporal validity, and – only in the case of a personal season ticket – the cardholder’s first name and surname in masked form (e.g. Max Mustermann becomes M1x@M8n), as well as date of birth and gender.

No personal data is printed on the chip card. There is a note field which you can label yourself – e.g. to distinguish between family members – (however, we recommend that you do not enter your full name here, but rather ‘Mum’ or similar). Only the chip card number and the expiry date of the chip card are printed on the card (you will automatically be sent a new chip card when this date expires). The chip card number printed in the bottom right-hand corner can also be read electronically via the printed barcode.

In addition to the electronic ticket, there are ten memory slots for so-called transaction entries (logbook) on the chip card. A transaction occurs during a data exchange between the chip card and a terminal, e.g. during a ticket inspection. The transaction is stored as an entry in the logbook. From the eleventh logbook entry onwards, the old entries are overwritten by the new subsequent entries, so that only the last ten entries are ever stored on the chip card.

Ticket inspection

During a check by inspection staff, the data stored on the smartcard is read out and the electronic ticket, as well as its temporal and geographical validity, is automatically checked. The inspection result is displayed to the inspector (ticket valid or invalid in terms of its temporal and geographical scope). In addition, the masked name, date of birth and gender of the ticket holder are displayed on the ticket inspection device (only for personal season tickets, not for transferable ones). This data is required so that ticket inspectors can make an initial assessment, based on age and gender, as to whether the person being checked is the legitimate ticket holder. Unlike with a paper ticket, however, inspection staff cannot see the unmasked (i.e. fully legible) name. As before, holders of a personal season ticket must carry photo ID and present it if required. The data read from the chip card by the inspection device is only temporarily stored on the device for the purpose of the inspection and is automatically deleted from the device immediately after the inspection is completed.

Evidence of inspection

MVV GmbH is responsible, within the framework of the ((eTicket Deutschland) for the fare products issued by MVV as electronic tickets. Against this background, transaction records (e.g. so-called inspection records) are transmitted to the MVV GmbH back-end system, which checks the data record for manipulation as part of a fraud analysis, i.e. verifies the authenticity and integrity of the electronic ticket. A transaction record contains details of the time, place and type of transaction (e.g. zone change or ticket inspection) as well as the terminal number (e.g. ticket validator) and the product number, but no other personal data.

Further information / Legal basis / Anonymous tickets

Further information on data processing can be found in the FAQs on the chip card at www.mvv-muenchen.de/tickets/zeitkarten-abos/isarcard-chipkarte/index.html.

The legal basis for data processing by MVV GmbH is Article 6(1)(b) of the GDPR in conjunction with your contractual relationship regarding your IsarCard subscription with a customer contract partner (MVG or S-Bahn München) and Article 6(1)(c) and/or (f) of the General Data Protection Regulation (GDPR).

Non-e-ticket-based use of transport within the MVV network remains possible by purchasing a ticket from the cash fare range (e.g. monthly and weekly passes), which are issued on paper.

3. Data sources

We process pseudonymised personal data that is lawfully transmitted to us by joint controllers (your customer contract partner) (e.g. smart card number).

4. Necessary provision of personal data

The provision of the data referred to in section 2 is – unless expressly stated otherwise – already necessary for the conclusion or performance of the contract between you and your contractual partner, as the contract cannot be performed without this personal data. No additional personal data is collected for the specific data processing described in section 2 relating to e-tickets on chip cards; however, additional pseudonymised personal data (primarily the chip card number) is stored and processed.

5. Categories of data recipients

5.1 Internal departments and data processors

Within MVV GmbH, only employees in specialist operational management who require your data for the purposes described in section 2 will have access to it. Where permitted by law (for example, in the context of data processing on behalf of a client), we may disclose personal data to third parties in the following categories:

• (IT) services
• Public authorities and institutions (e.g. social security providers, tax authorities, the police, the public prosecutor’s office, supervisory authorities) where there is a corresponding obligation or authorisation.

5.2 Joint controllers

To ensure that the eTicket can be used throughout the MVV fare zone, it is necessary for transaction records to be transmitted to the MVV GmbH back-end system, which checks the data record for manipulation as part of a fraud analysis, i.e. verifying the authenticity and integrity of the electronic ticket. Pseudonymised personal data must also be exchanged via the transaction list for checks carried out by the various transport operators within the MVV network, as described in section 2. No other personal data is transmitted in this process.

As the transport operators within the MVV area jointly determine the purposes and means of data processing, they act as so-called joint controllers in accordance with Article 26 of the GDPR. The following transport operators have therefore concluded a corresponding agreement on joint responsibility:

• Münchner Verkehrs- und Tarifverbund GmbH (MVV)
• DB Regio AG – Munich S-Bahn
• Münchner Verkehrsgesellschaft mbH (MVG)

MVV GmbH will be happy to provide you with the key points of the joint controller agreements with the above-mentioned companies. To do so, please use the contact details provided in section 1.

6. Data transfer to a third country or to an international organisation

There are currently no plans to transfer data to a third country or to an international organisation in relation to the chip card. Should we in future use (IT) service providers for certain tasks who, in turn, use (IT) service providers that may have their registered office, parent company or data centre located in a third country (outside the European Union and the European Economic Area), the following conditions must be met: The transfer is permitted because there is a legal basis for it or you have expressly consented to the transfer and the specific conditions for a transfer to a third country are met. This means, in particular, that the European Commission has decided that an adequate level of data protection exists in the third country (Art. 45 GDPR) or that suitable safeguards (e.g. through so-called EU Standard Contractual Clauses prescribed by the European Commission or the supervisory authority) and enforceable rights and effective legal remedies are provided for.

7. Retention period

The chip card is valid for a maximum of approximately five years; after this period, it is replaced by a new card with a new chip card number. Transactions that are (directly or indirectly) personal in nature are archived for a maximum of 180 days after receipt/creation and deleted after a further 365 days; the associated authorisations are archived 270 days after the expiry of validity and, if there are no longer any references to the authorisation, deleted after a further 540 days.

With regard to other data, we delete your personal data as soon as it is no longer required for the purposes for which it was collected, unless its – temporary – further processing is necessary for:

• Comply with statutory retention obligations, which may arise, for example, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified therein are up to ten years.
• Preserving evidence within the framework of statutory limitation periods. Pursuant to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, although the standard limitation period is three years.

8. Data subject rights

You can find detailed information about your rights as a data subject on our website in the data protection section: https://www.mvv-muenchen.de/datenschutz

9. Automated decision-making

We do not, as a matter of principle, use automated decision-making in accordance with Article 22 of the GDPR. Should we use such procedures in individual cases, we will inform you of this separately in accordance with the statutory provisions.

10. Amendment clause

As our data processing is subject to change and the legal situation may evolve, we will also update our privacy policy from time to time.

Date of this privacy policy: 1 April 2020

As a rule, the data collected by passenger counting devices does not constitute personal data within the meaning of the GDPR.

Video-based passenger counting is only activated when necessary for the plausibility check of counting results by an authorised MVV employee. Personal video data is only generated once the video recording function has been activated. Following the check, the relevant video data is deleted within 48 hours.

The legal basis for this processing is Article 6(1)(e) of the GDPR, as the processing is necessary for the performance of a task carried out in the public interest, as well as Section 4(1)(1) and (3) of the BDSG. Furthermore, pursuant to Article 24(3) of the Bavarian Data Protection Act (BayDSG), the identification of individuals by security authorities for the purpose of investigating crimes on the basis of objects, clothing or similar items would be permissible. However, this would be subject to the condition that the video function had coincidentally been activated in that particular vehicle at that specific time and that the video recordings had not yet been deleted or overwritten.

Following explicit consent (‘opt-in’), anonymised mobility data may be collected from app users who have purchased a Deutschland-Ticket in the MVV Ticket Shop during the pilot period from September to November 2024. The purpose is to investigate the use of the Deutschland-Ticket on different routes and lines. To this end, the following data will be collected and analysed: anonymous/randomised at least monthly user IDs, timestamps, geolocation, recording accuracy and compass direction, speed of movement, time window per mobility segment (including classification reliability for transport mode identification), smartphone model name, and the version of the operating system and MVV app. The legal basis is Article 6(1)(a) of the GDPR. No conclusions regarding individual persons can be drawn from the data analysis. In the MVV app settings, consent to data collection can be withdrawn at any time and transmitted data can be deleted at any time.

As of October 2024

1. General

(1) MVV GmbH offers a check-in/check-out system (hereinafter referred to as the InOut system or MVVswipe) within the MVV app. This is a smartphone-based ticketing system with automatic ex-post fare calculation. Using location tracking (GPS), the smartphone detects a CheckIn actively triggered by the customer, the route travelled within the MVV network via local public transport (LPT), and the CheckOut triggered by the customer. The system then calculates the correct fare for the route travelled in the background based on this location data. If several journeys are made in a single day, the maximum charge will be the applicable daily rate (depending on the zone and number of passengers). Depending on the number of journeys per day, the customer’s previously registered payment method will be debited.

(2) For the processing of the e-payment service (e.g. InOut system), MVV GmbH uses the IT service provider Mentz GmbH (hereinafter referred to as MENTZ), Grillparzerstraße 18, 81675 Munich, and the financial services company LOGPAY Financial Services GmbH (hereinafter referred to as LOGPAY), Schwalbacher Straße 72, 65760 Eschborn. MENTZ is responsible for the technical operation of the software components. The infrastructure is located in certified data centres in Germany. As part of commissioned data processing, the service providers use software instances at the data centre operator Amazon Web Services (AWS). These components are operated exclusively in the eu-central-1 region (Frankfurt am Main).

(3) The controller within the meaning of data protection law is MVV GmbH, represented by the management. It can be contacted by email at info@mvv-muenchen.de or by post at MVV GmbH, Management, Thierschstraße 2, 80538 Munich. MVV GmbH has an external data protection officer. The Data Protection Officer can be contacted by email at datenschutz@mvv-muenchen.de or by post at DSBOK, Data Protection Officer for MVV GmbH, Untergasse 2, 65474 Bischofsheim. If the customer wishes to have their personal data deleted, they must submit a request by email to datenloeschung@mvv-muenchen.de.

(4) The German version of the Terms and Conditions and the Privacy Policy shall apply. In the event of any conflict between the German and English language versions, the German version shall prevail.

2. Data required for the use of the InOut system

(1) In order to perform the functions of the InOut system as set out in Section 1(2), the InOut system or the MVV app requires access to the following data and services:

• Location data (GPS): Following the customer’s explicit permission, the InOut system accesses the location data (GPS) of the mobile device in order to determine the customer’s current location, boarding, transfer and destination stops, as well as the customer’s journey route and duration.
• Mobile internet: The InOut system requires internet access to exchange necessary information between the app and the back-end system (e.g. for the purposes of journey recognition and fare calculation).
• Motion sensors (motion data): The InOut system uses the device’s motion sensors to improve journey recognition. This allows it to distinguish, for example, whether the customer is on public transport or walking.
• Wi-Fi and Bluetooth: To increase location accuracy for determining the stops relevant for billing during the customer’s journey, the InOut system can process existing Wi-Fi or Bluetooth signals. Bluetooth signals are generated by so-called Bluetooth beacons. This can significantly improve location tracking, for example in underground stations or vehicles.

(2) The data mentioned above is required by the InOut system to ensure correct recognition of the public transport journey. No personal movement profiles are created in the process. Journey recording only begins once the CheckIn has been successfully completed. The MVV app does not need to be open continuously for recording to take place. Recording ends once the customer has successfully completed the CheckOut. The system services mentioned in paragraph (1) above can be deactivated at any time outside of an active InOut journey via the settings on the mobile device, but must be reactivated before starting a new journey with MVVswipe. The customer receives a corresponding system message. The customer explicitly consents to the InOut system or the MVV app accessing their personal data (see sections 3, 4 and 5), including the data mentioned above (see paragraph 2) – including for the purpose of clarifying customer enquiries. Otherwise, use of the InOut function is not possible.

The MVV app is available via relevant app stores. For data protection within these stores or in areas directly related to them, please refer to their privacy policies:

• Apple App Store: https://www.apple.com/legal/privacy/de-ww/
• Google Play Store: https://policies.google.com/privacy?hl=de&gl=de
• Amazon Appstore: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=201909010
• Huawei AppGallery: https://legal.cloud.huawei.eu/legal/hiapp/privacy-statement.htm

3. Registration for MVVswipe

(1) Registration by the customer is required to use the InOut system. Upon registration, the customer must agree to the General Terms and Conditions (GTC) and data protection provisions relating to the InOut function, as well as the MVV’s Conditions of Carriage and Fare Regulations.

(2) The following data is collected for registration:

• First name and surname
• Date of birth
• Address or billing address
• Email address
• Password
• Valid payment method (SEPA Direct Debit, credit card, PayPal, Apple Pay or Google Pay)

(3) Data processing is carried out on the basis of Article 6(1)(b) of the GDPR. 

(4) During the registration process, the customer may voluntarily consent to the use of personal data for market research purposes (optional tick box; see section 7).

4. Use of the InOut system and price calculation

(1) The basic structure of the InOut system was explained in Section 1(1). In order to track the customer’s journey continuously and subsequently calculate the correct fare, the InOut system must access and process the following data (see also Section 1(2)):

• Location data (GPS)
• Mobile internet
• Motion sensors
• Wi-Fi and Bluetooth
• Individual ticket settings before the journey begins (passengers)

(2) Each time the service is used, a journey authorisation is purchased by the customer, assigned to the relevant customer account and displayed there. In this context, the following data is processed:

• First name and surname
• Date of birth
• Validity of the travel authorisation, including time validity and ID
• Date and time
• Location data for the entire journey
• Passengers, daily limit
• Device information (operating software (version), model of the end device and app version)

(3) The journey route calculated on the basis of the journey data comprises the first boarding stop after check-in, the stops passed through and transfer stops, the final alighting stop before check-out, as well as the modes of transport and routes used. The fare is calculated by assigning the calculated route to the applicable fare regulations in the MVV. When billing the calculated fare, the data provided by the customer during registration and the stored payment methods are used (see sections 3 and 5).

(4) Data processing is carried out on the basis of Article 6(1)(b) of the GDPR. 

5. Billing via LOGPAY

(1) The personal data provided by the customer (first name and surname, date of birth, address, email address, telephone number where applicable, and details of their respective purchases) and any changes thereto are passed on to LOGPAY Financial Services GmbH for the purpose of selling and assigning MVV GmbH’s claims against the customer arising in connection with their purchase, hire or booking. This is carried out on the basis of Article 6(1)(f) of the GDPR. The legitimate interest on the part of MVV GmbH lies in the outsourcing of payment processing and receivables management. The legitimate interest on the part of LOGPAY Financial Services GmbH lies in the processing of data for the purposes of payment processing, receivables management, assessing the validity of payment methods and preventing payment defaults.

(2) The offer to conclude a contract of sale for a ticket is only accepted if LOGPAY Financial Services GmbH acquires the resulting claim arising from the ticket sale. If LOGPAY Financial Services GmbH refuses to acquire the claim, the customer’s offer to conclude a contract of sale is rejected.

(3) The customer may object to the transfer of this data to LOGPAY Financial Services GmbH at any time; however, in that case, it will no longer be possible to place an order via the electronic sales channel.

(4) The customer may access LOGPAY Financial Services’ data protection information at documents.logpay.de/de/datenschutzinformationen.pdf.

(5) Furthermore, MVV GmbH processes the customer’s personal data which MVV GmbH receives from LOGPAY Financial Services GmbH (information regarding the decision as to whether or not the claim will be acquired).

(6) In the event of the processing of personal data for the performance of tasks carried out in the public interest (Art. 6(1)(e) GDPR) or for the purposes of legitimate interests (Art. 6(1)(f) GDPR), the customer may object to the processing of their personal data at any time with effect for the future. In the event of an objection, MVV GmbH must refrain from any further processing of the customer’s data for the aforementioned purposes, unless

• there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the customer, or
• the processing is necessary for the establishment, exercise or defence of legal claims.

(7) As part of the registration process for the SEPA Direct Debit payment method and/or in the event of changes to the customer’s data in connection with the switch to the SEPA Direct Debit payment method, the financial services company LOGPAY Financial Services GmbH may carry out a check of the customer’s details and creditworthiness. This is done by cross-referencing the customer’s personal data against the database of SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden.

(8) In order to verify the credit card details provided by the customer and to process payments via the credit card payment method, the financial services company LOGPAY Financial Services GmbH will pass on the credit card and payment details to a credit card acquirer. 

(9) In the event that the customer fails to meet their payment obligations, their personal data will be passed on to a debt collection agency for the purpose of collecting the claims (e.g. through payment reminders/demands) and enforcing the claims (for example, as part of court-ordered debt collection proceedings or in cooperation with a law firm in the context of legal enforcement through litigation).

6. Customer Support

(1) Any queries or complaints from the customer regarding the accuracy of a journey’s recording will be handled and processed on behalf of MVV GmbH by the customer support team of the technical service provider MENTZ. All other enquiries (e.g. regarding fares or registration) will be handled and processed by the customer support team of MVV GmbH. Customer enquiries sent directly via the MVV app are forwarded directly to MENTZ (journey and stop recording) or to MVV GmbH, depending on the subject line provided. General enquiries sent by email are first reviewed by MVV GmbH and, where appropriate, forwarded to MENTZ.

(2) MVV GmbH may use and store the personal data of customers registered with it for the purposes of customer support and may also pass this data on to its service providers to clarify queries; it will not be used for advertising or other purposes without the customer’s prior express consent.

(3) The processing of this personal data is based on the legal basis of Article 6(1)(b) of the GDPR, provided that the communication relates to the execution of the ticket purchase. Processing for other communications is based on the legitimate interest (on the part of MVV GmbH) pursuant to Article 6(1)(f) of the GDPR, namely to process the customer’s contact enquiry in a manner appropriate to their needs. No InOut ticket can be used without the provision of the data.

7. Market research

(1) The InOut system implements a new technology for recording travel data for ex-post fare calculation. For the continuous improvement and further development of the system and its user-friendliness, MVV GmbH may carry out (or commission) market analyses (market research). To this end, the customer may be sent a request to participate in market research via the app or via the email address voluntarily provided during registration for market research purposes. Participation is voluntary. By participating in the market research, the following information is transmitted to the market research institute:

• First name and surname
• Email address
• Age
• Postcode

Consent may be withdrawn at any time in writing and shall apply prospectively. The processing of this personal data is based on the legal basis of Article 6(1)(a) of the GDPR, namely the customer’s consent.

8. Journey history

(1) The journey history is created in the backend system. In order to display the history of journeys made by the customer in the MVV app, some personal data is stored locally within the app. This includes: history of journeys made and the resulting tickets, user settings, and certain states of the MVV app.

(2) The processing of locally stored data is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, namely to provide the customer with a functional and user-friendly app.

9. Checking of InOut journeys

(1) To ensure revenue collection, the transport companies participating in the network may, where necessary during ticket inspections, view the ticket data, the information stored in the barcode (first name and surname (masked where applicable depending on the inspection device), as well as date of birth and, where applicable, title, first name and surname of the ticket holder) and the inspection medium presented by the customer. This is carried out on the basis of Article 6(1)(f) of the GDPR. The legitimate interest of MVV GmbH and the transport companies carrying out the checks lies in securing fare revenue. Personal data is not stored in the inspection device, but is only displayed. In the event of a dispute, personal data may be forwarded to the transport operator that carried out the inspection for further processing. An InOut ticket cannot be used without providing this data.

10. Storage duration and retention periods

(1) The personal data stored by MVV GmbH or by the service providers shall be deleted when it is no longer required for the fulfilment of the purpose for which it was collected (sale of InOut tickets) and the statutory retention obligations (a maximum of ten years pursuant to Section 147(3) of the German Fiscal Code (AO)) no longer preclude this. The data of a registered customer account that has been inactive for two years will be deleted from the relevant directory after two years at the latest. Data from active customer accounts will be deleted from the relevant directory ten years after the booking date. Order data is to be treated as a booking receipt and will be retained in accordance with the statutory retention periods; it will then be deleted. Furthermore, data will be deleted at the customer’s express request by email to kundendialog-swipe@mvv-muenchen.de, provided that no statutory retention obligations prevent this. In this case, deletion will take place within 30 days at the latest. 

(2) Information relevant to technical testing and analysis, i.e. operating system (version), device model and app version, is stored temporarily and automatically deleted after six months.

11. Disclosure of data

(1) In the course of using the service and processing the contract, it is usually necessary to engage data processors. These include:

• Technical service providers for the operation and maintenance of IT systems and server infrastructure, e.g. for the InOut system
• Customer support
• Payment service providers
• Other parties involved in the performance of the contract
• External service providers for market research purposes (see Section 7)
• Public authorities or other government bodies, where MVV GmbH is legally obliged to do so

All data processors and external service providers have been or will be carefully selected and are subject to strict data protection agreements. Compliance with these is ensured through contractual provisions, technical and organisational measures, and supplementary controls.

To the extent necessary for the aforementioned purposes, MVV GmbH also transfers customer data to recipients outside the European Economic Area (EEA), provided

• it is necessary for the performance of a contract,
• statutory provisions must be complied with, or
• the customer has given their consent to MVV GmbH.

In addition, MVV GmbH transfers the customer’s personal data to the technical service providers engaged by MVV GmbH, who support MVV GmbH in operation and maintenance and are based in the USA. Although the customer’s personal data is stored exclusively on servers within the EU/EEA, However, it cannot be entirely ruled out that the customer’s personal data may be transferred to the USA (for example, in the case of support enquiries). To this end, MVV GmbH and the technical service providers it engages have taken appropriate measures to ensure an adequate level of protection for the customer’s personal data. In addition to the conclusion of the EU Commission’s standard contractual clauses, this includes the implementation of additional technical, organisational and contractual safeguards. The customer’s other personal data is not transferred to countries outside the EEA.

12. Other information on data protection

(1) Where the processing of personal data is based on the customer’s consent, the customer has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to withdrawal, in accordance with the statutory provisions on data protection (Art. 7 GDPR, Section 51 BDSG). 

In the event that personal data is processed for the performance of tasks carried out in the public interest (Art. 6(1)(e) GDPR) or for the purposes of legitimate interests (Art. 6(1)(f) GDPR), the customer may object to the processing of their personal data at any time with effect for the future. In the event of an objection, MVV GmbH must refrain from any further processing of the data concerned for the aforementioned purposes, unless

• there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the customer, or
• the processing is necessary for the establishment, exercise or defence of legal claims.

There is a right to access the personal data in question (Art. 15 GDPR) as well as a right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) or a right to object to processing (Art. 21 GDPR) as well as a right to data portability (Art. 20 GDPR) in accordance with the statutory provisions on data protection. The customer may exercise these rights by sending an email to kundendialog-swipe@mvv-muenchen.de.

(2) In addition to the aforementioned processing purposes, the customer’s personal data will also be processed for the following purposes:

• To comply with MVV GmbH’s statutory retention obligations or data protection obligations. This processing is based on the legal basis of Article 6(1)(c) of the GDPR.
• To exercise any legal claims or to defend MVV GmbH against claims. This processing is based on the legal basis of Article 6(1)(f) of the GDPR.
• To respond to and comply with requests from public authorities. This processing is based on the legal basis of Article 6(1)(c) of the GDPR.

(3) Pursuant to Article 77 of the GDPR, without prejudice to any other administrative or judicial remedy, the customer has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if he or she considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation.

(4) The competent supervisory authority for MVV GmbH is the Bavarian State Commissioner for Data Protection, PO Box 22 12 19, 80502 Munich www.datenschutz-bayern.de.