Data protection information

This page sets out the data we collect in connection with the enforcement of penalty fares, why we need this data, and what rights you have with regard to the processing of your personal data.

1.    Controller
The controller responsible for processing your personal data is
Berliner Verkehrsbetriebe (BVG) AöR
Holzmarktstraße 15-17
10179 Berlin, Germany

2.    Data categories we process
We collect the following personal data in connection with your penalty fare: first name and surname, date and place of birth, gender, address (street and house number, town and postcode, as applicable your legal guardian’s name and address), bank details, email address, data from the penalty fare notice (time, place, and other circumstances relevant to any legal action, including claims, payment made, processing status).

3.    Legal basis for processing your personal data
The legal basis for processing your personal data in connection with the processing of penalty fares is Article 6(1)(b) and 6(1)(f) of the General Data Protection Regulation (GDPR), in conjunction with Section 24(2) of the Berlin Public Services Act (BerlBG) and Section 4 of the Berlin regulation governing the processing of personal data within the BVG (StrBPersDatV BE). Accordingly, the BVG may process the aforementioned personal data of passengers found to be without a valid ticket for the purposes of collecting the penalty fare and identifying repeat offenders.

4.    Your obligation to provide data
Please note that you are contractually required to provide the data necessary to collect a penalty fare. This contractual obligation arises under the contract of carriage, which automatically includes the contractual terms of the VBB fares scale according to Section 305a(1) of the German Civil Code (BGB) (see Section 1(2)(1) in conjunction with Section 9(2)(6) Part A of VBB fares scale). The contract of carriage is formed automatically with the transport company whose vehicles you use. In your case, the BVG is the transport company.

5.    Duration of storage
For the purpose of maintaining an overview of penalty fare cases, your personal data will be retained for a period of one year and then erased, provided you do not commit a repeat offence. This period is extended by a further year if we become aware of a repeat offence within the first year. Personal data will not be stored for longer than three years at maximum.
We reserve the right to prosecute debtors who are repeatedly found to be travelling without a valid ticket.
In all other respects, we will store your personal data for as long as we are under legal obligation to do so (e.g. for tax reasons).

6.    Use of the penalty fare website (“EBE website”) “regulations and complaints” at www.bvg-ebe.de
By accessing the BVG’s penalty fare website (“EBE website”), you can make use of a convenient way to view the data and processing status of your penalty fare in the debt collection system, send the penalty fare team a message, or pay your penalty fair using a digital payment method. If you use this website, you can avoid having to come in and wait at our penalty fare office. Using the penalty fare website does not require you to create a separate user account, but simply provides access via a web-based channel to your penalty fare notice in our system.
To use it, go to https://www.bvg-ebe.de and enter your penalty fare notice number (“EBE number”) and your full date of birth.

7.    Encryption
Data and emails are usually sent in unencrypted form on the internet and are therefore not protected from access by third parties. To protect your data on bvg-ebe.de, the connection from your browser to our server is encrypted by default using the most recent “Transport Layer Security (TLS)” encryption protocols (TLS v1.2 and higher). As the confidentiality of information sent during transmission of an email cannot be guaranteed, we recommend that you send confidential information by post only.

8.    Disclosure to third parties
We have concluded a service agreement with Paigo GmbH, Gütersloher Str. 123, 33415 Verl (Paigo) for the receipt of penalty fares. Paigo is both legally and contractually obliged to comply with data protection laws and to process personal data in accordance with our instructions. The legal basis for the processing of your data by Paigo is Article 28 of the GDPR in conjunction with a processing contract for personal data.
Paigo is also authorised to collect debts, but will only do so if you do not pay the penalty fare by the deadline. The legal basis is Article 6(1)(f) of the GDPR. By transferring the data, we are pursuing our legitimate interest in the efficient enforcement of our claims.
If you are found to be using our services without a valid ticket more than once within a period of one year, the BVG will seek to prosecute you using your personal data and the information associated with the offences.

9.    When are cookies used?
Cookies are saved on your computer when you use our website. Cookies are small text files that are saved on your hard drive and through which the party setting the cookie (i.e. us in this case) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They are used to make our website more user-friendly and effective as a whole. The use of www.bvg-ebe.de is generally possible without cookies.
This website uses Matomo, a platform for statistical evaluation of visitors to websites. Matomo uses cookies that enable an analysis of how you use the website. The information generated by the cookie about your use of the website is saved on the provider’s server in Germany. The IP address is immediately anonymised following processing and prior to its storing.
You can prevent installation of the cookies by changing the settings in your browser. If you do this, however, you may not be able to use the full functionality of this website.
You can opt out of having your anonymised visitor data being collected and used. To prevent web analysis by Matomo, an opt-out cookie is set by the BVG.de domain. This opt-out remains in force until you delete the cookie. The cookie is set for each browser and computer. To opt out, please click the “Send” button.
Here, you can decide whether to allow a unique web analysis cookie to be stored in your browser, thereby allowing the website operator to collect and analyse a range of statistical data. If you do not want this, click on the following link to set the Matomo deactivation cookie in your browser.

10.    Your data protection rights
Depending on the circumstances in your specific case, you have the right
•     to obtain access to the personal data stored by us and/or request copies of this data. This includes information concerning the purpose of usage, the category of data used, its recipients and authorised users, and, where possible, the planned period for which the data will be stored or, if that is not possible, the criteria used to determine that period (Article 15 of the GDPR);
•     to request the rectification, erasure, or restriction of processing of your personal data, provided that its use is impermissible under data protection law, in particular because (i) the data is incomplete or incorrect, (ii) the data is no longer required for the purposes for which it was collected, (iii) the consent on which processing is based was withdrawn, or (iv) you have made use of your right to object to processing of your personal data; in cases in which the data is processed by third parties, we will forward your request for rectification, erasure, or restriction of processing to these third parties, unless this proves to be impossible or would involve disproportionate effort (Articles 16 to 18 of the GDPR);
•     to refuse consent or – without affecting the lawfulness of data processing carried out prior to withdrawal – to withdraw your consent to the processing of your personal data at any time (Article 21 of the GDPR);
•     not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you (Article 22 of the GDPR);
•     to request the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us; you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible (Article 20 of the GDPR);
•     to take legal action or appeal to the competent supervisory authorities, if you are of the opinion that your rights have been infringed due to processing of your personal data that is not in compliance with data protection regulations (Article 77 of the GDPR).
You also have the right to object to processing of your personal data at any time:
•     where we process your personal data for direct marketing purposes
•     where we process your personal data in pursuance of our legitimate interests and on grounds relating to your particular situation
You can contact our data protection officer as follows:
Datenschutzbeauftragter
Berliner Verkehrsbetriebe (BVG) - Anstalt des öffentlichen Rechts
Holzmarktstraße 15-17
10179 Berlin, Germany
Email: datenschutz@bvg.de

You also have the right to lodge a complaint with a supervisory authority (Article 77 of the GDPR). You can contact the Berlin Commissioner for Data Protection and Freedom of Information for this purpose:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de

11.    Updates to this data protection information
We update this privacy policy to reflect changes made at www.bvg-ebe.de. We will inform you of any such changes, but we generally recommend reading the privacy policy at regular intervals.

Last updated: September 2021