Data protection information

Protecting your personal data is important to you – and it’s important to us, too. That’s why we’d like to tell you about the data we collect in connection with the enforcement of penalty fares, why we need this data, and what rights you have with regard to the processing of your personal data.

Who is responsible for data processing?

The Berliner Verkehrsbetriebe (BVG), a statutory public body, is generally responsible for processing your personal data.

Berliner Verkehrsbetriebe (BVG) AöR

Holzmarktstraße 15-17

10179 Berlin, Germany

What items of personal data does the BVG process?

We collect the following personal data in connection with your penalty fare: title, first name and surname, date of birth, address with postcode, data from the penalty fare notice, payment made, processing status, and email address (where available).

On what legal basis is your personal data processed?

The legal basis for processing personal data in connection with penalty fares is Article 6(1)(b) and 6(1)f) of the General Data Protection Regulation (GDPR), Section 24(2) of the Berlin Public Services Act (BerlBG), and the provisions set out in Section 4 of the BVG’s regulation governing the processing of personal data. By processing the above-mentioned personal data, the BVG is pursuing its legitimate interest in collecting penalty fares from passengers found without a valid ticket and logging repeat offences.

How long do we store your information?

If you subsequently provide evidence of a valid ticket, the collected data will be erased after 30 days. In other cases, your personal data will be erased after one year, provided we are not aware of any repeat offence. This period is extended by a further year if we become aware of a repeat offence within the first year. Personal data will not be stored for longer

than three years.

We reserve the right to prosecute debtors who are repeatedly found to be travelling without a valid ticket.

Are you obliged to provide us with your data?

Please note that you are contractually required to provide the data necessary to collect a penalty fare. This contractual obligation arises under the contract of carriage, which automatically includes the contractual terms of the VBB fares scale according to Section 305a(1) of the German Civil Code (BGB) (see Section 1(2)(1) in conjunction with Section 9(2)(6) [Part A of VBB fares scale = set hyperlink]). The contract of carriage is formed automatically with the transport company whose vehicles you use. In your case, the BVG is the transport company.

If you do not provide your data, Paigo GmbH (see “Is your personal data disclosed to third parties” further down) will enforce our claim against you, as necessary through the courts with the aid of a solicitor.

Is your personal data disclosed to third parties?

Your personal data is generally not disclosed to third parties outside the BVG unless you have consent to the transfer of your data or there is another legal basis for such transfer of your data. At present, only Paigo GmbH, Gütersloher Str. 123, 33415 Verl (Paigo), processes data on our behalf as a service provider. Paigo is both legally and contractually obliged to adhere to the regulations set out in data protection law and process personal data in accordance with our instructions. The legal basis for transferring data is Article 28 of the GDPR in conjunction with a processing contract for personal data.

Beyond this, personal data that you enter at is transferred to Paigo for the purpose of debt collection. This only happens, however, if you do not pay the penalty fare by the deadline. The legal basis is Article 6(1)(f) of the GDPR. By transferring the data, we are pursuing our legitimate interest in the efficient enforcement of our claims.

In addition, the BVG may transfer your data to criminal prosecution authorities for the purpose of commencing legal proceedings if you are found to be travelling repeatedly without a valid ticket.

What rights do you have when using the “Resolution and complaints” service at

Depending on the circumstances in your specific case, you have the right

• to obtain access to the personal data stored by us and/or request copies of this data. This includes information concerning the purpose of usage, the category of data used, its recipients and authorised users, and, where possible, the planned period for which the data will be stored or, if that is not possible, the criteria used to determine that period (Article 15 of the GDPR);

• to request the rectification, erasure, or restriction of processing of your personal data, provided that its use is impermissible under data protection law, in particular because (i) the data is incomplete or incorrect, (ii) the data is no longer required for the purposes for which it was collected, (iii) the consent on which processing is based was withdrawn, or (iv) you have made use of your right to object to processing of your personal data; in cases in which the data is processed by third parties, we will forward your request for rectification, erasure, or restriction of processing to these third parties, unless this proves to be impossible or would involve disproportionate effort (Articles 16 to 18 of the GDPR;

• to refuse consent or – without affecting the lawfulness of data processing carried out prior to withdrawal – to withdraw your consent to the processing of your personal data at any time (Article 21 of the GDPR);

• not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you (Article 22 of the GDPR);

• to request the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us; you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible (Article 20 of the GDPR);

• to take legal action or appeal to the competent supervisory authorities, if you are of the opinion that your rights have been infringed due to processing of your personal data that is not in compliance with data protection regulations (Article 77 of the GDPR).

You also have the right to object to processing of your personal data at any time:

• where we process your personal data for direct marketing purposes

• where we process your personal data in pursuance of our legitimate interests and on grounds relating to your particular situation

How can you contact us?

If you have further questions or suggestions relating to the processing of your personal data, please do not hesitate to contact our data protection officer: Berliner Verkehrsbetriebe (BVG) AöR, Data protection officer, Holzmarktstraße 15-17, 10179 Berlin.

If, however, you have questions in connection with your penalty fare, please contact the BVG directly, stating your penalty fare number, at Berliner Verkehrsbetriebe (BVG) AöR, Erhöhtes Beförderungsentgelt, Fahrausweiskontrollen (FVM-F3), Holzmarktstraße 15-17, 10179 Berlin or You will find your penalty fare number in the payment request with the remittance slip.

If you send us an email, please first read the section entitled “How is my data encrypted?”

How is my data encrypted?

Data and emails are usually sent in unencrypted form on the internet and are therefore not protected from access by third parties. In order to protect your data at, your connection to our server employs transport encryption using Transport Layer Security (TLS) with at least 256 bits by default. As the confidentiality of information sent during transmission of an email cannot be guaranteed, we recommend that you send confidential information by post only.

When are cookies used?

Cookies are saved on your computer when you use our website. Cookies are small text files that are saved on your hard drive and through which the party setting the cookie (i.e. us in this case) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They are used to make our website more user-friendly and effective as a whole. The use of is generally possible without cookies.

This website uses Matomo, a platform for statistical evaluation of visitors to websites. Matomo uses cookies that enable an analysis of how you use the website. The information generated by the cookie about your use of the website is saved on the provider’s server in Germany. The IP address is immediately anonymised following processing and prior to its storing.

You can prevent installation of the cookies by changing the settings in your browser. If you do this, however, you may not be able to use the full functionality of this website.

You can opt out of having your anonymised visitor data being collected and used. To prevent web analysis by Matomo, an opt-out cookie is set by the domain. This opt-out remains in force until you delete the cookie. The cookie is set for each browser and computer. To opt out, please click the “Send” button.

Here, you can decide whether to allow a unique web analysis cookie to be stored in your browser, thereby allowing the website operator to collect and analyse a range of statistical data.

If you do not want this, click on the following link to set the Matomo deactivation cookie in your browser.

What happens if I click on links to other websites?

If you click on a link to an external website, you will leave the BVG domain. The BVG is therefore not responsible for the content, services, or products offered on the linked website; it is further not responsible for data protection and technical security on the linked website.

Updates to this data protection information

We update this data protection information to reflect changes made at We will inform you of any such changes, but we generally recommend reading the data protection information at regular intervals.

Last updated: June 2018