Version 1, 9 November 2020
How we process personal data at Rejseplanen (Rejsekort & Rejseplan A/S).
- Processing and basis for processing
- Your rights
- See which cookies we use at Rejseplanen and edit your consent
Rejsekort & Rejseplan A/S is the data controller for the processing of personal data in connection with the registration of information on our website and in apps. Our contact details are as follows:
Rejsekort & Rejseplan A/S
CVR no.: 27 33 20 72
Rejsekort & Rejseplan A/S’ Data Protection Officer (DPO) can be contacted at: DPO@rejsekort.dk or on tel. no. (+45) 70 20 40 08 on business days from 10:00 to 15:00.
Rejseplanen would like you to feel safe and confident about using our website and apps. We therefore have a clear policy to process the personal data you entrust to us responsibly, with respect for your privacy - and naturally in accordance with the rules of the General Data Protection Regulation (GDPR) and the Danish Data Protection Act and other legislation. We only process personal data to the extent necessary to conduct our business and to give you the best possible user experience.
Under applicable legislation, IP addresses (also dynamic) are considered to be personal data, but for us they are only personally identifiable if you disclose your name, address or email address.
When you search for a journey on our website or in our apps, the IP address, which constitutes personal data, is registered electronically, and Rejseplanen as data controller therefore has an obligation to give you further information in this respect. This information and your rights in this regard are stated below.
Processing and basis for processing
When you search for a journey in Rejseplanen’s apps or on our website, the following information is collected:
The journey which you were searching, when you searched, which features you used and, finally, your IP address are registered.
If you have used the price display feature in a journey search, you can enter your Rejsekort number to find the exact price. In this regard, we only have access to information about the discount step associated with the Rejsekort number.
We also process the personal data that you disclose to Rejseplanen Support in connection with an enquiry via our contact form or email address, where you enter the email address yourself, and possibly your name, phone number, etc.
For enquiries concerning creation of a Rejseplanen Labs user, we retain your email address, as well as the password you created for your user, as these are necessary in order to log onto Rejseplanen Labs. We also retain your enquiry, as well as personal data such as your email address, name and phone number, as documentation of your creation as a user.
On submitting your enquiry, you give your consent for us to pass on your enquiry, including personal data such as email address, name and phone number, and the content of your enquiry, to the traffic companies: Arriva Tog, BAT, DSB, FynBus, Lokaltog, Metroselskabet IS, Midttrafik, Trafikselskabet Movia, Nordjyllands Trafikselskab, Sydtrafik, DOT and Rejsekort Customer Service. Your enquiry may be passed on if the enquiry concerns the individual transport companies.
You have the right to withdraw your consent at any time. You can do this by contacting Rejseplanen Support using the contact details stated below in ‘Your rights’. If you choose to withdraw your consent, this will not affect the lawfulness of our processing of your personal data on the basis of your previously granted consent, up to the date of your withdrawal of consent. This means that if you withdraw your consent, this will take effect as from the date of withdrawal.
Please note that in most cases our processing is necessary for you to be a user of Rejseplanen, and for us to be able to serve you.
We process the aforementioned personal data because this is necessary for us to be able to make Rejseplanen’s features available to you and to give you the best search result when you search for a journey.
The legal basis for Rejseplanen’s processing of the personal data is Article 6, paragraph 1 (e) of GDPR, under which personal data may in principle be processed when the processing is necessary for the performance of a task carried out in the public interest. It thus follows from Section 27 of the Danish Transport Companies Act that the purpose of Rejseplanen is to develop and operate an electronic system for journey times and journey planning and to conduct processing in conjunction therewith, and that Rejseplanen may enter into agreements for the commercial use of access to the system. The basis for processing is also Article 6, paragraph 1 (f) of GDPR, under which personal data may be processed when this is necessary for the data controller or a third party to be able to pursue a legitimate interest. Rejseplanen’s processing of the aforementioned information is necessary for us to be able to make the Rejseplanen features available to you, and to manage you as a user.
The IP addresses are stored in log files. As a general rule, the IP addresses are erased within four months of the search information.
When enquiries are sent to Rejseplanen Support, as a general rule your enquiry, including personal data such as email address, name and phone number, as well as the content of your enquiry, will be erased within four months of receipt of the original enquiry. This does not apply, however, in the specific cases where there is ongoing correspondence between the user and Rejseplanen Support, or when you have requested Rejseplanen Labs to create a user. In the case of prolonged correspondence, the data is erased within four months of the correspondence being deemed to have been completed.
For enquiries regarding the creation of a user for Rejseplanen Labs, your enquiry, including personal data such as email address, name and phone number, and the content of your enquiry, will be retained as documentation of the creation, and will thus be stored until you require the user to be erased. The same applies to the email address and password you created for your user, as these are necessary to be able to log onto Rejseplanen Labs.
Links and forwarding
Rejseplanen’s website and apps have links to other platforms. If you click on a link, you will be directed to another website or app and the protection of your personal data for Rejseplanen will no longer apply. Instead, the policy of the app or website in question will apply.
The aforementioned also applies to enquiries forwarded to the transport companies.
Who has access to personal data?
Rejsekort & Rejseplan A/S employees tasked with serving you as a user, and who process your data, have access to the personal data collected. These employees only have access to view and use your data to the extent necessary to serve and administrate you as a user, or to comply with applicable legislation. For Rejsekort & Rejseplan A/S, this includes the following companies and data processors or subprocessors:
As data processors for Rejsekort & Rejseplan A/S, IT suppliers have delivered the Rejseplanen system and associated systems, and are responsible for their operation.
Communication with users
Rejsekort & Rejseplan A/S’ data processors have access to the information necessary to send emails and text messages on behalf of Rejsekort & Rejseplan A/S.
Under GDPR, you have a number of rights concerning the processing of your personal data:
- Right to view information (right of access)
You have the right to access the information that Rejseplanen processes concerning you, as well as various additional information.
- Right to rectification (correction)
You have the right to rectification of incorrect data about you. You also have the right to have your information supplemented with additional information, if this will make your personal data more complete and/or up-to-date.
- Right to erasure
In certain cases, you have the right to erasure of information about you before the date of Rejseplanen’s ordinary general erasure of data.
- Right to restriction of processing
In certain cases, you have the right to restriction of the processing of your personal data. If you have the right to restriction of processing, in future Rejseplanen may only process data – apart from retention – with your consent, or for the purpose of the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest.
- Right to object
You have the right to object to Rejseplanen’s otherwise legal processing of your personal data. This only applies, however, if our processing is based on Article 6, paragraph 1 (e) and (f) of GDPR.
- Right to data portability
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transmitted from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guide (in Danish) to the rights of data subjects, which you can find at www.datatilsynet.dk.
Right to complain to the Data Protection Agency
You have the right to complain to the Data Protection Agency about the collection and registration, etc. of information about you:
The Danish Data Protection Agency
Carl Jacobsens Vej 35
(+45) 33 19 32 00
If you have any further questions, or if you wish to exercise your above rights, you can contact us as data controller via our contact form or at our postal address:
Rejsekort & Rejseplan A/S
Please mark any enquiries as ‘Privacy’.
A cookie is a small text file that is stored in your browser in order to recognise your computer on recurring visits. No personal data is saved in our cookies and they will not contain any virus.
If you want to use Rejseplanen without accepting cookies, there will be services on the website that you cannot use.
Cookies delete themselves after a certain number of months (may vary), but they are renewed after each new visit.
How to delete cookies
See the guide here: http://minecookies.org/cookiehandtering
How to avoid cookies
If you do not wish to accept cookies, you can block them. See the guide here: http://minecookies.org/cookiehandtering
What cookies are used for at Rejseplanen.dk
Cookies are used:
- to improve the user-friendliness of the website, among other things by remembering the settings you have chosen and by gathering knowledge of how users navigate the website; and also
- for statistical purposes, including to conduct market research, analyse how many visitors we have on the website and analyse how users navigate the website.
Our website and apps are connected to the Danish Online Index, which measures all traffic on Danish websites. Measurement is conducted by Kantar Gallup on behalf of Danske Medier Research ApS as the data controller. With your consent, cookies are used from: tns-gallup.dk and ssl-danskemedier.tns-gallup.dk for the collection of information concerning IP address, time and technical details of the device, e.g. OS and browser version, etc., in order to compile statistics on the use of apps or the website. Data is stored and retained without any time limit in aggregated (anonymous) form that cannot be traced back to the user.
Our apps and website also use Google Analytics, a web analytics service provided by Google Inc. (‘Google’). We use the service with activated IP anonymity. With your consent, cookies are stored on your phone and/or computer, making it possible to analyse your use of apps or the website.
The information generated by the cookie concerning your use of Rejseplanen’s apps or website is transferred to a Google server in the USA and stored there. This means that your IP address is abbreviated in advance by Google in EU member states or in other contracting states that are party to the agreement in the European Economic Area, and therefore becomes anonymous.
Recipients in third countries
Rejseplanen uses data processors with processing activities in the USA and which have endorsed the EU-US Privacy Shield, and have provided the required guarantees that the processing of the data fulfils the GDPR requirements.