Data protection

Data protection information

Below, Verkehrsverbund Mittelsachsen GmbH (VMS GmbH) provides information on the type, scope and purpose of the collection and use of personal data (hereinafter referred to as “data”) we undertake in order to deliver the services we offer. This data is necessary in order to present, provide and invoice for our services. We collect and process both written and electronic data. In order to comply with general and sector-specific data protection requirements, we categorise information by sector. With regard to the terms used, please refer to the definitions in the General Data Protection Regulation (GDPR).

Controller and data protection officer

The controller as defined by the GDPR is VMS GmbH, represented by the Managing Director Mr Mathias Korda.

Am Rathaus 2
09111 Chemnitz
Tel: 0049 371 40008-0

Compliance with these provisions is monitored by the data protection officer, Ms Kathleen Görres. If you have any questions relating to data protection, please contact Ms Görres at datenschutz@vms.de.

Relevant legal bases for the processing of data:

In accordance with Article 13 of GDPR, we provide you with information about the legal basis for our data processing.

To the extent that we obtain the consent of the data subject for the processing of personal data, the legal basis is Article 6 (1) (a) of GDPR. Article 6 (1) (b) of GDPR provides the legal basis for processing the personal data required in order to fulfil a contract to which the data subject is a party. This is also the basis for processing that is necessary in order to take steps prior to entering into a contract. Where personal data is processed in order to comply with a legal obligation, Article 6 (1) (c) of GDPR serves as the legal basis. Where it is necessary to process personal data in order to protect the vital interests of the data subject or another natural person, the legal basis is Article 6 (1) (d) of GDPR. If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and where such interests are not overridden by the fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1) (f) of GDPR. The legitimate interests of VMS GmbH lie in the conduct of our business activities.

Collection of general information on visits to our website – use of cookies and server log files

When you access our website, information of a general nature is automatically collected via a cookie. This information (server log files) includes, for example, the type of web browser and operating system used, the domain name of your internet service provider. This is exclusively information that does not allow any conclusions to be drawn about you.

Such information is required for technical purposes, to allow us to deliver the website content requested by you, and is mandatory when using the internet. We process it in particular for the following purposes:

• to ensure a smooth connection to the website,
• to ensure our website runs smoothly,
• to evaluate system security and stability, and
• for other administrative purposes.

Cookies cannot be used to launch programs or transfer viruses to a computer. Your data is processed on the basis of our legitimate interests in data collection as set out above. We do not use your data to draw any conclusions about you. The sole recipients of data are the controller and where appropriate processors. Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

We may evaluate anonymous information of this kind in order to optimise our website and the technology it is powered by (see Use of Matomo).

You can of course also view our website without cookies. Internet browser settings generally have cookies enabled. In principal, you can disable cookies at any time via your browser settings. Please use your internet browser help functions to find out how to change the settings. Please note that certain aspects of our website may not function if you have disabled cookies.

Use of Matomo

This website uses Matomo (formerly Piwik), open source software that enables statistical analysis of visitor access. Matomo uses cookies, i.e. text files that are stored on your computer and allow your use of the website to be analysed. The information generated by the cookie about your use of the website is stored on a server in Germany. Your IP address is anonymised immediately after processing and before it is stored. It is open to you to prevent cookies from being installed by changing your browser settings. We would point out that if you do so, you may no longer be able to benefit from the full functionality of this website. You can decide whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyse a range of statistical data. Please note: If you delete cookies, the opt-out cookie will also be deleted and you may have to reactivate it.

Enable/disable Matomo:

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

Security measures – SSL encryption

To ensure the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Request for advertising material for the Capital of Culture Ticket

When you submit a request for free advertising material for the Capital of Culture Ticket, we store all the data that you enter in the order form as part of our order processing. This includes:

• Surname and first name of the contact from the tourist organisation placing the order
• Email address
• Phone number

Data that is essential for order processing, including arrangements for collection, will be passed on to third-party service providers (e.g. collection points) as necessary. When it is no longer necessary for us to store your data or storage is no longer required by law, your data will be deleted.

Online forms

Use of our online forms is voluntary, as provided for in Article 6 (1) (a) of GDPR. Forms filled out online are automatically encrypted for transmission using state-of-the-art SSL (https). The data you are required to enter will depend on the nature of your request and the specific forms you retrieve. The data you enter will not be linked to any other information and will be deleted after processing in line with statutory retention periods.

We process your data on the basis of your consent, which you grant by submitting the form (Article 6 (1) (a) of GDPR). If your correspondence forms part of a contract, processing will be undertaken in order to fulfil the relevant contractual purposes or in the context of taking the relevant pre-contractual steps (Article 6 (1) (b) of GDPR).

Transfer of collected data to third countries

Data we collect will not be transferred to any third country.

Deletion of personal data

Unless expressly stated in this privacy policy (see above), personal data stored by us will be deleted as soon as it is no longer required for its intended purpose and all legal retention periods have expired.

Rights of data subjects

In summary, you have the following rights under the General Data Protection Regulation:

• Right of access, Article 15 of GDPR
• Right to rectification, Article 16 of GDPR
• Right to erasure, Article 17 of GDPR
• Right to restriction of processing, Article 18 of GDPR
• Right to data portability, Article 20 of GDPR
• Right to object pursuant to Article 21 of GDPR
• Right to withdraw your declaration of consent under data protection law in the event that you have given voluntary consent to data processing
• Rights in the event of automated decision-making in individual cases, including profiling, Article 22 of GDPR
• Right to lodge a complaint with the supervisory authority, Article 77 of GDPR

Our data protection officer is happy to help data subjects exercise their rights.

Supervisory authority

Pursuant to Article 77 of GDPR, data subjects may lodge a complaint with a data protection authority if they consider that the processing of personal data relating to them s unlawful.

Contact person

Saxon Data Protection and Transparency Officer

Postal address: P.O. Box 11 01 32, 01330 Dresden

Email: post@sdtb.sachsen.de

Internet:          www.datenschutz.sachsen.de

Changes to our privacy policy

We reserve the right to amend this privacy policy to ensure that it complies at all times with current legal requirements, and to introduce changes to our services in this privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Last updated: December 2024

hCaptcha

We use the anti-bot service hCaptcha (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a US company based in Delaware (“IMI”). hCaptcha is used to check whether the data entered on our website (e.g. on a registration page or a contact form) has been entered by a human or an automated program. To this end, hCaptcha analyses the behaviour of users of the website or mobile app on the basis of various characteristics. Analysis begins automatically as soon as the website or mobile app user accesses a part of the website or app where hCaptcha is enabled. hCaptcha analysis evaluates a range of data (e.g. IP address, how long the user has spent on the website, or their app or mouse movements). The data collected during analysis is forwarded to IMI. hCaptcha analysis in “invisible mode” may take place entirely in the background. Website or app users are not informed that such analysis is taking place if it presents no challenge to the user. Data processing is undertaken on the basis of Article 6 (1) (f) of GDPR: the website or mobile app operator has a legitimate interest in protecting its website from abusive automated crawling and spam. IMI acts as a “data processor” on behalf of its customers as defined under the GDPR and as a “service provider” as defined under the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI’s privacy policy and terms of use, please see the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.