Privacy Policy

1. Name and contact details of the website administrator and person in charge

iRFP e. K.

Institut für Regional- und Fernverkehrsplanung

Email: info(at)irfp.de

Phone.: +49 (0)351 4706919

Fax: +49 (0)351 4768190

Websites: www.irfp.de, www.fbsprivat.de

2. General data protection information

This privacy policy applies to all websites used by the company. The scope of this data protection declaration is intended to inform you as a user of our websites in accordance with the Federal Data Protection Act (BDSG), Telemedia Act (TMG) and General Data Protection Regulation (GDPR) about the type, scope and purpose of the collection and use of personal data by us as website operator.

3. Definitions

In the following, data protection-specific terms are used, which comprehensibility is taken by Article 4 of GDPR. The most important are listed below:

"Personal data"

Personal data means any information relating to an identified or identifiable natural person (hereafter referred to as "data subject"). An identifable natural person is one who can be identified, directly or indirectly, in particular by reference to identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

„Processing“
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Controller or controller responsible for the processing"

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member States, the controller or the specific criteria for its nomination may be provided for by Union or Member States law.

“Processor"

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Consent”

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Security

We treat personal data confidentially and in accordance with the principles of Article 5 of GDPR and this privacy policy declaration. We take appropriate technical and organisational measures in accordance with Article 32 of GDPR to ensure an adequate level of protection. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access and access to the data as well as collection and transfer. Furthermore, we have set up communication mechanisms that enable you to exercise your rights, such as the deletion of your data and a quick reaction to endangering the data. Furthermore, in accordance with Article 25 of GDPR, we already take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presenting.

We would like to point out that data transfer on the Internet (e.g. communication by e-mail) might have security gaps. A complete protection of data against access by third parties is not feasible.

5. Treatment of personal data

The use of our website is usually possible without providing personal data. If personal data (such as name, address, e-mail address and telephone number) is collected on our website, this is always on a voluntary basis. This means that you decide yourself whether you wish to consent to collection of data. Personal data collected by us will be treated strictly confidentially and will not be passed on to third parties without your consent. In principle, such data is only used for the implementation of pre-contractual measures and/or the fulfilment of contracts or legal obligations in accordance with Article 6 (1) of GDPR.

Personal data is stored for as long as this is necessary for the fulfilment of our services or contractual obligations. Further storage only takes place if we are obliged to store data for a longer period in
accordance with Article 6 (1) of GDPR due to tax law obligations for storage and documentation or if you have explicitly consented to further storage in accordance with Article 6 (1) of GDPR.

We reserve the right to store individual personal data in accordance with Article 23 (1) of GDPR until our civil law claims have been fulfilled.

Your data will be used exclusively in the Federal Republic of Germany, in a member state of the European Union or in a contracting state to the Agreement on the European Economic Area.

6. Individual measures for the processing of personal data

Customer database
We administrate an internal customer database. For this purpose, your personal data (name, address, e-mail address), which you provide when using our contact form or by sending an e-mail to the e-mail address provided on our website or which you send to our sales partner when concluding a purchase contract for the purchase of our software, are stored in accordance with Article 6 (1) of GDPR in order to enable your enquiries, orders and our contractual and legal obligations to be dealt with quickly.

Contact form:
The contact form on our website records your name, e-mail address, telephone number and company, if applicable. The personal data provided to us will only be used and stored in accordance with Article 6 (1) of GDPR for the purpose of processing your inquiry and in case of further follow-up questions and contractual relations with us.

Contact by e-mail:

On our websites you have the possibility to send us messages via the e-mail addresses info(at)irfp.de and bewerbung(at)irfp.de. This personal data will be used and stored in accordance with Article 6 (1) of GDPR only for the purpose of processing your request and in case of further follow-up questions and contractual relations with us.

Program and license purchase and payment processing:
For selling licences of our software products FBS-Bahn and FBSprivat, iRFP e. K. uses the services of an distribution partner. It is a platform for online distribution of software, digital products and services. By clicking on the red button "Order now" you will be redirected to the website of our distribution partner Digital Rivers GmbH, Scheidtweilerstr. 4, 50933 Cologne, Germany; Tel: +49 221 31088-30,
Fax: +49 221 31088-99, info@shareit.de, https://order.shareit.com. The buying contract will be issued between the buyer and Digital River GmbH in case of a successful transaction. Therefore, the Terms and Conditions and Privacy Statements of Digital River GmbH apply as shown during the transaction process.

Digital River GmbH is authorized to conclude the purchase or license agreement in their own behalf with the purchasers and to deliver and manage the subsequent purchase transaction, in particular payment processing and program release. In order to conclude a purchase contract, you as the purchaser of our software transfer your personal data, in particular name (or company), address, e-mail address and payment data, to Digital River GmbH. For these transaction purposes via the above-mentioned website of Digital River GmbH, Digital River GmbH is exclusively responsible for data management. The privacy policy of Digital River GmbH may be retrieved under https://order.shareit.com/info/privacy_statement.

After a successful transaction, Digital River GmbH transfers personal data to iRFP
e. K. These personal data are first name, last name, address, e-mail address in an automated procedure for the purpose of generation and provision of the license key of the purchased software. We also need this data in order to be able to fulfil care, maintenance and further development services or warranty claims against the buyers. We store this information in our customer database, as explained above. This data processing by Digital River GmbH and iRFP e.K. is conducted exclusively and lawfully on the basis of Article 6 (1) of GDPR.

Please note that Digital River GmbH may transfer personal data to servers of Digital River Inc. in the USA in accordance with its data protection declaration. We assure you that Digital River GmbH guarantees us through a contract for order data processing in accordance with Articel 28 of GDPR that it will only process personal data within the scope permitted by the European GDPR. Digital River GmbH guarantees in particular that it takes technical and organisational measures - also for the security of data processing - which meet the requirements of the GDPR. Digital River GmbH also guarantees that the personal data that it receives from the purchaser when concluding a purchase contract for the purchase of our software will only be processed for the purpose of contract processing and fulfilment in accordance with Article 6 (1) of GDPR and will not transfer to third parties.

Newsletter:
On the website of the iRFP e. K., users are given the opportunity to subscribe to our enterprise's newsletter. The iRFP e. K. informs its customers and business partners regularly by means of a newsletter about enterprise offers. By sending the newsletter to interested parties, the interested party must expressly consent to the dispatch to him by registering on our website. In particular, he must provide us with his name and e-mail address. After registration via our website, we will send a confirmation e-mail to the specified e-mail address. The user must confirm the authorization to receive the newsletter. We store and use the recipient's data exclusively for sending the newsletter, as far the recipient has consented to the use according to Article 6 (1) of GDPR. The data of user and recipient will be stored and used as long as the person does not revoke the consent via the link contained in the newsletters. Subscription to our newsletter can also be cancelled at any time by e-mail or via the contact form on our website.

Online update and newsletter for update information of the FBS-TPN interface

Our customers can inform themselves about online updates to our software products on our website. The updates are provided by us via the purchased software and are called up by the customer. For this purpose, we offer the possibility for the customer to register via our website to receive a newsletter, which will inform the customer explicitly about the provision of new updates for the FBS-TPN interface to DB Netz AG's train path portal. Customers must enter their e-mail address in the registration field. After registration via our website, we will send a confirmation e-mail to the specified e-mail address, via which the recipient must finally confirm the authorization to send the newsletter. We store and use the recipient's data exclusively for sending the newsletter, so far as the recipient has consented the use in according to Article 6 (1) of GDPR. The data of user and recipient will be stored and used as long as the person does not revoke the consent via the link contained in the newsletters. Subscription to our newsletter can also be cancelled at any time by e-mail or via the contact form on our website.

Applications via our website

On our website we regularly inform you about vacancies and internships in our
company. Interested parties can send their application documents in this regard or on their own initiative to the address indicated by us or by e-mail to
bewerbung(at)irfp.de.
The personal data transmitted is used exclusively for the purpose of checking the application offer and for carrying out the application procedure. Unless the applicant has expressly consented in his transmitted letter to pass on his personal data to our business partners, this data will not be disclosed to them. After completion of the application process, all personal data from the applications will be deleted after three months, unless an employment relationship has been established between us and the applicant. The data processing of the personal data from the applications is carried out on the basis of Article 6 (1) of GDPR.

7. Use of data analysis tools

Cookies:
The Internet pages of the iRFP e. K. use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

These are small files for storing information. Your web browser accesses these files to improve the usability and security of this website. This access data includes, for example, the files you have requested or the name of your Internet provider. By anonymizing the data, it is not possible to draw conclusions about your person.

Usually, cookies are deleted when you stop using our online offer or when you close your web browser. If you do not want cookies to be stored on your device, you can object to the use of these files via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/)  and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

In addition, you can prevent cookies from being stored on your computer by deactivating them in the system settings of your web browser. Cookies that have already been saved can also be deleted in the system settings of your web browser. However, the exclusion of cookies can lead to functional restrictions of this online offer.

Server-Logfiles:
The provider of our homepage automatically collects and stores information in server log files, which your browser automatically transmits and logs to us. This information includes information about the browser type/version, the operating system used, the previously visited website (referrer URL), the host name of the accessing computer, the time of the server request, the amount of data sent in bytes and the IP address used.

These collected data are only used for statistical evaluations, to improve the website and must be stored for security reasons in order to be able to trace cases of abuse, for example. This data processing is carried out within the framework of Article 6 (1) of GDPR. The server log files are stored for a maximum of 7 days and will be deleted then. If data have to be deleted for reasons of evidence, they are excluded from deletion until the incident has been finally resolved.

The information in the server log files cannot be directly assigned to specific persons. These data are not combined with other data sources. We reserve the right to check the server log files afterwards if we become aware of any concrete indications of illegal use.

8. Application and use of YouTube

On our websites we use plugins from YouTube, offered by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The YouTube plugins are shown on our website in form of video files. We use YouTube to provide our customers with video application-related examples, help, tips and tricks, and training on our software products. Our legitimate interest is making these advertising offers compatible with Article 6 (1) of GDPR.

Every time our web pages are accessed, which include YouTube videos, the user's web browser automatically connects to YouTube's servers in order to display the YouTube plugin as video on the user's end device. This shows the YouTube servers that the user has visited our web pages. If the user is connected to a YouTube account, YouTube and Google can associate and store user behavior directly with your personal YouTube or Google account. This transmission of user behavior can be prevented by the user logging out of the YouTube or Google account before visiting our websites.

More information about the privacy policy of YouTube can be found at https://www.google.de/intl/de/policies/privacy.

9. Your rights: Access, rectification, erasure, revocation, objection

Right of access:

Any time you have the right in accordance with Article 15 of GDPR, free of charge, to receive information about your personal data, we have stored about you, its origin and recipients and the purpose of data processing.

Right to rectification:

In accordance with Article 16 of GDPR, you have the right, free of charge, to correct and/or complete any incorrect or incomplete personal data.

Right to erasure and restriction:
Furthermore, in accordance with Article 17 (1) of GDPR, you have the right at any time and free of charge to have personal data relating to you deleted immediately. You can also request the deletion and blocking of individual personal data. You may also have the use and processing of your data restricted in accordance with Article 18 of GDPR.

For the fulfilment of our legal obligations, we may, in accordance with Article 17 (3) of GDPR, for reasons of public interest, for the asserting of our freedom of expression and information and for the enforcement of our civil law claims, refrain from deleting the personal data required for this until the fulfilment of our claims or obligations.

Right of revocation:

You can revoke your consent to data processing at any time in accordance with Article 7 (3) of GDPR. The legality of the processing based on the consent until the revocation is not affected by the revocation. If you wish to revoke your consent to our data protection declaration and wish your personal data stored with us to be deleted, please complete the form of revocation or send us an e-mail to info(at)irfp.de.

Right of objection:
In accordance to Article 21 (1) of GDPR, you may object at any time for reasons arising from a particular situation to a processing of personal data concerning you, which is carried out on the basis of Article 6 (1) of GDPR.

By receiving your declaration of revocation, we will no longer process your personal data, unless we can prove legitimate reasons for the processing which predominate your interests, e.g. if the processing serves to assert, exercise or defend legal claims.

If personal data is processed in order to advertise directly, you have the right in accordance to Article 21 (2) of GDPR to object at any time to the processing of personal data. This also applies to the profiling, in case it is connected with direct advertising. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

To assert your right of objection, please send us an e-mail to info(at)irfp.de.

Right of appeal to a competent supervisory authority

In case you should notice that, contrary to our control, a possible violation or infringement of your personal data occurred for you, you have a right of appeal to a supervisory authority in accordance with Article 77 of GDPR.
The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our business is based. A list of the data protection officers and their contact details can be obtained from the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

This privacy policy was prepared with support of the Hennig lawyer's office: https://recht-hennig.de/.