Data privacy statement

We, the ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft (hereinafter "we" or „ÜSTRA“), appreciate your interest in our company. We take the protection of your personal data and its confidential treatment very seriously. The processing of your personal data occurs exclusively within the scope of the data protection provisions, especially the General Data Protection Regulation (hereinafter „GDPR“) and other applicable regulations. 
This Privacy Policy is to inform you of the processing of your personal data on our website (the „website“) and of your rights under the GDPR. 
This privacy statement also applies to the blog logbook.

With regard to the processing of your personal data within the framework of the Mobility Shop accessible via the website,  please obtain information from the corresponding privacy statement at

1. Name and contact details of the person in charge and the data protection officer
This data privacy statement applies for the data processing done by the following party responsible: ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft, Am Hohen Ufer 6, 30159 Hanover, e-mail:, phone: +49 511 1668 0.
The data protection specialist can be reached as follows: ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft, Data Protection Office, Am Hohen Ufer 6, 30159 Hanover, e-mail:, phone: +49 511 1668 0.

2. The subject matter of data protection
The subject matter of data protection is “personal data”. This includes all information, relating to an identified or identifiable individual (co-called data subject). This includes details such as name, postal address, e-mail address or customer number. Specific information on personal data processed by us can be found consecutively in the listed data processing operations.

3.    Collection and storage of personal data
a.    When visiting the website

When visiting our website, the browser used on your device sends automatically information to our website server. This information is temporarily stored in a so-called log file. In the course of this procedure, the following data is collected and stored, without any action on your part, until the time of automatic deletion:
•     website you were at before you visited us („referrer“), 
•    any contents accessed, 
•    date and time of the server query (and access), 
•    quantity of data transmitted, 
•    status of access (such as the file was transmitted or the file was not found, etc.)
•    description of the type of web browser used/ identification data of the browser, operating system type used, 
•    IP address of the requesting computer. 
The listed data is processed by us exclusively for the following purposes:
•    ensuring a smooth connection,
•    providing a comfortable use of our website,
•    evaluation of the system security and -stability as well as
•    for further administrative purposes.

The legal basis for processing data is art. 6 para. 1 S. 1 let. f GDPR. Our legitimate interest follows from the purposes listed above. In no case we use the collected data in order to draw conclusions concerning your personality.
Furthermore, we use cookies on our website as well as web analysis services based on them. Further information on this can be found under paragraph 5 of this privacy statement.

b.    When ordering a newsletter

Via our website, you have the possibility to subscribe for newsletters published by ÜSTRA (e.g. „ÜSTRA carpool“, „ÜSTRA traffic control centre“, „ÜSTRA job letter“, „ÜSTRA press subscription“).After you have sent the registration, you will receive an email with a confirmation link. Please confirm your registration by clicking additionally on the indicated link provided in the verification e-mail (so-called double-opt-in process).

Provided you have expressly agreed according to art. 6 para. 1 S. 1 let. a GDPR, we use your e-mail address for sending you our newsletter. In order to receive the newsletter, a valid e-mail address and a confirmation that you are at least 16 years of age is sufficient. Optionally, you can also enter your first and last name as well as the correct mode of address. In order to ensure that you can assign the consent for the reception of our newsletter effectively, we decided to set the mentioned minimum age for the reception of our newsletter. 
You can unsubscribe at any time, without incurring costs other than the transmission costs for the base rates of your access provider, e.g. via a link at the end of every newsletter.

The data required for the distribution of this newsletter shall be deleted as soon as it is no longer required for the fulfilment of the purpose for which it was submitted and provided no other legal authorisation for further processing applies. Your e-mail address is consequently stored only for the sending of newsletter as long as you revoke your permission.

For sending the newsletters, the ÜSTRA has commissioned the CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede as processor, see also paragraph 4.

For the purpose of completeness, we would like to point out that the ÜSTRA observes and evaluates the success of the newsletters sent on the basis of anonymous data, by  collecting and storing the following data without any personal reference in order to gear the ÜSTRA services better towards the interests and needs of (potential) customers: 

•    Information which e-mails have been opened 
•    Location while opening the e-mail    •    E-mail client used
•    Information which links in a opened newsletter were clicked

c.    When using our contact form and e-mail contact

In case of questions, we offer you the possibility to contact us via a contact form on our website. A valid email address is required in order to know who has sent the e-mail and in order to answer it. Further information is voluntary. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail is stored by you.

The data processing for the purpose of contacting is based on art. 6 para. 1 let. f GDPR. Our legitimate interest is based on the will to answer your request. If your contact request is aimed at the conclusion of a contract, the legal basis includes additionally art. 6 para. 1 let. b GDPR.

The personal data collected by us will be deleted after the purpose of the contacting.

4.     Disclosure of data

We shall forward your personal data to third parties (receiver) only if we are entitled to do so according to the data protection law provisions. In the following we would like to inform you about situations which can be the case. We may pass your personal data to third parties if

•    you grant us permission to do so for one or more purposes (art. 6 para. 1 S. 1 let. a GDPR);
•    if data processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures upon your request (art. 6 para. 1 S. 1 let. b GDPR);
•    if the processing is necessary for compliance with legal obligation (art. 6 para. 1 S. 1 let. c GDPR);
•    it is necessary for the protection of our legitimate interests or of a third party as long as your interests do not outweigh (art. 6 para. 1 S. 1 let. f GDPR).
Furthermore, we are cooperating with service providers, so-called processors, to whom personal data may be communicated in order to process your data on our behalf and in accordance with our instructions within the framework of art. 28 GDPR. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are supervised and checked regularly.

5.    Cookies
a.    General

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. In these cookies information is stored, arising in connection with the specifically used device. This does not imply, however, that we gain knowledge of your identity.
The application of these cookies serves to optimise the use of our services. We use so-called session cookies on our website in order to identify that you have visited certain sites of our website already. In addition, in order to optimise user-friendliness, we use temporary cookies which are stored for a certain period on your device. When you return to our site to use our services, there is automatic recognition that you were at our site already and recognition of the entries and settings that you prefer, so that you will not have to re-enter it. Furthermore, we use cookies in order to collect statistical data on the use of our website and with the goal of optimising our offerings for you (see below b).

Information that we collect and analyse using cookies, are for the purposes described required for the protection of our legitimate interests. The processing is based on the legal basis described in art. 6 para. 1 S. 1 let. f GDPR.
Session cookies are deleted when the browser is closed or the website is left. Other cookies are deleted automatically after 365 days. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be saved on your computer or so that you are always asked for permission before cookies are saved. However, the deactivation or rejection of cookies may restrict the functionality of our web offer.

b.    Web analysis
The tracking techniques provided below and used by us are carried out based on Art. 6 abs. 1 S. 1 let. f GDPR. With the tracking techniques used we want to ensure an appropriate design of our website. In this sense we use the tracking techniques in order to collect statistical data on the use of our website and for purposes of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the afore-mentioned regulation.

We use the Open Source software Matomo (formerly known as Piwik) for the statistical analysis of the visitor accesses which allows us to analyse the visitor behaviour and based on this allows an optimisation of our website. Cookies are used for this purpose. The information generated by the cookie concerning the usage of the website will be transmitted to our server. Usage profiles are created using pseudonyms. For this purpose,  the information generated by the cookie, such as the pages you visited, the type of browser you are using, the operating system of your computer, the referrer URL (the site visited previously) and an anonymised (shortened) part of your IP address, is transmitted by your computer to our server and stored for usage analysis purposes. Your IP address shall be immediately, that means after processing and prior to storage, anonymised, so that you remain anonymous to us as an individual user. An assignment of the page requests to an identifiable person is thereby excluded. Information generated by the cookie concerning your use of our website is not transferred to other servers and not handed over to a third party.

In no case, the IP address will not be associated with any other data concerning the user. The IP addresses are anonymised, so that an assignment is no longer possible (IP-masking). The cookie will be automatically deleted again after one day.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do so, you may not be able to use the full functionality of this website. Furthermore, you can contradict the saving and use of your personal data at any time, if you do not agree with the storage and analysis by Matomo. In this case you can prevent here by mouse click, that a web analysis cookie is stored in your browser. For this purpose, a so-called opt-out cookie is placed in your browser, with the consequence that Matomo collects no session data. Attention: If you delete your cookies, the consequence is that the opt-out cookie will be deleted and as the case may be it must be reactivated, if you (still) like to prevent a data collection by Matomo. 

Deactivation completed! Your visits to this website are no longer tracked by the web analysis.

Please note that also the Matomo deactivation cookie of this website will be deleted, if you remove the cookies placed in your browser. Furthermore, if you use another device or web browser, you have to implement the deactivation procedure again.

6.    Social media and third-party providers
a.    Twitter

On our website, plug-ins of the short message network of the Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter „Twitter“) are integrated. The Twitter plug-ins you can recognise from the Twitter logo on our website. An overview of the tweet buttons can be found here (
If you request a page of our web site, which contains such a plu-gin, your browser will build up a direct connection to the servers of Twitter. Twitter is consequently informed that you visited our website with your IP address. By using the Twitter plug-ins, while logged into your Twitter account, the websites you have visited will be linked with your Twitter account and disclosed to other users. Data is transferred to Twitter as well. We point out that we gain no knowledge about the content of the data transferred as well as their use by Twitter. For more information, see the privacy statement of Twitter at

b.    YouTube

On our website, we have integrated links to videos and plug-ins of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter „YouTube“). If you request a page of our website, which contains such a link or plug-in, your browser will build up a direct connection to the servers of Youtube after video activation. Thus, youtube receives the information that you have visited our website with your IP address and as the case may be a link-up with your „YouTube“ account is generated, provided you have an account and you were logged in during visiting our website. If you click the link to the video, your IP address is passed on to Youtube. We point to the fact that we have no knowledge of the content concerning the data transferred as well as of its use by Youtube. For more information, see the privacy statement of Youtube at

7.    Rights of the persons concerned

You have the right to: 

•    request information at any time regarding your data that is stored or processed on our servers according to art. 15 GDPR. In particular, you can request information about the purposes of processing, the categories of personal data processed, the categories of recipients, to whom the data might be disclosed or will be disclosed, the planned duration of storage, the existence of the right to correction, deletion, limiting of processing or objection, the existence of the right to complain, the origin of your data, provided the data was not collected by us, as well as the existence of automated decision making incl. profiling and possibly significant information concerning the details;
•    demand the correction of false or the completion of your personal data stored by us according to art. 16 GDPR;
•    ask for the cancellation of all your data stored with us according to art. 17 GDPR, as far as the processing is not required for the exercise of their right to free expression of opinion and information, for compliance with a legal obligation, for reasons of public interest or the assertion, exercise or defence of legal claims;
•    to demand the limiting of processing your personal data according to art. 18 GDPR, as far as you raise objections as to the data correctness, the processing is unlawful but you oppose their erasure and we no longer require the stored data, but you need it for the establishment, exercise, defence of legal claims or you have according to art. 21 GDPR submitted an objection against the processing;
•    to demand your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible in accordance with art. 20 GDPR;
•    in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
•    to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the respective organisation’s headquarters.

8.    Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to art. 6 para. 1 s. 1 let. f GDPR you have the right to object to the processing of your personal data pursuant to art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

9.    Further information on mandatory information

We advise you that the provision of your personal data to us is neither legally nor contractually prescribed or required for a contract. You are under no obligation to provide personal data. The non-submittal of data causes no negative consequences for you.

10.    Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser. 
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

11.    Up-to-dateness and amendment of the data protection declaration

his data protection declaration is currently valid and has the status as of 24 May 2018.
Due to the further development of our website and offers thereof or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at