Data privacy statement

We, the ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft (hereinafter "we" or „ÜSTRA“), appreciate your interest in our company. We take the protection of your personal data and its confidential treatment very seriously. The processing of your personal data occurs exclusively within the scope of the data protection provisions, especially the General Data Protection Regulation (hereinafter „GDPR“) and other applicable regulations. 
This Privacy Policy is to inform you of the processing of your personal data on our website (the „website“) and of your rights under the GDPR. 
This privacy statement also applies to the blog logbook.

With regard to the processing of your personal data within the framework of the Mobility Shop accessible via the website,  please obtain information from the corresponding privacy statement at

1. Name and contact details of the person in charge and the data protection officer
This data privacy statement applies for the data processing done by the following party responsible: ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft, Am Hohen Ufer 6, 30159 Hanover, e-mail:, phone: +49 511 1668 0.
The data protection specialist can be reached as follows: ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft, Data Protection Office, Am Hohen Ufer 6, 30159 Hanover, e-mail:, phone: +49 511 1668 0.

2. The subject matter of data protection
The subject matter of data protection is “personal data”. This includes all information, relating to an identified or identifiable individual (co-called data subject). This includes details such as name, postal address, e-mail address or customer number. Specific information on personal data processed by us can be found consecutively in the listed data processing operations.

3.    Collection and storage of personal data
a.    When visiting the website

When visiting our website, the browser used on your device sends automatically information to our website server. This information is temporarily stored in a so-called log file. In the course of this procedure, the following data is collected and stored, without any action on your part, until the time of automatic deletion:
•     website you were at before you visited us („referrer“), 
•    any contents accessed, 
•    date and time of the server query (and access), 
•    quantity of data transmitted, 
•    status of access (such as the file was transmitted or the file was not found, etc.)
•    description of the type of web browser used/ identification data of the browser, operating system type used, 
•    IP address of the requesting computer. 
The listed data is processed by us exclusively for the following purposes:
•    ensuring a smooth connection,
•    providing a comfortable use of our website,
•    evaluation of the system security and -stability as well as
•    for further administrative purposes.

The legal basis for processing data is art. 6 para. 1 S. 1 let. f GDPR. Our legitimate interest follows from the purposes listed above. In no case we use the collected data in order to draw conclusions concerning your personality.
Furthermore, we use cookies on our website as well as web analysis services based on them. Further information on this can be found under paragraph 5 of this privacy statement.

b.    When ordering a newsletter

Via our website, you have the possibility to subscribe for newsletters published by ÜSTRA (e.g. „ÜSTRA carpool“, „ÜSTRA traffic control centre“, „ÜSTRA job letter“, „ÜSTRA press subscription“).After you have sent the registration, you will receive an email with a confirmation link. Please confirm your registration by clicking additionally on the indicated link provided in the verification e-mail (so-called double-opt-in process).

Provided you have expressly agreed according to art. 6 para. 1 S. 1 let. a GDPR, we use your e-mail address for sending you our newsletter. In order to receive the newsletter, a valid e-mail address and a confirmation that you are at least 16 years of age is sufficient. Optionally, you can also enter your first and last name as well as the correct mode of address. In order to ensure that you can assign the consent for the reception of our newsletter effectively, we decided to set the mentioned minimum age for the reception of our newsletter. 
You can unsubscribe at any time, without incurring costs other than the transmission costs for the base rates of your access provider, e.g. via a link at the end of every newsletter.

The data required for the distribution of this newsletter shall be deleted as soon as it is no longer required for the fulfilment of the purpose for which it was submitted and provided no other legal authorisation for further processing applies. Your e-mail address is consequently stored only for the sending of newsletter as long as you revoke your permission.

For sending the newsletters, the ÜSTRA has commissioned the CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede as processor, see also paragraph 4.

For the purpose of completeness, we would like to point out that the ÜSTRA observes and evaluates the success of the newsletters sent on the basis of anonymous data, by  collecting and storing the following data without any personal reference in order to gear the ÜSTRA services better towards the interests and needs of (potential) customers: 

•    Information which e-mails have been opened 
•    Location while opening the e-mail    •    E-mail client used
•    Information which links in a opened newsletter were clicked

c.    When using our contact form and e-mail contact

In case of questions, we offer you the possibility to contact us via a contact form on our website. A valid email address is required in order to know who has sent the e-mail and in order to answer it. Further information is voluntary. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail is stored by you.

The data processing for the purpose of contacting is based on art. 6 para. 1 let. f GDPR. Our legitimate interest is based on the will to answer your request. If your contact request is aimed at the conclusion of a contract, the legal basis includes additionally art. 6 para. 1 let. b GDPR.

The personal data collected by us will be deleted after the purpose of the contacting.

4.     Disclosure of data

We shall forward your personal data to third parties (receiver) only if we are entitled to do so according to the data protection law provisions. In the following we would like to inform you about situations which can be the case. We may pass your personal data to third parties if

•    you grant us permission to do so for one or more purposes (art. 6 para. 1 S. 1 let. a GDPR);
•    if data processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures upon your request (art. 6 para. 1 S. 1 let. b GDPR);
•    if the processing is necessary for compliance with legal obligation (art. 6 para. 1 S. 1 let. c GDPR);
•    it is necessary for the protection of our legitimate interests or of a third party as long as your interests do not outweigh (art. 6 para. 1 S. 1 let. f GDPR).
Furthermore, we are cooperating with service providers, so-called processors, to whom personal data may be communicated in order to process your data on our behalf and in accordance with our instructions within the framework of art. 28 GDPR. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are supervised and checked regularly.

5.    Cookies
a.    General

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. In these cookies information is stored, arising in connection with the specifically used device. This does not imply, however, that we gain knowledge of your identity.
The application of these cookies serves to optimise the use of our services. We use so-called session cookies on our website in order to identify that you have visited certain sites of our website already. In addition, in order to optimise user-friendliness, we use temporary cookies which are stored for a certain period on your device. When you return to our site to use our services, there is automatic recognition that you were at our site already and recognition of the entries and settings that you prefer, so that you will not have to re-enter it. Furthermore, we use cookies in order to collect statistical data on the use of our website and with the goal of optimising our offerings for you (see below b).

Information that we collect and analyse using cookies, are for the purposes described required for the protection of our legitimate interests. The processing is based on the legal basis described in art. 6 para. 1 S. 1 let. f GDPR.
Session cookies are deleted when the browser is closed or the website is left. Other cookies are deleted automatically after 365 days. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be saved on your computer or so that you are always asked for permission before cookies are saved. However, the deactivation or rejection of cookies may restrict the functionality of our web offer.

b.    Web analysis
The tracking techniques provided below and used by us are carried out based on Art. 6 abs. 1 S. 1 let. f GDPR. With the tracking techniques used we want to ensure an appropriate design of our website. In this sense we use the tracking techniques in order to collect statistical data on the use of our website and for purposes of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the afore-mentioned regulation.

We use the Open Source software Matomo (formerly known as Piwik) for the statistical analysis of the visitor accesses which allows us to analyse the visitor behaviour and based on this allows an optimisation of our website. Cookies are used for this purpose. The information generated by the cookie concerning the usage of the website will be transmitted to our server. Usage profiles are created using pseudonyms. For this purpose,  the information generated by the cookie, such as the pages you visited, the type of browser you are using, the operating system of your computer, the referrer URL (the site visited previously) and an anonymised (shortened) part of your IP address, is transmitted by your computer to our server and stored for usage analysis purposes. Your IP address shall be immediately, that means after processing and prior to storage, anonymised, so that you remain anonymous to us as an individual user. An assignment of the page requests to an identifiable person is thereby excluded. Information generated by the cookie concerning your use of our website is not transferred to other servers and not handed over to a third party.

In no case, the IP address will not be associated with any other data concerning the user. The IP addresses are anonymised, so that an assignment is no longer possible (IP-masking). The cookie will be automatically deleted again after one day.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do so, you may not be able to use the full functionality of this website. Furthermore, you can contradict the saving and use of your personal data at any time, if you do not agree with the storage and analysis by Matomo. In this case you can prevent here by mouse click, that a web analysis cookie is stored in your browser. For this purpose, a so-called opt-out cookie is placed in your browser, with the consequence that Matomo collects no session data. Attention: If you delete your cookies, the consequence is that the opt-out cookie will be deleted and as the case may be it must be reactivated, if you (still) like to prevent a data collection by Matomo. 

Deactivation completed! Your visits to this website are no longer tracked by the web analysis.

Please note that also the Matomo deactivation cookie of this website will be deleted, if you remove the cookies placed in your browser. Furthermore, if you use another device or web browser, you have to implement the deactivation procedure again.