It is possible to use our homepage without providing personal data. Different regulations may apply to the use of individual services on our site; if this is the case, these will be set out separately in the following. Your personal data (e.g. name, address, email, telephone number, etc.) will only be processed by us in accordance with the provisions of German data protection law. Data are classified as personal if they can be clearly assigned to a specific natural person. The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The following regulations inform you about the type, scope and purpose of the collection, use and processing of personal data by the relevant provider:
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Carpathian Transport Line GmbH
Tel: +49 (0)8141 22859-0
Fax: +49 (0)8141 22859-101
Name and address of the data protection officer
The data protection officer of the controller is:
Lawyer Wolfgang Steger, Certified Data Protection Officer DSB – TÜV
Am Neuen Weg 21
Scope of the processing of personal data
As a matter of principle, we collect and use the personal data of our users only to the extent necessary for the provision of a functional website as well as the proper functioning of our contents and services and the implementation of our corporate purpose. As a rule, the personal data of our users are only collected and used with their consent. An exception applies in those cases in which obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Purposes and legal basis for the processing of personal data
We only process personal data to fulfil our contractual obligations or to protect our overriding legitimate interests. Our legitimate interests are based on the implementation of our corporate purpose.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is bound, Art. 6 (1) c GDPR shall serve as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR shall serve as the legal basis.
If the processing of data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject shall not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
Categories of recipients and personal data, origin of personal data
We share personal data with our business partners and service providers for the implementation of our business purpose. We typically use the contact details and address data of our customers and business partners to implement our business purpose. We typically receive the personal data directly from the data subject, or in exceptional cases, with the consent of the data subject, from third parties.
Transfer to third countries
In principle, we do not pass on personal data to recipients in third countries (i.e. countries outside the EU). If data are transferred to recipients in third countries in the future, we will ensure that, in addition to the permission required for the transfer, the third country recipient ensures an appropriate level of data protection (or an exceptional circumstance in accordance with Art 49 (1) GDPR) is in force.
Erasure of data and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. The data may be stored for a longer period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
To protect the security of your data during transfer, we use state-of-the-art encryption procedures (SSL) via HTTPS.
You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser address bar.
If SSL or TLS encryption is activated, any data you transmit to us cannot be read by third parties.
We use so-called cookies on our website to recognise repeated use of our webpages by the same user/internet connection holder. Cookies are small text files that your internet browser stores on your computer. They serve to optimise our internet presence and our webpages. Mostly, so-called “session cookies” are used, which are deleted again after the end of your visit.
In some cases, however, these cookies provide information to automatically recognise you. This recognition is based on the IP address stored in the cookies. The information obtained in this way is used to optimise our webpages and to provide you with easier access to our site.
You can prevent the installation of cookies by making the according settings in your browser.
More information on the cookies used on our website can be found here:
For technical reasons, the following data, among others, which your browser transmits to us or to our web space provider, is recorded (so-called server log files):
– Browser type and version
– Operating system used
– Website from which you visit us (referrer URL)
– Webpages visited by you
– Date and time of your access
– Your Internet Protocol (IP) address.
These anonymous data is stored separately from any personal data you may have provided and thus does not allow any conclusions to be drawn about a specific person. They are evaluated for statistical purposes in order to be able to optimise our website and the offered functions.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the fulfilment of a contract or pre-contractual measures.
Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). The use is based on Art. 6 para. 1 p. 1 lit. a. GDPR. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website such as:
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are generally transferred to a Google server in the USA and stored there. The IP address transferred by your browser as part of Google Analytics will not be merged with other Google data. We have also extended Google Analytics on this website with the code “anonymizeIP”. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
(4) You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. . An opt-out cookie will then be set, which prevents the future collection of your data when visiting this website. The opt-out cookie will only work in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
(5) We continue to use Google Analytics to analyse data from Double-Click-Cookies and also AdWords for statistical purposes. If you do not wish to do this, you can deactivate it via the Ad Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de) deaktivieren.
Use of Google Maps
We use the “Google Maps” component of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website.
Each time the “Google Maps” component is called up, Google sets a cookie in order to process user settings and data when displaying the page on which the “Google Maps” component is integrated. As a rule, this cookie is not deleted by closing the browser, but expires after a certain time, unless you manually delete it beforehand.
If you do not agree to this processing of your data, you have the option of deactivating the “Google Maps” service and thus preventing the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use “Google Maps” or only to a limited extent.
and the additional terms and conditions for “Google Maps”
Use of reCAPTCHA
We use the “reCAPTCHA” service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google” to protect the input forms on our website. The use of this service allows us to distinguish whether the corresponding input is of human origin or if the input option is misused by automated machine processing.
To our knowledge, the referrer URL, the IP address, the surfing behaviour of website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, the user’s input behaviour and mouse movements related to the “reCAPTCHA” checkbox are transferred to “Google”.
Google uses the information obtained in this way, among other things, to digitise books and other printed matter and to optimise services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address transferred in the context of the “reCAPTCHA” will not be merged with other Google data unless you are logged into your Google account at the time of using the “reCAPTCHA” plug-in. If you wish to prevent “Google” from transmitting and storing data about you and your behaviour on our website, you must log out of “Google” before visiting our site or using the reCAPTCHA plug-in.
Use of Google-Adwords
We also use the Google advertising tool “Google-Adwords” to advertise our website. In this context, we use the “Conversion Tracking” analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “”Google”, on our website. If you have accessed our website via a Google advertisement, a cookie will be stored on your computer. Cookies are small text files that your internet browser stores on your computer. These so-called “conversion cookies” lose their validity after 30 days and do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, we and Google will be able to see that you, as a user, have clicked on one of our ads placed with Google and have been redirected to our site.
The information obtained with the help of the “conversion cookies” is used by Google to compile visit statistics for our website. These statistics tell us the total number of users who clicked on our ad and which pages of our website were subsequently called up by the respective user. However, we or others advertising via “Google Adwords” do not receive any information with which users can be personally identified.
You can prevent the installation of the “conversion cookies” making the according settings in your browser, for example by selecting a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only the cookies from the domain “googleadservices.com”.
We use the Microsoft Book service (book.carpathian). This service allows you to book appointments with our staff to deal with your request. In doing so, we store the personal data you provide for communication purposes and to process your request. This data is stored for as long as we need it for the given purpose of communication and processing your request. The legal basis for the data processing is, insofar as you have consented to the processing, Art. 6 para. 1 lit. a GDPR or, without consent, Art. 6 para. 1 lit. f GDPR, as we need this data to implement our corporate purpose and there are no higher-ranking conflicting interests on your part.
A contact form is available on our website, which can be used for contacting us online. If a user takes advantage of this option, the data entered in the input mask is transferred to us and stored. These data are: Surname, forename, email address, telephone number.
Your consent to the processing of the data is obtained during the submission process and reference is made to this data privacy declaration.
Alternatively, it is possible to contact us via the provided email address. In this case, we will store the user’s personal data transferred with the email.
In this context, the data will not be passed on to third parties. The data are used exclusively for processing the exchange.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transferred in the course of sending an email is Art. 6 (1) lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us solely to process the first contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective exchange with the user has ended. The exchange is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The user has the option of revoking their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the exchange cannot be continued.
All personal data stored in the course of contacting us will then be erased.
Rights of the data subject
Whenever your personal data are processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:
Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you being processed.
Where that is the case, you can request the controller to provide you with the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from you, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
Right to rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(4) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State
If the restriction of processing has been obtained in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1).
Information for third parties
If the controller has made the personal data concerning you public and is obligated to erase it pursuant to Article 17(1) GDPR, it shall take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
The right to erasure shall not exist insofar as the processing is required
(1) to exercise of the right to freedom of expression and information;
(2) to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the assertion, exercise or defence of legal claims.
Right to be notified
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to communicate such rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(2) the processing is carried out by automated means.
In exercising this right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
That right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless points (a) or (g) of Article 9 (2) apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Objection to advertising emails
The use of the contact data published within the scope of the obligation to provide a legal notice and credits for the transmission of advertising and information material not expressly requested is herewith objected to. The operators of the webpages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam emails.