Data controller
Rejsekort & Rejseplan A/S is the data controller for the processing of personal data in connection with the registration of data in the Rejsekort system and associated systems, including personal data registered via the website, www.rejsekort.dk. Our contact details are as follows:
Rejsekort & Rejseplan A/S
Automatikvej 1
DK-2860 Søborg
CVR no.: 27 33 20 72
Rejsekort & Rejseplan A/S’ Data Protection Officer (DPO) can be contacted at: DPO@rejsekort.dk or on tel. no. (+45) 70 20 40 08 on business days from 10:00 to 15:00.
See further contact details under clause 8 below.
Rejsekort & Rejseplan A/S’ privacy policy
Rejsekort & Rejseplan A/S attach great importance to your confidence in being our customer and in using the Rejsekort system and associated systems.
We therefore process the information you provide to us, and which we collect about you in connection with your use of your Rejsekort, on a responsible basis and with respect for your privacy, and naturally in accordance with the applicable data protection regulations.
You can read more about our processing of your data in this privacy policy.
At the top of our privacy policy, you can always see when the policy was last updated and/or changed.
If you prefer Rejsekort & Rejseplan A/S not to process your personal data, you can obtain a Rejsekort Anonymous. Read more about this at www.rejsekort.dk/Bestil/Rejsekort-anonymt?sc_lang=en.
In the following, ‘Rejsekort’ means all types of Rejsekort issued by Rejsekort & Rejseplan A/S, including Commuter Card, Young Person Card and School Pass.
In the following, "RejseBillet" should be understood to refer to the mobile application released by Rejsekort & Rejseplan A/S with the same name, in which travel tickets can be purchased for journeys by bus, train, light rail, and metro.
1. What information does Rejsekort & Rejseplan A/S collect and what is it used for?
1.1. Information concerning your registration as a customer and purchase of a Rejsekort, as well as customer service
We register the information you provide yourself either by filling in a physical order form or by entering information in connection with the order at www.rejsekort.dk (including name, contact details, civil registration (CPR) number and photo, if applicable), or which will be passed on to Rejsekort & Rejseplan A/S in connection with ordering School Passes.
For business customers, we record the information provided concerning the company’s contact person, and for School Passes this concerns the information provided about School Pass users.
We also retain personal data of relevance to the customer relationship that is provided on contacting Rejsekort Customer Services
We retain your personal data in order to administrate and serve you as a customer, or to be able to administrate and serve a company as a customer, and to comply with applicable legislation.
Rejsekort & Rejseplan A/S mainly processes general personal data. Registration of CPR numbers as well as the ‘disabled’ customer type constitutes special-category personal data, however, which requires specific consent.
1.2. Information Related to Your Customer Registration and Purchases via RejseBillet
When you purchase a ticket or a commuter pass via RejseBillet, we collect and process only the data necessary to process your purchase and deliver the products you've ordered. This includes payment processing, ticket verification during your journey, troubleshooting, customer service inquiries, and providing traffic information to you.
When using RejseBillet, the following personal information is processed: phone number, payment card details (stored by Reepay), phone model, operating system version, and app version on your phone.
If you buy a Commuter card, we also store your name, date of birth, and email. If you only purchase tickets, you have the option to let us store your email address if you wish to transfer your tickets and receipts yourself when changing phone numbers or reinstalling the app. Additionally, we store your ticket history, including ticket type and order number, starting zone, number of zones on the travel ticket, purchase time, validity period, validity area (valid zones), and Reepay transaction number.
Lastly, we store what you searched for in your "from-to" searches (e.g., your location zone number, bus stop name, or an address) before purchasing the ticket. We do this to investigate any errors, such as if you file a complaint about a fine during ticket inspection.
When you pay with a payment card, card information is registered only with Reepay A/S, the payment solution provider. If you save the payment card in the app, we store information about the card type. All payment card transactions are encrypted and carried out in accordance with the rules set by the card providers.
In connection with providing traffic information, we may process information about your selected personal departure boards or lines/stops, as well as your usage of traffic information within the app.
1.3. Information concerning your Rejsekort and top-up and renewal agreements
Rejsekort & Rejseplan A/S registers information concerning your Rejsekort and your top-up and renewal agreements.
Information about your Rejsekort and top-up and renewal agreements is registered in order to be able to administrate and serve you as a customer.
Rejsekort & Rejseplan A/S registers information about Rejsekort purchases, the type of Rejsekort selected, the Rejsekort number and the selected customer type, as well as other information associated with the Rejsekort, such as the expiry date.
Rejsekort & Rejseplan A/S registers information about your top-up and renewal agreements, including the selected top-up amount and the type of associated payment card, or information concerning other payment methods such as Betalingsservice (BS).
The actual payment is made via Nets A/S. When you enter or provide a payment card number, expiry date and CVC code, the information is registered in Nets’ systems, which provides very high assurance that unauthorized persons will not be able to access confidential information. See also clause 2 below.
Rejsekort & Rejseplan A/S does not register your payment card number or CVC code when you pay using a payment card. Only the payment card type and expiry date are registered.
1.4. Details of your top-ups and journeys
Rejsekort & Rejseplan A/S registers the top-ups and journeys that you make using your Rejsekort.
Rejsekort & Rejseplan A/S registers the following information concerning top-up of your Rejsekort:
- Amount and Rejsekort balance.
- Payment method. This means whether you pay in cash, your account number if this is used for payment, or the payment card type used. (Rejsekort & Rejseplan A/S does not register the payment card number, see above under clause 1.3).
- The time and place of payment and the transport company which received the payment.
Your top-up details are registered in order to be able to serve you as a customer, including to settle the account with you, and to be able to settle accounts with points of sale and transport companies. Registration also takes place in order to comply with applicable legislation, including the Danish Payment Services and Electronic Money Act and the Danish Bookkeeping Act.
Rejsekort & Rejseplan A/S registers the following concerning your journeys:
- Time and place of check in, check out and inspection.
- Selected customer type, price and balance.
Information about your journeys is registered in order to be able to serve you as a customer and to be able to document the fares paid for your journeys. Information about journeys is also registered for the purpose of detecting and preventing misuse of a Rejsekort and to comply with current legislation, including the Danish Bookkeeping Act and the Danish Payment Services and Electronic Money Act.
The information concerning the journeys made is also used by the transport companies – although mainly in anonymized or pseudonymized form – for planning purposes, including traffic planning, i.e. how route plans, numbers of buses, trains, etc. are to be organized. Information concerning the journeys made is also used in conjunction with pricing considerations and in connection with the distribution of revenue between the transport companies.
See also below, under clause 8, and the applicable Rejsekort Terms and Conditions for further information about your right of access to the information we have registered about you.
1.5. Information on using Check Udvej
If you use the ‘Check Udvej’ app to register missing check outs, Rejsekort & Rejseplan A/S will process information about the device from which you register the check outs, which operative system you use and which IP address the use was accessed from, as well as the GPS location of the registration.
Rejsekort & Rejseplan A/S uses the information for operational purposes, in order to detect any misuse and to compile statistics, e.g. to improve the Check Udvej app and Rejsekort system.
1.5 Details of any registration on the blocked list or in the Customer Register
If you or Rejsekort & Rejseplan A/S block your Rejsekort, the details of the Rejsekort number, date of blocking, who performed the blocking and the reason for the blocking will be registered.
Read more about the rules for blocking cards in the Rejsekort Terms and Conditions.
In certain circumstances, Rejsekort & Rejseplan A/S may add a Rejsekort customer to the Customer Register, e.g. in the event of unpaid debt, repeated failure to check out, or justified suspicion of misuse.
Read more about the rules for registration in the Customer Register in the Rejsekort Terms and Conditions.
2. Who has access to personal data?
Rejsekort & Rejseplan A/S employees and employees of the affiliated transport companies tasked with serving you as a customer, and who process your data, have access to the personal data collected. These employees only have access to view and use your data to the extent necessary to serve and manage you as a customer, or to comply with applicable legislation. For Rejsekort & Rejseplan A/S, this includes the following companies and data processors or sub-processors:
Transport companies
Via the Rejsekort system, employees of the affiliated transport companies have access to the data necessary to be able to serve and administrate customers concerning Rejsekort matters. This includes journey history, as well as your name, date of birth and contact details, and information about your Rejsekort and top-up and renewal agreements, but not information about the payment cards linked to the top-up and renewal agreements.
Employees of the affiliated transportation companies also have access to information via RejseBillet that is necessary for serving and managing customers in relation to RejseBillet. Relevant employees of the transportation companies thus have access to data from RejseBillet, including information such as name, date of birth, contact details, as well as travel and purchase history.
Furthermore, employees in the finance department at Trafikselskabet Movia have access to all financial data for RejseBillet, including personal information, as Trafikselskabet Movia is responsible for the accounting for RejseBillet.
If you contact Rejsekort Customer Services by telephone, your calls may be recorded if you give specific consent to this. The recordings are used for documentation and training purposes and are erased after 30 days.
The affiliated transport companies are: Arriva Tog, FynBus, DSB, Metroselskabet I/S, Midttrafik, Nordjyllands Trafikselskab, Sydtrafik A/S and Trafikselskabet Movia.
The transport companies’ business partners for Rejsekort sales handle customer information in connection with the issue, top-up and servicing of Rejsekort. Clicking on the following link will give you an overview of all points of sale: https://www.rejsekort.dk/da/salgssteder
IT suppliers
As data processors for Rejsekort & Rejseplan A/S, IT suppliers have delivered the Rejsekort system and RejseBillet and associated systems, and are responsible for their operation.
Manufacturer of cards for Rejsekort & Rejseplan A/S
When you order a Rejsekort (not Rejsekort Anonymous), the card manufacturer receives, among other things, the following: name, address, Rejsekort information, and any photo required. This information is used solely for the production of the Rejsekort and is not retained by the card manufacturer.
Analysis institutes
Rejsekort & Rejseplan A/S disclose information concerning customers (name, address, email address and case number) to analysis institutes in order to conduct customer satisfaction surveys concerning Rejsekort. The analysis institutes are obliged to erase information received concerning customers when the assignment has been completed.
Communication with customers
Rejsekort & Rejseplan A/S’ data processors have access to the information necessary to send emails, text messages and physical letters on behalf of Rejsekort & Rejseplan A/S.
Nets A/S
Payment at rejsekort.dk takes place exclusively in Nets A/S’ system. When you make a payment, Nets A/S will receive the information. Nets A/S meets the requirements concerning protection of card data from misuse.
2.1. Disclosure of personal data
If relevant, Rejsekort & Rejseplan A/S will disclose your personal data to the affiliated transport companies for use in the transport companies’ separate processing of fare evasion cases, collection cases, customer complaints, travel time guarantee cases, financial matters, analyses, service announcements, and also in connection with the transport companies’ issue of School Passes and Youth Passes on their own media (not on Rejsekort og RejseBillet).
If you have consented to this, Rejsekort & Rejseplan A/S may also disclose your personal data to the transport company to which you have given consent, so that this transport company and any subsidiaries and business partners can send you information about offers, products and promotion campaigns, as well as service notifications via email, text message or directly in RejseBillet. Rejsekort & Rejseplan A/S will also disclose selected personal data to third parties in conjunction with specific services related to the use of Rejsekort, including:
- Rejseplanen.dk: By entering a Rejsekort number in connection with price enquiries, the customer can see the price with the current Rejsekort discount steps.
- FlexDanmark: By stating a Rejsekort number, the customer can pay for flex journeys using a Rejsekort.
- Arriva: On using PendlerPlus
- A Rejsekort can be used as the key for e.g. shared cars, city bicycles and access to bicycle parking.
3. Monitoring
Rejsekort & Rejseplan A/S monitors Rejsekort and RejseBillet transactions, in order to detect and prevent Rejsekort and RejseBillet misuse.
4. How and for how long do we retain information about you?
In accordance with the data protection regulations, your personal data must be retained on a secure and confidential basis. We retain your personal data in IT systems that are subject to controlled and restricted access, and on servers that are located in specially secured premises.
Information about you as a customer, your Rejsekort and payment agreements, top-ups travel and purchase history. and any registration in blocked lists and customer registers is retained for as long as necessary to administrate you as a customer, or otherwise to comply with applicable legislation, including the Danish Payment Services and Electronic Money Act, the Danish Bookkeeping Act, the General Data Protection Regulation and the Danish Data Protection Act, see the table below:
|
Type of personal data |
Retention period |
| Master data (name, contact details, etc | Five years after the end of the year in which the customer relationship ended (or customer relationship without activity) |
|
Information about your cards, recharging and renewal agreements, selected customer type, price and balance. |
Five years from the end of the year which the transaction concerns. |
|
Information about your travel data (e.g. check in Ballerup on 21 October 2019, 12:03, check out Østerport on 21 October 2019, 12:30) |
Three years from the registration of the information. The journey data is then stored in anonymous form for analysis purposes. |
|
Case information registered in connection with enquiries to Rejsekort Customer Services |
Three years from the registration of the information. |
|
Order forms |
Three years from the end of the customer relationship. |
|
Recordings of telephone calls with Rejsekort Customer Services |
30 days from the date of the recording |
|
CPR number |
Deleted immediately upon termination of the customer relationship, including by revocation of consent. |
On specific objective grounds, deviation from these deadlines will be possible, on the basis of specific assessment, so that the personal data is erased at an earlier or later time. See, for example, clause 6 of the card provisions for Private Rejsekort regarding registration of information in the customer register in case of debt, repeated failure to check out or suspicion of misuse.
5. Legal basis for processing
The legal basis for our processing of your personal data in an ongoing customer relationship is, in particular, Article 6(1)(a) of the General Data Protection Regulation, under which we may process personal data where processing is necessary for the performance of a contract.
Some of your personal data is also processed in accordance with Article 6(1)(c) of the General Data Protection Regulation, as the processing is necessary to comply with a legal obligation. This is due to the fact that Rejsekort & Rejseplan A/S is obliged to store information on financial transactions pursuant to the Danish Bookkeeping Act, as the information is included as part of Rejsekort & Rejseplan A/S' accounting material. The obligation under the Danish Bookkeeping Act means that this information must be stored for current financial year and a further 5 years. Thus, certain information will be stored pursuant to the Danish Bookkeeping Act even after the termination of a customer relationship.
The legal basis for Rejsekort & Rejseplan A/S’ processing of CPR numbers is consent, cf. section 11(2) no. 2 of the Danish Data Protection Act, cf. Article 7 of the General Data Protection Regulation. In special cases, the CPR number will continue to be processed, even if the data subject has to withdraw their consent. This applies, for example, if the registered person has defaulted on a debt to Rejsekort & Rejseplan A/S. In such cases, the legal basis for the continued processing of the CPR number is section 11(2) no. 4 of the Danish Data Protection Act, cf. section 7 of the Danish Data Protection Act, cf. Article 9(2)(f) of the General Data Protection Regulation.
The legal basis for processing information on customers' disabilities is Article 9(2)(f) of the General Data Protection Regulation, cf. Article 6(1)(c), cf. section 10 of the Accounting Act. Information on a customer's disability is, however, obtained only with express consent, cf. Article 9(2)(a) of the General Data Protection Regulation and section 7, paragraph 1 of the Danish Data Protection Act. Rejsekort & Rejseplan A/S only registers the information that the customer is entitled to a travel card with the customer type disability, but no further information, including the nature of the disability. Information about a customer's disability is important for calculating the customer's fare rate, and the information therefore constitutes accounting material, cf. section 3 of the Danish Bookkeeping Act. Rejsekort & Rejseplan A/S is thus obliged to keep the information in personally identifiable form, cf. section 10 of the Danish Bookkeeping Act, for 5 years from the end of the year to which the material relates.
The legal basis for processing telephone recordings in connection with customer inquiries to Rejsekort Customer Services is consent, cf. Article 6(1)(a) of the General Data Protection Regulation.
When issuing and managing School Passes, the legal basis for the processing of your personal data is that the processing is necessary for us to be able fulfil the agreement to provide you with a School Pass and administrate it, cf. Section 6(1) of the Danish Data Protection Act and Article 6(1)(b) of the General Data Protection Regulation, and that we have a legitimate interest in processing the data, cf. Section 6(1) of the Danish Data Protection Act and Article 6(1)(f) of the General Data Protection Regulation. Our legitimate interest is to be able to issue the School Pass to you and to administrate it. When Rejsekort & Rejseplan A/S processes a CPR number in this regard, our legal basis is that the processing is governed by legislation and is necessary to be able to identify the recipient of the School Pass, cf. section 11(2) of the Danish Data Protection Act, section 26(5) of the Danish Primary School Act.
The legal basis for Rejsekort & Rejseplan A/S’ processing of information about contact persons in connection with Rejsekort Corporate and School Pass is based on the balance of interests rule in Article 6(1)(f) of the General Data Protection Regulation.
The legal basis for the use of preference and statistical cookies on www.rejsekort.dk is consent, as per Article 6, paragraph 1, letter a of the Data Protection Regulation.
The legal basis for the use of technical cookies on www.rejsekort.dk and in RejseBillet is the balancing of interests rule under Article 6, paragraph 1, letter f of the Data Protection Regulation.
6. The right to withdraw consent
You have the right to withdraw your consent at any time. You can do this by contacting Rejsekort Customer Services using the contact details stated below in clause 8. If you choose to withdraw your consent, this will not affect the lawfulness of our processing of your personal data on the basis of your previously granted consent, up to the date of withdrawal of consent. This means that if you withdraw your consent, this will take effect as from the date of withdrawal.
If you withdraw your consent, this means that we will in principle restrict the processing of your personal data by erasing or making the personal data processed under consent anonymous. As stated above under clause 5, this concerns the CPR number as well as recordings of telephone conversations if you contact Rejsekort Customer Services by telephone.
Please note that withdrawing your consent to processing of a CPR number entails that you can no longer hold a Rejsekort Personal, Rejsekort Flex or Commuter Card on Rejsekort. You will not have access to online self-service either. You can continue to use a Rejsekort Anonymous, however.
7. Automatic calculations
On using the ‘Check Udvej’ app to register missing check outs, when specific parameters are fulfilled, there will be automatic approval of the registered information, which may result in a subsequent charge or refund concerning the registered journey.
8. Your rights
Under the General Data Protection Regulation and the Danish Data Protection Act, you have a number of rights with regard to the processing of your personal data by Rejsekort & Rejseplan A/S. If you wish to exercise these rights, please contact us using Rejsekort & Rejseplan A/S’ contact details, which are stated below and on page 1. Your rights are as follows:
Right to view information (right of access)
You have the right to access the information that we process concerning you, as well as various additional information.
Right to rectification (correction)
You have the right to rectification of incorrect data about you. You also have the right to have your information supplemented with additional information, if this will make your personal data more complete and/or up to date.
Right to erasure
In exceptional cases, you have the right to erasure of information before the date of our ordinary general erasure of data.
Right to restriction of processing
In certain cases, you have the right to restriction of the processing of your personal data. If you have the right to restriction of processing, in future we may only process data – apart from retention – with your consent, or for the purpose of the establishment, exercise or defense of legal claims, or in order to protect a person or important public interests.
Right to object
In certain cases, you have the right to object to our otherwise legal processing of your personal data. This only applies, however, if our processing is based on Article 6(1)(f) of the General Data Protection Regulation. You also have the right to object to our processing of your data for direct marketing purposes.
Right to data portability
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transmitted from one data controller to another without hindrance. You can read more about your rights in the Danish Data Protection Agency’s guide to the rights of data subjects, which you can find at www.datatilsynet.dk.
If you do not want Rejsekort & Rejseplan A/S to process your personal data, you can purchase a Rejsekort Anonymous.
If you have any questions about how Rejsekort & Rejseplan A/S processes personal data, please contact:
Rejsekort Customer Services on tel.: (+45) 70 11 33 33
You can also use the contact form at https://www.rejsekort.dk/Kundecenter-privat/Kontaktformular (in Danish)
Or by letter to:
Rejsekort Customer Services, Postbox 736
DK-2500 Valby
Rejsekort & Rejseplan A/S’ Data Protection Officer (DPO) can be contacted at:
DPO@rejsekort.dk
Tel.: (+45) 70 20 40 08
9. Use of rejsekort.dk
The www.rejsekort.dk website consists of two parts. An information part and a self-service part.
Information concerning use of the information part
Information about which parts of the website are visited is collected in log files and the information is used in connection with the further development of the website, so that it is optimized in accordance with customer needs. IP addresses are not logged. See also below under ‘Cookies’ concerning the use of cookies.
Information concerning use of the self-service part
Information about your use of the self-service part (e.g. orders placed), including the IP address used, is collected in log files. These are erased continuously and used solely for any troubleshooting purposes.
By logging onto the self-service part, can view most of the information that Rejsekort & Rejseplan A/S has registered about you, including information that you have provided yourself on purchasing a Rejsekort or later, and information about your top-ups, renewals and journeys.
Cookies
Rejsekort & Rejseplan A/S uses cookies on www.rejsekort.dk.
The use of cookies requires you to consent to this on using www.rejsekort.dk, and the solution for obtaining consent complies with the applicable rules, including the Danish Data Protection Agency’s guidelines on the processing of personal data concerning website visitors.
A cookie is a small text file that is stored in your device via your browser. The cookies used by Rejsekort & Rejseplan A/S cannot contain a virus.
Rejsekort uses cookies, among other things, when a Rejsekort is purchased on the self-service site, and for the Rejsekort Customer Services contact form.
Necessary cookies help to make a website usable by activating basic features. Preference cookies make it possible to remember information, such as your preferred language. Statistical cookies contribute knowledge of how visitors to www.rejsekort.dk use the website, while marketing cookies are used to track visitors across websites. For example, when clicking on ads that lead to www.rejsekort.dk.
On purchasing a Rejsekort via the self-service part:
Cookies are necessary to remember your choices when purchasing a Rejsekort. Cookies used on purchasing a Rejsekort are erased after completion of the purchase. If you have declined cookies, see below, you will not be able to order a Rejsekort via www.rejsekort.dk.
Contact form for Rejsekort Customer Services:
It is possible to contact Rejsekort Customer Services at www.rejsekort.dk – this can be done using a contact form on the website https://www.rejsekort.dk/Kundecenter-privat/Kontaktformular (in Danish).
Cookies used for the Rejsekort Customer Services contact form expire after half an hour, but are renewed after each visit.
How to avoid cookies:
If you do not wish to receive cookies, you can block all cookies, erase existing cookies from your hard drive, or receive a warning before a cookie is saved. Click here for instructions on how to set this in your browser on the device you are using: https://minecookies.org/cookiehandtering
The guide is set up for most browsers, and for smartphones.
You can always use the help function in your browser to get more information about cookie settings. Typically, you do this by pressing ‘F1’ on your PC. Search for ‘cookies’.
Access to the information from cookies:
Employees of Rejsekort & Rejseplan A/S who are authorized to do so, have access to the information collected. Furthermore, information in the form of statistics and similar, without specifying individual IP numbers, is transmitted to the affiliated transport companies, for the purpose of gaining more knowledge about the use of the website.
10. Google Analytics
Rejsekort & Rejseplan A/S may use Google Analytics to analyze use of www.rejsekort.dk , in order to optimize the website and make it more user-friendly. In this context, among other things, cookies are used to maintain statistics concerning the number of users, the time spent on the website and which subpages are visited.
In order to perform this function, Google also sets cookies in your device.
The IP address used is disclosed in conjunction with Google Analytics’ metrics to Google’s servers in the USA, unless you have declined this. See above under Cookies for how to avoid these cookies.
You can also generally decline inclusion in Google Analytics’ metrics, see: https://tools.google.com/dlpage/gaoptout
11. RejseBillet
In RejseBillet, Google Firebase is used to analyze the usage of the app and to create dynamic links. This is done to optimize the app and make it more user-friendly.
To perform this function, Google sets cookies on your device.
12. Right to complain to the Danish Data Protection Agency
You can complain to the Danish Data Protection Agency about the processing of your personal data by Rejsekort & Rejseplan A/S.
The contact details for the Danish Data Protection Agency are as follows:
The Danish Data Protection Agency
Carl Jacobsens Vej 35.
2500 Valby
Tel.: (+45) 33 19 32 00
Email: dt@datatilsynet.dk
www.datatilsynet.dk
13. Changes to this privacy and cookie policy
This privacy and cookie policy is subject to change.
At the top of this privacy and cookie policy you can always see when the policy was last updated and/or changed. In the event of significant changes, this will be disclosed as a clearly visible notification on www.rejsekort.dk.