Privacy and data protection

Privacy notice – Oberweißbacher Berg- und Schwarzatalbahn ("Oberweissbach Funicular and Schwarza Valley Line")

In principle, it is possible for you to use our web pages without providing your personal data. In this notice, we inform you about what data we collect on you, how we use it and how you can opt out to having your data used.

Who is responsible for collecting and processing data?

DB RegioNetz Verkehrs GmbH is responsible for collecting and processing your data.

If you have any questions or suggestions about this website, please contact:

DB RegioNetz Verkehrs GmbH

Oberweißbacher Berg- und Schwarzatalbahn (OBS)
An der Bergbahn 1
98746 Mellenbach-Glasbach, Germany

Phone: +49 (0) 36705 20134

The appointed data protection officer at DB RegioNetz Verkehrs GmbH is Ms Chris Newiger.

If you have any questions or suggestions related to privacy, please send an e-mail to

What data do we collect and how and why do we process your data?

When you visit this website, certain device-specific data is collected and processed automatically. This refers to what are known as server log files that are typically created when you visit a website.

As a rule, the following data is transmitted to us via these files:

  1. IP address
  2. Date and time of your request
  3. Time zone difference to Greenwich Mean Time (GMT)
  4. Content of your request
  5. Access status/HTTP status code
  6. Data volume transmitted
  7. Website (from which the request came)
  8. Browser
  9. Operating system and its interface
  10. Language and version of browser software

It is not technically possible to use of website if this data is not processed.

The legal basis is point (f) of Article 6(1) of the General Data Protection Regulation (GDPR).

If you contact us, we will process the personal data you have provided in the course of our correspondence with you. The legal basis is point (f) of Article 6(1) of the GDPR.

If we ask for and receive your consent to perform processing operations on your personal data, your consent is considered, in accordance with point (a) of Article 6(1) of the GDPR, as the legal basis for performing such processing operations.

If we process personal data that is required to perform a contract that we have concluded with you, then the contract is the legal basis in accordance with point (b) of Article 6(1) of the GDPR. Point (b) of Article 6(1) of the GDPR also applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services or in the case of applications. If our company is subject to a legal obligation that requires us to process personal data – such as a tax obligation – then the legal basis for processing is point (c) of Article 6(1) of the GDPR.

Payment details 

Payment details such as account or credit card numbers, contact details and identification-related information are collected by PayPal to process payments made for ticket bookings. Each transaction made using a credit card requires the user to provide the CVV code on the back of the card as authorisation. The CVV code is not stored. You can find PayPal's privacy policy here.


We are continually improving our offering by saving and analysing user data on a pseudo-anonymised basis. The legal basis for this is point (f) of Article 6(1) of the GDPR.

Additionally, we are interested in maintaining a customer relationship with you and providing you with information and offers that we think you may be interested in. For this reason, we process your data on the basis of point (f) of Article 6(1) of the GDPR (also with the help of service providers) to send you information and offers. We may use your contact details (surname, first name and postal address) for advertising by post and for market research purposes, provided that you have not opted out of this. We may also use the e-mail address that we have obtained from our business relationship with you for commercial purposes.

You can opt out of the use of your data for targeted advertising at any time with future effect. You can send your objection (for example by e-mail to the above address (advertising opt-out). 


When we run competitions, we collect data for managing the process. The precise details, i.e. what data is collected and for what purpose, are available on the given competition's webpage. The legal basis for this processing is point (f) of Article 6(1) of the GDPR.


If you register for our newsletter, provision of your e-mail address is mandatory. In this case, we can use it for advertising purposes.

When you register for a newsletter, we save the IP address from the computer system in use provided by your internet service provider (ISP) at the time of registration, and the date and time of registration. The collection of this data is mandatory to detect (potential) misuse of the e-mail address of a data subject at a later point in time and therefore provides us with a legal safeguard. The legal basis for this processing is point (a) Article 6(1) of the GDPR.

You can unsubscribe from the newsletter at any time by e-mail or by clicking the unsubscribe link in your newsletter.

Customer account

If you register for a customer account, the following information is typically required:

  1. Form of address
  2. First name and surname
  3. E-mail address

It is not possible to create a personal account without this information.

You can delete your customer account at any time. The legal basis for this processing is point (b) of Article 6(1) of the GDPR.

Electronic tickets

When electronic tickets are checked, the information included on the ticket is shown on the ticket checking device. The legal basis for this processing is point (b) of Article 6(1) of the GDPR.

Embedding Google Maps

We use Google Maps to embed maps. Google LLC in the USA is committed to maintaining appropriate data protection in accordance with the American/European and the American/Swiss Privacy Shield. Further information can be found in Google's detailed privacy policy.

How long do you store my data?

We store your data only for as long as is necessary to fulfil the purpose for which the data was collected, or to comply with statutory requirements.

What rights do users have?

  1. You can request information as to what personal data is stored.
  2. You can request that we correct, delete or restrict (block) the processing of your personal data, provided these actions are permitted by law and in compliance with existing contractual conditions.
  3. You have the right to file complaints with a supervisory authority.
  4. You have the right to the portability of data that you have provided to us on the basis of consent or a contract (data portability).
  5. If you have given us your consent to process your data, you can withdraw this consent at any time, using the same methods that you used to give your consent. Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.

You may object to data processing for reasons associated with your particular situation if the data processing is performed on the basis of our legitimate interests.

You can opt out of targeted advertising at any time. This takes effect for the future (advertising opt-out).

To exercise your rights, simply send a letter by post or e-mail to the above contact address.

Do you forward data?

For the purpose of performing a contract, it is generally necessary for us to involve processors, from parties such as computer centre operators, printing or shipping service providers, or other parties involved in performing the contract, who are bound by instructions from us.

The external service providers that we hire to process data are carefully selected and subject to strict contractual obligations. The service providers follow our instructions, and this is guaranteed by strict contractual regulations, technical and organisational measures, as well as supplementary checks and controls. It is necessary to integrate service providers as part of managing and maintaining IT systems, for example.

Furthermore, transmission of your data only takes place where you have given your express consent or on the basis of a statutory requirement.

It may be necessary to forward data in the following situations, for example:

  1. Credit rating check by a service provider for credit rating checks when you register for the direct debit procedure.
  2. In the event of payment irregularities or defaulting on payments, we may send debt claim data to a debt collection agency.
  3. We regularly use a call centre for customer care by telephone.

Use of cookies

Cookies are small text files used to store personal data. Cookies can be sent to this website when it is called, allowing the user to be identified. Cookies help users to use internet sites more easily. 

Use of Matomo (formerly Piwik)

We use the analysis service Matomo (formerly Piwik) on our website to analyse how our website is used and to improve it regularly. The statistics we gain from this allow us to improve our offering and make it more interesting for users. With the help of small text files (cookies), we collect data on how you use our website, which includes your IP address. This data is anonymised and stored on our servers. The legal basis for the use of Matomo is point (f) in the first sentence of Article 6(1) of the GDPR.

Your deactivation options: If you do not consent to the analysis of your user behaviour, you can change your browser settings at any time to prevent analysis cookies from being set. In addition, you can also decide whether a unique web analysis cookie can be stored in your browser, allowing the operator of the website to record and analyse different statistical data. If you decide not to allow this, click the following link to store the Matomo deactivation cookie in your browser:

Your visit to this website is currently recorded by Matomo web analytics. If you decide not to allow this, click the following link to store the deactivation cookie in your browser.

Please note: If you delete all your cookies, the deactivation cookie will also be deleted. This means that you will have to renew your deactivation of the analysis of user behaviour.

How do you handle links to external websites?

If you click a link to an external website, you are leaving the pages of This means that DB RegioNetz Verkehrs GmbH is not responsible for the content, services or products offered on the linked website, nor is it responsible for the data privacy or the technical security on the linked website.

Social plugin

When you visit one of the pages on our website, you will initially find only one link. The social plugin is then still deactivated and is only activated if you click on this link to the social plugin.

If you actively use social plugins, the social network receives the information that you have visited our site with your IP address.

If you are logged into a social network and use social plugins, cookies can be used to assign the visit to our web page or third-party web pages to your relevant profile on the social network. This also means that the social network can analyse your reading behaviour on our or other web pages that you visit and use it to personalise the advertising aimed at you.

If this is not desired, you need to log out of the relevant social network before using social plugins and delete your cookies.

Overview and origin of the social plug-ins that can be activated by the two-click solution:

The Like button is provided by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. You can find Facebook's privacy policy at

Update to the data privacy notice

We amend the data privacy notice to reflect changes to functionalities or changes to the legal situation. We therefore recommend that you review the data privacy notice at regular intervals.


Correct at April 2018