Last modified: January 2024
Changes in relation to previous versions:

Updates:

Our data protection principles

This notice tells you which data we collect from you, how we use it and how you can withdraw consent to the use of your data.

Who is responsible for data collection and processing?

DB InfraGo AG is responsible for the collection and processing of your data. The appointed data protection officer is Dr. Marein Müller.
If you have any questions, suggestions and/or criticisms with regard to data protection and the Everyworks app, please contact:
DB InfraGO AG, Adam-Riese-Straße 11-13, 60327 Frankfurt
E-mail: everyworks@deutschebahn.com
Data protection contact: Datenschutz.DBInfraGO@deutschebahn.com

What data do we collect and how and why do we process your data?

We collect and process your data exclusively for the purposes of this app. These may result from technical necessities, contractual requirements or express user requests.

Downloading

When the app is downloaded, your user name, e-mail address and customer number, the time of download, the payment information and the individual device number are sent to the App Store. We have no control over such data processing and are not responsible for it.

Technical and contractual reasons

For technical reasons, use of the everyworks app requires certain data (e.g. IP address, device type) to be collected and stored so that the app can work on your device.
To be able to provide our services in the app, we require further personal data from you for contractual reasons:

Registration/logon for the customer account

First name, surname, company name (optional), additional company information (optional), street and house number, state, e-mail address, password (anonymized), verification of e-mail address

Payment data

Your payment information is processed for the purpose of payment processing. Depending on the payment method, your payment information may be forwarded to third parties: Within the scope of offering individual payment methods, we work together with partner companies. The respective payment methods are available to you without your complete payment information being stored in your customer account with us.

Payment by credit card

For the secure processing of payments initiated by you, the necessary payment data (amount, customer number, payer, payment reference numbers) are transmitted from the customer account to a payment service provider. The legal basis for this is Art. 6 (1) (b) GDPR. Our payment service provider for processing credit card payments is PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany. To learn how Payone processes your data, please read its privacy policy at https://www.payone.com/dsgvo/. The payment service provider performs the following: processing of credit card data in order to perform payments; application of security measures used by your card's issuer (such as 3D Secure and strong customer authentication). No other institution handles your data. We do not receive access to your full credit card data. Instead, we merely save a reference in the form of an abbreviated credit card number so that you can identify it.

Payment via Paypal

If you pay via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg (hereinafter called "PayPal"), as part of the payment process. Further information is available in the company's privacy policy (paypal.com/de/webapps/mpp/ua/privacy-full).

Booking data

Minute-based billing via check-in and check-out, acceptance of the rules and regulations valid for each space, purchases and redemption of minute packages, redemption of free minutes, discounts used, meetings booked.

Location data

In this app, we offer a convenience feature that allows you to optionally sort the locations in the app by distance from your personal and current location. In order for you to use this, it is necessary that your current location is released for the app for local [i.e. exclusively on the device itself] use. For service provision purposes, it is therefore necessary that the app is allowed to access the location data of your device. The location is only accessed after you have granted the app access permission. The access does not take place in the background [i.e. only when the app is actively in use] and the data is not stored or transmitted outside the app. The legal basis for the location processing is Art. 6 para. 1 lit. b) GDPR.

You can object to the processing of your location at any time as follows:

For Android, you can disable access to the location in the operating system settings in the menu sub-item "Apps/everyworks/Permissions".

For iOS, you can turn off location access in the operating system settings in the menu sub-item "Privacy/Location Services/everyworks".

Sending of invoices

E-mail address for sending of invoices by e-mail as PDF.
The legal basis for such data processing is Art. 6 (1) (b) GDPR.

Access permissions

In order to process personal data for technical and contractual reasons, the app requires access permissions to certain features on your device. These access permissions are therefore enabled as the default. The following tells you which service processes your data and for what purposes, unless such access is absolutely necessary for technical reasons:

Technically required access:
Up to Android 6:

  • AUTHENTICATE_ACCOUNTS: Use of account authentication features, creation of accounts, retrieval and setting of passwords for the Everyworks app.
  • GET_ACCOUNTS: For retrieving the list of configured accounts (only the accounts, not the actual access data). This permission simply makes it possible to determine which accounts exist. For example, the app can determine whether a matching account already exists.
  • MANAGE_ACCOUNTS: Management – i.e. including the changing – of accounts/access data.
  • USE_CREDENTIALS: Use of authentication information of an account

For higher versions, only the following permissions are requested:

  • INTERNET and ACCESS_NETWORK_STATE: For interrogating the internet and network status

Calendar data

Our app offers you the possibility to save the dates of the booked meetings in your personal calendar.

For this, the iOS app requires access authorization, which we ask you to grant at the beginning of app use. For the purpose of integrating the app services into your calendar, no personal data is requested and no other personal data or content data is collected.
Write permissions are requested only in iOS to enter the following info: location name, provider, address of the Space, start/end date of the meeting, meeting ID, URL to invite guests.

On Android, no write permissions are granted. Instead, an event with the meeting info (location name, provider, address of the Space, start/end date of the meeting, meeting ID, URL to invite guests) is provided to the system (Intents system).

You can revoke your consent at any time as follows:
For iOS, you can disable access to the calendar in the operating system settings in the menu sub-item "Privacy/Calendar/everyworks".

Offers matching your booking

Following your booking, we would like to send you offers of similar products or services to the e-mail address used for the booking. You can unsubscribe at any time by clicking on the link in the e-mail.

Rights of the data subject

  • You can ask which of your data has been stored.
  • You can request the correction, deletion or blocking of your personal data, provided this is legally admissible and possible under an existing contract.
  • If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77(1) GDPR. The supervisory authority responsible for DB InfraGO AG is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden
  • You have the right to portability of the data you have provided to us on the basis of a consent or contract (data portability).
  • If you have consented to your data being processed by us, you can withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of any prior processing based on such consent.
  • You can object to the advertising approach at any time with effect for the future (advertising objection).

To exercise your rights, simply send a letter by post to the controller at DB InfraGO AG, Adam-Riese-Str. 11-13, 60327 Frankfurt or by e-mail to everyworks@deutschebahn.com

Will your data be shared with others?

Contract implementation normally requires the involvement of external processors who are dependent on our instructions, such as data centre operators or other IT service providers, printing or mail-handling service providers or other parties involved in contract performance.
External service providers who process data on our behalf are carefully selected by us and subject to strict contractual obligations. Such service providers are bound by our instructions. This is guaranteed by strict contractual arrangements, technical and organisational measures as well as additional checks.
Apart from that, your data is transmitted only if you have explicitly given us your consent or if required by law.
Your data is not transmitted to third countries outside the EU/EEA or to an international organisation unless adequate safeguards are in place. These include the EU standard contractual clauses as well as an adequacy decision by the EU Commission.

When are cookies used?

No cookies are used unless absolutely necessary for the technical operation of the app.

Duration of processing

We store your data only for as long as necessary for fulfilling the purpose for which the data was collected (e.g. under a contract) or where this is provided for by law. Under a contract, for example, we store your data at least until the contract has been completely terminated. The data is then kept for the length of the statutory retention periods. If inactive, your customer account is maintained in the system for four years and then deleted from the system along with notification by e-mail (30 days before deletion).

Updating of the data protection notice

We adapt the data protection notice to modified functionalities or changed legal situations. We therefore advise you to read the data protection notice at regular intervals. Where your consent is required or parts of the data protection notice contain provisions of the contract with you, any amendments require your approval.

Official Language

The official language of this privacy statement is German. The English translation of this privacy statement has no legal validity; it is provided only as a courtesy.