Traivelling GmbH Privacy Policy

Traivelling GmbH takes technical and organizational measures to keep your data secure and protect it from misuse. Please also read the General Terms and Conditions for Automated Bookings of Traivelling GmbH. Our privacy policy applies to everyone who uses one of our services, visits our website, or books tickets. This includes, in particular, buying a ticket including additional services like reservations, as well as using our various services. We're constantly developing our offers and services, so we regularly update our privacy policy too. However, we'll always make sure the currently valid version is available to you.

Who is responsible for data processing?

Under the GDPR, a controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Traivelling GmbH, FN 552215g, Zentagasse 45/13, 1050 Vienna, Austria, privacy@traivelling.com, is the data controller in the sense of Article 4, No. 7 GDPR.

What data do we collect?

Automatically collected data when you visit the website:

When you visit our website, we automatically collect certain data that your browser regularly transmits to our web server. This includes:

  • your IP address
  • the URLs of the websites you came from to reach our page
  • the browser you're using
  • the browser language
  • data provided by the browser (e.g., about the operating system and system settings used)
  • the device you use to access our services
  • date and time of access and the duration of access

We also record which pages you visit on our website and how long you stay there. We use this data and information anonymously to make our offer as user-friendly as possible and to technically optimize it (see also PostHog).

Data you provide:

Personal data is any information that can be linked directly or indirectly (e.g., together with other data) to you – like your name, email address, phone number, passport or ID number, booking number, and your travel and purchase history. We only collect your personal data when it's necessary, and we minimize storage as much as possible.

When you buy a ticket, we process the following information that you provide to us yourself:

  • Your name (and, if applicable, the names of your co-travelers), potentially your age and date of birth, as well as your gender if provided.
  • Discount cards that are specified, potentially also the numbers of these cards.
  • Your personal ID or passport number (if required).
  • Information about your trip, e.g., departure time, destination, ticket type, seat, additional services, purchase channel, payment method, price, and details about special needs such as assistance or a wheelchair space.
  • Various payment information such as the payment method, the payment date, and – for card payments – the last 4 digits of the card number (e.g., XXXX XXXX XXXX 3456). Also, the payment history of payments made and refunds.

Payments are processed by Datatrans (Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich, Switzerland). Therefore, we don't have access to precise payment information beyond what's mentioned above.

  • Email addresses and – if provided – phone numbers.

We also use email addresses to send you all the information we have about your trip. In particular, we'll inform you about disruptions or cancellations via email and SMS – if we have this information, which unfortunately is only the case in some instances.

How long do we store your data?

Automatically collected data (stored in log files) is kept for three months and then automatically deleted.

Data you provide is only stored for as long as necessary to fulfill the respective purposes or as long as statutory retention periods exist. Anonymized reports remain for analysis purposes. After these periods, your data will be securely deleted so that it can no longer be linked to you.

Why do we process your data?

Your data is processed exclusively on a legal basis – for example, if it's necessary for fulfilling a contract with you or to comply with legal obligations.

Protecting your data

Your privacy is important to us. That's why we use technical and organizational measures to protect your data in accordance with the General Data Protection Regulation (GDPR). This includes, among other things, technical solutions like the encryption of personal information as well as organizational measures such as access and authorization controls.

Sharing of data

Traivelling GmbH never sells your data to third parties. We only share your data with partner companies that help us provide our services. If legally required, we may also transmit your data to relevant authorities.

What do we use your data for?

We process your data to:

  • provide your trip or purchased products
  • process payments (via Datatrans)
  • prevent payment fraud
  • verify your identity during ticket inspections
  • send you information about your trip (e.g., delays or changed departure times)
  • send you relevant offers or news via email (if you've given prior consent)
  • create statistics to improve our services – where the results of these evaluations don't allow conclusions about your person

This processing is carried out exclusively in the interest of our users and in compliance with applicable data protection regulations.

Communication with Traivelling

You can contact us in various ways – for example, via the chat function on the website, contact forms, by phone or email, through social media, or via FAQ forums. When communicating, we process the following information:

  • your name and contact details
  • your questions, opinions, or concerns

We use this data to:

  • process your inquiries (e.g., refunds, complaints, booking requests)
  • improve our services and the information on our website
  • provide you with requested information (e.g., annual reports or sustainability reports)

This processing is carried out in the interest of our users and to improve our communication channels.

Cookies, Tracking, and Collaboration with Third-Party Providers

We work with external partners to provide you with our services. These partners may only use your data for the agreed-upon purposes and not share it further. We ensure that our partners adhere to strict data protection guidelines.

Cookies: What you should know

Cookies are small text files or codes that contain information and are stored on your hard drive or in your browser's memory when you visit our website. They help to load content faster and recognize your device when you visit our site again. We use cookies to better understand how our website and applications work and to improve your user experience both online and mobile. They also allow us to show you travel suggestions based on your past preferences.

What types of cookies are there?

Necessary Cookies

These cookies are essential for you to use our website correctly and for all functions to be available. Without them, some services might not be provided. These cookies do not store any personal information and cannot be deactivated via our website – but you can turn them off in your browser settings.

1. Functional Cookies

These cookies ensure that certain functions on the website work correctly, for example, storing your language settings or pre-filled forms (if you have previously agreed).

2. Storage duration:

Session cookies remain active until you end the session. Other cookies remain active – with consent – as long as the consent is valid.

3. Analytical Cookies

These cookies collect anonymized data about visitor behavior on our website – for example, which pages are visited most or which links were clicked. We use this information to continuously improve the website with the help of analysis tools like PostHog.

Storage duration: Session cookies: as long as the session is active. Other cookies (e.g., for web analysis): up to three years.

4. Preference Cookies

These cookies help us to show you personalized content, such as individual travel suggestions on the homepage, based on your previous searches and bookings.

First-Party & Third-Party Cookies

First-Party Cookies

These cookies come directly from our website and are stored locally on your device. They allow our website to recognize you but do not track you across other domains.

Third-Party Cookies

These files, also known as tracking cookies, mark you as a visitor and analyze your Browse behavior across different websites – mostly for advertising purposes. We currently only use first-party cookies that are:

  • technically necessary
  • provide you with a better user experience

We do not use third-party cookies. By the way: our animated graphics do not store any cookies.

How long do cookies stay on your device?

The storage duration of a cookie depends on whether it's a:

  • Session cookie → only remains active until you close the browser.
  • Persistent cookie → remains stored until the preset time expires or you delete it manually.

For cookies requiring consent, we store a consent and revocation history for three years.

How can you withdraw your consent?

On our website, you'll find an easy way to withdraw your consent – via the "Cookie Settings" button in the footer. If you have any questions, you can always contact our customer service.

Third-party providers we work with

Intercom (First-Party Cookies for the chat function on the website)

Intercom acts as a processor according to Art. 28 GDPR. To use the chat function, cookies are set, which you must agree to. If you don't want this, the chat function won't be available, but you can contact us by email at office@traivelling.com.

If the chat function of our website is activated (after your consent), additional data will be processed.

Processed data categories:

  • IP address, date, time, browser info
  • Content of your inquiry
  • Contact details such as name & email

Purpose of processing: Analysis of user behavior, support of website visitors with technical or content-related questions, and optimization of content.

Legal basis for processing: Your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Data transfer (recipient): Intercom R&D Unlimited Company, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, Ireland. This may also mean a transfer of personal data to a country outside the European Union. Data transfer to the USA takes place on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the recipient of the data has committed to complying with the principles of the Data Privacy Framework (DPF).

Revocation: You can revoke or deactivate your consent to Intercom cookies at any time via the "Cookie Settings" button on the website.

Mailjet (for newsletter subscription and sending)

Mailjet acts as a processor according to Art. 28 GDPR. After registration, we store your email address on Mailjet's servers. By confirming the newsletter subscription checkbox, you consent to receive the Traivelling newsletter at the email address you entered.

Revocation:

The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Data controller: Traivelling GmbH Mailjet address: Mailjet GmbH, Alt Moabit 2, 10557 Berlin, Germany Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR Storage duration: until revocation

If you have any questions, contact us at privacy@traivelling.com. If you believe we are violating data protection regulations, you can file a complaint with privacy@traivelling.com or with a data protection authority.

PostHog Web Analytics

Our websites and our digital dialogue with our customers use PostHog, a web analytics service. PostHog performs cookie-less tracking, which allows us to analyze the use of our websites. PostHog does not perform profiling. The processing of your personal data helps us to recognize what works on our website and what doesn't. For example, it helps us to understand whether our communication is appealing or not and how we can better organize the structure of the website. Our team benefits from the processing of your personal data and your actions directly on the website. By processing your personal data, you also benefit from a website that is constantly improving. Without this data, we would not be able to provide you with the service currently offered. Your data is used exclusively to improve the user experience on our website and to help you find the information you are looking for.

For this purpose, data is collected and processed. This includes:

  • your IP address (IP addresses are anonymized (e.g., 192.168.xxx.xxx))
  • the URLs of the websites you came from to reach our page
  • the browser you're using
  • the browser language
  • data provided by the browser (e.g., about the operating system and system settings used)
  • the device you use to access our services
  • date and time of access and the duration of access
  • we also record which pages you visit on our website and how long you stay there
  • We record what content you click on and the time of selection

We use this data and information anonymously to make our offer as user-friendly as possible and to technically optimize it. Data controller: Traivelling GmbH Analytics data is stored in the GDPR-compliant PostHog Cloud (EU) and is not shared with third parties. If you believe that the processing of your personal data with PostHog Analytics violates the law, you can contact us at privacy@traivelling.com. You also have the right to file a complaint with a supervisory authority.

Disclosure to authorities

In certain cases, we are legally obliged to disclose data to authorities. This includes requests from the police or courts or to regulatory authorities in the event of an arbitration procedure, the competent administrative authority in the specific case (especially also financial authorities, driving license authorities, Rundfunk und Telekom Regulierungs-GmbH or trade authorities) for the purposes of complying with legal provisions and authorizations, Article 6 para. 1 lit. c GDPR. The competent courts in the specific case or other competent authority in the specific case (due to our legitimate interests, which consist of defending legal claims, Article 6 para. 1 lit. f GDPR).

If necessary, we may also disclose data to protect our rights, e.g., to appointed legal representatives in the event of civil disputes (due to our legitimate interests, which consist of defending legal claims, Article 6 para. 1 lit. f GDPR).

Your Rights

You have the right at any time to:

  • Access your data
  • Have incorrect data corrected
  • Have your data deleted
  • Object to the processing of your data
  • Receive your data in a common format and have it transferred to another provider

If our processing is based on your consent, you can withdraw it at any time. However, a withdrawal does not affect processing that has already taken place lawfully.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who monitors compliance with data protection regulations. If you have any questions or concerns, you can contact them at privacy@traivelling.com or by mail to Zentagasse 45/13, 1050 Vienna, Austria.

Enable our chat

We use Intercom for our chat. Please enable the following cookies, so you can use the chat tool. They allow for secure usage and continuing previous conversations, even if you leave or reload the page in between. Without these cookies, the chat won't work.

List of functional cookies
NameDescriptionDuration
intercom-id-vztupt03This cookie helps the chat recognize you during later visits – anonymously and without personal data.9 months
intercom-session-vztupt03With this cookie, you can continue previous conversations in the chat – even if you leave or reload the page in between.1 week
intercom-device-id-vztupt03This cookie recognizes which device you are using to access the chat. This way, Intercom protects the chat from misuse by automated programs.9 months (automatically extends with use)