Data protection information for video surveillance in the vehicles, stations and premises of Stadtwerke Verkehrsgesellschaft Frankfurt am Main mbH (VGF)

1. Name and contact details of the responsible entity

Stadtwerke Verkehrsgesellschaft Frankfurt am Main mbH
Kurt-Schumacher-Strasse 8
60311 Frankfurt

Phone: 069 213-03
Fax: 069 213-22740
e-mail: info(at)vgf-ffm.de
 

2. Data Protection Officer

Stadtwerke Verkehrsgesellschaft Frankfurt am Main mbH (VGF)
Datenschutzbeauftragter
Kurt-Schumacher-Strasse 8
60311 Frankfurt am Main
e-mail: datenschutz(at)vgf-ffm.de

 
3. Purposes and legal basis of data processing

We process personal data in accordance with the provisions of the European Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act (BDSG). Video surveillance in VGF's vehicles, stations and operating facilities is carried out in accordance with Art. 6 Para. 1 S.1 f GDPR to safeguard the legitimate interests of the person responsible and of third parties. Video surveillance is intended to protect customers, employees or other third parties, as well as to safeguard the exercise of domiciliary rights and to secure civil and criminal law claims.

 
4. Duration of data storage

The video recordings are usually stored for 72 hours.
In addition, statutory limitation periods must also be observed, for example, according to §§ 195 ff. of the German Civil Code, as a rule 3 years. In particular, data may be stored beyond the aforementioned standard period, taking into account the limitation periods of civil and criminal law claims.


5. Recipients or categories of recipients of the data (if data transfer takes place)

Within VGF, access to the data of the data subject is granted to those bodies which are responsible for video surveillance and the processing of its content. Processors and service providers commissioned by us may also receive data for these purposes.
We may only pass on information about the data subject if required by law, if consent has been obtained or if we are authorised or obliged to provide information. In this context, it is also possible to pass on this data to law enforcement authorities.


6. Information on the rights of the persons concerned

The person concerned has the right to obtain confirmation from the responsible entitiy as to whether personal data relating to him/her are being processed there; if this is the case, he/she has the right to be informed of this personal data and of the information specified in Article 15 of the DPA.
The person concerned has the right to demand that the controller correct any inaccurate personal data concerning him or her without delay and, if necessary, complete incomplete personal data (Art. 16 GDPR).
The person concerned has the right to request the responsible entitiy to delete personal data relating to him/her without delay if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data are no longer needed for the purposes pursued (right to deletion).
The person concerned has the right to request the responsible entitiy to restrict processing if one of the conditions listed in Art. 18 GDPR applies.
The person concerned has the right to object to the processing of personal data relating to him/her at any time for reasons arising from his/her particular situation. The responsible entitiy then no longer processes the personal data unless compelling reasons apply for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every person concerned has the right to lodge a complaint with a supervisory authority if the person concerned considers that the processing of personal data relating to him or her is in breach of the GDPR (Art. 77 GDPR). The person concerned may invoke this right before a supervisory authority in the member state in which he or she is resident, at his or her place of work or at the place where the alleged infringement is committed.
In Hesse, the competent supervisory authority is the Hessian Data Protection Commissioner (www.datenschutz.hessen.de).