General Information

The controller responsible for data processing of the ticketXchange app is:

KAPRION Technologies GmbH
Gostritzer Straße 61
01217 Dresden

Legal representative: Dipl.-Inf. André Röder
Phone: +49 351 8547 8390
E-mail: info (at) kaprion.de

Purposes of Data Processing

1. Issuance and revocation of travel authorizations

The ticketXchange app has been developed to enable the issuance and revocation of travel authorizations on smartcards. This service is provided by us free of charge for cardholders.

In order to be able to provide our service, it is necessary to process data that can be associated with your person. Primarily, we process the identification number of your smartcard in order to control the issuance and revocation of travel authorizations at the respective connected transport company.

The processing of your personal data is carried out for the purpose of providing our customers with the requested service. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR.

In order to control the issuance and revocation of authorizations, the identification number is transmitted to the respective transport company. Furthermore, processors may be involved in the processing of personal data. Corresponding agreements in accordance with Art. 28 GDPR have been concluded with them.

The duration of data processing is limited to the period of use of the app. Data is only processed temporarily and is not stored permanently.

2. Processing of log data

The ticketXchange app processes log files to record errors and transmit them to us. These log files contain, among other things, data such as your IP address, device type, device name, operating system version, configuration of the ticketXchange app, chip card number, the issuer of the chip card, as well as date and time.

Additionally, for error analysis we collect the number of orders for a chip card and the status indicating whether the issuance/revocation of authorizations could be carried out successfully.

We process the data in our own legitimate interest in order to identify problems in the use of our app, to resolve them, and to be able to provide our users with a technically error-free app. Furthermore, anonymized statistical information is used for advertising purposes on our website to show which transport companies use ticketXchange and with what intensity.

Error logs are evaluated promptly and automatically deleted after a period of 60 days. On the basis of the error logs, we also maintain a compatibility database to record with which end devices our app works and with which end devices there are problems. The database is anonymized and no longer contains any identifying characteristics.

3. Use of cookies

Our app does not use cookies.

Your rights as a data subject

1. Access

You have the right to request information about whether and which personal data concerning you is processed by us. This information is generally provided to you free of charge. Before providing access, it is necessary to verify your identity.

2. Rectification

You have the right to have inaccurate personal data concerning you corrected. This also includes the completion of incomplete data concerning your person.

3. Erasure

Under certain conditions, you have the right to request the immediate erasure of personal data concerning you.

4. Restriction

Under certain circumstances, you have the right to request restriction of the processing of your data, in particular if you contest the accuracy of the data, if the processing of the data is unlawful, if the data is no longer required for processing, or if an objection to data processing has been lodged.

5. Objection

You have the right to object at any time to the processing of personal data concerning you.

6. Data portability

You generally have the right to receive personal data concerning you in a structured, commonly used and machine-readable format.

7. Right to lodge a complaint

For complaints arising from the processing of personal data within the scope of the stated purpose, you may contact the competent data protection supervisory authority at any time.

Last updated: 01.06.2024