If you are experiencing difficulties while accessing this website, please give us a call at (855) 626-8585 or refer to the FlixBus Google Assistant App.

§§ geoTextTitle §§

§§ geoLinkText §§

Privacy Policy

Foreword

We, FlixMobility GmbH, including our subsidiaries (hereinafter jointly referred to as “FlixBus”, “we” or “us”), would like to hereby inform you about data protection at FlixBus.

Data protection regulations for the protection of persons affected by data processing (we refer to you as a “data subject” hereinafter, as well as “customer”, “user” or “you”,) arise in particular from the EU General Data Protection Regulation (Regulation EU 2016/679, hereinafter referred to as “GDPR”). Insofar as we decide on the purposes and means of data processing either alone or jointly with others, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (see Art. 13 and Art. 14 GDPR).

The purpose of this policy (hereinafter “privacy policy”) is to inform you about the way in which we process your personal data.

Our privacy policy is modular in structure. It consists of a section containing general information about all processing of personal data and processing situations that come into effect each time our website is accessed (Clause 1 General Information) and a special section, the content of which only refers to the processing situation specified therein with the name of the respective offer or product, in particular when you visit our websites, which is described in more detail here (Clause 2 Special Information).

You can find further legal information here:

Regarding FlixBus:

General Terms of Business and Special Booking Conditions

General Conditions of Carriage

Regarding FlixTrain:

Fare provisions for FlixTrain GmbH

General Terms and Conditions of Carriage of FlixTrain GmbH

For job applicants:

Data protection information for job applicants

1. General Information

1.1 Definition of Terms

This privacy policy is based on the following definitions of terms, as outlined in Art. 4 GDPR:

  • personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4(1) GDPR). Identifiability can also be provided by linking such information or other additional knowledge. This does not depend on the occurrence, form or physical embodiment of the information (photos, video or audio recordings may also contain personal data).
  • processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (i.e., technology‑supported). This includes in particular the collection (i.e., the procurement), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as the change of definition of a target or purpose that was originally used as a basis for data processing (Art. 4(2) GDPR).
  • controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).
  • processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with its instructions (Art. 4(8) GDPR).
  • third party” means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the group (Art. 4(10) GDPR).
  • consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Art. 4(11) GDPR).

1.2 Name and Address of the Controller

The person responsible for the processing of your personal data (Art. 4(7) GDPR) is:

FlixMobility GmbH
Friedenheimer Brücke 16
80639 Munich
Telephone: +49 (0)30 300 137 300

Email: info@flixbus.co.uk

Further information about our company can be found in the Legal Notice.

1.3 Contact Details of the Data Protection Officer

Our company data protection officer is available to you at any time to answer all your questions and as a contact person on the subject of data protection.

Her contact details are:

FlixMobility GmbH
Dr. Theresia Gondro
Friedenheimer Brücke 16
80639 Munich

Email: data.protection@flixbus.com

For general questions about FlixBus, please contact info@flixbus.co.uk.

1.4 Legal Basis for Data Processing

The processing of personal data is permitted if at least one of the legal bases listed below is complied with:

  • Art. 6 para. 1(a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Art. 6 para. 1(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 para. 1© GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);
  • Art. 6 para. 1(d) GDPR: processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Art. 6 para. 1(e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Art. 6 para. 1(f) GDPR: processing is necessary to safeguard the legitimate interests pursued by the controller or by a third party, unless the opposing interests or rights of the data subject prevail (in particular where the data subject is a child).

For processing carried out by us, we specify the applicable legal basis under Clause 2. Processing can also be based on more than one legal basis.

1.5 Categories of Recipients

Under certain conditions, we transmit your personal data to our subsidiaries or personal data from our subsidiaries is transferred to us, to the extent permissible.

As with any major company, we also use external domestic and foreign service providers to handle our business transactions and work with partner companies at home and abroad. These include, for example:

  • carriers (you can find an overview of the current carriers here),
  • (IT) service providers,
  • financial institutions and payment service providers,
  • sales partners,
  • customer service providers (internal/external),
  • store operators,
  • security companies,
  • (travel) insurers,
  • other partners engaged for our business operations (e.g., auditors, banks, insurance companies, lawyers, supervisory authorities, other parties participating in company acquisitions).

The service providers and partner companies must provide guarantees that suitable technical and organizational measures are implemented by them in such a way that the processing meets legal requirements and the rights of the data subjects are safeguarded.

We transmit personal data to public entities and institutions (e.g., law enforcement, district or state attorneys’ offices, supervisory authorities) if there is a corresponding obligation/authorization.

For processing carried out by us, we specify the categories of the data recipients under Clause 2.

1.6 Requirements for the Transfer of Personal Data to Third Countries

As part of our business relationships, your personal data may be shared with or disclosed to third parties who may also be located outside the European Economic Area (EEA), i.e., in third countries.

Insofar as it is necessary, we will inform you in the relevant sections of Clause 2 about the respective details of the transfer to third countries in connection with the processing carried out by us.

The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be downloaded from: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed.

This is possible, for example, via binding company regulations (referred to as “binding corporate rules”), standard contractual clauses of the European Commission for the protection of personal data, certificates and recognized codes of conduct.

Insofar as it is necessary for your booking and the associated provision and processing of transport services, the transmission of personal data required for this to third countries is permitted in accordance with Art. 49 para. 1(b) GDPR.

Please contact our data protection officer if you would like more detailed information on this topic.

1.7 Storage Duration and Data Erasure

The storage period of the personal data collected depends on the purpose for which we process the data. The data will be stored for as long as this is necessary to achieve the intended purpose.

In the case of processing carried out by us, we specify how long we will store the data in Clause 2. If no explicit storage period is specified below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies.

However, storage may be extended beyond the specified time in the event of a(n) (imminent) legal dispute with you or if other legal proceedings are initiated or if storage is stipulated by statutory provisions to which we as the controller are subject. If the storage period prescribed by statutory provisions expires, the personal data will be blocked or erased unless further storage by us is required by law.

1.8 Automated Decision-Making (Including Profiling)

We do not intend to use any personal data collected from you for any processes involving automated decision-making (including profiling). If we wish to implement these procedures, we will inform you of this separately in accordance with statutory provisions.

1.9 No Obligation to Provide Personal Data

We do not fundamentally make the conclusion of contracts with us dependent on your providing us with personal data beforehand. In principle, there is also no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or may not be able to provide them at all if you do not provide the data required for this.

1.10 Statutory Obligation to Transmit Certain Data

Under certain circumstances, we may be subject to a special statutory or legal obligation to provide personal data to third parties, in particular to public entities.

1.11 Data Security

We use suitable technical and organizational measures to collect your data, taking into consideration the latest technology, the implementation costs, and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including the probability and effect of such an event), in order to protect the data subject against accidental or intentional manipulation, partial or complete loss or destruction or against unauthorized access by third parties (e.g., we use TLS encryption for our websites). Our security measures are continuously being improved to take into account technological developments.

We will be happy to provide you with further information about this upon request. Please contact our data protection officer or our CISO (chief information security officer) in this regard.

His contact details are:

FlixMobility GmbH
Tobias Hadem
Friedenheimer Brücke 16
80639 Munich

Email: it-security@flixbus.com

1.12 Your Rights

You may assert your rights as a data subject regarding your personal data at any time, in particular by contacting us using the contact details provided in Clause 1.2. Data subjects have the following rights under the GDPR:

Right to Information
You can request information in accordance with Art. 15 GDPR about your personal data processed by us. In your request for information, you should clarify your concern to make it easier for us to compile the necessary data. Upon request, we will provide you with a copy of the data that are the subject of the processing. Please note that your right to information may be limited under certain circumstances in accordance with statutory provisions.

Right to Rectification
If the information relating to you is not or is no longer correct, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request completion.

Right to Erasure
You may request the erasure of your personal data in accordance with the provisions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data relating to you are still required by us to perform our statutory duties.

Right to Restriction of Processing
In accordance with the provisions of Art. 18 GDPR, you have the right to request restriction of the processing of the data relating to you.

Right to Data Portability
In accordance with the provisions of Art. 20 GDPR, you have the right to receive the data that you have provided to us in a structured, commonly-used and machine-readable format or to request its transmission to another controller.

Right to Object
In accordance with Art. 21 para. 1 GDPR, you have the right to object to the processing of your data at any time for reasons relating to your particular situation. You can object to receiving advertising at any time with effect for the future, in accordance with Art. 21 para. 2 GDPR (objection to advertising in the case of direct marketing).

Right to Appeal
If you are of the opinion that we have not complied with the provisions of the data protection regulations when processing your data, you may file a complaint with a data protection supervisory authority about the processing of your personal data, such as the data protection supervisory authority to whom we are responsible:

Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach

Right to Withdraw Consent
You can withdraw your consent to the processing of your data at any time with future effect. This also applies to declarations of consent that were issued before the GDPR came into force, i.e., before 05/25/2018.

2. Special Information

2.1 Visiting our Websites

Information about FlixBus and the services we offer can be found in particular at https://www.flixbus.com / https://www.flixtrain.com/ including the associated subpages (hereinafter referred to jointly as the “website” or “websites”). When you visit our websites, your personal data is processed.

2.1.1 Provision of Websites

When the websites are used for information purposes, we collect, store and process the following categories of personal data:

Log data: when you visit our websites, a log data record (referred to as “server log files”) is saved on our web server. This consists of:

  • the page from which the page was requested (referred to as referrer URL),
  • the name and URL of the requested page,
  • the date and time of the access request (in the server’s time zone),
  • the version of the web browser used,
  • the IP address of the requesting computer,
  • the amount of data transferred,
  • the operating system,
  • the message indicating whether the call was successful (access status/Http status code),
  • the GMT time zone difference.

We use IT service providers for hosting our websites and for statistical evaluations of the log data.

The processing of the log data serves statistical purposes and improves the quality of our websites, in particular the stability and security of the connection.

The legal basis is Art. 6 para. 1(f) GDPR. Our legitimate interest is to be able to make the websites duly available to you.

2.1.2 Contact Forms

When using contact forms, the data thus transmitted are processed (e.g., title, last name and first name, address, company, email address and time of transmission, reason for the inquiry).

The processing of contact form data takes place in order to process inquiries, and, depending on the basis and the reason for your inquiry, either on the legal basis of Art. 6 para. 1(b) GDPR, if it concerns a contract-related inquiry or in other cases on the legal basis of Art. 6 para. 1(f) GDPR; our legitimate interest is to process contact inquiries.

We use customer service providers for job processing to answer inquiries made via our contact forms.

In addition, we store the contact form data as well as the respective IP address in order to comply with our obligations to provide evidence, to ensure compliance with and documentation of legal obligations, in order to be able to clarify any possible misuse of your personal data and to ensure the security of our systems.

The legal basis is Art. 6 para. 1© or (f) GDPR.

2.1.3 Booking, Provision and Processing of Transport Services

When booking tickets for transport services, we collect, store and process the following categories of personal data:

  • email address,
  • last name and first name,
  • connection data,
  • payment data,
  • date of birth (for transport services where children have a special price),
  • consent to the respective terms and conditions,
  • advance seat reservation information,
  • baggage details,
  • language of the booking domain,
  • booking channel (web or app).

You also have the option of providing a contact telephone number in case of delays or changes in the itinerary of your trip (optional).

These data are processed for the booking, provision and processing of transport services, including customer service, as well as for the fulfillment of legal obligations.

The legal basis is Art. 6 para. 1(b), © GDPR.

We also use some of these data for product recommendations, see Clause 2.1.4, for the newsletter, see Clause 2.1.5, and for the customer account, see Clause 2.1.6.

When booking tickets for international transport services, the following categories of personal data are also collected depending on the place of departure and arrival:

These data are processed for the booking, provision and processing of transport services, including customer service, as well as for the fulfillment of legal obligations.

We pass on the above-mentioned data to the respective carrier or carriers, as well as to public entities if there is a corresponding obligation/authorization.

The legal basis is Art. 6 para. 1(b) or © GDPR.

The necessary payment data will be transmitted to a payment service provider for the secure processing of the payments initiated by you.

Our payment service providers are:

Payment service providers Payment options

Adyen N.V.
Simon Carmiggeltstraat 6-50, 1011 DJ, Netherlands
Privacy policy:
https://www.adyen.com/policies-and-disclaimer/privacy-policy.


Credit Card
Swish
Google Pay
Apple Pay
iDeal
Dotpay
Sofort/Klarna
PayU Bilgi Teknolojileri A.S.
Otakcilar Cad. No: 78, Flat Ofis D-Blok 34050, Eyup - ISTANBUL
Privacy policy:
https://payu.in/privacy-policy
Credit Card
Paymill Plus GmbH
St.-Martin-Straße 63, 81669 Múnich
Privacy policy:
https://www.paymill.com/en/privacy-policy/
Postfinance
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal 2449 Luxembourg
Privacy policy:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
PayPal

The legal basis is Art. 6 para. 1(b) or (f) GDPR.

For certain bookings, we also use the technologies and services of Distribusion Technologies GmbH as processors (Wattstrasse 10, 13355 Berlin, telephone: +49-30-3465507-50, email: dataprotection@distribusion.com).

2.1.4 Product Recommendation

To the extent permitted, we may use the email address received in connection with the booking or transport service to send you regular offers by email for products from our range similar to those already purchased.

We use external customer service providers as processors to send product recommendations.

You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or have consented to marketing communication by email. We wish to provide you in this way with information about products from our range that you might be interested in, based on your recent purchases with us.

The legal basis is Art. 6 para. 1(f) GDPR; our legitimate interest is to inform you about our product range and to suggest certain products to you.

You can object to the use of your email address for this purpose at any time by using the unsubscribe link in the product recommendation or by sending a message to unsubscribe@flixbus.com.

2.1.5 Newsletter

If you also register for the newsletter via our registration link, we ask you to consent to the processing of your data (email address, first and last names, place of residence) in order to send you our newsletter by email on a regular basis.

As part of your subscription to the newsletter, we also obtain your consent that we may personalize the content of our newsletter according to your needs and interests.

To register for our newsletter, we use the “double opt-in” procedure. This means that after you have registered, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically erased after one month.

The newsletter may concern all goods, services, products, offers and promotions provided by the controller (Clause 1.2) and/or by companies affiliated with the controller or by partner companies.

The legal basis is Art. 6 para. 1(a) GDPR.

In addition, we store the IP addresses you use and the registration and confirmation times. The purpose of the procedure is to prove that you are registered and, if necessary, to be able to clarify any possible misuse of your personal data. If we process your personal data for this purpose, this is done on the basis of our legitimate interests in ensuring compliance with and documentation of legal requirements.

The legal basis is Art. 6 para. 1(f) GDPR; our legitimate interest is to be able to prove consent.

You can revoke the use of your email address at any time by using the unsubscribe link in the newsletter or by sending a message to unsubscribe@flixbus.com. The legality of the data processing operations already carried out remains unaffected by the revocation.

We use external IT service providers who act as processors to distribute the newsletter.

2.1.6 Customer Account

You have the option of creating a personal customer account with us. In the password-protected area of the customer account, you can manage your bookings conveniently and have your data stored for future journeys.

To create a customer account, the following mandatory information is collected:

  • email address,
  • first and last names,
  • password (self-selected).

We use this data to manage your customer account and to create invoices.

In addition, you can also enter a mobile phone number in your customer account so that we can contact you in the event of a delay or a change in the itinerary of your trip (optional).

You may also choose to store the following additional data in your customer account (optional):

  • title,
  • date of birth,
  • address (zip code, city and country),
  • payment methods.

These data are used to manage your customer account and to issue invoices, and can also be used to send personalized product recommendations (Clause 2.1.4) and – if you have registered for this purpose – to send newsletters (Clause 2.1.5).

The legal basis is Art. 6 para. 1(a), (b) or (f) GDPR.

If you have given your consent, “persistent” cookies are stored on your device with the “remain logged in” function; their purpose is to ensure that you do not have to log in again during subsequent visits to our website. This function is not available to you if you have deactivated the storage of such cookies in your browser settings.

The legal basis is Art. 6 para. 1(f) GDPR.

You can update or delete the customer account – and thus also your stored personal data – at any time in your personal customer account.

2.1.7 Use of Cookies, Plugins and Other Services

Cookies

When you visit our website, information is stored in the form of a cookie (small text files) on your device. Information about your use of the website is stored there (identification ID, visit date, etc.). We use cookies to make it easier for you to use our online services through various service functions (such as the recognition of previous visits) and can thus better adapt our internet offers to meet your needs.

You can prevent the storage of cookies and delete existing cookies by choosing the appropriate settings in your browser. The “help” function on most browsers explains how you can choose these settings. However, if you do not accept cookies, this may affect the service functions of our internet offers. We therefore recommend that you leave the cookie function turned on.

In addition, we use cookies from third-party providers for retargeting and remarketing technologies to optimize our internet offers and for interest-based marketing purposes. The stored surfing behavior is analyzed using an algorithm so that targeted interest-related product recommendations can then be displayed in the form of advertising banners or advertisements on third-party websites. The pseudonymized usage profiles are not merged with personal data about the persons to whom these pseudonyms have been assigned without the express and separate consent of the person concerned.

Comprehensive information on how to accomplish this on a variety of browsers can be found on the following websites: youronlinechoices, Network Advertising Initiative and/or Digital Advertising Alliance. You will also find information there about how you can delete cookies from your computer, as well as general information about cookies. We use different types of cookies:

Transient cookies, which are also referred to as temporary or “session” cookies, are cookies that are deleted after you leave our online service and close the browser. In such cookies, for example, language settings or the content of the order are stored.

“Persistent” or permanent cookies remain stored even after the browser is closed. For example, the login status or entered search terms are saved. We use such cookies, among other things, for range measurement or marketing purposes. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. However, you can delete these cookies at any time in the security settings of your browser.

In addition to “first-party” cookies, which we set as controllers for data processing, “third-party” cookies are also used, which are offered by other providers. We will inform you below about the use of “third-party” cookies and about our collaboration with external service providers who provide services for us such as web tracking or range measurement. We will also inform you below about the option of objecting to individual cookies.

The legal basis for the use of technically-necessary cookies is Art. 6 para. 1(f) GDPR; our legitimate interest is to make our websites available to you with specific functionalities, to improve them and to ensure the security and integrity of our websites.

The legal basis for the use of functional and marketing cookies is Art. 6 para. 1(a) GDPR.

Third-Party Services Used

Technically-necessary cookies

Adtriba

Data are collected and stored on this website using technologies from Adtriba GmbH – Beim Schlump 13a, 20144 Hamburg (https://www.adtriba.com/) and these data are used to create pseudonymized usage profiles. These usage profiles are used to analyze visitor behavior and are evaluated to improve and adapt the design of our website as required. Cookies may be used for this purpose. Cookies are small text files stored on the device used by visitors to the site so as to allow them to be recognized the next time they visit our website. The pseudonymized usage profiles are not merged with personal data about persons to whom these pseudonyms have been assigned without the express and separate consent of the person concerned.

You can find more detailed information from the provider in the company’s privacy policy https://privacy.adtriba.com/.

Tapad cross-app and cross-device reporting

This website collects and uses cross-app and cross-device information for reporting purposes. The website does not collect any personal data that can be traced back to an individual, not even for apps and devices. The website uses specific technologies to track users across apps and devices, including cookie and ID synchronization.

You can find more detailed information from the provider in the company’s privacy policy: https://www.tapad.com/privacy.html.

Snowplow

This website/app uses Snowplow Opensource, an analysis technology from Snowplow Analytics Limited (The Rome Building, 32-38 Scrutton Street, London, EC2A 4RQ, United Kingdom).

With the help of this analysis technology, we collect statistical data about the use of our website. Information that your browser transmits is collected and evaluated in the context of the use of this website. This is done by cookie technology and pixels, which are incorporated into each web page. The data collected in this way are used to create usage profiles that form the basis for web statistics. You can prevent cookies being stored on your computer by setting your browser software accordingly. However, please be aware that you might not be able to use all functions of this website to their full extent in this case.

You can find more detailed information from the provider in the company’s privacy policy: https://snowplowanalytics.com/privacy-policy/.

TradeTracker

We use TradeTracker components. TradeTracker is an affiliate network that offers affiliate marketing. Affiliate marketing is an internet-based form of distribution that is used by commercial website operators, referred to as merchants or advertisers, to display advertisements that are usually remunerated via click or sale commissions on third-party websites, i.e., with sales partners who are also known as affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e., an advertising banner or other suitable means of internet advertising, which is subsequently integrated by an affiliate onto its own websites or advertised via other channels, such as keyword advertising or email marketing.

TradeTracker’s operating company is TradeTracker Deutschland GmbH, Eiffestraße 426, 20537 Hamburg, Germany.

TradeTracker places a cookie on the information technology system of the data subject. The use of cookies has already been explained above. TradeTracker’s tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e., the partner brokering the potential customer is saved, along with the reference number of the visitor to a website and the advertising material that is clicked on. The purpose of storing this data is the processing of commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e., TradeTracker.

The data subject may at any time prevent our website from placing cookies, as already explained above, by means of a corresponding setting in the internet browser used, thus permanently objecting to the setting of cookies. Such a setting in the internet browser used would also prevent TradeTracker from placing a cookie on the information technology system of the data subject. In addition, cookies already set by TradeTracker can be deleted at any time via an internet browser or other software programs.

The applicable TradeTracker privacy policy can be found at https://tradetracker.com/de/privacy-policy/.

Webtrekk

We use the technologies of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin for statistical website evaluations. We use the Webtrekk service to collect statistical data about the use of our internet offer. Webtrekk GmbH was certified by TÜV in the area of web controlling. In particular, the collection and processing of tracking data was reviewed and certified for data protection compliance and data security. Information that your browser transmits is collected and evaluated in the context of the use of this website. This is done by cookie technology and pixels, which are incorporated into each web page. The direct link to a particular individual is excluded at all times. The data collected in this way are used to create anonymous usage profiles that form the basis for web statistics. The data collected with the Webtrekk technologies are not used to personally identify the visitor to these websites unless specific consent has been granted by the person concerned, and this data will not be merged at any time with personal data relating to the bearer of the pseudonym.

You may object at any time to the collection and storage of data by Webtrekk, with effect for the future. For more information on the above topic and privacy at Webtrekk in general, please use the following link: https://www.webtrekk.com/opt-out-webtrekk/.

Google Analytics

In order to optimize our website, to make product recommendations and for marketing purposes, we use the technology of Google Limited (“Google”) (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) to create pseudonymized user profiles of the surfing behavior of visitors to our website. For this purpose, cookies can be used that enable recognition of an internet browser on their next visit to our website. The stored surfing behavior is analyzed using an algorithm so that targeted interest-related product recommendations can later be displayed in the form of advertising banners or advertisements on third-party websites. The pseudonymized usage profiles are not merged with personal data about the persons to whom these pseudonyms have been assigned without the express and separate consent of the person concerned.

You can object to the creation of pseudonymized usage profiles for interest-related advertising/ads preferences at any time by accessing the page https://adssettings.google.de/authenticated.

You can find further information on interest-related advertising at https://policies.google.com/technologies/ads.

Functional cookies

AWIN AG

This website uses the services of AWIN AG (Eichhornstr. 3, 10785 Berlin, GERMANY). In order to register business transactions (sales and/or leads), AWIN AG places a cookie on the visitor’s device. The purpose of these cookies is to allocate successful advertising to a specific business transaction and to provide corresponding billing services. Personally-assignable information about the user is neither collected, nor processed, nor used for tracking. In tracking cookies, the only information stored relates to when and on which device an advertisement was clicked on. Only an individual sequence of digits that cannot be assigned to a specific user is stored, and which contains information about the advertiser’s partner program, the publisher and the specific time of the user’s action (click or view). Further information on data processing at AWIN AG can be found at https://www.awin.com/gb/privacy.

AWIN Inc.

This website uses the services of AWIN Inc. (8 Market Place, Suite 500, Baltimore, MD 21202, USA). In order to register business transactions (sales and/or leads), AWIN Inc. places a cookie on the visitor’s device. The purpose of these cookies is to allocate successful advertising to a specific business transaction and to provide corresponding billing services. Personally-assignable information about the user is neither collected, nor processed, nor used for tracking. In tracking cookies, the only information stored relates to when and on which device an advertisement was clicked on. Only an individual sequence of digits that cannot be assigned to a specific user is stored, and which contains information about the advertiser’s partner program, the publisher and the specific time of the user’s action (click or view). Further information about data processing at AWIN Inc. can be found at https://www.awin.com/gb/legal/privacy-policy.

Hotjar

To improve the user experience on our websites, we use the software from Hotjar http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). We use the software to measure and evaluate user behavior (mouse movements, clicks, keyboard entries, scroll height, etc.) on our websites. For this purpose, cookies are placed on users’ end devices and user data such as browser information, operating system, length of stay on the page, etc., are saved. You can find more information about data processing by Hotjar at https://www.hotjar.com/privacy/. You can object to the use of Hotjar’s services at https://www.hotjar.com/privacy/do-not-track/.

Google Optimize

Our website uses the web analysis and optimization service “Google Optimize”, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google Optimize”). We use the Google Optimize service to increase the attractiveness, content and functionality of our website by showing new functions and content to a percentage of our users and statistically evaluating the change in use. Google Optimize is a subservice of Google Analytics (see the “Google Analytics” section). Google Optimize uses cookies that enable you to optimize and analyze the use of our website. The information generated by these cookies about your use of our website is generally transmitted to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization so that prior to transmission, your IP address is shortened by Google within member states of the European Union or in other contracting states of the European Economic Area Agreement. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. Google will use this information to evaluate your use of our website, to compile reports on the optimization test and the associated website activities, and to provide us with further services related to website use and internet use. You can prevent the storage of cookies by adjusting the settings of your internet browser accordingly. In addition, you can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) by Google, and the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more detailed information about the collection and processing of data by Google in the Google privacy policy, which you can access at https://policies.google.com/privacy.

Marketing cookies

Impact Radius

Impact Tech, Inc. (US) (formerly known as “Impact Radius, Inc.”) and its partner companies use cookies to track the performance of FlixBus marketing campaigns. The lifetime of the cookies is limited to 30 minutes of the user’s activity and can be extended to a maximum of 30 days by any further activity on the website.

Impact Radius can process the personal data of visitors to the FlixBus websites (or FlixBus application downloads) when acting on behalf of FlixMobility GmbH. Such personal data may consist of internet protocol addresses (“IP”) and/or email addresses that we send to Impact Radius.

You can find more detailed information about the provider in the company’s privacy policy: https://impact.com/privacy-policy/.

Facebook ads

This website uses the retargeting pixel for custom audiences tool of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. With the help of the remarketing pixel, Facebook is able to use visitors to our website as a target group for the marketing ads of Facebook ads. For this purpose, a Facebook cookie is stored on your PC.

For more information about the scope and purpose of data collection and the further processing and use of data by Facebook, as well as your settings options for protecting your privacy, please refer to Facebook’s privacy policy at https://facebook.com/policy.php and https://www.facebook.com/ads/settings.

You can object to the use of custom audiences at www.youronlinechoices.com/de/praferenzmanagement or for users with a Facebook account here.

Sojern

The SOJERN cookie collects information about your travel activities and preferences for online travel partner websites and places personalized, relevant advertising for you when you surf other websites and social media platforms, as well as through SOJERN analysis services. The storage of conversion data can be activated, which is used to trace data, create reports and enhance the performance of SOJERN campaigns.

Find out more about SOJERN and the deactivation option at: https://www.sojern.com/privacy/.

Google ads

In order to optimize our website, to make product recommendations and for marketing purposes, we use the technology of Google Limited (“Google”) (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) to create pseudonymized user profiles of the surfing behavior of visitors to our website. For this purpose, cookies can be used that enable recognition of an internet browser on their next visit to our website. The stored surfing behavior is analyzed using an algorithm so that targeted interest-related product recommendations can later be displayed in the form of advertising banners or advertisements on third-party websites. The pseudonymized usage profiles are not merged with personal data about the persons to whom these pseudonyms have been assigned without the express and separate consent of the person concerned. You can object to the creation of pseudonymized usage profiles for interest-related advertising/ads preferences at any time by accessing the page https://adssettings.google.de/authenticated. You can find further information on interest-related advertising at https://policies.google.com/technologies/ads.

Taboola ads

We use a pixel from the provider Taboola Inc., 28 West 23rd St. 5th fl., New York, NY 10010 (USA) (“Taboola”) on our website. Taboola can use this pixel to gather information about users’ surfing behavior (e.g., search history) in order to display specific content relating to your interests and our offers on third-party websites.

Taboola also uses this information to optimize advertising activities for our offers. For these purposes, Taboola collects in particular the IP address, access device information (mobile advertising ID, Google ad ID, IDFA) and browser information.

Further information on the scope (in particular the storage period) and purpose of the data collection and the further processing and use of the data by Taboola, as well as on your settings and objection options for protecting your privacy, is available in Taboola’s data protection information, which can be found here: https://www.taboola.com/policies/privacy-policy.

Outbrain ads

We use pixels from the provider Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011 (USA) (“Outbrain”) on our website. Outbrain can use this pixel to collect information about users’ surfing behavior (e.g., search history) in order to display specific content relating to your interests and our offers on third-party websites.

In addition, Outbrain also uses this information to optimize advertising activities for our offers. For these purposes, Outbrain collects in particular the IP address, access device information (mobile advertising ID, Google ad ID, IDFA) and browser information.

Further information on the scope (in particular the storage period) and purpose of the data collection and the further processing and use of the data by Outbrain, as well as on your settings and objection options for protecting your privacy, is available in Outbrain’s data protection information, which can be found here: https://www.outbrain.com/legal/privacy#privacy-policy.

Bing ads

We use technologies from Bing ads (bingads.microsoft.com) on our websites. These are provided and operated by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft places a cookie on your device if you have accessed our website via a Microsoft Bing ad display. In this way, we and Microsoft can determine that someone has clicked on an advertisement, has then been directed to our site and has reached a previously-specified target page (“conversion site”). In this process, we only learn the total number of users who clicked on a Bing ad and were then forwarded to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are evaluated for the analysis of visitor behavior and are used to generate and deliver advertising content. No personal information about the identity of the user is processed.

If you do not wish information about your surfing behavior to be used by Microsoft as described above, you can refuse to allow a cookie to be set for this purpose – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by stating your objection at the following link https://choice.microsoft.com/de-DE/opt-out.

For more information on privacy and the cookies used by Microsoft and Bing ads, please visit the Microsoft website https://privacy.microsoft.com/en-gb/privacystatement.

2.2 Customer Service

When you contact our customer service, we collect the personal data that you provide to us on your own initiative. For example, you can send this to us by email, telephone or letter. Your personal data will only be used in order to contact you or for the purpose for which you have provided us with this data, e.g., for processing your inquiries, technical administration or customer administration.

This data (including information on means of communication such as email address, telephone number) is provided on a voluntary basis. We use the data to process your concern, to fulfill legal obligations if necessary, and for administrative purposes.

The legal basis is Art. 6 para. 1(b), © or (f) GDPR.

In the case of a telephone inquiry, your data is also processed by telephone applications and in part also via a voice dialogue system in order to support us in the distribution and processing of inquiries.

For our customer service, we use external customer service providers as processors.

2.3 Presence on Social Media Channels

We have a presence on social media (currently: Facebook, Instagram, LinkedIn and Twitter). To the extent that we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.

In addition to us, the following are responsible for the company’s presence within the meaning of the GDPR and other data protection regulations:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)

LinkedIn (LinkedIn Ireland Unlimited Company, Gardner House Wilton Place, Dublin 2, Ireland)

We would like to point out that your data may be processed outside the European Union.

The legal basis for the processing of your personal data by us is Art. 6 para. 1(f) GDPR. Our legitimate interest is effective information and communication.

Further information about data protection laws in relation to our corporate presence on social media channels can be found here:

Facebook: https://www.facebook.com/notes/flixbus/facebook-fanpage-datenschutzrichtlinie/2107777085936747/

Instagram: https://www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy