GDPR policy for customers in the metro

When you use the metro, your personal information is registered for various reasons. In the following, you can see the specific purposes for processing your personal information, as well as the legislative grounds for the processing and how long data is kept etc. The processing mentioned in this section, is all handled by Metro Service on behalf of Metroselskabet, and questions must therefore be directed to Metro Service through Metro Customer Service.

When you receive an inspection fee, the issuing steward creates it on his or her handheld device. To create the inspection fee, your name, address, Social Security Number (CPR) and sometimes telephone number is registered. The steward will use your supplied details to find you in the central CPR register, to ensure that the inspection fee is issued to the right person. In connection with the issuance of the inspection fee, a photo will be taken of any travel documents and personal ID (driver’s license, sundhedskort (the yellow national health service medical card) or the like for use in case handling. The photos lend extra security in making sure that the correct information is registered when issuing the inspection fee, and it is helpful in cases where personal identity and CPR-numbers are misused by a third party.
Please note that payment reminders will be sent to e-Boks if you have a Danish CPR-number.

Purpose:
We process personal information to issue inspection fees for travel without a ticket or with an invalid ticket, and to manage cases about inspection fees.

Basis for processing:
Our legal basis for data processing is:
- the Railways Act § 14
- GDPR article 6.1.e
- the Data Protection Act § 11 section 1 (CPR-number)
- the Accounting Act §10.

Recipients:
We may share your personal data with:
- The Danish Debt Collection Agency if the inspection fee is not paid.
- the Police, if identity theft or misuse is suspected.
- The Appeal Board for Bus, Train, and Metro as well as Rejsekort and DOT, if you appeal the case.

Data retention:
If a case is ongoing, case handling is unfinished or the inspection fee is unpaid, data will not be deleted.
The CPR-number and photos of tickets and ID are deleted 3 years after the case has been closed, or no later than the statute of limitations, as there is a time limit of 3 years in which to bring a case before the Appeal Board. Data pertaining to payment is kept for 5 years + running year in accordance with the Accounting Act

If the Metro is delayed for more than 30 minutes, we cover your expenses for alternative transportation. To get reimbursement for your travel expenses, you must either fill in a form on DOT’s website or fill in a physical form and send it to us by mail, so we can handle the case and transfer the money to you. Required information on the form is your name, address, e-mail, travel information, bank account details and/or your CPR-number for transfer via NemKonto.

Purpose:
We process your personal data to enable the management of your travel guarantee case.

Basis for processing:
Our legal basis for data processing is:
- the Railways Act and Danish Transport Companies Act summarized in the Joint National Travel Regulations.
- GDPR article 6.1.e
- the Data Protection Act § 11 section 1 (CPR-number)
- the Accounting Act §10.

Recipients:
We may share your personal data with:
- The Appeal Board for Bus, Train, and Metro as well as Rejsekort and DOT, if you appeal the case.  

- Other public transport operators like DSB, Movia or Arriva, and Rejsekort and DOT.

Data retention:
If a case is ongoing data will not be deleted. The statute of limitations is 3 years, as there is a time limit of 3 years in which to bring a case before the Appeal Board. Data pertaining to reimbursement is kept for 5 years + running year in accordance with the Accounting.

Items found on the metro are brought to the Metro Service head office, where we attempt to identify and contact the owner. If this is not possible, the lost item is kept for 10 days before being handed over to the police. Depending on the type of item, it may contain personal data of various kinds. When we are contacted by customers looking for lost items, the customer’s name, address, e-mail, and telephone number is registered.

Purpose:
To make sure that lost items are either handed back to the owners or handed over the police.

Basis for processing:
Our legal basis for data processing is:
- GDPR article 6.1.e

Recipients:
We may share your personal data with:
- the police
- The Appeal Board for Bus, Train, and Metro as well as Rejsekort and DOT, if you make a complaint and subsequent appeal.

Data retention:
The statute of limitations is 3 years, as there is a time limit of 3 years in which to bring a case before the Appeal Board.   

If you have been in contact with Metro Customer Service, you will be asked to answer a survey either over the phone or in writing. When you call us, you are asked to decide whether you wish to contribute and if you accept, you will be called by the survey-service after your call with Customer Service has ended. If you have filled in a form on DOT’s website, you will receive an e-mail containing a link to a written survey. For the purpose of the survey your name, telephone number/e-mail will be registered along with your responses.

Purpose:
To examine the customer’s satisfaction with Customer Service and to serve as statistical basis for further improvement of the service level.

Basis for processing:
Our legal basis for data processing is:
- GDPR article 6.1.e

Recipients:
We may share your personal data with:
- No information is shared

Data retention:
All survey responses are anonymized after 6 months. Subsequent identification of the respondent is not possible.

By filling in the form on DOT’s website, it is possible to send general inquiries to Metro Customer Service. Name, address, e-mail, telephone number and content of the inquiry is recorded.

Purpose:
We treat your personal data to be able to manage your inquiry.

Basis for processing:
Our legal basis for data processing is:
- GDPR article 6.1.e

Recipients:
We may share your personal data with:
- The Appeal Board for Bus, Train, and Metro as well as Rejsekort and DOT, if you make a complaint and subsequent appeal.

- Other public transport operators like DSB, Movia or Arriva, and Rejsekort and DOT.

Data retention:
Simple inquiries are kept for 6 months. If the case evolves or changes subject, the statute of limitations is 3 years, as there is a time limit of 3 years in which to bring a case before the Appeal Board.

Inquiries regarding the right of access, the right to erasure, the right to rectification etc. must be directed at Metro Service. When you make an inquiry regarding the exertion of your rights, we handle your name, address, e-mail, possibly phone number as well as the content of the inquiry. In some cases, we may also handle further documentation to determine your identity, for instance copies of driver’s license, ’sundhedskort’ (the yellow national health service medical card) or the like.

Purpose:
We process your data in compliance with the GDPR articles 15 through 22.

Basis for processing:
Our legal basis for data processing is:
- GDPR article 6.1.e

- GDPR articles 15 through 22
- The Data Protection Act §11 section 1

Recipients:
We may share your personal data with:
- Other public transport operators like DSB, Movia or Arriva, and Rejsekort and DOT.

- The Danish Data Protection Agency

Data retention:
Case data is kept for 3 years after the latest dialogue, to enable us to document legal compliance and to defend ourselves against legal claims.  

When you travel on the metro, personal information is registered for different purposes. In the following, you will find descriptions of the specific purposes where personal data is processed, and on which legal basis, for how long it is kept etc. The processing purposes mentioned below are all processes in which Metro Service acts as independent data controller.

For railway safety and crime prevention purposes, there are video surveillance cameras mounted in trains and on stations. Recordings from these cameras are not viewed unless the police ask for specific footage or if it is necessary to support internal operations regarding railway safety or rulings on insurance cases.  

Purpose:
To live up to our obligations regarding railway safety and to prevent criminal activities.

Basis for processing:
We are subject to an array of legal demands to carry out safety measures in the metro and on the stations. Data is processed in accordance with GDPR article 6.1.c, as the processing of personal data is necessary to meet the demands of our safety obligations.

Recipients:
We may share your personal data with:
- The police
- Insurance companies
- Other authorities, for instance the Accident Investigation Board Denmark.

Data retention:
Video surveillance recordings are kept for 14 to 30 days, after which they are automatically deleted. In certain instances, and only in connection with specific cases, the footage may be kept for longer.

Specifics regarding the right of access:

According to GDPR chapter III, a registered person’s rights may be limited with reference to GDPR article 12.5 and article 23.1, litra c. and d. Therefore, you do not by default have the right of access to video surveillance recordings, as public safety considerations, crime prevention, police investigations, crime exposure and legal prosecution of punishable offences or criminal sanctions, including protection against and prevention of threats to public safety, take precedence over individual rights.

If you wish to go on a guided tour of the metro control and maintenance centers or if you wish to use the metro’s areas for commercial purposes, you must make a formal request.

Purpose:
To monitor who takes part in guided tours and commercial activities.

Basis for processing:                                                                                                        
Our legal basis for data processing is:
- GDPR article 6.1.b
- GDPR article 6.1.f

Recipients:
By default, personal data is not transferred to other parties.

Data retention:
Data about participants on guided tours and in commercial activities are kept for up to 3 years.

As in all public places, passengers in the metro may experience unfortunate accidents or violent assaults. This can result in insurance cases or matters that will be reported to the police or the Accident Investigation Board Denmark.

Purpose:
To aid authorities and insurance companies to clear up and document incidents in the metro or on the metro’s areas.

Basis for processing:                
Our legal basis for data processing is:
- GDPR article 6.1.a
- GDPR article 6.1.c
- GDPR article 6.1.f

Recipients:
We may share your personal data with:
- The police
- Insurance companies
- Other authorities, for instance the Accident Investigation Board Denmark.

Data retention:
Personal data involved in this type of case is deleted by default 6 months after the authority or insurance company approaches us unless we are ordered by them to retain data for longer.

Metro Service may also be considered data controller, even if data processing has no direct connection to use of the metro. An example of this is when you apply for a job with Metro Service.

If you would like to know more about this type of data processing, read our personal data policy here: https://www.metroservice.dk/en/gdpr/