NMS New Mobility Solutions Hamburg GmbH
c/o Hamburger Hochbahn AG
Steinstraße 20
20095 Hamburg

Hamburg district court HRB 151785
Partner: Hamburger Hochbahn AG
Management: Harry Evers, Malte Auer
Authorised officer: Tobias Brzoskowski

VAT ID: DE318886503

Telefon: +49 (0)40 88215 7037

Data protection information of NMS New Mobility Solutions Hamburg GmbH

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of the NMS New Mobility Solutions Hamburg GmbH. The use of the Internet pages of the NMS New Mobility Solutions Hamburg GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the applicable provisions of data protection law. By means of this data protection declaration, our enterprise would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the NMS New Mobility Solutions Hamburg GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

A. Who is responsible for data processing and whom can I contact?
The responsible body for data processing is:
NMS New Mobility Solutions Hamburg GmbH
c/o Hamburger Hochbahn AG
Steinstrasse 20
20095 Hamburg
Tel.: +4940882157037

B. What data do we process and for what purpose?

Below we describe for what purposes and how we process your data. We provide information here about:

  1. Use of our Internet offer
  2. Enquiry by e-mail, fax or telephone to NMS New Mobility Solutions Hamburg GmbH.

1. use of our internet offer

Since personal data is processed when you use our website (, we would like to inform you below about how your data is handled.

1.1 Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b of Regulation (EU) 2016/679 (General Data Protection Regulation; GDPR)) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 of the Telecommunications Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We use the following hoster:

Pixel X e.K.
Cow Street 26-27
38100 Brunswick

Job processing

We have concluded a contract on order processing (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of visitors to this website in accordance with our instructions and in compliance with the GDPR.

1.2 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator.

You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1.3 Cookies
1.3.1 General notes

Our internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the display of videos). Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies) or to optimise the website (e.g., cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. Insofar as consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

1.3.2 Consent with Cookiebot

Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058

Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

1.4 Collection of general data and information

The hoster of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser types and versions used, the operating system used by the accessing system,
  • the website from which an accessing system arrives at our website (so-called referrer),
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an internet protocol (IP) address,
  • the Internet service provider of the accessing system and

other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, the NMS New Mobility Solutions Hamburg GmbH does not draw any conclusions about the data subject. This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest to:

  • to deliver the contents of our website correctly,
  • optimise the content of our website and the advertising for it,
  • to ensure the permanent functionality of our information technology systems and the technology of our website, and
  • to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Therefore, the NMS New Mobility Solutions Hamburg GmbH analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Analysis with Google Analytics

This website uses Google Analytics. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, hereinafter referred to as “Google”.

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your usage behaviour is recorded in the form of “events”. Events can be:

  • Page impressions
  • First visit to the website
  • Start of the session
  • Your “click path”, interaction with the website
  • Scrolls (when users scroll to the end of the page (90%))
  • Clicks on external links
  • internal queries
  • Interaction with videos
  • File downloads
  • Ads seen / clicked
  • Language setting

Also recorded:

  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • Your internet provider
  • the referrer URL (via which website or advertising medium you came to this website)

Google uses this information on our behalf to evaluate your use of our website and to compile reports on website activity. The reports provided by Google are used to analyse the performance of our website.

Data transfer to third countries

It cannot be ruled out that US authorities will access the data stored by Google. Insofar as data is processed outside the European Union (EU) or the European Economic Area (EEA) and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU or the EEA. You may not have any legal remedies against access by authorities.

Storage period

The data sent by us and linked to cookies are automatically deleted after two months. The deletion of data whose retention period has been reached takes place automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR and Art. 49 para. 1 lit. a GDPR. This consent also includes the use of your data pursuant to Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by selecting the appropriate settings on your browser.

a. Do not give your consent to the setting of the cookie or

b. download and install the browser add-on to disable Google Analytics HERE.

2. request by e-mail, fax or telephone to NMS New Mobility Solutions Hamburg GmbH.

If you contact us by e-mail or telephone, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

  1. What data protection rights do I have?

Upon request, we will gladly inform you whether and which personal data we have stored about you (right to information). In addition, you can correct incorrect data (right to rectification) or have such data deleted whose storage is inadmissible or no longer necessary (right to deletion). Under certain circumstances, you can also request us to restrict the processing of your personal data (right to restriction of processing) as well as object to the processing of your data if this processing is based on

  • the legal basis of the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) or the performance of a task in the public interest (Art. 6 para. 1 lit. e GDPR) or
  • is based on consent (Art. 6 para. 1 lit. a GDPR) (right of revocation).
  • In particular, you can object at any time to the use of your personal data for the purposes of advertising and/or market and opinion research (right to object to advertising).

Furthermore, you can in principle demand that we provide you with the personal data concerning you in a structured, common and machine-readable format in order to transfer this data to another person responsible without hindrance from us (right to data portability).

The aforementioned rights are granted to you by Articles 15 – 21 of the GDPR. They are only presented here in a very abbreviated form.

If you have any questions about the exact scope of the rights in question and how to exercise them, you can contact the responsible body mentioned in point A. and/or the Hamburg Commissioner for Data Protection and Freedom of Information (see point D.).

D Wich supervisory authority can I complain to?

If you consider that the processing of personal data concerning you infringes data protection law, you may – without prejudice to any other administrative or judicial remedy – lodge a complaint with the competent supervisory authority. The competent supervisory authority is:

Der Hamburgische Beauftrage für Datenschutz und Informationsfreiheit (The Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str. 22
20459 Hamburg

Status: October 2023