Data Protection & Privacy Policy


Via its “citis2go” brand, Travelcoup AG, Goldbacher Strasse 1, DE-63739 Aschaffenburg, Germany (hereinafter referred to as “citis2go”) fully owns and operates at and as mobile apps for iOS and Android an Internet-based travel booking platform (hereinafter: “Platform”), which offers to interested visitors and users (hereinafter: “Customer(s)”) certain transportation, tours, activities, leisure, shopping, entertainment experiences and other travel-related ground services (hereinafter: “Product(s)”) for purchase. Such offering is made by citis2go in its own name and on its own account. However, citis2go does not provide or deliver any of the Product itself, but offers these either individually or bundled in a prepaid package (hereinafter: “Citypass(es)”). The actual individual Product is provided or delivered by a third party, (hereinafter: “Supplier(s)”) with the Suppliers being solely liable for the provision or delivery of the Products. The Products shall be provided or delivered exclusively on the basis of the general terms of use and / or the general terms and conditions of the Supplier providing or delivering the Product. citis2go itself has no obligation to provide or deliver the Products booked. citis2go’s sole obligation is to ensure that any citis2go issued ticket for a Product or Citypass gives the Customer the right to conclude a contract with the Supplier on the terms and conditions stipulated when the booking is made, without the Customer having to pay for the Product again.

This Privacy Policy applies to all Customers that make use of the citis2go Platform in order to book Products on the Internet at and their associated domains and subdomains, and to mobile apps for iOS and Android (Platform) or that make use of the citis2go customer support. Within the scope of this Privacy Policy, citis2go is the responsible party within the meaning of the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). Based on this Privacy Policy, citis2go informs Customers about what types of data is collected, stored, and processed and what measures are being taken to ensure that personal information is protected at all times when Customers use the citis2go Platform and the citis2go customer support.

In addition to the citis2go Privacy Policy, privacy policies of Suppliers and third-party resellers and distribution & service platforms may apply.

General information regarding data security

citis2go has taken technical and organizational measures to ensure compliance with statutory data protection provisions including measures against unauthorized data access by unauthorized third parties. However, storage and transmission of data, particularly using email is subject to confidentiality and security risk and depends to a greater extent on the technology used by Customers, Suppliers and technology partners of citis2go. As such technology used is beyond full control of citis2go, it cannot guarantee 100% protection of data stored and / or transmitted.

Collection and Use of Personal Information

Personal information

Personal information according to §3 (1) of the German Data Protection Act (BDSG) refers to any information concerning the personal or material circumstances of an identified or identifiable natural person such as may be used to learn the identity of that person.

Customers using the citis2go Platform or contacting the citis2go customer support may be required to provide personal information. The personal information collected about Customers enables citis2go (Platform and customer support) to process Customer requests, personalize the booking experience and to further improve both. CITIS2O does not sell such personal information and saves such personal information as needed primarily for the purpose of processing Customer’s booking(s) and providing support during or after a booking has been made. citis2go will not forward personal information to 3rd parties without Customer’s explicit consent unless such forwarding of personal information is:

  • Permitted by applicable law e.g. the German Federal Data Protection Act and at the same time required to deliver booked Products to the Customer, i.e. to enable a Supplier to provide or deliver a booked Product to the Customer with the disclosure of personal information being limited to the extent required to book and process the requested Product(s) or service(s).; or
  • Required by applicable law (e.g. the German Telecommunications Act); or
  • Ordered by a court of competent jurisdiction, e.g. in context of a criminal investigation.

Depending on whether the Customer wishes to obtain general information, book Products or make use of the Customer Support, the Customer may be required to provide one or more of the following personal information items:

  • Name (first and family name)
  • Postal address
  • Citizenship
  • Date of birth / age
  • Gender
  • User name
  • Password
  • Email
  • Telephone number
  • Booking details
  • Payment detail
  • IP address and timestamp
  • Technological information (e.g. operating System, browser, hardware details)

When using the citis2go mobile apps, the functions of the app(s) allow the following personal information to be collected:

  • Device brand and mode and its IMEI number
  • Unique IMSI number
  • Mobile phone number (MSISDN)
  • MAC address
  • Name and email address of the smartphone owner

Personal information may be stored on servers in Germany and also cloud-based outside Germany, and also outside the European Union and the European Economic Area. Such servers are specially protected against unauthorized access. All employees and/or other persons working for citis2go granted access to personal information will be separately bound to data confidentiality.

Personal information is usually deleted as space requires or in the normal course of business, but can be reviewed, amended or deleted upon Customer’s request at any time. To review, amend, or delete personal information to the extent that there is no legal obligation to retain personal information, or revoke consent to citis2go’s storing of and using Customer’s personal information, Customers may email [email protected] or send a letter to the corporate address of citis2go (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) to place a respective request. For such requests, no reason needs to be provided and no special format needs to be adhered to.

In case citis2go requires personal information and a Customer intends to provide such personal information e.g. in context of the cases described under §3 section 2-6, Customers are requested to carefully read this Privacy Policy and to declare the consent to this Privacy Policy. Such consent can be given explicitly, e.g. by checking Privacy Policy consent checkboxes, or implicitly by using features of the Platform that require entering and offer storage of personal information and proving the required personal information.


Personal information of Customers, such as name, gender, postal address, telephone number, date of birth, email address, citizenship is required to process Customer bookings. Depending on the Product, the Platform may require additional personal information for billing purposes and / or personal information of Participants in a Product that may be different from the Customer using the Platform for Product booking purposes. To protect citis2go from misuse, citis2go reserves the right to save IP-addresses and timestamp of Customers during the use of the Platform and for 12 months thereafter, in particular in context of the booking of Products.


Customers that wish to make their first booking or use functions that require registration are offered to save selected personal information listed under section “2. Booking” in a Customer account to make repeat use of the Platform quicker and more convenient. To protect citis2go from misuse, citis2go reserves the right to save IP-addresses and timestamp of Customers during the use of the Platform and for 12 months thereafter in context with a user account registration.


Customers paying for Products booked make use of third party payment processors, e.g. Paypal. citis2go does not save any payment information or personal information related to payments. The security of the payment transactions is guaranteed through SSL (Secure Socket Layer) standard encryption. Confirmations and reports from the payment processor sent to citis2go are also only sent encrypted. Your payment data will be stored in the payment processor’s systems protected with state-of-the-art security technology. Usage data for billing purposes may be transmitted to other providers or third parties if necessary for billing purposes.

Customer Support and Contact Form

Personal information of Customers, such as name, user name, gender, postal address, telephone number, age, email address, approximate dates a Customer visited or used the Platform or used or contacted the citis2go customer support directly or using the citis2go contact form including the subject and details on the query may be collected from Customers with questions, concerns, complaints, inquiries, requests for information or technical support. Such personal information is used to respond to the request for information and / or provide support to Customers as requested.

Marketing, Advertisement and Newsletters

Personal information of Customers such as name, user name, gender, postal address, telephone number, age, email address may be used for CITI2GO’s own marketing and advertising activates using email alerts and / or newsletters, etc. When signing up for an email newsletter or email alert or explicitly agreeing to the receipt of such marketing, advertisement material, citis2go will use the Customer’s email address and or postal address to deliver the email newsletter, alert, etc. that has been requested. To object to such advertising activities and subsequently opt-out of any newsletter, alert, etc. Customers may email [email protected] or send a letter to the corporate address of citis2go (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) and revoke consent to receiving newsletters, advertisements and promotions which will stop the sending of marketing, advertisement and / or newsletter material.

Mobile Apps

Customers wishing to download the mobile apps offered by citis2go as part of its Platform, should be aware that necessary personal information is transmitted to the AppStore the Customer is using, in particular:

  • User name
  • Email address
  • Account ID
  • Time of download
  • Payment information (if applicable)
  • Individual device code

citis2go has no influence on the collection of such personal information and is not responsible for it. citis2go processes this data to the extent necessary for Customer to download the app; it is not otherwise stored by citis2go.

Collection and Use of Non-Personal Information

Non-Personal Information

Customers can access and / or use the citis2go Platform anonymously without providing personal information. However, like many ecommerce platforms, citis2go collects the following information (“server log file(s)”) each time the Platform is accessed and / or used:

  • Host name of the device accessing the Platform
  • Operating system used
  • Browser used including its version number,
  • Date and time of access / server request(s)
  • URL of the page previously visited (also referred to as the “Referrer URL”).

Such collected information will not be combined with other available data and cannot be associated with any individual or entity and is thus, non-personal information.

Collected information regarding a Customer´s the use of the CITIS2GO Platform is stored in non-personal (i.e. anonymous) usage profiles and is also not combined with Personal information. Non-personal information and usage profiles are used for statistical purposes and to improve the CITIS2GO Platform, Travel Products, advertising, re-targeting, market research, and customer service. Customers can object to the collection and storing of anonymous non-personal information. Customers can also revoke previously given consent to CITIS2GO’s collection and storage of non-personal information at any time without providing any reason for doing so by sending an email to [email protected] or by sending a letter to the corporate address of CITIS2GO (Citis2Go c/o Travelcoup AG, Goldbacher Straße 1, DE-63739 Aschaffenburg) to place the respective request. Customers can also object to the building of non-personal usage profiles by configuring their browser in a way that it does not accept cookies and / or by using a browser plugin to protect a Customer’s privacy, e.g. AdBlock, Ghostery, NoScript, etc. CITIS2GO advised Customers to consult the applicable privacy policies before installing such plugins.

Certain providers of advertising and tracking technology have joined industry associations, allowing Customers to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:

CITIS2GO provides additional information on providers of tracking and advertising technology used on the CITIS2GO Platform in its Privacy Policy in the sections below.

Advertisements on Mobile Devices / Apps

For advertising purposes on mobile devices including but not limited to the use of the citis2go mobile apps, citis2go uses the so-called “Advertising Identifier” (IDFA). This is a unique, non-personalized and non-permanent identification number for a certain device provided by iOS or Android. The data collected is not associated with other device-related information. This IDFA is used to provide personalized advertising and analyze how a Customer is using the mobile app.

If the Customer activates the “No ad tracking” feature in a Customer’s operating system’s settings (e.g. under Privacy > Advertising in iOS), citis2go is restricted to the following actions: measuring a Customer’s interaction with banner ads by counting the number of times a banner is displayed without receiving a click (“frequency capping”), CTR, counting unique users, as well as security measures to combat fraud and error recovery. You can delete the IDFA (e.g. “Reset Ad-ID” in iOS) in the Customer’s device settings at any time, then a new IDFA will be created that cannot be merged with the previous data. Please note, however, that in this case a Customer may not be able to use all features of citis2go’s Platform to its full extent.


citis2go may use cookies about user activity on its Platform, in particular to understand website usage and to resolve any problems, for example, in navigation thus enhancing the user experience. Cookies are small text files that are placed on a Customer’s device, which allow for the anonymous analysis of Customer activity on platforms like the one citis2go is operating. Cookies used by citis2go are either deleted from a Customer’s device at the end of a use session (“session cookies”) or remain on the device, enabling citis2go to recognize a Customer’s device on his or her next visit (“permanent cookies”). The majority of cookies citis2go is using are session cookies.

In addition, citis2go may serve ads on its Platform. In doing so the citis2go ad server may place or read a unique ad-serving cookie on a Customer’s device. If a Customer has visited the Platform by clicking on a banner ad for citis2go’s Products, a temporary or “session” cookie may be set on the Customer’s device. This cookie will contain either an identification number for the ad that was clicked on, or will contain an identification number for the site that was visited when the Customer clicked on the banner ad. After the Customer has arrived at the citis2go Platform, and requests further information from citis2go about its Products, the personal information provided during that request will be linked to the information in the session cookie so that citis2go can measure the effectiveness of the advertising. This “linking” will not be used to target future advertisements to the Customer or to send the Customer electronic messages about its Products, unless consented to by the Customer. As this is a session cookie, it will disappear from the Customer’s device once e.g. the browser has been closed. If a Customer returns to the Platform later, such Customer will appear as a new visitor until they provide personal information.

Customers can in principle decide whether to allow the use of cookies or not. Most browsers allow Customers to refuse the use of cookies by selecting the appropriate settings on the browser. However, Customers should be advised that if one opts out of using cookies, one may not be able to use all the features of our Platform.

Google Analytics

The citis2go Platform uses Google Analytics, a web analysis service provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter referred to simply as “Google”). Google Analytics also uses “cookies”. These text files are stored on a Customer’s devices and enable an analysis of how the Platform is used. The information generated by the cookie about the usage by the Customer is generally transmitted to and stored in a Google server in the USA. If IP anonymization is activated, a Customer’s IP address will however first be truncated by Google within the member states of the European Union or in other signatory states party to the Agreement on the European Economic Area. Only in exceptional cases is a complete IP address transmitted to a Google server in the USA and abbreviated there. IP anonymization is active on citis2go’s Platform.

On behalf of citis2go, Google shall use such information for the purpose of evaluating the Customer’s use of the Platform, for compiling reports on Platform activity, and for providing other services relating to website activity and internet usage to citis2go. Google will not link the IP address transferred by a Customer’s browser as part of Google Analytics with any other data held by Google. Customers may prevent the use of cookies by adjusting the appropriate settings on their browser. However, Customers should be advised that if they opt out of using cookies they may not be able to use all the features of the citis2go Platform.

Customers can additionally prevent the collection of data produced by cookies and associated with their Platform use (including IP address), and its transmission and processing by Google by downloading and installing the Google Analytics Opt-out Browser Add-on. More information is available here.

Google AdSense

citis2go uses AdSense, an online advertising service. This is designed to present Customers with advertising that matches their interests. These plugins can be identified by the logo saying “Google Ad”. Google is informed when a Customer visits the citis2go Platform by storing a cookie on the Customer’s device which transmits the data. In addition, so-called web beacons are used. These are invisible images that can analyze Customer’s behavior on the citis2go Platform. Google will not link the IP address transferred by a Customer’s browser as part of Google AdSense with any other data held by Google. citis2go has no influence on the data that Google collects in this way nor does it know the scope of the data collected by Google. This data is transmitted to the United States where it is evaluated. This information can be passed on from Google to its contractors or government bodies.

This site might also enable third-party Google AdSense ads. The above data may be transmitted to these third parties. Customers may refuse the use of cookies by Google AdSense in various ways:

  • By changing the settings of the browser, in particular by refusing to allow third-party cookies from being set; this means that the Customer will no longer receive any third-party ads
  • By disabling the interest-based ads provided by Google copying the link in the address bar of the browser; this setting will be cancelled whenever a Customer deletes cookies on his or her device(s); By permanently deactivating ads provided by Google copying the link in the address bar of the browser. However, that in this case Customers may not be able to use all features of the CITIS2GO Platform to its full extent. By disabling the interest-based ads of providers who participate in the self-regulatory “About Ads” campaign. Customers may click on the following link to decide to opt out of provider advertisements. This setting will be cancelled whenever a Customer deletes cookies on his or her device(s). Customers can obtain more information regarding the purpose and scope of data collection, its processing and use, as well as related rights and settings options for protecting Customer privacy from Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA by reviewing Google’s Privacy Policy for Advertising at and the information about Google’s DoubleClick cookies at


CITIS2GO's Platform uses Hotjar tracking technology. This tracking technology enables Hotjar to collect and store usage data in pseudonymous profiles for the purposes of web analysis and interest-based advertising. The tracking technology and analysis functions are offered by Hotjar, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

Hotjar inserts a tracking code onto Hotjar-enabled websites or devices which is transmitted to Hotjar servers based in Ireland (EU). This tracking code contacts Hotjar's servers and provides a script to a Customer’s computer or device accessing the Hotjar-enabled website or device. The script will capture specific data related to the viewer's interaction with that particular website or device. This information is then sent to Hotjar's servers for processing. A detailed description of the functionality can be reviewed at

For the purpose and scope of data collection and further processing and use of data by Hotjar, as well as the related rights and settings options to protect the privacy of Customers, please refer to Hotjar’s privacy policy at

Customers can opt-out of Hotjar’s data collection and storage at any time with effect for the future by setting an opt-out-cookie on a Customer’s device via the website of the EDAA at

Social Media Plugins


citis2go’s Platform uses social plugins (“Plugins”) provided by the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identifiable by a Facebook logo (e.g. white “f” on a blue tile, the terms “Like”, “Share”, or a “thumbs up” sign) or with the phrase “Facebook social plugin”. The list and the look of Facebook social plugins can be viewed at

When a Customer uses the citis2go Platform and it contains such a plugin, the browser is directly connected to the Facebook servers. The content of the plugin is transferred from Facebook directly to a Customer’s browser, which then embeds it into the webpage. citis2go therefore has no influence on the amount of data that Facebook collects with the help of this.

By integrating the plugin, Facebook receives the information that a Customer has accessed the corresponding page. If the Customer is logged into Facebook, Facebook can assign the visit to their Facebook account. If the Customer interacts with the plugins, for example, clicks the Like button or writes a comment, the corresponding information is transmitted from their browser directly to Facebook and stored there. If the Customer is not a member of Facebook, there is still the possibility that Facebook will receive their IP address and store it. According to Facebook, in Germany only an anonymous IP address will be stored.

For the purpose and scope of data collection and further processing and use of data by Facebook, as well as the related rights and settings options to protect the privacy of Customers, please refer to Facebook’s privacy policy at

If a Customer is a Facebook member and does not want Facebook to collect data about them from citis2go’s Platform and link such collected data to member data stored on Facebook, a Customer must log out of Facebook before visiting the citis2go Platform.


citis2go’s Platform uses Twitter plugins. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. They can be identified by terminology such as “Twitter” associated with a stylized blue or white bird. Using the plugin, it is possible to share a post or page on this platform on Twitter or to follow citis2go on Twitter.

When a Customer visits a page on the citis2go Platform and it contains such a plugin, the browser is directly connected to the Twitter servers. The content of the plugin is transferred from Twitter directly to the Customer’s browser, which then embeds itself into the page. citis2go therefore has no influence on the amount of data that Twitter collects with the help of this plugin.

To the best of citis2go’s knowledge, only a Customer’s IP address and the URL of the page he or she is sharing will be transmitted when the Customer uses the Twitter plugin, but not for other purposes such as the representation of the buttons used. For more information on Twitter’s privacy policy, please revert to


citis2go’s Platform uses plug-ins and APIs of the social network Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The Instagram plugin is recognizable with the “Follow Button” and in the form of a “Gallery Preview” on the platform.

When a Customer visits a page on the citis2go Platform and it contains such a plugin, a direct connection between the browser and the Instagram server is established by means of the plugin. This enables Instagram to receive the information that the Customer has visited citis2go’s Platform from a certain IP address. If the Customer clicks on the Instagram button or window when he or she is logged into the personal Instagram account, the Customer can link certain content of citis2go’s Platform to the his or her Instagram profile. This means that Instagram can associate visits to the citis2go Platform with a Customer’s Instagram account.

citis2go expressly points out that it receives no information on the content of the transmitted data or its use by Instagram. For further information about the privacy policy of Instagram, please revert to

Closing Provisions

Privacy Policy and Data Protection by 3rd Parties / citis2go’s Liability

citis2go’s Platform may contain links to 3rd party platforms that have not been previously detailed explicitly in this Privacy Policy. If a Customer follows such a link to such a 3rd party platform, the Customer needs to be aware that these 3rd party platforms are subject to their own privacy and / or data protection policies.

As a matter of principle, citis2go cannot assume responsibility or be held liable for privacy and data protection policies and standards by any 3rd party, irrespective of explicitly mentioned in this Privacy Policy or not. Before using any 3rd party platform, Customers need to familiarize themselves with the respective privacy and data protection policies of the 3rd parties.

Changes to this Privacy Policy

This Privacy Policy can be updated or otherwise changed from time to time on at least thirty (30) days’ notice (“Notice Period”), which notice will be provided to Customers by any reasonable means, including but not limited to email and publication on the citis2go Platform. After the Notice Period, the new version of Privacy Policy (“Current Privacy Policy”) becomes effective. The Current Privacy Policy that is valid at the time of Customer’s use of the citis2go Platform shall always apply. Customers have no right to claim that a current or future use of the citis2go Platform was done under a previous Privacy Policy, i.e. a Privacy Policy that was in force prior to the Current Privacy Policy.


If any provision of the citis2go Privacy Policy is held by a court of competent jurisdiction to be invalid, void or otherwise unenforceable, the remainder of the citis2go Privacy Policy will remain in full force and effect. The invalid provision shall then be replaced by a provision that comes closest to the intended objective.

Share your citi pass story with #citis2go on Instagram, Facebook, or Twitter

Subscribe to our newsletter

We are constantly expanding and enriching our offers. Stay up to date by registering for our regular newsletter.

This site is protected by reCAPTCHA and the Google <privacy>Privacy Policy</privacy> and <terms>Terms of Service</terms> apply.