Toll Collect | Data protection and security

Service Hotline

Calls from within Germany:
0800 222 26 28 *
Calls from outside Germany:
00800 0 222 26 28 *

* free call, mobile phone charges may vary

Data protection and security

What happens to the data?

The German government, represented by the Federal Office for Goods Transport (BAG), is responsible for the truck toll system, since it is a sovereign matter. As the operator of the toll system, Toll Collect is a subcontractor for BAG. In this statutorily defined role, Toll Collect implements the requirements of the German Federal Trunk Road Toll Act (BFStrMG) and the Truck Toll Regulation as well as the Federal Data Protection Act. As the client, BAG must define the requirements to be implemented and can issue instructions.

In this regard, a data protection and security policy was developed at the tender offer stage. Since then, this policy has been updated and made more specific as the system has been established. This data protection policy is continuously coordinated with BAG and the Federal Commissioner for Data Protection, which are the competent oversight authorities. This is the basis for implementing data protection law requirements in ongoing operations.

Permission to process data for the toll system is provided primarily by the BFStrMG and the Truck Toll Regulation. However, the provisions not only permit data processing, but at the same time prescribe strict earmarking for a specific purpose and short deletion deadlines for the operator. Toll Collect processes data for the purpose of operating the toll system only within the confines of this statutory permission. Only the data listed in § 4 Section 3, § 7 Section 2 and § 8 of the BFStrMG and in the Truck Toll Regulation is recorded. This data is processed by the operator, as an agent of the sovereign acting on behalf of BAG, strictly in accordance with data protection guidelines and exclusively for the statutorily prescribed purpose of toll collection.

How is data processed by the enforcement gantries?

Vehicle information is recorded at the enforcement gantries in accordance with the legislative guidelines. § 7 Section 2 of the BFStrMG permits photographing vehicles and recording their number plate for the purpose of monitoring compliance with the provisions of the Toll Act. Under § 9 Section 5 of the BFStrMG, this data is to be deleted immediately after the enforcement process if the vehicle is not required to pay toll. Toll Collect processes photos of vehicles and number plate data only for the listed statutory purposes and in accordance with the provisions on deletion. The drivers cannot be recognized in the photos. Moreover, when vehicles that are determined to be toll exempt, the photo is not evaluated with respect to the number plate, but is deleted within a fraction of a second.

Are travel profiles sold to others?

Only the registered customer will receive information from Toll Collect regarding what route the truck was driving on at what time, and what toll amount must be paid by the customer. It is not possible for third parties to create travel profiles because only BAG and Toll Collect GmbH have access to billing data. The bill lists only the starting time of each route billed for. No average speed can be determined on this basis for use by law enforcement authorities. The On-Board Unit does not record any information on the speed of the truck and its load.

Does Toll Collect have a data protection and security policy?

Toll Collect GmbH has developed a comprehensive and integrated data protection and security policy for the toll system. The technical measures conform to the current state of security technology and are continuously refined.

A need-for-protection analysis was conducted for all components in accordance with the Basic IT Protection Handbook published by the Federal Office for the Security of Information Technology (BSI) , which took the risks to availability, integrity, and confidentiality into account. The data to be processed must be classified according to its sensitivity and the technical and organizational precautions required by the classification scheme must be taken.

Based on this security concept, security measures are taken for personal data to prevent such data from being used for unauthorised purposes or from becoming known to unauthorised persons.

Personal data will only be communicated in these notifications and to the extent required for fulfilment of toll system functions that are either legally required or are specified in the contract agreed with the toll customer. The security concept takes into account that the communications (SMS or GPRS) are transmitted over public networks. To protect against unauthorised access by third parties, the messages sent from the OBU to Toll Collect headquarters are encoded using our own encryption process. In addition, the communications partner is authenticated. A closed (end-to-end) security chain is always formed with cryptographic functions to prevent the manipulation of data and any "listening in" on information.

It is not possible to access and read information in an OBU. Modified SIM cards designed solely for data communication are used. Speech communication is not possible. Only authorised service stations have the capability to work on terminals. Reading out data from an OBU requires an access code, which may not be given to third parties. If an attempt is made to manipulate an On-Board Unit or if it is stolen and re-installed, the control technology automatically recognises this.

A data protection and security organization with data protection and security coordinators in certain operating areas has been established. Need-for-protection analyses and measures are documented in a database and made available to the competent employees in the data protection and security organization.

The truck toll system is operated under high security standards with a security organisation that can react quickly to security incidents. The Data Protection and Data Security Divisions work together closely here.