Data Privacy

Data privacy statement of BLS Ltd

A.      Scope

This data privacy statement of BLS Ltd, Genfergasse 11, 3011 Bern, hereinafter referred to as BLS, applies to the processing of personal data by BLS within the scope of the Swiss Data Protection Act and the European Union’s General Data Protection Regulation (GDPR). Insofar as that BLS Netz AG and BLS long-distance traffic Ltd (both domiciled at Genfergasse 11, 3001 Bern), as well as Busland AG and BLS Immobilien AG (both domiciled at Bucherstrasse 1, 3400 Burgdorf), process data in their capacity as BLS Group companies, the relevant provisions of this data privacy statement also apply.
It explains what type of data we collect from you, why we need this data and how you can object to it being processed.

B.     Customer promise

Public transport operators treat customer data confidentially.

BLS is a public transport operator in Switzerland. Public transport operators treat customer data confidentially.
As a public transport operator, protecting your personal data and personal privacy is important to us. We guarantee to process your personal data in compliance with the requirements of data protection legislation.
Public transport operators show that they take responsibility for the protection and confidential handling of your data by applying the following principles:


You decide how your personal data will be processed.

The law says that you can refuse at any time to allow your data to be processed, withdraw your consent to its collection and processing or ask for your data to be deleted. You always have the option to travel anonymously, in other words without your personal data being collected.


We offer you added value when we process your data.

Public transport operators use your data exclusively to offer you added value throughout the mobility chain (such as personalised offers and information, support, or compensation for disruptions in service). We will therefore use your data only to help us develop, deliver, optimise and evaluate our services or to improve customer relations.


We will not sell your data.

Your data will only be disclosed to the carefully selected third parties listed in this data privacy statement and only for the purposes explicitly identified. We insist that any third parties we ask to process your data comply with our own data privacy standards.


We guarantee the security and protection of your data.

Public transport operators guarantee to handle customer data with care and to keep it safe and secure. We have put in place appropriate organisational and technical measures to safeguard your data.
Please see below for more detailed information on how we handle your data.

C.      The processing of data by BLS

1.    Who is responsible for data processing?

BLS is responsible for processing your data. As a public transport operator, we are obliged by law to provide what is known as Direct Services (DS). To do this, the transport service providers (TSPs) and their partners (overview available here) and the third parties who sell public transport products share certain data, which they store centrally in databases operated jointly by all the public transport service providers and their partners. We are therefore responsible for processing data jointly with these TSPs and partners. You will find further information on how we process your data in the section "What does shared responsibility mean in public transport?"
If you have any questions or suggestions about data privacy, please feel free to get in touch with the following contact person at any time:
Either by post to: BLS Ltd, Legal Services/Data Protection Commission, Genfergasse 11, 3001 Bern
or by email to:

2.    Why do we collect personal data?

We understand how important it is to you that we handle your personal data with care. We only process data for specific purposes. The reasons for processing your data may be, for example, technical, contractual, legal, or there may be overriding interests – that is, legitimate reasons – or you have given us your express consent to do so. We collect, store and process personal data when necessary, for exam-ple, to manage customer relations; to sell our products and provide our services; to process orders, contracts, sales and invoices; to respond to questions and re-quests; to supply information on and to market our products and services; to provide support on technical issues; and to evaluate and improve our products and services. For more detailed information on the data we collect and what we use if for, please read the sections below.

3.    What data do we store and what do we use it for?

3.1    When selling our services

For contractual reasons, when you place an online order or purchase certain products and services, we need your personal information so that we can provide our services and manage our contractual relationship with you. When you buy a season ticket, for example, or one-way ticket.
Depending on the product or service, when you purchase personalised services we collect the following data (the mandatory information in the order form is marked with an asterisk (*)):
  • Personal photo
  • Gender, name, email address of the purchaser/passenger
  • Other information such as postal address, date of birth
  • Phone number
  • Means/method of payment
  • Consent to our general terms and conditions
To help us administer the contractual relationship, we also collect data on the services you have purchased ("service data"). This includes – depending on the product or service – the following information:
  • Type of product or service purchased
  • Price
  • Place, date and time of purchase
  • Sales channel (internet, vending machine, ticket counter, etc.)
  • Date of travel or period of validity and time of Departure
  • Place of departure and destination and travel itinerary
The legal basis for processing this data is that it is necessary for the performance of the contract.
The data generated when services are purchased is processed by BLS and stored in a central database (see the section on shared responsibility in public transport, section 9 below). It is also processed for other purposes, including marketing and market research (please refer to the relevant sections of this data privacy statement for further information). The data is also used for ticket control, to identify the bearer of a personalised ticket, and to prevent misuse. The information is also used to help our after-sales service to identify and assist you with any problems or difficulties you may have and to process any claims for compensation. Lastly, the data is used to distribute the revenue generated by ticket purchases equitably among Direct Service companies and partners.
The legal basis for processing this data is our legitimate interest.

3.2    When using the website

When you visit our website, our hosting provider's servers temporarily record each access in a log file and collect the following technical information:
  • The IP address of your computer
  • The date and time of access
  • The URL of the linking web page with, if applicable, the search term used
  • The name and URL of the files accessed
  • The search queries carried out (timetable, general search on website, products, etc.)
  • Your computer's operating system (provided by the user agent)
  • The browser you are using (provided by the user agent)
  • The type of device, if access is via a mobile phone
  • The communications protocol used
This data is collected and processed to assist with system security and stability, for error and performance analysis and for internal statistical purposes, enabling us to optimise the performance of our website. It also helps us to configure our website to better meet the needs of our target group by offering specific content and information that may be of interest to them.
The IP address is analysed, along with other data, for investigation and defence purposes in the event of an attack on the network infrastructure or other unauthorised or abusive use of the website. In the event of a criminal investigation into an attack, the information can identify the users involved and can be used to bring civil or criminal proceedings against them.
Lastly, when you visit our website we use cookies along with applications and tools that use cookies to function. For more information, please refer to the sections in this data privacy statement on cookies, tracking tools, advertisements and social plug-ins.
The legal basis for processing this data is our legitimate interest.
We assume no liability for the non-compliance with data protection regulations of any third-party websites linked to our website.

3.3    When using our apps:

"lezzgo" ticketing app

Tickets of transport operators and partners which are active within the scope of the lezzgo app can be booked and charged via the lezzgo ticketing app.
The data protection regulations governing the acquisition and use of the lezzgo ticketing app are available in sections 15 to 18 of the GTC for the lezzgo ticketing app, which can be viewed by clicking on this link.


The BLS Mobil timetable and ticketing app

Real-time timetable data can be called up and tickets can be purchased via the BLS Mobil timetable and ticketing app (hereinafter referred to as the BLS Mobil app). The area of validity of prepaid tickets includes the Direct Service and various regional transport product ranges including the different fare networks covered by BLS. The area of validity of post-paid tickets includes Direct Service and the Swiss regional transport product range. In addition, the SwissPass can be stored digitally in the BLS Mobil app.
The data protection regulations governing the acquisition and use of the BLS Mobil app are available in sections 15 to 18 of the GTC for the BLS Mobil app, which can be viewed by clicking on this link.

3.4 When contacting our Customer Service via a contact form or by email

You have the option of contacting us via a contact form or by emailing our Custom-er Service. When contacting us via a contact form, it is necessary to provide at least the following personal data:
  • Title, last name and first name
  • Email address
We use this and other freely entered information (in particular your address, telephone number and company) to respond to your contact request personally and efficiently. Furthermore, we can use the information you provide in the contact form or email to Customer Service for internal analytical purposes as part of our efforts to improve our benefits and services. Any additional voluntary information you provide about how you learned about our offer will be used for internal statistical purposes.
Our legal basis for processing this data is our legitimate interest or, if you supply your contact details in order to enter into a contract, our legal basis is the implementation of the pre-contractual measures you have requested.

3.5    When contacting our Customer Service by phone

If you contact our Customer Service by phone, your call may be recorded for training purposes and the recording will be kept along with your phone number and the time of the call. If this is the case, you will be informed at the beginning of the call that your call will be recorded.
Our legal basis for processing this data is our legitimate interest or, if you supply your contact details in order to enter into a contract, our legal basis is the implementation of the pre-contractual measures you have requested.

3.6    Contacting us in the context of a BLS social media campaign

If you use social media, your consent granted to the respective social media provider al-lows BLS to run advertising campaigns that appear on your user profile. These campaigns provide the option of contacting BLS. If you subsequently contact us, we will use the following personal data that we receive from the respective social media provider with your consent:
  • Title, last name and first name
  • Email address
We use these data exclusively to provide you with the information you requested by contacting us; the legal basis for these data-processing results is your consent that you granted when contacting us.

3.7    When registering as a customer on BLS websites

When you place an order with us, you have the option of registering for a customer account. For this, we collect the following personal data (when opening a customer account, the mandatory information is marked with an asterisk in each case (*)): The mandatory information may vary depending on the service and must at least contain
  • Email address
  • Password
  • Consent to our general terms and conditions
We collect this information to help you keep track of your orders and the contracts you have concluded. You have therefore given us your consent to carry out these data processing operations. This is our legal basis for processing your personal data.
You can withdraw your consent at any time with future effect (see Section 8). If you link your customer account to a SwissPass account, any changes to your personal data (a change of address, for example) and the details of the services you have purchased are automatically updated and appear in both accounts. Please note also the following information about the processing of your data in connection with your SwissPass account.

3.8    When creating a SwissPass login/customer account at

You have the opportunity to create a customer account on To do this, we need the following information from you:
  • Surname and first name
  • Date of birth
  • Address (street, postcode, city and country)
  • Customer number (if you are an existing public transport season ticket hold-er)
  • Email address and password (login data)
When you register, we authorise you to access the numerous online services (web shops and apps) of public transport operators and partners using the login data (the “SwissPass login") and to purchase these services without having to repeat the time-consuming registration process. Any services you purchase using your SwissPass login (especially public transport tickets/season tickets) are recorded in your customer account and in a central database (“DS database”).
We need to process your data so that we can fulfil the contract on the use of the SwissPass and this is therefore the lawful basis for processing. You will find further information on this topic in the sections in this data privacy statement on shared responsibility in public transport and on sharing data with third parties and in the data privacy statement on which is available at the following link here.

3.9    When using our rolling stock and railway stations

In accordance with Art. 55 of the Passenger Transport Act (PTA) and Art. 16b of the Railways Act (RailA), as well as the Implementing Provisions of the CCTV Surveillance of Public Transport Ordinance (PT-CCTVO), BLS and BLS long-distance traffic Ltd monitor their trains, Busland AG its buses and BLS Netz AG its railway stations in the form of CCTV surveillance. Furthermore, BLS also uses CCTV surveillance to monitor its administration building and workshops. The CCTV surveillance serves to protect customers, operations and infrastructure.

CCTV surveillance involves recording picture signals which make it possible to identify individuals. The recordings are predominantly stored on-site in vehicles, whereas recordings of facilities and properties are stored in a central location. All recordings are stored for a maximum of 10 days and then automatically deleted. Recordings are only backed up if incidents are detected. Backup orders and backup may only be triggered or carried out by clearly defined business units within BLS.

Backed up recordings containing personal data are generally evaluated on the next working day. By way of exception, it may be carried out within two additional working days for operational or technical reasons. Evaluations are conducted in the following cases:

  • In case of security and vandalism incidents on or in the vehicles, in or on the rolling stock and on infrastructure;
  • based on official decisions;
  • on information requests of data subjects (cf. Chapter 10 below).

The evaluation is only conducted by the competent and authorised business units within BLS.

Backed up recordings are stored in such a way that they are protected against unauthorised access. Recordings will be destroyed no later than 100 days after the date on which they were created, unless they are disclosed in accordance with the following explanations.

Recordings are only disclosed to the following authorities:

  • responsible authorities of the Confederation and cantons;
  • the authorities with whom the companies file a complaint or assert legal claims.

The disclosure only takes place to the extent that this is required for the process. In case of a disclosure, the recordings are stored until such time as the proceedings have been legally completed.

4.    How long is your data kept for?

We store personal data for only as long as we need it
  • to provide the services described in this data privacy statement that you have requested or for which you have given your consent;
  • to use the tracking services described in this data privacy statement within the scope of our legitimate interest.
We retain contractual data for a longer period as this is required of us by our legal retention obligations. Retention obligations which oblige us to retain data arise from accounting regulations and tax legislation. Insofar as we no longer require said data to perform services for you, access to said data will be blocked. This means that the data may then only be used to fulfil our storage obligations.

5.    Where are the data stored?

As a rule, your data is stored in databases in Switzerland. However, in some cases explained in this data privacy statement, the data may also be passed on to third parties located in the EU or in other third countries. EU Member States have an adequate level of data protection in comparison with Switzerland. If another third country concerned does not have an adequate level of data protection, we make sure that these companies protect your data appropriately, through contractual arrangements with these companies.

6.    What data is processed for marketing purposes?

Unless you object, we use for marketing purposes your customer data (in particular name, gender, date of birth, address, customer number, email address), your service data (in particular data on services purchased such as season tickets or one-way tickets) and your click behaviour on our website or in emails you have received from us. For information on how we evaluate click behaviour, please also refer to the section on tracking tools.
We evaluate this data to help us provide better products and services for our customers and to help us send you or show you (via email, letter, text, push notifica-tions in the app, personalised teasers on the web, and in person at the counter) information and offers that are relevant to you. For this, we use only data that we can explicitly associate with you, for example because you have registered or identified yourself on our website with your SwissPass login and purchased a ticket. We also use methods that predict possible future purchasing behaviour based on your current purchasing behaviour.
The legal basis for processing in this instance is our legitimate interest. In certain cases, under strict conditions SBB or another company involved in Direct Service may also contact you. Please read the information in the section "shared responsibility in public transport".
You can refuse to accept communications from us, SBB (in connection with your GA or half-fare travelcard, for example) or other public transport operators at any time. The following options are available to you:
  • Each email you receive from us or other public transport operators contains an unsubscribe link that you can click to unsubscribe from further messages.
  • If you have a SwissPass login, you can sign in to your user account here at any time to manage the message settings in your user account.
  • You can also subscribe or unsubscribe at any ticket counter or by phoning 058 327 31 32 or using the contact form here.
Please also refer to the information in the section on tracking tools on your right to object in connection with the evaluation of click behaviour.

7.    What data is processed for market research purposes?

To continuously improve the quality of our services and offers, we regularly conduct market research. We may therefore use your contact information to invite you to participate in a survey.
The information you provide for evaluating BLS is always only evaluated in aggregated and anonymised form. Under certain circumstances, your information about use and mobility behaviour may be used to send or show you even more relevant information and offers in the future. By taking part in such surveys, you declare that you agree with the data use specified.
If you do not wish to be invited, you can opt out of receiving invitations here using the contact form.
The legal basis for processing in this instance is our legitimate interest.

8.    What rights do you have over your personal data?

You have the following rights over your personal data:
  • You can request information about your stored personal data.
  • You can request that your personal data be corrected, supplemented, blocked or deleted. Your data will be blocked rather than deleted if there are legal obstacles to its deletion (e.g. legal storage obligations).
  • If you have set up a customer account, you can delete the account or ask for it to be deleted.
  • You can object to the use of your data for marketing purposes.
  • You can withdraw your consent at any time with future effect
  • You can ask for your data to be transferred to a third party.
To exercise your rights, you need only inform us by post to:
BLS Ltd, Legal Services/Data Protection Commission, Genfergasse 11, 3001 Bern
or by email to:
You also have the right to complain to a data protection authority at any time.

9.    What does "shared responsibility in public transport mean"?

BLS is responsible for processing your data. As a public transport operator, we have a legal obligation to collaborate with other transport operators and partners in the provision of certain passenger transport services ("Direct Service").

For this purpose, and for other purposes described in this data privacy statement, we share data at national level within the "National Direct Service" (NDS), an association of over 240 transport operators and public transport partner companies. The individual TSPs and partners are listed here. Data acquired from customers who purchase services or supply contact details are stored in a central database which is managed by SBB on behalf of NDS and for which we are jointly responsible with the other NDS companies and partners (the DS database).

When services are purchased by customers using the SwissPass login, the data is stored in another central database (the SwissPass database) which is managed by SBB on behalf of NDS and for which we are jointly responsible with the TSP and the NDS community. Data used in conjunction with the acquisition of BLS-specific services (e.g. leisure activities). These are only stored in BLS’s customer database.

To improve service efficiency and streamline the working relationship between the companies involved, data from the different databases may be merged in the SwissPass database. To enable single sign-on (SSO) (a system that enables SwissPass users to access multiple services with just one login), we share login, card, customer and service data with the central SwissPass login infrastructure during the authentication process.

Access by individual TUs and partners to the shared databases is regulated and limited by a contractual agreement. The sharing and processing by the other TSPs and NDS partners who use the central database is normally limited to contract processing, ticket control, after-sales service and revenue distribution. Data collected during purchase transactions for NDS services (cf. product overview here) is also used for marketing purposes in certain cases. These include analysing the data to improve and promote public transport services in line with customer needs. If you are contacted for this purpose, it will normally be by us at BLS. The other TSPs and partner companies associated with NDS will contact you only in exceptional circumstances and under strict conditions, and only if an analysis of the data shows that a particular public transport service would be beneficial for you as a customer. Contact by SBB is the one exception to this rule. SBB handles the marketing of NDS services (such as GA and half-fare travelcards) on behalf of NDS and may contact you at regular intervals in connection with these services.

Our legitimate interest forms the legal basis for processing this data.

10.   Will your data be shared with third parties?

We will not sell your data. We will share your personal data only with selected service providers and only to the extent necessary to provide our service. In particular, the following service providers are involved here:

  • IT service providers
  • Issuers of season tickets
  • Delivery companies (such as Swiss Post)
  • Address management service providers to ensure address quality and possibly to enhance additional features like household size, home ownership, age, in-come group, etc.
  • Leisure partners in the context of using joint offers
  • External service providers in Switzerland and abroad in the context of travel agency services (e.g. via BLS Travel Centres)
  • Service providers commissioned to distribute the income from fares among the transport operators involved (in particular for the purpose of calculating the distribution model in accordance with the Swiss law (PBG) governing the carriage of passengers)
  • Our hosting provider (see the section titled "Use of website")
  • The providers mentioned in the sections on tracking tools, social plug-ins and advertisements.

Please refer to the section "Where is your data stored?" for more information on service providers domiciled abroad.

Your data may also be shared if we are legally obliged to do so or if it is necessary to safeguard our rights, in particular to enforce claims arising from our relationship with you.

If you book a cross-border journey, your data will be shared with the foreign companies providing this service. However, the personal data shared will be limited to what is needed to check the validity of the tickets and to prevent misuse.

Our legitimate interest forms the legal basis for processing this data.

Your personal data will not be disclosed to third parties outside the public transport industry. The only exceptions to this are (to the extent described below) SwissPass partners and companies authorised by public transport operators to sell public transport services on the basis of a contractual agreement. These sellers will only be given access to your personal data if you wish to obtain a public transport service through them and you have given them your consent to use your data. Even under these circumstances, they will be able to access your data only for the purpose of determining whether you already have tickets or season tickets for the period during which you intend to travel that are valid for your journey or for the service you have asked the third party to provide.

The legal basis for processing this data is therefore your consent. You can withdraw your consent at any time with future effect (see Section 8 above).

If you use your SwissPass to obtain services from a SwissPass partner (see overview here), personal data on any services you have purchased from us (such as a GA travelcard, half-fare travelcard or season ticket) may be shared with our SwissPass partners in order to ascertain whether you could benefit from a specific offer from the SwissPass partner (such as a discount for GA card holders). If your ticket is lost, stolen, misused, falsified or replaced after a service has been purchased, the partner concerned will be informed. We need to process your data so that we can fulfil the contract on the use of the SwissPass and this is therefore the lawful basis for processing. You will find further information on this in the data privacy statement on (see here) and in the data privacy statement of the SwissPass partner concerned.

11.   How are tracking tools used?

The following tracking tools are used on our websites:

  • Google Analytics
  • Hotjar
  • ClickDimensions
  • Sitecore Analytics 

We use the web analysis services of Google Analytics, ClickDimensions, Hotjar and Sitecore Analytics to help us configure and continuously optimise our website, apps and emails according to need. Our legitimate interest forms the legal basis for the data processing described below.

• Website tracking:

When you visit our website, we create a pseudonymised user profile and save small text files ("cookies") on your computer (see Section 12 below "What are cookies and when are they used?"). The information generated by these cookies about how you use our website is sent to the servers of the companies who provide these services, where it is stored and processed for us. In addition to the data listed above (see Section 3.2 ("What data is processed when you use our website?"), through this we obtain the following information:

  • The visitor's navigation path through the website
  • The time spent on the website or subpage
  • The subpage from which the visitor leaves the website
  • The user's access location (country, region or city)
  • The accessing device (type, version, colour depth, resolution, width and height of the browser window)
  • Whether the visitor is a returning or new Visitor
  • The browser type/version
  • The operating system used
  • The referrer URL (the previously visited website)
  • The hostname of the accessing computer (IP address) and
  • The time of the server request

This information is used to evaluate how our website is being used.

  • Tracking when sending emails:

When sending emails, we make use of email marketing services provided by third parties. Our emails may therefore contain a web beacon (tracking pixel) or similar technology. A web beacon is an invisible 1x1-pixel image that is as-sociated with the user ID of the particular email subscriber.

For each newsletter/mailing we send, we have information on the address file used, the content, the email subject and the number of newsletters sent. In addition, we can see which addresses have not yet received the email, which addresses it has been sent to, and the addresses to which delivery was unsuccessful. We can also see the open rate, including information on which addresses have opened the mailing and which addresses have unsubscribed from the distribution list.

We make use of specialist services to enable us to evaluate the above information. These also allow us to also record and evaluate click behaviour. We use this data for statistical purposes and to optimise the content of our messages. This allows us to tailor our email content and our offers so that they are more likely to be of interest to the recipients. The pixel image is deleted when you delete the email.

If you wish to prevent the use of web beacons in our emails, please set your email program to disable display of messages in HTML format, if this is not already the default setting. You will find instructions on how to do so here, for example.

Below is more information about our tracking tools:

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA and Google Ireland Limited, Gordon House Barrow St, Dublin 4, Ireland. To enable it to analyse website usage, Google Analytics uses technologies such as cookies (see Section 12 below, "What are cookies and when are they used?"). The information generated by a cookie about your use of this website, as explained above, is sent to servers in the United States belonging to Google, a company of the holding company Alphabet Inc., and stored there. Because IP anonymisation has been activated on our website, your IP address will be truncated by Google if you reside in a member state of the European Union, or any country party to the Agreement on the European Economic Area, or Switzerland. Google will not associate the anonymised IP address supplied by your browser to Google Analytics with any other data held by Google. Only in exceptional cases will the full IP address be sent to Google servers in the USA to be shortened. In these cases, Google offers a contractual guarantee that it will maintain an adequate level of privacy protection.

This information is used to monitor traffic on our website, compile reports on how visitors use our website and provide additional services in connection with the use of the website and the internet for purposes of market research and improving our website. The information may also be shared with third parties if this is required by law or if the third parties are processing the data on our behalf. According to Google, the user's IP address will never be associated with other data relating to the user.

Users can prevent Google from using cookies to collect and process data relating to their use of our website (including their IP address) by downloading and installing the browser plug-in here.


We use Hotjar in order to gain a better understanding of the requirements to optimise the offerings on this website. With the help of Hotjar’s technology, we gain a better understanding of the experiences of our users (e.g. how much time users spend on which sites, what links they click on, what they like and what they don’t like, etc.) and that helps us to adjust our offering in line with user feedback. Hotjar works with cookies and other technologies, in order to collect information on our users’ behaviour and their devices (in particular, the recording and storage of the IP address of the device in anonymised form), screen size, device type (unique device identifiers), information on the browser used and the location (country) for displaying the preferred language. Hotjar stores this information in a pseudonymised user profile. The information is neither used by Hotjar nor by us to identify individual users or combined with other data on individual users. The data are processed in the EU. You will find further information in Hot-jar’s Privacy Policy here.

You can object to Hotjar storing a user profile and information about your visit to our website and the placement of Hotjar tracking cookies on other websites if you click on this opt-out link.


ClickDimensions is a service integrated in Microsoft Dynamics 365 CRM and the data are processed in the EU. . Among other things, it enables professional e-mail marketing and automated campaigns. ClickDimensions enables the analysis, planning, organisation, conduction and monitoring of marketing measures. The main function of ClickDimensions is email marketing. Emails can be created, sent and traced via ClickDimensions. Performance statistics flow back into Microsoft Dynamics 365 during this process. After a marketing email is sent, real-time information is available which allows conclusions to be drawn as to which recipients visited a website and what interested them, for example.

Sitecore Analytics 

We use the Tracking Tool and associated Sitecore Analytics cookie primarily for the purpose of linking page hits to specific user profiles. It is also used so that we can individually adapt the presentation of the website for you and provide you with per-sonalised advertising. We store the page hits per session and evaluate these in order to offer you appropriate and personalised content. The Sitecore Analytics Cookie identifies you anonymously and remains in place over several sessions. Following a SwissPass login, use of a contact form or a visit to a newsletter page, you can be identified via user data so that the above-described information is available not only across multiple sessions but also multiple devices. We store the date and time as well as the pages accessed on our website. In addition, the cookie also helps us to analyse the behaviour of website users and adjust content to the needs of users. The data are processed in Switzerland or the EU.

12.   What are cookies and when are they used?

We make use of cookies in specific circumstances. Cookies are small files that are placed on your computer or mobile device when you visit or use one of our websites. Cookies store certain settings in your browser and information about how you use our website via your browser. When a cookie is activated, it is assigned an identification number that identifies your browser and allows it to use the information contained in the cookie. You can set your browser to display a warning before it saves a cookie. It is also possible to block personal cookies,  but this can prevent certain functions from working properly.
We use cookies to evaluate general user behaviour and  thereby optimise their experience on our website. We want to make our website as user-friendly as possible, with content that can be found more intuitively. Our aim is to improve its structure and make it easier to navigate. We believe it is important to have a user-friendly website that meets our users' needs. The information we obtain from cookies enables us to optimise the performance of our website by providing you with more targeted and more personalised content and information.
Most web browsers accept cookies by default. You can, however, configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. The following pages explain how to change your cookie settings:
Disabling cookies may mean that you cannot use all of our website’s functions. The legal basis for processing this data is our legitimate interest.

13.   Social plug-ins

Integrating social plug-ins enables website operators to use certain services of social networks like Facebook, Twitter, etc. on their own websites. With the help of the Facebook’s Like button, for example, website visitors can share the website on their Facebook profile with a single click of the mouse. The website operators hope that this will quickly lead to higher visitor numbers for their site. The integration is also used to receive detailed statistical information about website users.

Social plug-ins are disabled on our websites.

14.   Advertisements on our website and in our apps

We do not use third parties (ad servers) to place and use personalised advertisements on our website and in our apps.

15.   Data security

We use appropriate technical and organisational security measures to protect your personal data stored by us from manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continually improved to keep pace with technological developments. We also take internal data protection very seriously. Our staff and external service providers are themselves required to observe secrecy and to comply with data protection regulations. We take all necessary steps to ensure the safekeeping of your data. Sending information via the internet and other electronic means, however, always involves a degree of risk and we cannot guarantee the security of sent information in this way.

16.   Changes to the data privacy statement

Amendments to this data privacy statement may be required from time to time, for example due to the further development of our digital presence, new offers or changes in legislation. BLS reserves the right to amend the data privacy statement at any time with future effect. We therefore recommend that you read this data privacy statement on a regular basis.



Last amended in October 2020