Data Privacy

Data privacy statement of BLS Ltd

A.      Purpose

This data privacy statement informs you about what we do with your data when you visit our websites, shop in our online shops or use our apps, make use of our products or services, are otherwise associated with us in the scope of a contract, communicate with us, or have any other dealings with us. Where necessary, you will receive prompt written communication from us about additional processing activities not mentioned in this privacy policy. In addition, we may inform you separately about the processing of your data, for example in consent forms, contract terms, additional privacy statements, forms and notices.

B.     Corporate responsibility

BLS Ltd., Freiburgstrasse 130, 3001 Bern, hereinafter referred to as BLS, is responsible under data protection law for the data processing described in this data protection declaration - unless otherwise communicated in individual cases, for example in further data protection declarations, on forms or in contracts.

However, unless otherwise communicated, this privacy policy also applies in cases where a group company of BLS, such as BLS Netz AG, BLS Fernverkehr AG and BLS Immobilien AG (Freiburgstrasse 130, 3001 Bern), Busland AG (Bucherstrasse 1, 3400 Burgdorf) and BLS Schifffahrt AG (Lachenweg 19, 3604 Thun), is the responsible party, not BLS Ltd. This is particularly the case where your data are processed by such a group company in connection with its own legal obligations or contracts. In such cases, this group company is the responsible party. BLS remains your primary contact, even if other co-responsible parties exist.

You can contact us regarding any data protection concerns and to exercise your rights under section 11 as follows:

BLS Ltd.
Legal / Data Protection
Freiburgstrasse 130, CH-3001 Bern
datenschutz@bls.ch

In addition, we have appointed the following data protection representative in the European Union (EU) in accordance with Art. 27 of the General Data Protection Regulation (GDPR):

Swiss Infosec (Deutschland) GmbH
Unter den Linden 24, D-10117 Berlin

C.     Together Responsible

As a public transport company, we are obliged by law to provide transport services with other transport companies and associations ("National Direct Transport, Art. 16 and 17 of the Passenger Transport Act (PBG)). To enable you to do this, for example, data obtained from contacting you or from your purchased services is shared at national level within National Direct Transport (NDV), an association of over 240 transport companies (TU) and public transport associations. For this purpose, certain data are exchanged within the TUs and public transport associations as well as third parties that provide public transport services and stored centrally in a NOVA database (network-wide public transport connection) operated jointly by all TUs and public transport associations, which is managed by the SBB on behalf of the NDV. We are therefore jointly responsible for individual data processing with these TUs and associations.

The scope of access to the shared databases by the individual TUs and associations is governed by a joint agreement. The transfer of data that takes place with the central storage and its processing by the TUs and associations of the NDV are limited to the following purposes:

Provision of the transport service

To ensure that your journey is seamless, your travel and purchase details are forwarded within the NDV.

Contract processing

We process this data for the purpose of establishing, managing and processing contractual relationships.

Maintaining customer relationships and support

We process your data for purposes related to communication with you, in particular to respond to enquiries and to assert your rights and to identify and provide you with the best possible support in the event of concerns or difficulties across the public transport system and to process any compensation claims.

Ticket control and securing revenue

Customer and travelcard data are required and processed for the purpose of securing revenue (checking the validity of travel or discount passes, collection, combating abuse).

The national fare evasion register can be used to record incidents of journeys without or with an invalid or partially valid ticket.

Revenue sharing

The Alliance SwissPass office, managed by ch-integral, fulfils the legal mandate under the Swiss Passenger Transport Act to collect travel data for correct revenue sharing. In this context, the Secretariat acts as mandate holder for revenue sharing in National Direct Transport on behalf of the NDV.

Identification as part of the authentication of the SwissPass login (SSO)

For services that you purchase using the SwissPass login, the data are then stored in the central customer database (NOVA). In order to enable you to use the so-called Single Sign-On (SSO) (one login for all applications that offer the use of their services with the SwissPass login), the login data, card data, customer data and service data mentioned above are also exchanged between the central login infrastructure of SwissPass and us as part of the authentication process.

Joint marketing and market research activities

In addition, the data collected when purchasing public transport services are also processed for marketing purposes in certain cases. If you have given your consent and processing is carried out, or contact is made with you for this purpose, this will only be carried out by the transport company or association from which you have purchased the corresponding public transport service. Processing or contact by the other transport companies and associations participating in the NDV only takes place in exceptional cases and under strict guidelines, and only if the evaluation of the data shows that a particular public transport offer could bring added value for you as a customer. An exception to this is processing and contact by SBB. On behalf of the NDV, the SBB manage the marketing mandate for NDV services (for example, General Abonnement (GA) and Half-Fare Travelcard) and can contact you regularly in this role. We also process your data for market research, to improve our services and for product development.

Further development of public transport systems with anonymous data

We evaluate your data anonymously in order to be able to further develop the overall public transport system according to demand.

Customer information

For cross-border journeys, we will notify you via e-mail or text message about the upcoming journey and any delays or cancellations. You can unsubscribe from these notifications. For group travel, we will notify you via text message about your group reservation and any delays or cancellations. You can opt to receive these notifications when you book a group tour.

D.     Our promise to customers

BLS is a public transport operator in Switzerland. Public transport operators handle customer data on the basis of trust.

The protection of you personally and your privacy is an important concern for us as public transport operators. We guarantee that we will process your personal data in accordance with the applicable provisions of data protection law.

The public transport operators set an example for the trustworthy handling of your data with the following principles:

You make your own decisions about the processing of your personal data.

Within the legal framework, you can refuse data processing at any time, revoke your consent or have your data deleted. You always have the option of travelling anonymously, i.e. without recording your personal data.

We offer you added value when processing your data.

Public transport companies use your personal data to offer you added value along the mobility chain (for example, tailored offers and information, compensation support in the event of disruption). Your data will be used exclusively for the development, delivery, optimisation and evaluation of our services or for the maintenance of the customer relationship.

Your data will not be sold.

Your data will only be disclosed to selected third parties listed in this data privacy statement and only for the explicitly stated purposes. Where we commission third parties with data processing, they will be obliged to adhere to our standards pertaining to data protection law.

We guarantee that your data will be secure and protected.

We guarantee the careful handling of your data as well as its security and protection. We ensure that the necessary organisational and technical precautions for this are in place.

In the following, you will receive detailed information on how we handle your data.

Anonymous, simple, close to cash – your flexible prepaid solution for public transport.

If you would like to travel without personalisation and without cash, an anonymous public transport prepaid card is available to you. For technical and operational reasons, and to reduce disruptions, BLS discontinued the acceptance of cash at its ticket machines in 2025. As a straightforward alternative, the prepaid card continues to enable a discreet and self-determined use of public transport.
The card is anonymous and available from all BLS Travel Centres, staffed public transport points of sale, and partner sales outlets within the Libero network area. It can be topped up at any time using cash or a credit card.

 

E.      Our data processing

1.    Data processing purposes

We are aware that conscientious handling of your personal data are important to you. All data processing is only carried out for specific purposes. This could result from, for example, technical necessity, contractual requirements, legal provisions, prevailing interests, i.e. legitimate reasons, or your express consent. We collect, store and process personal data insofar as this is necessary, for example for the establishment, administration and processing of customer relationships, communication with you, for marketing purposes and to maintain relationships as well as for market research and the further development of services and products.

We may then use your data to automatically assess certain personal characteristics you have for the above purposes ("profiling"). We do this if we want to determine preference data, but also to determine risks of abuse and security, to carry out statistical evaluations or for operational planning purposes. We can also create profiles for the same purposes. This means we can combine behavioural and preference data but also master and contract data and technical data assigned to you to better understand you as a person with your various interests and other characteristics. However, we can also create anonymous mobility profiles for you and – with your consent – personalised mobility profiles. 

In certain situations, to ensure efficiency and the consistency of decision-making processes, it may be necessary for us to automate discretionary decisions that affect you and have legal implications or possibly significant disadvantages ("automated individual decisions", such as automatic order acceptance by our webshop). In this case, we will inform you accordingly and ensure compliance with measures required by the applicable law.

For detailed information on which data are processed for which purposes, please read the following sections.

2.    Types of data

2.1   Purchase of services

For contractual reasons or because of legal requirements (e.g., the Travel Act), we require personal data for online orders or the purchase of certain services and products in order to provide our services and process the contractual relationship, for example when purchasing a season ticket, a single ticket or a journey in our travel centres.

We collect the following data when you purchase personalised services – depending on the product or service:

  • personal photo
  • gender, name, e-mail address of the person purchasing or travelling
  • additional details such as postal address, date of birth, family membership
  • telephone and/or mobile number
  • identification details (identity card/passport information)
  • number plates
  • bank account/means of payment/method
  • Approval of general term and conditions

In order to process the contractual relationship, we also collect data relating to the services purchased by you ("service data"). These include – depending on the product or service – the following information:

  • type of product or service purchased
  • price
  • place, date and time of purchase
  • sales channel (internet, vending machine, at the counter, etc.)
  • communication data (written correspondence, electronic correspondence)
  • details of journeys (type of travel, destinations, date of travel, travel time, flight dates, time of departure, place of departure and destination as well as itinerary, accommodation)
  • Other information, if provided (mobility aids, meal requests, pregnancies, information on accompanying children, data on complaints and crisis situations)

To ensure that we can reach you by post, we check your address with a service provider and update it if necessary.

Data that are generated by the purchase of services will be processed by BLS, stored in a central database and processed for additional purposes, which include marketing and market research. 

Moreover, the data are used within the scope of ticket inspection in order to identify the owner of a personalised ticket and to avoid any misuse of said ticket. 

The data will also be used to provide our Après Vente service, to identify and assist you with any concerns or difficulties you may have and to process any compensation claims. 

The data are also used to fairly distribute the revenue generated by the purchase of tickets among the companies and associations of National Direct Transport.

For group travel, we will notify you via text message about your group reservation and any delays or cancellations. You can opt to receive these notifications when you book a group tour.

For cross-border journeys, we will notify you via e-mail or text message about the upcoming journey and any delays or cancellations. You can unsubscribe from these notifications.

Finally, we evaluate your data anonymously in order to be able to further develop the overall public transport system according to demand.

Insofar as the GDPR of the European Union (EU GDPR) is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.2 Tickets of car transport

For the purchase of annual subscriptions, customer and points cards, we record the following data during registration:

  • company (optional)
  • salutation
  • first name/surname
  • street/no.
  • postcode/city
  • country
  • e-mail address
  • VAT No.
  • Bank details 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.3    Data collection during payment

The following then applies in connection with payment:

Debit/credit cards/PostFinance card/Reka card

For payment by credit card, we forward your card details to your card issuer via our payment service provider (acquirer). The transmission takes place exclusively for the purpose of authorisation and transaction processing and in encrypted form. If you choose to make a card payment, you will be asked to enter all mandatory information (payment card type, payment card number, CVC2/CVV2, expiry date, first name, last name). In certain circumstances it may be necessary to authenticate yourself as an authorised cardholder, for example using the 3DSecure procedure.

Wallet solutions (Twint, Apple Pay)

With wallet payment solutions, your card details have been securely stored in the wallet beforehand. If you decide to pay with a wallet solution, you usually do not have to enter any payment card information. Only the data required for authorisation and transaction processing is transferred via the wallet.

Invoice

The payment option Invoice (including payment in installments) is operated by CembraPay AG. The T&C and the Data Privacy Policy of CembraPay AG apply.

Vouchers (Coupons)

When paying with a voucher (coupon), information about the redeemed voucher, the purchased service and/or the person redeeming the voucher may be shared with the financing partner so that they can verify whether the voucher has been redeemed by an authorised person.

 

Where the EU General Data Protection Regulation (GDPR) applies, the legal basis for the disclosure of this data is the necessity to perform the contract. With regard to the processing of your payment information by these third parties, we also ask you to read the applicable General Terms and Conditions as well as the privacy policy of the payment method used.

 

2.4    Control of services

Customer and travelcard data are required and processed for the purpose of securing revenue (checking the validity of travel or discount passes, collection, combating abuse). The TUs, associations and third parties who arrange tickets are therefore entitled to process all data (ticket and control data and, where applicable, data worthy of protection in connection with all types of journeys without a valid ticket, such as travellers with a partially valid ticket, travellers with an invalid ticket, or travellers who have forgotten their ticket or discount card and any kind of misuse) relating to the travellers or the contracting parties and to store them for the periods defined by data protection law and to exchange them with other TSPs, associations and third parties who arrange tickets (in the case of international tickets or discount cards, also across borders).

The following provisions apply to individual services or bearer media:

SwissPass card

Where the physical SwissPass card is used as a bearer medium, no control data are stored (exception: see SwissPass Mobile).

Swisspass Mobile

For use of the SwissPass Mobile application, the provisions that apply are those acknowledged during the activation of SwissPass Mobile (see separate data privacy statement). The following data are processed in this regard: registration, activation and control data that accrue through use of Swisspass Mobile. As soon as SwissPass Mobile is used, these data are also collected from the SwissPass Card.

Electronic tickets

When electronic tickets (e-billettes) are used, control data are stored in SBB's central control data server. This data is stored for 360 days for the purpose of combating misuse and for measures to prevent misuse and abusive refunds.

Tickets car transport service

The data of subscriptions, customer and points cards are stored in the TCPOS cash register system and can be retrieved in the event of an inspection at the loading counters in Kandersteg, Goppenstein and Brig. 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.5    Misuse

In the case of journeys made without a valid ticket, the data are stored in a separate database as well as in a jointly operated register. Travellers or contracting partners acknowledge that, in the event of the discovery of any misuse or forgery, the TU, associations and third parties who arrange tickets are authorised to make the relevant personal data available to all internal offices affected by misuse and to other TUs, associations and third parties who arrange tickets, so that misuse can be ruled out or confirmed and further misuse can be prevented. Personal data of travellers or contracting partners who have been convicted of criminal offences are also stored in the database. According to the Passenger Transport Act (PBG), different deadlines apply for the processing of the above-mentioned data. The data are deleted as soon as it is established that the person concerned has not caused a loss of revenue and after two years if the person concerned has paid the surcharges and during this time has no longer demonstrably travelled without a valid ticket. The data may be kept for a maximum of ten years if it is needed for the enforcement of claims against that person.

Insofar as the EU GDPR is applicable, Article 20a PBG forms the legal basis for this processing of personal data.

2.6    Credit checks and collection for passengers without a valid ticket

For passengers without a valid ticket, we carry out a credit check. In this context and for the processing of the collection, we commission our service provider Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach and disclose the following personal data:

  • First name/Surname
  • Street/No.
  • Postcode and town

Further information on data protection can be found directly at Intrum under: Privacy Policy Intrum AG

Insofar as the GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data

2.7    Use of our website

When visiting our website, the servers of our hosting provider save each access and save the following data (IP address retained for 90 days; all other data retained for 30 days) and then automatically delete it again:

  • IP address of the requesting computer
  • date and time of access
  • web pages from which the access takes place, where applicable with search word used
  • name and URL of the data retrieved
  • executed search queries (timetable, general search function on the website, products, etc.)
  • the operating system of your computer (provided by the user agent)
  • the browser you have used (provided by the user agent)
  • device type in the event of access via mobile phone
  • transmission protocol used

The collection and processing of this data contributes to system security and stability and error and performance analysis, which enables our hosting provider to optimise our Internet offering. In addition, this enables us to configure our website in accordance with the specific target group, i.e. to provide targeted content or information that may be of interest to you.

The IP address, together with other data, will be evaluated for the purpose of clarification and defence in the event of attacks on the network infrastructure or other prohibited or improper use of the website and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users in question.

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.

We can make no guarantee for compliance with data protection regulations for external web pages that are linked to our website.

2.8    Use of our web store

The following information is collected in our webshops in connection with orders (for guest purchases, with SwissPass login or for new registrations in the Autoverlad Ticket Shop):

  • travellers (surname, first name, date of birth and gender)
  • address (billing address)
  • e-mail address
  • telephone number
  • correspondence language
  • product ordered (item number, validity, class, date of travel, date of purchase, ticket price)
  • reference number/customer number
  • order date
  • means of payment
  • password for access to the webshop points card and the car transport ticket shop 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.9    Use of our apps or other services

BLS Mobile timetable and ticketing app

BLS Mobile App

The BLS Mobile timetable and ticketing app (hereinafter referred to as BLS Mobile) allows users to access real-time timetable information and purchase tickets. The BLS Mobile app serves as the customer interface for timetable enquiries and prepaid ticket purchases. Post-paid purchases are technically processed through the FAIRTIQ ticketing app. Both applications use SwissPass as the identity and authorisation platform. Within the BLS Mobile app, users can digitally store their SwissPass and any payment methods. Customer data is stored by BLS in the customer account, by FAIRTIQ and by SwissPass. 

The BLS Mobile app also enables location-based timetable enquiries (e.g. nearby stops or departure point searches). For this purpose, the location data of the device being used is processed. Such use takes place only with the user's consent, is strictly limited to the intended purpose, and does not involve the permanent storage of movement profiles. 

Further information on the data processed within the app can be found in the privacy settings directly within the BLS Mobile app. The General Terms and Conditions governing the acquisition and use of the BLS Mobile app are available in the BLS Mobile App Terms and Conditions, accessible via this link.

FAIRTIQ 

For the use of the post-paid ticketing function, BLS AG works together with the service provider FAIRTIQ. This function enables users to make their journey using check-in and check-out, with the fare being calculated retrospectively based on the route actually travelled (automatic ticketing and fare determination). The travel data processed include: 

  • Check-in and check-out information (stop, date and time),
  • a device identification number,
  • location data collected during the journey via the mobile phone’s location services (e.g. GPS, Wi-Fi, motion data, beacons),
  • public transport timetable and fare information. 

The processing of these data is carried out exclusively for the purpose of correctly determining the route, the fare zones and the applicable fare. 

Travel data are processed by BLS AG and FAIRTIQ in particular for the following purposes:

  • Calculation of the route actually travelled (route finding and fare zone calculation),
  • determination and billing of the fare within the framework of post-paid ticketing,
  • handling of support requests and complaints,
  • subsequent verification and prevention of misuse,
  • identification of potential savings opportunities based on users’ individual travel behaviour. 

Personally identifiable travel data are retained for a maximum of one year and are then deleted or further used in anonymised form. Anonymised data may be used to generate insights in connection with route finding and route determination, for the further development of the BLS Mobile app, for improving public transport services and fare structures, and for statistical evaluation purposes (without reference to identifiable individuals). Change and deletion logs relating to personal data are retained for two years.

Mobility data generated before or after an actual journey (e.g. walking or cycling segments, provided a check-in remains active during that time) are displayed in FAIRTIQ’s customer service portal for no longer than one month and are deleted completely after two months at the latest. Travel data are generally anonymised after one year. In cases involving outstanding financial claims or misuse, the data are retained for two years, provided that no further misuse has been identified during the preceding two years. Otherwise, the data are retained for up to ten years.

For ticket calculation and reviews relating to possible misuse, FAIRTIQ uses automated decision-making and profiling. The intervention of a natural person may be requested from FAIRTIQ at any time.

If users do not purchase a ticket using the application within a period of one year, FAIRTIQ is entitled to delete the users’ payment method data. In this case, users must repeat the registration of a valid payment method before they can purchase electronic tickets again.

 

When opening a customer account via SwissPass login, the following information is requested:

  • name, first name, date of birth and gender
  • address (billing address)
  • e-mail address
  • mobile phone number
  • means/method of payment
  • consent to the GTCs
  • Information about the smartphone (including device information, device type, operating system and battery status)

 

These data are stored within SwissPass, in the customer account held by BLS AG, and by FAIRTIQ, and are used for the purposes of customer support, billing and subsequent verification. Where users have granted marketing consent, the data may also be used for marketing purposes.
If the BLS Mobile app is deleted, users may request the deletion of their personal data from BLS AG (datenschutz@bls.ch) as well as from FAIRTIQ (via the Account deletion – FAIRTIQ function). To delete data associated with the SwissPass login, users must contact SwissPass via swisspass.ch.

 
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data. 

2.10    Contact via form or e-mail

You have the option of contacting our customer service via a contact form or by e-mail. The following personal data must be entered as a minimum when contacting us via the contact form:

  • form of address, last name, first name
  • e-mail address

We use these and other voluntarily supplied data (in particular the address, telephone number and company) to answer your query in the best possible, personalised manner. Furthermore, we may use the information you provide to our customer service via the contact form or in an e-mail for internal analytical purposes or to improve our services and performance. If customer data are transmitted to customer service via the contact form or by e-mail, artificial intelligence may be used to automatically summarise customer feedback and analyse it in anonymised form. The summary helps customer service improve service quality.

Any voluntary information on how you became aware of our offer will also be used for internal statistical purposes.

If we have further personal data relating to you from previous contact with BLS, you may be contacted for the response or any queries about this. (Example: You send us an e-mail with a question about using BLS Mobil and we will call you back, as telephone contact is better suited for the response). 

Once we have completed your request, we will send you an e-mail with a customer satisfaction survey. You may opt out of being contacted for satisfaction surveys at any time.

Personal data will be automatically deleted after five years unless you contact the customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.11  Contact by telephone

If you contact us by telephone, in addition to personal contact and with your consent, you also have the option of speaking in German with our voice assistant based on artificial intelligence from the Swiss company Spitch, based in Zurich. The voice assistant can help you depending on your request and, if necessary, will ensure that your enquiry is routed to the right place. 

The following personal data is processed when you contact us personally and by the voice assistant: 

  • Title
  • First name and surname
  • Call duration 
  • Telephone number
  • Date and time of call
  • Conversation content
  • Usage data and interaction with the voice assistant
  • Customer satisfaction survey via SMS if you have contacted us using a mobile phone number

In general, personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself.  Calls are recorded and then anonymised and converted to text. After conversion to text, the recorded calls are deleted after one month. In addition, the conversations first converted to text and then anonymised and recorded are analysed and evaluated for the purpose of improving the voice assistant. 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for contract fulfilment form the legal basis for this processing of personal data.

2.12   Communication with chatbot

The BLS Chatbot is your digital assistant. It helps you around the clock in submitting your enquiries and answering your questions.

Depending on the topic, when you use the chatbot, you will be asked for your request, your name, e-mail address and telephone number, as well as other data such as your online ticket or points card. Only collect personal data if the chatbot explicitly asks for it in order to be able to hand over your request to an employee.

The data shared with the chatbot as well as the chat history are stored in the solution of knowhere GmbH, Karolinenstraße 9, 20357 Hamburg for 90 days, after which they are deleted. Further information on data protection can be found directly at knowhere: https://www.moin.ai/ch/datenschutz.

The contact details enable us to reach you in case of queries. Data on the online ticket, the points card and the means of payment used make it possible to find the necessary documents in our systems to help you. If you have requested a handover to a human in the chatbot, personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.

The chatbot will be further developed using the questions you enter. For example, we can develop new answers for the chatbot or improve existing answers.

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.

2.13   Contacting due to social media campaigns

If you use social media, BLS may run advertising campaigns that are visible on your user profile based on your consent to the social media company. You have the option of contacting BLS in the course of these campaigns. If you contact us, we will use the following personal data that we have received from the social media company as part of your consent:

  • form of address, last name, first name
  • e-mail address

We use this data exclusively to send you the information requested when you contacted us.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

2.14   Contact via social media

If you contact us via social media, we collect your user name (nickname) of the relevant social media platform. If you have stored a photo in your profile, this will also be transmitted. If we need further personal data to respond, we will ask you to switch to another channel for further contact, for example by calling us or submitting your enquiry via the contact form. 

Personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored at the social media platform you use as well as in Zendesk.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

2.15   Registration as a customer

As part of the order process, you have the option of registering for a customer account. We collect the following personal data, where mandatory data for opening a customer account is marked with an asterisk (*).

  • E-mail address*
  • Password*
  • Agreement to the GTC* 

We collect this information to provide you with an overview of your orders and the contracts concluded with you in this context. In this respect, it is a matter of data processing for which you have given us your consent. This is the legal basis for data processing.

You can withdraw your consent at any time with effect for the future. If you link your customer account with a SwissPass account, changes to your personal data (for example, changes of address) and the services you have purchased are automatically reconciled and recorded in both accounts. Please also note the following information for data processing in connection with your SwissPass account.

2.16   Creation of a SwissPass customer account

You have the option of creating a customer account at SwissPass. We require the following data from you:

  • first and last name
  • date of birth
  • address (street, postcode, city and country)
  • customer number (if you already have a public transport travelcard)
  • e-mail address and password (login data)

By registering, we enable you to access the numerous online services (webshops and apps) of the public transport companies and associations with the login data (so-called SwissPass login) and to obtain services from them without having to carry out an additional, time-consuming registration in each case. Services that you purchase using the SwissPass login (in particular public transport tickets/travelcards) are recorded in your customer account and in a central database ("NDV database").

These data processing operations are necessary for the performance of the contract for the use of SwissPass and are therefore based on this legal basis. For further information, please refer to the sections on shared responsibility in public transport and on disclosure to third parties in this privacy policy as well as to the privacy policy on swisspass.ch under the link here.

2.17   For the use of our trains and our stations

BLS Ltd. and BLS Fernverkehr AG monitor their trains, its administrative buildings and workshops, Busland AG monitors its buses and BLS Netz AG monitors its stations and ticket offices with video cameras. In addition, BLS Netz AG uses video cameras or so-called thermoportals at the loading stations in Kandersteg and Goppenstein, which can detect overheated vehicles to prevent fires in the tunnel. Video surveillance serves to protect the clientele, the business and the infrastructure. 

BLS also uses webcams at the loading stations in Kandersteg and Goppenstein and Brig and Iselle which provide information on the current traffic situation by means of still images.

An emergency button is also installed on BLS trains and can be activated by passengers. When the emergency button is pressed, a direct voice connection is established with the security service. During the emergency call, the security service is granted access to live images from the video surveillance system covering the affected area of the train. Access to the live surveillance images is granted exclusively for the assessment and management of a specific emergency situation and serves, in particular, to protect the life and physical integrity of passengers and employees, as well as to safeguard rolling stock. The security service does not record or otherwise process the live images beyond viewing them, unless this is necessary to manage a specific incident or is required on the basis of a legal obligation.

The video surveillance records image signals that enable the identification of individuals. The recordings are mainly stored locally in the vehicle, while recordings of the facilities and properties, the webcam recordings and the thermoportals are stored centrally. All recordings are stored for a maximum of 168 hours and then automatically deleted. Recordings are only backed up when incidents have been identified.   

Backed-up recordings containing personal data will, as a rule, be evaluated on the next workday; as an exception for operational or technical reasons, this may take place within two additional workdays. Evaluations take place in the following cases:

  • in the event of security and vandalism incidents on or in the vehicles, in or on trains and on the infrastructure;
  • based on the orders of authorities;
  • upon requests for information from affected persons.
  • The evaluation will be exclusively carried out by the responsible authorised functions within BLS.

Secured recordings are stored in such a way that they are protected from access by unauthorized persons. The recordings shall be destroyed no later than 100 days or six months after recording, unless they are disclosed in accordance with the following provisions.

Recordings will only be disclosed to the following authorities:

  • the prosecuting authorities of the Confederation and cantons;
  • the authorities to whom the companies report or pursue legal claims.

Disclosure will only take place where this is necessary for the proceedings. In the case of disclosure, the recordings shall be retained until the formal conclusion of the legal proceedings.

Insofar as the EU GDPR is applicable, Article 55 of the Passenger Transport Act (PBG) and Article 16b of the Railway Act (EBG) as well as the implementing provisions pursuant to the Public Transport Video Surveillance Ordinance (VüV-ÖV) form the legal basis for this processing of personal data.

2.18   Marketing activities

If you agree, we will use your customer data (name, gender, date of birth, address, customer number, e-mail address), your performance data (in particular data on services purchased, such as subscriptions or single tickets) and your click behaviour on our websites or in e-mails you have received from us. With regard to the evaluation of click behaviour, please also see the section on tracking tools.

We evaluate this data in order to further develop our offers according to demand and to send or display information and offers that are as relevant as possible to you (by e-mail, letter, text message, push messages in the app and via personalised teasers on the web as well as in person at the counter). We only use data that we can clearly assign to you, for example because you have registered or identified yourself on our website with your SwissPass login and purchased a ticket. In addition, we implement methods that predict your future potential purchasing behaviour on the basis of your current purchasing behaviour.

The legal basis for this processing is our legitimate interest. In certain cases, under strict provisions, contact may also be made by the SBB or another company affiliated with the National Direct Service.

You are free to decline attempts made to contact you by SBB (for example in connection with your GA or Half-Fare) or by other public transport companies at any time. In this regard, the following options are at your disposal:

  • Every e-mail you receive from us or other public transport companies contains an unsubscribe link that allows you to unsubscribe from further messages with one click.
  • Provided you have a SwissPass login, you can log in to the user account at Login SwissPass and manage your settings for receiving messages at any time.
  • You can also register or deregister at any counter, by telephone (+41 58 327 31 32) or via datenschutz@bls.ch.

Please also be aware of the information on your right to object with regard to the evaluation of click behaviour in the section on tracking tools.

2.19   Market research

We regularly carry out market research to continuously improve the quality of our services and offers. If you consent, we may use your contact details for customer surveys (for example, online surveys). We may also analyse your personal customer data using technical tools for market research purposes.

In particular, as a member of the BLS Customer Circle, you can give us feedback on ideas for offers, test new services or make suggestions for improvements. To do this, we require certain data from you. You can find out how to register for the Customer Circle and what personal data are processed in the process at BLS-Customer Circle.

Evaluations of BLS market research are carried out exclusively in anonymised form. Participation in BLS market research is voluntary. Conclusions about the identity of the participants are neither possible nor intended. By taking part in surveys, you are consenting to the respective use of data. 

If you do not wish to be invited to such surveys, you have the following options:

  • Every e-mail you receive from us or other public transport companies contains an unsubscribe link that allows you to unsubscribe from further messages with one click.
  • Provided you have a SwissPass login, you can log in to the user account at Login SwissPass and manage your settings for receiving messages at any time.
  • You can also register or deregister at any counter, by telephone (+41 58 327 31 32) or via datenschutz@bls.ch.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

2.20   Competitions and prize draws

If we organise competitions, prize draws and similar events, we will process personal data such as your contact details and information about your participation for the purposes of organising the competitions and prize draws and, where appropriate, for communicating with you in this regard. Further details can be found in the relevant conditions of participation.

2.21  Claims settlement

We collect the following data for the claims handling of accidents with or without personal reference:

  • first and last names
  • address (street, postcode, city and country)
  • phone/mobile number
  • e-mail address
  • number plate
  • insurance company
  • accident log

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

2.22   Assistance for persons with reduced mobility

As part of our assistance for persons with reduced mobility, BLS and other public transport companies process personal data. In order to provide transport services, we collect – in addition to your personal details and contact information – the type of disability, the required aids, and details about your journey. The necessary data are shared with the transport companies involved in the journey within Switzerland or selected service providers – but only to the extent required for the provision of the service. These include, for example, SOS station assistance and taxi services for replacement shuttle transport.

If your journey takes you to another European country, we will transmit the necessary information exclusively to those transport companies that require it to support you. The disclosure of personal data abroad is particularly permissible if it is directly related to the conclusion or execution of a contract. Before any data are transferred abroad, the transport companies and networks ensure that an adequate level of data protection is guaranteed in the recipient country.

2.23   Use of locker systems

Lockers are available at various railway stations for the secure storage of your luggage. Both traditional coin-operated lockers and modern digital lockers are available.

Identification for the use of the selected digital locker is carried out exclusively via the payment provider. Only cookies essential for the operation of the website are used for identification and processing; no additional data are stored.

Further information on usage can be found directly at the respective locations.

3.      Will your data be passed on to third parties?

We will pass on your personal data to third parties in Switzerland and abroad in connection with our contracts, the website, our products and services, our legal obligations or for the protection of our legitimate interests and the other listed purposes. The third parties include the following categories of recipients in particular:

Group companies:

You can find a list of group companies here. Group companies may use the data in accordance with this privacy policy for the same purposes as we do.

Service providers

We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us, or who receive data about you for which they are solely responsible (for example IT providers, mail order companies, service providers in connection with video surveillance, credit checks and debt collection, address management service providers, marketing service providers including providers of tracking tools and advertisements as well as market research service providers, security and guarding companies, banks, insurance companies, debt collection agencies). Our central service providers in the IT and customer management area are Microsoft Ireland Operation Limited and Zendesk, Inc, San Francisco, USA.

Transport companies and associations (public transport sector):

see chapter C

Contracting partners:

Recipients also include contracting partners with whom we cooperate in the following areas and to whom we consequently pass on data about you:

  • If you use offers from SwissPass partners using SwissPass, data about any benefits you may have purchased from us (for example, a GA, Half-Fare or Regional Point-to-point travelcard) may be transmitted to SwissPass partners in order to check whether you can benefit from a specific offer from SwissPass partners (for example, discount for GA holders). In the event of loss, theft, misuse, forgery or card replacement after a service has been purchased, the partner company concerned will be informed. This data processing is necessary for the execution of the contract for the use of SwissPass and is therefore based on this legal basis. You can find more information in the privacy policy at swisspass.ch.
  • Leisure partners in connection with the use of joint offers
  • Service providers or government entities in connection with the arrangement of travel (for example, tour operators, accommodation, shipping companies, airlines and railway companies, booking platforms, government entities in the case of legal or administrative obligation, such as in connection with obtaining entry requirements and obtaining a VISA). If your journey involves foreign providers, the data will also be passed on to the respective foreign providers, who may also be based outside Switzerland, the EU or the European Economic Area (EEA), for example in the USA. Please also note the privacy policies of the respective providers.
    Our central service provider for package tours is the global sales system, or the platform of Travelport Services Limited, Langley/Berkshire, England. You can find more information on data protection here.

Authorities:

We may forward personal data to government departments, courts or other authorities in Switzerland and abroad if we are legally obliged or authorised to do so or if we deem this necessary in the protection of our legitimate interests. The authorities are solely responsible for any processing of the data about you that they receive from us.

Your personal data will not be disclosed to other third parties outside the public transport sector. 

The only exceptions are SwissPass partners (to the extent described below) and companies that have been authorised by the public transport companies, on the basis of a contractual agreement, to provide public transport services. These intermediaries only receive access to your personal data if you wish to obtain a public transport service through them and have given them your consent for access. Even in this case, they will only have access to your data to the extent necessary to determine whether you already have tickets or travel cards for the planned travel period that are relevant to your journey or the service you want from the third party. The legal basis for this data processing is therefore your consent. You can withdraw your consent at any time with effect for the future.

4.      Disclosure abroad

As explained in Clause 3, we also disclose your data to other organisations. These organisations are not exclusively based in Switzerland. Consequently, your data may be processed in both Europe and in a third country, such as the USA. 

If a receiving entity is located in a country without appropriate legal data protection, we contractually require the recipient to adhere to applicable data protection standards (to this end we use the revised standard contractual clauses of the European Commission, which can be viewed here), insofar as the recipient is not already subject to a legally recognised set of regulations for ensuring data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have consented to the disclosure, or if it is a matter of data that you have made generally accessible and to the processing of which you have not objected. 

5.      Data retention and storage locations

We only store your personal data for as long as is required to perform the services that you have requested or to which you have given your consent to the extent that is laid out in this data privacy statement:

  • to perform the services that you have requested or to which you have given your consent to the extent that is laid out in this data privacy statement;
  • to use the tracking services mentioned in this privacy policy within the scope of our legitimate interest.

Contractual data are stored by us for a longer duration, since this is required by legal data retention obligations. Retention obligations that oblige us to retain data are based on accounting regulations and tax law regulations. Provided the data are no longer needed to carry out services for you, any further processing of the data will be terminated. This means that the data may then only be used to comply with our retention obligations.

Database / Purpose

Retention Period / Deletion

Storage locations

Customer data, sales data (travel passes, tickets and other offers), contractual data 
Purpose: Booking, sale and administration of travel services, including experience trips and group travel

Customer master data are deleted after a maximum of 5 years of inactivity. Sales/transaction data are deleted or fully anonymised no later than 2 years after the expiry of validity, unless they must be retained for contractual reasons. In such cases, the data are deleted no later than 10 years after the date of sale.

Switzerland

EU/EEA

FAIRTIQ Ticketing App 
Purpose: Technical processing of the post-paid functionality of the BLS Mobile App

Mobility data generated before or after an actual journey (e.g. walking or cycling routes while a check-in is active) are displayed for a maximum of one month and are permanently deleted after no more than two months. Travel data, payment method data and smartphone information are generally anonymised after 1 year. In the event of outstanding financial claims or cases of misuse, the data are deleted after 2 years, provided that no further misuse has been identified during the preceding two years. Otherwise, the data are deleted upon expiry of the statutory retention period, and in any event no later than after 10 years.

EU

Customer Relationship Management 
Purpose: Marketing and market research

Marketing: Data are stored until marketing consent is withdrawn.

Market research: Survey data are deleted after one year.

EU/EEA

Financial data 
Purpose: Compliance with statutory retention requirements
Data that are subject to statutory retention obligations for accounting purposes pursuant to Article 958f of the Swiss Code of Obligations (CO) and Article 9 of the Ordinance on Commercial Accounting (GeBüV) (business records, accounting documents, invoices and account statements) are deleted after expiry of the applicable statutory retention period.

Switzerland

EU/EEA

Customer contacts 
Purpose: Maintenance of customer data
Completed customer interactions are anonymised or deleted after 2 years without further interaction.

Switzerland

EU/EEA

Travel without a valid or with a partially valid ticket (RogF) 
Purpose: Central registration of persons travelling without a valid ticket; prevention of misuse

Deletion from the SynServ database (controller: PostBus) is carried out in accordance with Article 20a para. 4 of the Passenger Transport Act (PBG):

Data are deleted immediately: 

once it has been established that the person concerned did not cause any loss of revenue;

after two years, provided that the person concerned has paid the RogF surcharge and has demonstrably not travelled without a valid ticket during this period. The data are deleted no later than ten years after collection if they are required for the enforcement of claims against the person concerned.

Switzerland

Inspection database 
Purpose: Ticket inspection and prevention of misuse

SwissPass Card:
When the physical SwissPass card is used as the sole carrier medium, no inspection data are stored.

SwissPass Mobile:
The activation and inspection data of SwissPass Mobile and the SwissPass card are deleted from inspection devices after one day and from the inspection database after thirty days. Where there are indications of misuse, the maximum retention period for activation and inspection data is ninety days.

Electronic tickets:
For the purpose of preventing misuse and implementing measures against misuse and fraudulent refund claims, data relating to electronic tickets are retained for 360 days.

Switzerland

Parking card database – Spiez parking garage 
Purpose: Creation, administration and reimbursement of monthly and annual parking subscriptions

Customer data are deleted after two years if there are no active subscriptions.

Monthly subscriptions are deleted 3 months after their expiry date during database processing. 

Annual subscriptions are deleted 14 months after their expiry date.

Switzerland

EU/EEA

Customer data relating to accidents and damages 
Purpose: Processing of accidents and personal injury claims
Accident data involving personal injury are deleted 20 years after closure of the case. 
Accident data involving property damage are deleted 10 years after closure of the case.
 

Switzerland

EU/EEA

Customer data relating to accidents and damage

Accident data involving personal injury is stored for 20 years and then deleted.

Accident data with property damage is stored for 10 years and then deleted.

Switzerland

EU/EEA

Support access is possible worldwide. Transfers outside the EU/EEA are secured through the use of authorised standard data protection clauses (Standard Contractual Clauses, SCC).

6.      Data security

To protect your personal data that we have stored, we operate suitable technical and organisational security measures against manipulation, partial or total loss and unauthorised access by third parties. Our security measures are subject to continuous improvement in line with technological developments. We also take internal data protection very seriously. Our employees and external service providers commissioned by us are obliged to maintain confidentiality and comply with data protection regulations. We take reasonable precautions to protect your data. However, the transmission of information via the internet and other electronic means is always subject to certain security risks, and we can offer no guarantee for the security of information that is transmitted in this way.

7.      Tracking and Analytics Tools

We use tracking and analytics tools for the purpose of designing and continuously optimising our websites, apps and emails to meet your needs. 

If you consent, we use tracking and analytics tools for the following purposes:

  • Better understanding of your navigation behaviour on our website and in our apps
  • To know whether you read our emails
  • Optimisation of our website and apps
  • To offer better online marketing services

Insofar as the EU GDPR is applicable, your consent and/or our legitimate interest form the legal basis for this processing of personal data. 

We currently use the following tracking and analytics tools:

  • ClickDimensions: ClickDimensions is a marketing automation solution developed specifically for Microsoft Dynamics. ClickDimensions is seamlessly integrated into Microsoft Dynamics 365 CMR. Microsoft Ireland Operations Limited (based in Ireland) is the provider of the service and functions as our order processor. Microsoft Ireland Operations Limited relies on ClickDimensions LLC (based in the USA) as its order processor for this purpose. ClickDimensions enables the analysis, planning, organisation, implementation and control of marketing measures. The primary functionality of ClickDimensions lies in e-mail marketing. By using ClickDimensions, e-mails can be created, sent and tracked. After sending marketing e-mails, information is available in real time that allows conclusions to be drawn about which recipients have visited a website, for example, and what they were interested in. You can find further information here.
  • Tracking with fusedeck
    This website uses the tracking solution “fusedeck” provided by Cptr AG (hereinafter referred to as “Capture Media”). Cptr AG is a Swiss company based in Zurich that measures and analyses the use of this website on our behalf. When using fusedeck, we employ a so-called hybrid tracking approach:
    If cookies are declined (cookieless tracking):
    If you do not consent to the use of analytics cookies in our cookie banner (or if such cookies are generally blocked in your browser), measurement takes place purely on a technical basis and without setting cookies on your device. In this case, interactions and events are recorded in a strictly anonymised manner. Only aggregated technical data (such as browser type, device type and a truncated/anonymised IP address) is processed. Neither you nor your device can be recognised across different pages, and no link can be established to an identified or identifiable individual.
    If consent is given (what do we store with consent?):
    If you provide your consent, fusedeck places cookies (small text files) in your browser. These cookies store a unique pseudonymised identifier (cookie ID) and a timestamp. In addition to the interaction data described above, this allows us to collect information about your entire user journey on our website, repeat visits and session data. This enables us to recognise your browser pseudonymously during subsequent visits and to analyse usage patterns across multiple sessions. The data is not combined with directly identifying information (such as your name).
    We use the data collected through fusedeck to analyse visitor behaviour on our website (e.g. page views, clicks, scrolling behaviour, time spent on pages and interactions/events). These insights are used exclusively to:
    continuously improve the usability of our website;
    tailor our content and services to the needs of users;
    statistically evaluate the performance of our websites and campaigns.

    Further information and opt-out
    Data processing takes place in Switzerland. Further information regarding data protection and your rights as a data subject in connection with fusedeck, including a general opt-out option (the possibility to object to tracking by fusedeck), can be found here.
     

8.      Cookies

Cookies are small files that are stored on your computer or mobile device when you visit or use one of our websites or apps. Some cookies are necessary for the website or app to function, while others extend the range of functions and improve user comfort for you. You can adjust the cookie in the cookie-settings at any time. If you accept certain cookies, you also consent to the transfer of your data to third countries. These third countries may not have a level of data protection comparable to Switzerland. There may be a risk, for example, of your data being collected and processed by local authorities and that your rights as a data subject cannot be enforced. 

We also use cookies to evaluate general user behaviour. The aim is to optimise the digital presences. These are to be made easier to use and the content more intuitive to find.

9.      Use of plug-ins

We link to the following social media platforms on our website:

  • Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, and by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Information on data protection can be found here.
  • X / Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Information on data protection can be found here.
  • Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Information on data protection can be found here.
  • LinkedIn is operated by LinkedIn Ireland Unlimited Company, Dublin. Information on data protection can be found here.
  • TikTok is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). Information about data protection can be found here.
  • YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). Information about data protection can be found here.
  • Curator: On our website, content from our social media presences is displayed in the form of a "social wall". We use the "Curator" for this. The provider of the Curator is Group Pty Ltd, New South Wales, Australia. For the service, data from the aforementioned social media platforms are read and the relevant content displayed and linked on the website. Information on data protection can be found here.
  • Our website uses so-called web fonts to ensure the consistent display of typefaces. These fonts are provided by Google but are hosted locally on our own web server. No connection to Google servers is established in this process. Consequently, no data (such as your IP address) is transmitted to Google. The use of these fonts is in the interest of providing an attractive and consistent presentation of our online services.

We do not use plug-ins on our website. The icons of the respective social media platform are only displayed on our website as a graphic with a link. We therefore do not send any data to the social networks. By clicking on the graphic, you will be redirected to the respective social media platform and the aforementioned terms and conditions of the respective provider(s) apply. 

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data. 

10.     What rights do you have?

With regard to your personal data, you have the following rights:

  • You can request information about your stored personal data.
  • You can request a correction, completion, restriction of use, or deletion of your personal data. The use of data will be restricted rather than deleting the data outright if there are legal obstacles to deletion (for example, legal obligations to retain data).
  • You may request that we provide certain personal data in a commonly used electronic format or transfer it to another controller.
  • If you have set up a customer account, you can delete this or request that it be deleted.
  • You can decline the use of your data for marketing and market research purposes.
  • You can withdraw your consent at any time with effect for the future.
  • In the case of automated, individual decisions, you have the right to express your point of view and request that the decision in question be reviewed by a natural person.

If you wish to exercise the above-mentioned rights against us or one of our group companies, please contact us in writing or send us an e-mail; our contact information can be found in section B. In order for us to rule out any potential misuse, we must identify you (for example, with a copy of your ID, if this is not possible via any other method).

If you wish to request information or deletion of the data stored about you in the entire public transport system, , you can do so by sending a web form to SBB. You can find further details of the information and deletion process within Public Transport Switzerland here

Requests for information from the information system on passengers without a valid ticket in accordance with Article 20a of the Federal Passenger Transport Act (PGB) should be sent to the operator of the system at the following address:

PostBus AG, 'SynServ', Pfingstweidstrasse 60b, CH-8080 Zurich or by e-mail to: synserv@postauto.ch 

If you do not agree with our handling of your rights or data protection, please communicate this to us. In particular, if you are located in the EEA, in the United Kingdom or in Switzerland, you also have the right to complain to the data protection supervisory authority within your country.

You can find a list of the authorities within the EEA here

You can reach the supervisory authority of the United Kingdom here

You can reach the supervisory authority of Switzerland here

11.     Changes to the privacy policy

Changes to this privacy policy may be necessary from time to time. BLS therefore reserves the right to amend this data privacy policy at any time with effect from a future date. The version published on this website is the currently applicable version.

F.     Updates

Last updated July 2026
Newsletter
Download PDF
0 of 0 Media files