Data Privacy

Data privacy statement of BLS Ltd

Table of contents

  A     Scope
B Our customer promise
C The processing of data by BLS
1. Who is responsible for data processing?
2. Why do we collect personal data?
3. What data do we store and what do we use it for?
3.1 When selling our services
3.2 When using the website www.bls.ch:
3.3 When using our apps
3.4 When contacting our Customer Service via a contact form or by email
3.5 When contacting our Customer Service by phone
3.6 When communicating via chatbot
3.7 Contacting us in the context of a BLS social media campaign
3.8 When registering as a customer on BLS websites
  3.9 When creating a SwissPass login/customer account at www.swisspass.ch.
3.10 When using our rolling stock and railway stations
3.11 When contacted by BLS for marketing purposes
3.12 In connection with market research
3.13 When participating in competitions, prize draws and similar events
4. Will your data be shared with third parties?
5. What does "shared responsibility" in public transport mean?
6. Are your data processed by means of automated decision-making?
7. Will your data be disclosed abroad?
8. How long is your data kept for?
9. How are tracking tools used?
10. What are social plug-ins and how are they used?
11. Advertisements on our website and in our apps.
12. Data security
13. What rights do you have in relation to your personal data?
    14.   Changes to this data privacy Statement.

A.      Scope

This data privacy statement of BLS Ltd, Genfergasse 11, 3011 Bern, hereinafter referred to as BLS, applies to the processing of personal data by BLS within the scope of the Swiss Data Protection Act and the European Union’s General Data Protection Regulation (GDPR). Insofar as that BLS Netz AG and BLS long-distance traffic Ltd (both domiciled at Genfergasse 11, 3001 Bern), Busland AG and BLS Immobilien AG (both domiciled at Bucherstrasse 1, 3400 Burgdorf), as well as BLS Schifffahrt AG (Lachenweg 19, 3604 Thun), process data in their capacity as BLS Group companies, the relevant provisions of this data privacy statement also apply.
 
It explains what type of data we collect from you, why we need this data and how you can object to it being processed.

B.     Customer promise

Public transport operators treat customer data confidentially.

BLS is a public transport operator in Switzerland. Public transport operators treat customer data confidentially.
 
As a public transport operator, protecting your personal data and personal privacy is important to us. We guarantee to process your personal data in compliance with the requirements of data protection legislation.
 
Public transport operators show that they take responsibility for the protection and confidential handling of your data by applying the following principles:

 

You decide how your personal data will be processed.

The law says that you can refuse at any time to allow your data to be processed, withdraw your consent to its collection and processing or ask for your data to be deleted. You always have the option to travel anonymously, in other words without your personal data being collected.

 

We offer you added value when we process your data.

Public transport operators use your data exclusively to offer you added value throughout the mobility chain (such as personalised offers and information, support, or compensation for disruptions in service). We will therefore use your data only to help us develop, deliver, optimise and evaluate our services or to improve customer relations.

 

We will not sell your data.

Your data will only be disclosed to the carefully selected third parties listed in this data privacy statement and only for the purposes explicitly identified. We insist that any third parties we ask to process your data comply with our own data privacy standards.

 

We guarantee the security and protection of your data.

Public transport operators guarantee to handle customer data with care and to keep it safe and secure. We have put in place appropriate organisational and technical measures to safeguard your data.
 
Please see below for more detailed information on how we handle your data.

C.      The processing of data by BLS

1.    Who is responsible for data processing?

BLS is responsible for processing your data. As a public transport operator, we are obliged by law to provide what is known as Direct Services (DS). To do this, the transport service providers (TSPs) and their partners (overview available here) and the third parties who sell public transport products share certain data, which they store centrally in databases operated jointly by all the public transport service providers and their partners. We are therefore responsible for processing data jointly with these TSPs and partners. You will find further information on how we process your data in the section "What does shared responsibility mean in public transport?"
 
If you have any questions or suggestions about data privacy, please feel free to get in touch with the following contact person at any time:
 
Either by post to: BLS Ltd, Legal Services/Data privacy, Genfergasse 11, 3001 Bern
 
or by email to: datenschutz@bls.ch

2.    Why do we collect personal data?

We understand how important it is to you that we handle your personal data with care. We only process data for specific purposes. The reasons for processing your data may be, for example, technical, contractual, legal, or there may be overriding interests – that is, legitimate reasons – or you have given us your express consent to do so. We collect, store and process personal data when necessary, for exam-ple, to manage customer relations; to sell our products and provide our services; to process orders, contracts, sales and invoices; to respond to questions and re-quests; to supply information on and to market our products and services; to provide support on technical issues; and to evaluate and improve our products and services. For more detailed information on the data we collect and what we use if for, please read the sections below.

3.    What data do we store and what do we use it for?

3.1    When selling our services

For contractual reasons, when you place an online order or purchase certain products and services, we need your personal information so that we can provide our services and manage our contractual relationship with you. When you buy a season ticket, for example, or one-way ticket.
 
Depending on the product or service, when you purchase personalised services we collect the following data (the mandatory information in the order form is marked with an asterisk (*)):
 
  • Personal photo
  • Gender, name, email address of the purchaser/passenger
  • Other information such as postal address, date of birth
  • Phone number
  • Means/method of payment
  • Consent to our general terms and conditions
 
To help us administer the contractual relationship, we also collect data on the services you have purchased ("service data"). This includes – depending on the product or service – the following information:
 
  • Type of product or service purchased
  • Price
  • Place, date and time of purchase
  • Sales channel (internet, vending machine, ticket counter, etc.)
  • Date of travel or period of validity and time of Departure
  • Place of departure and destination and travel itinerary
 
The legal basis for processing this data is that it is necessary for the performance of the contract.
 
The data generated when services are purchased is processed by BLS and stored in a central database (see the section on shared responsibility in public transport, section 9 below). It is also processed for other purposes, including marketing and market research (please refer to the relevant sections of this data privacy statement for further information). The data is also used for ticket control, to identify the bearer of a personalised ticket, and to prevent misuse. The information is also used to help our after-sales service to identify and assist you with any problems or difficulties you may have and to process any claims for compensation. Lastly, the data is used to distribute the revenue generated by ticket purchases equitably among Direct Service companies and partners.
 
The legal basis for processing this data is our legitimate interest.

3.2    When using the website www.bls.ch:

When you visit our website, our hosting provider's servers temporarily record each access in a log file and collect the following technical information:
 
  • The IP address of your computer
  • The date and time of access
  • The URL of the linking web page with, if applicable, the search term used
  • The name and URL of the files accessed
  • The search queries carried out (timetable, general search on website, products, etc.)
  • Your computer's operating system (provided by the user agent)
  • The browser you are using (provided by the user agent)
  • The type of device, if access is via a mobile phone
  • The communications protocol used
 
This data is collected and processed to assist with system security and stability, for error and performance analysis and for internal statistical purposes, enabling us to optimise the performance of our website. It also helps us to configure our website to better meet the needs of our target group by offering specific content and information that may be of interest to them.
 
The IP address is analysed, along with other data, for investigation and defence purposes in the event of an attack on the network infrastructure or other unauthorised or abusive use of the website. In the event of a criminal investigation into an attack, the information can identify the users involved and can be used to bring civil or criminal proceedings against them.
 
Lastly, when you visit our website we use cookies along with applications and tools that use cookies to function. For more information, please refer to the sections in this data privacy statement on cookies, tracking tools, advertisements and social plug-ins.
 
The legal basis for processing this data is our legitimate interest.
 
We assume no liability for the non-compliance with data protection regulations of any third-party websites linked to our website.

3.3    When using our apps:

"lezzgo" ticketing app

Tickets of transport operators and partners which are active within the scope of the lezzgo app can be booked and charged via the lezzgo ticketing app.
 
The data protection regulations governing the acquisition and use of the lezzgo ticketing app are available in sections 15 to 18 of the GTC for the lezzgo ticketing app, which can be viewed by clicking on this link.

 

The BLS Mobil timetable and ticketing app

Real-time timetable data can be called up and tickets can be purchased via the BLS Mobil timetable and ticketing app (hereinafter referred to as the BLS Mobil app). The area of validity of prepaid tickets includes the Direct Service and various regional transport product ranges including the different fare networks covered by BLS. The area of validity of post-paid tickets includes Direct Service and the Swiss regional transport product range. In addition, the SwissPass can be stored digitally in the BLS Mobil app.
 
The data protection regulations governing the acquisition and use of the BLS Mobil app are available in sections 15 to 18 of the GTC for the BLS Mobil app, which can be viewed by clicking on this link.

3.4 When contacting our Customer Service via a contact form or by email

You have the option of contacting us via a contact form or by emailing our Custom-er Service. When contacting us via a contact form, it is necessary to provide at least the following personal data:
 
  • Title, last name and first name
  • Email address
 
We use this and other freely entered information (in particular your address, telephone number and company) to respond to your contact request personally and efficiently. Furthermore, we can use the information you provide in the contact form or email to Customer Service for internal analytical purposes as part of our efforts to improve our benefits and services. Any additional voluntary information you provide about how you learned about our offer will be used for internal statistical purposes.
 
Our legal basis for processing this data is our legitimate interest or, if you supply your contact details in order to enter into a contract, our legal basis is the implementation of the pre-contractual measures you have requested.

3.5    When contacting our Customer Service by phone

If you contact our Customer Service by phone, your call may be recorded for training purposes and the recording will be kept along with your phone number and the time of the call. If this is the case, you will be informed at the beginning of the call that your call will be recorded.
 
Our legal basis for processing this data is our legitimate interest or, if you supply your contact details in order to enter into a contract, our legal basis is the implementation of the pre-contractual measures you have requested.

3.6    Communication via chatbot

The BLS chatbot is your digital assistant. It helps you around the clock in submitting your enquiries and answering your questions.

Depending on the issue, when you use the chatbot, you will be asked for your re-quest, your name, e-mail address and telephone number as well as further data, e.g. regarding your online ticket or points card.

The data shared with the chatbot as well as the chat history are stored in the solution of knowhere GmbH, Steinhöft 9, D-20459 Hamburg for 90 days, after which they are deleted. Further information on data protection can be found directly at knowhere moin.ai Chatbot: Data privacy and GDPR compliance.

he contact details enable us to reach you in case of queries.
Data on the online ticket and the points card enable us to find the necessary docu-ments in our systems to help you.

The chatbot will be further developed using the questions you enter. For example, we can develop new answers for the chatbot or improve existing answers.

3.7    Contacting us in the context of a BLS social media campaign

If you use social media, your consent granted to the respective social media provider al-lows BLS to run advertising campaigns that appear on your user profile. These campaigns provide the option of contacting BLS. If you subsequently contact us, we will use the following personal data that we receive from the respective social media provider with your consent:
  • Title, last name and first name
  • Email address
We use these data exclusively to provide you with the information you requested by contacting us; the legal basis for these data-processing results is your consent that you granted when contacting us.

3.8    When registering as a customer on BLS websites

When you place an order with us, you have the option of registering for a customer account. For this, we collect the following personal data (when opening a customer account, the mandatory information is marked with an asterisk in each case (*)): The mandatory information may vary depending on the service and must at least contain
 
  • Email address
  • Password
  • Consent to our general terms and conditions
 
We collect this information to help you keep track of your orders and the contracts you have concluded. You have therefore given us your consent to carry out these data processing operations. This is our legal basis for processing your personal data.
 
You can withdraw your consent at any time with future effect (see Section 8). If you link your customer account to a SwissPass account, any changes to your personal data (a change of address, for example) and the details of the services you have purchased are automatically updated and appear in both accounts. Please note also the following information about the processing of your data in connection with your SwissPass account.

3.9    When creating a SwissPass login/customer account at www.swisspass.ch.

You have the opportunity to create a customer account on swisspass.ch. To do this, we need the following information from you:
 
  • Surname and first name
  • Date of birth
  • Address (street, postcode, city and country)
  • Customer number (if you are an existing public transport season ticket hold-er)
  • Email address and password (login data)
 
When you register, we authorise you to access the numerous online services (web shops and apps) of public transport operators and partners using the login data (the “SwissPass login") and to purchase these services without having to repeat the time-consuming registration process. Any services you purchase using your SwissPass login (especially public transport tickets/season tickets) are recorded in your customer account and in a central database (“DS database”).
 
We need to process your data so that we can fulfil the contract on the use of the SwissPass and this is therefore the lawful basis for processing. You will find further information on this topic in the sections in this data privacy statement on shared responsibility in public transport and on sharing data with third parties and in the data privacy statement on swisspass.ch which is available at the following link here.

3.10   When using our rolling stock and railway stations

In accordance with Art. 55 of the Passenger Transport Act (PTA) and Art. 16b of the Railways Act (RailA), as well as the Implementing Provisions of the CCTV Surveillance of Public Transport Ordinance (PT-CCTVO), BLS and BLS long-distance traffic Ltd monitor their trains, Busland AG its buses and BLS Netz AG its railway stations in the form of CCTV surveillance. Furthermore, BLS also uses CCTV surveillance to monitor its administration building and workshops. The CCTV surveillance serves to protect customers, operations and infrastructure.

CCTV surveillance involves recording picture signals which make it possible to identify individuals. The recordings are predominantly stored on-site in vehicles, whereas recordings of facilities and properties are stored in a central location. All recordings are stored for a maximum of 10 days and then automatically deleted. Recordings are only backed up if incidents are detected. Backup orders and backup may only be triggered or carried out by clearly defined business units within BLS.

Backed up recordings containing personal data are generally evaluated on the next working day. By way of exception, it may be carried out within two additional working days for operational or technical reasons. Evaluations are conducted in the following cases:

  • In case of security and vandalism incidents on or in the vehicles, in or on the rolling stock and on infrastructure;
  • based on official decisions;
  • on information requests of data subjects (cf. Chapter 10 below).

The evaluation is only conducted by the competent and authorised business units within BLS.

Backed up recordings are stored in such a way that they are protected against unauthorised access. Recordings will be destroyed no later than 100 days after the date on which they were created, unless they are disclosed in accordance with the following explanations.

Recordings are only disclosed to the following authorities:

  • responsible authorities of the Confederation and cantons;
  • the authorities with whom the companies file a complaint or assert legal claims.

The disclosure only takes place to the extent that this is required for the process. In case of a disclosure, the recordings are stored until such time as the proceedings have been legally completed.


3.11   When contacted by BLS for marketing purposes

Unless you object, we use for marketing purposes your customer data (in particular name, gender, date of birth, address, customer number, email address), your service data (in particular data on services purchased such as season tickets or one-way tickets) and your click behaviour on our website or in emails you have received from us. For information on how we evaluate click behaviour, please also refer to the section on tracking tools.
 
We evaluate this data to help us provide better products and services for our customers and to help us send you or show you (via email, letter, text, push notifica-tions in the app, personalised teasers on the web, and in person at the counter) information and offers that are relevant to you. For this, we use only data that we can explicitly associate with you, for example because you have registered or identified yourself on our website with your SwissPass login and purchased a ticket. We also use methods that predict possible future purchasing behaviour based on your current purchasing behaviour.
 
The legal basis for processing in this instance is our legitimate interest. In certain cases, under strict conditions SBB or another company involved in Direct Service may also contact you. Please read the information in the section "shared responsibility in public transport".
 
You can refuse to accept communications from us, SBB (in connection with your GA or half-fare travelcard, for example) or other public transport operators at any time. The following options are available to you:
 
  • Each email you receive from us or other public transport operators contains an unsubscribe link that you can click to unsubscribe from further messages.
  • If you have a SwissPass login, you can sign in to your user account here https://www.swisspass.ch/oevlogin/login at any time to manage the message settings in your user account.
  • You can also subscribe or unsubscribe at any ticket counter or by phoning 058 327 31 32 or using the contact form.
 
Please also refer to the information in the section on tracking tools on your right to object in connection with the evaluation of click behaviour.

3.12   In connection with market research

To continuously improve the quality of our services and offers, we regularly conduct market research. We may therefore use your contact information to invite you to participate in a survey.
 
In particular, as a member of the BLS Customer Circle, you can give us feedback on ideas for offers, test new services or make suggestions for improvements. To do this, we require certain data from you. You can find out how to register for the Customer Circle and what personal data is processed in the process at BLS Customer Circle - BLS AG.
 
Generally speaking, your details will only ever be evaluated in aggregated and anon-ymised form for the purpose of BLS evaluation. Under certain circumstances, your information about use and mobility behaviour may be used to send or show you even more relevant information and offers in the future. By taking part in such surveys, you declare that you agree with the data use specified.
 
If you do not wish to be invited, you can opt out of receiving invitations using the contact form.
 
The legal basis for processing in this instance is our legitimate interest.

3.13   Participation in competitions, prize draws and similar events

If we organise competitions, prize draws and similar events, we will process personal data such as your contact details and information about your participation for the purpose of organising the competitions and prize draws and, where applicable, for communicating with you in this regard and for advertising purposes. Further details can be found in the relevant conditions of participation.

4.   Will your data be shared with third parties?

We will not sell your data. We will share your personal data only with selected service providers and only to the extent necessary to provide our service. In particular, the following service providers are involved here:

  • IT service providers
  • Issuers of season tickets
  • Delivery companies (such as Swiss Post)
  • Address management service providers to ensure address quality and possibly to enhance additional features like household size, home ownership, age, in-come group, etc.
  • Leisure partners in the context of using joint offers
  • External service providers in Switzerland and abroad in the context of travel agency services (e.g. via BLS Travel Centres)
  • Service providers commissioned to distribute the income from fares among the transport operators involved (in particular for the purpose of calculating the distribution model in accordance with the Swiss law (PBG) governing the carriage of passengers)
  • Our hosting provider (see the section titled "Use of website")
  • The providers mentioned in the sections on tracking tools, social plug-ins and advertisements.

BLS shall be entitled to bring in third parties to render the services and for market research and market processing purposes at home and abroad. If BLS brings in third parties, the customer agrees to customer data being passed on and processed by these third parties if necessary for the cooperation. BLS is obliged to carefully select, instruct and control the service providers.

Please refer to the section "Will your data be disclosed abroad?" for more information on service providers domiciled abroad.

Your data may also be shared if we are legally obliged to do so or if it is necessary to safeguard our rights, in particular to enforce claims arising from our relationship with you.

If you book a cross-border journey, your data will be shared with the foreign companies providing this service. However, the personal data shared will be limited to what is needed to check the validity of the tickets and to prevent misuse.

Our legitimate interest forms the legal basis for processing this data.

Your personal data will not be disclosed to third parties outside the public transport industry. The only exceptions to this are (to the extent described below) SwissPass partners and companies authorised by public transport operators to sell public transport services on the basis of a contractual agreement. These sellers will only be given access to your personal data if you wish to obtain a public transport service through them and you have given them your consent to use your data. Even under these circumstances, they will be able to access your data only for the purpose of determining whether you already have tickets or season tickets for the period during which you intend to travel that are valid for your journey or for the service you have asked the third party to provide.

The legal basis for processing this data is therefore your consent. You can withdraw your consent at any time with future effect (see Section 8 above).

If you use your SwissPass to obtain services from a SwissPass partner (see overview here), personal data on any services you have purchased from us (such as a GA travelcard, half-fare travelcard or season ticket) may be shared with our SwissPass partners in order to ascertain whether you could benefit from a specific offer from the SwissPass partner (such as a discount for GA card holders). If your ticket is lost, stolen, misused, falsified or replaced after a service has been purchased, the partner concerned will be informed. We need to process your data so that we can fulfil the contract on the use of the SwissPass and this is therefore the lawful basis for processing. You will find further information on this in the data privacy statement on swisspass.ch (see here) and in the data privacy statement of the SwissPass partner concerned.

5.    What does "shared responsibility in public transport mean"?

BLS is responsible for processing your data. As a public transport operator, we have a legal obligation to collaborate with other transport operators and partners in the provision of certain passenger transport services ("Direct Service").

For this purpose, and for other purposes described in this data privacy statement, we share data at national level within the "National Direct Service" (NDS), an association of over 240 transport operators and public transport partner companies. The individual TSPs and partners are listed here. Data acquired from customers who purchase services or supply contact details are stored in a central database which is managed by SBB on behalf of NDS and for which we are jointly responsible with the other NDS companies and partners (the DS database).

When services are purchased by customers using the SwissPass login, the data is stored in another central database (the SwissPass database) which is managed by SBB on behalf of NDS and for which we are jointly responsible with the TSP and the NDS community. Data used in conjunction with the acquisition of BLS-specific services (e.g. leisure activities). These are only stored in BLS’s customer database.

To improve service efficiency and streamline the working relationship between the companies involved, data from the different databases may be merged in the SwissPass database. To enable single sign-on (SSO) (a system that enables SwissPass users to access multiple services with just one login), we share login, card, customer and service data with the central SwissPass login infrastructure during the authentication process.

Access by individual TUs and partners to the shared databases is regulated and limited by a contractual agreement. The sharing and processing by the other TSPs and NDS partners who use the central database is normally limited to contract processing, ticket control, after-sales service, the Customer information and revenue distribution. Data collected during purchase transactions for NDS services (cf. product overview here) is also used for marketing purposes in certain cases. These include analysing the data to improve and promote public transport services in line with customer needs. If you are contacted for this purpose, it will normally be by us at BLS. The other TSPs and partner companies associated with NDS will contact you only in exceptional circumstances and under strict conditions, and only if an analysis of the data shows that a particular public transport service would be beneficial for you as a customer. Contact by SBB is the one exception to this rule. SBB handles the marketing of NDS services (such as GA and half-fare travelcards) on behalf of NDS and may contact you at regular intervals in connection with these services.

Our legitimate interest forms the legal basis for processing this data.


6.    Are your data processed by means of automated decision-making?

You will be informed if we process your data by means of automated decision-making. Under certain conditions, you have the right to demand to be excluded from automated decision-making. You will be informed if these conditions are not met.


7.    Will your data be disclosed abroad?

In principle, your data will be stored in databases within Switzerland. However, in some cases listed in this data privacy statement, the data will also be passed on to third parties based in the EU. The EU countries have an adequate level of data protection compared to Switzerland.

8.    How long is your data kept for?

We store personal data for only as long as we need it
 
  • to provide the services described in this data privacy statement that you have requested or for which you have given your consent;
  • to use the tracking services described in this data privacy statement within the scope of our legitimate interest.
 
We retain contractual data for a longer period as this is required of us by our legal retention obligations. Retention obligations which oblige us to retain data arise from accounting regulations and tax legislation. Insofar as we no longer require said data to perform services for you, access to said data will be blocked. This means that the data may then only be used to fulfil our storage obligations.

9.   How are tracking tools used?

The following tracking tools are used on our websites:

  • Google Analytics
  • Fusedeck
  • ClickDimensions
  • Sitecore Analytics 

We use the web analysis services of Google Analytics, ClickDimensions, Hotjar and Sitecore Analytics to help us configure and continuously optimise our website, apps and emails according to need. Our legitimate interest forms the legal basis for the data processing described below.

• Website tracking:

When you visit our website, we create a pseudonymised user profile and save small text files ("cookies") on your computer (see Section 12 below "What are cookies and when are they used?"). The information generated by these cookies about how you use our website is sent to the servers of the companies who provide these services, where it is stored and processed for us. In addition to the data listed above (see Section 3.2 ("What data is processed when you use our website?"), through this we obtain the following information:

  • The visitor's navigation path through the website
  • The time spent on the website or subpage
  • The subpage from which the visitor leaves the website
  • The user's access location (country, region or city)
  • The accessing device (type, version, colour depth, resolution, width and height of the browser window)
  • Whether the visitor is a returning or new Visitor
  • The browser type/version
  • The operating system used
  • The referrer URL (the previously visited website)
  • The hostname of the accessing computer (IP address) and
  • The time of the server request

This information is used to evaluate how our website is being used.

  • Tracking when sending emails:

When sending emails, we make use of email marketing services provided by third parties. Our emails may therefore contain a web beacon (tracking pixel) or similar technology. A web beacon is an invisible 1x1-pixel image that is as-sociated with the user ID of the particular email subscriber.

For each newsletter/mailing we send, we have information on the address file used, the content, the email subject and the number of newsletters sent. In addition, we can see which addresses have not yet received the email, which addresses it has been sent to, and the addresses to which delivery was unsuccessful. We can also see the open rate, including information on which addresses have opened the mailing and which addresses have unsubscribed from the distribution list.

We make use of specialist services to enable us to evaluate the above information. These also allow us to also record and evaluate click behaviour. We use this data for statistical purposes and to optimise the content of our messages. This allows us to tailor our email content and our offers so that they are more likely to be of interest to the recipients. The pixel image is deleted when you delete the email.

If you wish to prevent the use of web beacons in our emails, please set your email program to disable display of messages in HTML format, if this is not already the default setting. You will find instructions on how to do so here, for example.

Below is more information about our tracking tools:

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA and Google Ireland Limited, Gordon House Barrow St, Dublin 4, Ireland. To enable it to analyse website usage, Google Analytics uses technologies such as cookies (see Section 12 below, "What are cookies and when are they used?"). The information generated by a cookie about your use of this website, as explained above, is sent to servers in the United States belonging to Google, a company of the holding company Alphabet Inc., and stored there. Because IP anonymisation has been activated on our website, your IP address will be truncated by Google if you reside in a member state of the European Union, or any country party to the Agreement on the European Economic Area, or Switzerland. Google will not associate the anonymised IP address supplied by your browser to Google Analytics with any other data held by Google. Only in exceptional cases will the full IP address be sent to Google servers in the USA to be shortened. In these cases, Google offers a contractual guarantee that it will maintain an adequate level of privacy protection.

This information is used to monitor traffic on our website, compile reports on how visitors use our website and provide additional services in connection with the use of the website and the internet for purposes of market research and improving our website. The information may also be shared with third parties if this is required by law or if the third parties are processing the data on our behalf. According to Google, the user's IP address will never be associated with other data relating to the user.

Users can prevent Google from using cookies to collect and process data relating to their use of our website (including their IP address) by downloading and installing the browser plug-in here.

Fusedeck

The tracking solution fusedeck of Capture Media AG (hereinafter «Capture Media») is integrated on this website. Capture Media is a Swiss company based in Zurich that measures the use of this website on behalf of engagements and events. The tracking is anonymous, so that no reference to specific or identifiable persons can be made.

Further information on data protection as well as on the rights of data subjects in connection with fusedeck, including the possibility to «opt-out» (object), can be found in the data protection declaration and objection policy.

ClickDimensions

ClickDimensions is a service integrated in Microsoft Dynamics 365 CRM and the data are processed in the EU. . Among other things, it enables professional e-mail marketing and automated campaigns. ClickDimensions enables the analysis, planning, organisation, conduction and monitoring of marketing measures. The main function of ClickDimensions is email marketing. Emails can be created, sent and traced via ClickDimensions. Performance statistics flow back into Microsoft Dynamics 365 during this process. After a marketing email is sent, real-time information is available which allows conclusions to be drawn as to which recipients visited a website and what interested them, for example.

Sitecore Analytics 

We use the Tracking Tool and associated Sitecore Analytics cookie primarily for the purpose of linking page hits to specific user profiles. It is also used so that we can individually adapt the presentation of the website for you and provide you with per-sonalised advertising. We store the page hits per session and evaluate these in order to offer you appropriate and personalised content. The Sitecore Analytics Cookie identifies you anonymously and remains in place over several sessions. Following a SwissPass login, use of a contact form or a visit to a newsletter page, you can be identified via user data so that the above-described information is available not only across multiple sessions but also multiple devices. We store the date and time as well as the pages accessed on our website. In addition, the cookie also helps us to analyse the behaviour of website users and adjust content to the needs of users. The data are processed in Switzerland or the EU.

10.   What are cookies and when are they used?

We make use of cookies in specific circumstances. Cookies are small files that are placed on your computer or mobile device when you visit or use one of our websites. Cookies store certain settings in your browser and information about how you use our website via your browser. When a cookie is activated, it is assigned an identification number that identifies your browser and allows it to use the information contained in the cookie.

We use cookies to evaluate general user behaviour and  thereby optimise their experience on our website. We want to make our website as user-friendly as possible, with content that can be found more intuitively. Our aim is to improve its structure and make it easier to navigate. We believe it is important to have a user-friendly website that meets our users' needs. The information we obtain from cookies enables us to optimise the performance of our website by providing you with more targeted and more personalised content and information.

Disabling cookies may mean that you cannot use all of our website’s functions. The legal basis for processing this data is our legitimate interest.


We use cookies to evaluate general user behaviour and  thereby optimise their experience on our website. We want to make our website as user-friendly as possible, with content that can be found more intuitively. Our aim is to improve its structure and make it easier to navigate. We believe it is important to have a user-friendly website that meets our users' needs. The information we obtain from cookies enables us to optimise the performance of our website by providing you with more targeted and more personalised content and information.
 
Disabling cookies may mean that you cannot use all of our website’s functions. The legal basis for processing this data is our legitimate interest.

11.   Social plug-ins

Integrating social plug-ins enables website operators to use certain services of social networks like Facebook, Twitter, etc. on their own websites. With the help of the Facebook’s Like button, for example, website visitors can share the website on their Facebook profile with a single click of the mouse. The website operators hope that this will quickly lead to higher visitor numbers for their site. The integration is also used to receive detailed statistical information about website users.

Social plug-ins are disabled on our websites.

12.   Advertisements on our website and in our apps

We do not use third parties (ad servers) to place and use personalised advertisements on our website and in our apps.

13.   Data security

We use appropriate technical and organisational security measures to protect your personal data stored by us from manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continually improved to keep pace with technological developments. We also take internal data protection very seriously. Our staff and external service providers are themselves required to observe secrecy and to comply with data protection regulations. We take all necessary steps to ensure the safekeeping of your data. Sending information via the internet and other electronic means, however, always involves a degree of risk and we cannot guarantee the security of sent information in this way.

14.   What rights do you have over your personal data?

You have the following rights over your personal data:
 
  • You can request information about your stored personal data.
  • You can request that your personal data be corrected, supplemented, blocked or deleted. Your data will be blocked rather than deleted if there are legal obstacles to its deletion (e.g. legal storage obligations).
  • If you have set up a customer account, you can delete the account or ask for it to be deleted.
  • You can object to the use of your data for marketing purposes.
  • You can withdraw your consent at any time with future effect
  • You can ask for your data to be transferred to a third party.
To exercise your rights, you need only inform us by post to:
 
BLS Ltd, Legal Services/Data privacy, Genfergasse 11, 3001 Bern
or by email to: datenschutz@bls.ch
 
You also have the right to complain to a data protection authority at any time.

Requests for information from the information system on passengers without a valid ticket in accordance with Art. 20a of the Swiss Federal Law on Passenger Transport (Bundesgesetzes über die Personenbeförderung, PGB) should be sent to the operator of the system at the following address:

PostAuto AG, 'SynServ', Pfingstweidstrasse 60b, CH-8080 Zurich
or via e-mail to: synserv@postauto.ch

15.   Changes to the data privacy statement

Amendments to this data privacy statement may be required from time to time, for example due to the further development of our digital presence, new offers or changes in legislation. BLS reserves the right to amend the data privacy statement at any time with future effect. We therefore recommend that you read this data privacy statement on a regular basis.

 

 

Last amended in July 2021

Newsletter
Download PDF
0 of 0 Media files