Data privacy statement of BLS Ltd

We are aware that conscientious handling of your personal data are important to you. All data processing is only carried out for specific purposes. This could result from, for example, technical necessity, contractual requirements, legal provisions, prevailing interests, i.e. legitimate reasons, or your express consent. We collect, store and process personal data insofar as this is necessary, for example for the establishment, administration and processing of customer relationships, communication with you, for marketing purposes and to maintain relationships as well as for market research and the further development of services and products.

We may then use your data to automatically assess certain personal characteristics you have for the above purposes ("profiling"). We do this if we want to determine preference data, but also to determine risks of abuse and security, to carry out statistical evaluations or for operational planning purposes. We can also create profiles for the same purposes. This means we can combine behavioural and preference data but also master and contract data and technical data assigned to you to better understand you as a person with your various interests and other characteristics. However, we can also create anonymous mobility profiles for you and – with your consent – personalised mobility profiles. 

In certain situations, to ensure efficiency and the consistency of decision-making processes, it may be necessary for us to automate discretionary decisions that affect you and have legal implications or possibly significant disadvantages ("automated individual decisions", such as automatic order acceptance by our webshop). In this case, we will inform you accordingly and ensure compliance with measures required by the applicable law.

For detailed information on which data are processed for which purposes, please read the following sections.

For contractual reasons or because of legal requirements (e.g., the Travel Act), we require personal data for online orders or the purchase of certain services and products in order to provide our services and process the contractual relationship, for example when purchasing a season ticket, a single ticket or a journey in our travel centres.

We collect the following data when you purchase personalised services – depending on the product or service:

• personal photo
• gender, name, e-mail address of the person purchasing or travelling
• additional details such as postal address, date of birth, family membership
• telephone and/or mobile number
• identification details (identity card/passport information)
• number plates
• bank account/means of payment/method
• Approval of general term and conditions

In order to process the contractual relationship, we also collect data relating to the services purchased by you ("service data"). These include – depending on the product or service – the following information:

• type of product or service purchased
• price
• place, date and time of purchase
• sales channel (internet, vending machine, at the counter, etc.)
• communication data (written correspondence, electronic correspondence)
• details of journeys (type of travel, destinations, date of travel, travel time, flight dates, time of departure, place of departure and destination as well as itinerary, accommodation)
• Other information, if provided (mobility aids, meal requests, pregnancies, information on accompanying children, data on complaints and crisis situations)

To ensure that we can reach you by post, we check your address with a service provider and update it if necessary.

Data that are generated by the purchase of services will be processed by BLS, stored in a central database and processed for additional purposes, which include marketing and market research. 

Moreover, the data are used within the scope of ticket inspection in order to identify the owner of a personalised ticket and to avoid any misuse of said ticket. 

The data will also be used to provide our Après Vente service, to identify and assist you with any concerns or difficulties you may have and to process any compensation claims. 

The data are also used to fairly distribute the revenue generated by the purchase of tickets among the companies and associations of National Direct Transport.

For group travel, we will notify you via text message about your group reservation and any delays or cancellations. You can opt to receive these notifications when you book a group tour.

For cross-border journeys, we will notify you via e-mail or text message about the upcoming journey and any delays or cancellations. You can unsubscribe from these notifications.

Finally, we evaluate your data anonymously in order to be able to further develop the overall public transport system according to demand.

Insofar as the GDPR of the European Union (EU GDPR) is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

Registration of the points card is required to ensure its validity. In order to process the contractual relationship, we collect the following data during registration:

• points card number
• company (optional)
• salutation
• first name/surname
• street/no.
• postcode/city
• country
• e-mail address

In the event of a change of address, the old address will be replaced by the new address. Unregistered points cards will not be refunded and will not be replaced if lost.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

The following then applies in connection with payment:

Debit/credit cards/PostFinance card/Reka card

For payment by credit card, we forward your card details to your card issuer via our payment service provider (acquirer). The transmission takes place exclusively for the purpose of authorisation and transaction processing and in encrypted form. If you choose to make a card payment, you will be asked to enter all mandatory information (payment card type, payment card number, CVC2/CVV2, expiry date, first name, last name). In certain circumstances it may be necessary to authenticate yourself as an authorised cardholder, for example using the 3DSecure procedure.

Wallet solutions (Twint, Apple Pay)

With wallet payment solutions, your card details have been securely stored in the wallet beforehand. If you decide to pay with a wallet solution, you usually do not have to enter any payment card information. Only the data required for authorisation and transaction processing is transferred via the wallet.

Invoice

The payment option Invoice (including payment in installments) is operated by CembraPay AG. The T&C and the Data Privacy Policy of CembraPay AG apply.

Customer and travelcard data are required and processed for the purpose of securing revenue (checking the validity of travel or discount passes, collection, combating abuse). The TUs, associations and third parties who arrange tickets are therefore entitled to process all data (ticket and control data and, where applicable, data worthy of protection in connection with all types of journeys without a valid ticket, such as travellers with a partially valid ticket, travellers with an invalid ticket, or travellers who have forgotten their ticket or discount card and any kind of misuse) relating to the travellers or the contracting parties and to store them for the periods defined by data protection law and to exchange them with other TSPs, associations and third parties who arrange tickets (in the case of international tickets or discount cards, also across borders).

The following provisions apply to individual services or bearer media:

SwissPass card

Where the physical SwissPass card is used as a bearer medium, no control data are stored (exception: see SwissPass Mobile).

Swisspass Mobile

For use of the SwissPass Mobile application, the provisions that apply are those acknowledged during the activation of SwissPass Mobile (see separate data privacy statement). The following data are processed in this regard: registration, activation and control data that accrue through use of Swisspass Mobile. As soon as SwissPass Mobile is used, these data are also collected from the SwissPass Card.

Electronic tickets

When electronic tickets (e-billettes) are used, control data are stored in SBB's central control data server. This data is stored for 360 days for the purpose of combating misuse and for measures to prevent misuse and abusive refunds.

Points card car transport service

Registration of the points card is required to ensure its validity. The customer data are stored in the TCPOS cash register system and can be retrieved in the event of an inspection at the loading counters in Kandersteg, Goppenstein and Brig. 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

In the case of journeys made without a valid ticket, the data are stored in a separate database as well as in a jointly operated register. Travellers or contracting partners acknowledge that, in the event of the discovery of any misuse or forgery, the TU, associations and third parties who arrange tickets are authorised to make the relevant personal data available to all internal offices affected by misuse and to other TUs, associations and third parties who arrange tickets, so that misuse can be ruled out or confirmed and further misuse can be prevented. Personal data of travellers or contracting partners who have been convicted of criminal offences are also stored in the database. According to the Passenger Transport Act (PBG), different deadlines apply for the processing of the above-mentioned data. The data are deleted as soon as it is established that the person concerned has not caused a loss of revenue and after two years if the person concerned has paid the surcharges and during this time has no longer demonstrably travelled without a valid ticket. The data may be kept for a maximum of ten years if it is needed for the enforcement of claims against that person.

Insofar as the EU GDPR is applicable, Article 20a PBG forms the legal basis for this processing of personal data.

For passengers without a valid ticket, we carry out a credit check. In this context and for the processing of the collection, we commission our service provider Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach and disclose the following personal data:

• First name/Surname
• Street/No.
• Postcode and town

Further information on data protection can be found directly at Intrum under: Privacy Policy Intrum AG

Insofar as the GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data

When visiting our website, the servers of our hosting provider temporarily save each access as log data. The following technical data are collected in this context:

• IP address of the requesting computer
• date and time of access
• web pages from which the access takes place, where applicable with search word used
• name and URL of the data retrieved
• executed search queries (timetable, general search function on the website, products, etc.)
• the operating system of your computer (provided by the user agent)
• the browser you have used (provided by the user agent)
• device type in the event of access via mobile phone
• transmission protocol used

The collection and processing of this data contributes to system security and stability and error and performance analysis, which enables our hosting provider to optimise our Internet offering. In addition, this enables us to configure our website in accordance with the specific target group, i.e. to provide targeted content or information that may be of interest to you.

The IP address, together with other data, will be evaluated for the purpose of clarification and defence in the event of attacks on the network infrastructure or other prohibited or improper use of the website and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users in question.

Finally, when you visit our websites, we use cookies in addition to applications and tools that are based on the use of cookies. More detailed information can be found in the sections on cookies, tracking tools, advertising and plug-ins of this privacy policy.

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.

We can make no guarantee for compliance with data protection regulations for external web pages that are linked to our website.

The following information is collected in our webshops in connection with orders (for guest purchases, with SwissPass login or for new registrations in the Autoverlad Ticket Shop):

• travellers (surname, first name, date of birth and gender)
• address (billing address)
• e-mail address
• telephone number
• correspondence language
• product ordered (item number, validity, class, date of travel, date of purchase, ticket price)
• reference number/customer number
• order date
• means of payment
• points card number (webshop points card)
• password for access to the webshop points card and the car transport ticket shop 

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

BLS Mobile timetable and ticketing app

Real-time timetable data can be accessed and tickets purchased via the BLS Mobil timetable and ticketing app (hereinafter referred to as BLS Mobil). The scope of prepaid tickets covers direct transport and various interconnected services, including the BLS area of operation. The range of validity for postpaid tickets includes direct transport and the range of Swiss regional transport. In addition, the SwissPass can be stored digitally in BLS Mobil. 

Travel data and payment data are transmitted to FAIRTIQ, which is used to process the postpaid tickets. The purpose of this data are to correctly bill for the public transport service used and detect any cases of abuse.

When opening a customer account using the SwissPass login, users provide the following information:

• name, first name, date of birth and gender
• address (billing address)
• e-mail address
• mobile phone number
• means/method of payment
• consent to the GTCs

The data will be stored both under SwissPass and in the customer account with BLS AG or FAIRTIQ and will be used for the purposes of customer support, billing and subsequent monitoring, as well as for marketing purposes if the customer grants marketing permission. Users may request BLS AG or FAIRTIQ to delete their personal data if they wish to delete BLS Mobil or no longer wish to use it to purchase tickets. Users must contact SwissPass at swisspass.ch to have their SwissPass login data deleted.

Travel data in the case of postpaid ticketing are route and price information that are determined based on the check-in and check-out information provided (stop, time, device identification number) and the location data collected during the journey via the location services of the mobile phone (based on WLAN, GPS, etc.) as well as based on the timetable options (timetable) by BLS Ltd. or FAIRTIQ. The travel data are used to calculate the journey made using the postpaid ticketing function (route search, zone calculation) and the fare, for support in the event of complaints from users, and for subsequent control and prevention of cases of misuse. The travel data can also be used to show users potential savings based on their travel behaviour.

The travel data will be deleted after one year or only used in anonymised form for gaining knowledge in connection with the route search and route determination (further development of the BLS Mobil app).

The general terms and conditions for the purchase and use of the BLS Mobil app can be found in the BLS Mobil app terms and conditions, which can be viewed here via this link.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

SMS alert

With the SMS alert, we inform you by text message about construction work, line interruptions, disruptions and delays in rail traffic as well as waiting times and cancellations in rail traffic and car transport. 

When you register for the SMS alert, we collect the following personal data, where information that is not mandatory is marked with an asterisk (*):

• mobile number
• name, first name
• street, postcode, city, country*
• e-mail address*
• password

You can unsubscribe independently at any time. Instructions can be found in the BLS Help Centre. For more information, see this link here.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

You have the option of contacting our customer service via a contact form or by e-mail. The following personal data must be entered as a minimum when contacting us via the contact form:

• form of address, last name, first name
• e-mail address

We use these and other voluntarily supplied data (in particular the address, telephone number and company) to answer your query in the best possible, personalised manner. Furthermore, we may use the information you provide to our customer service via the contact form or in an e-mail for internal analytical purposes or to improve our services and performance. Any voluntary information on how you became aware of our offer will also be used for internal statistical purposes.

If we have further personal data relating to you from previous contact with BLS, you may be contacted for the response or any queries about this. (Example: You send us an e-mail with a question about using BLS Mobil and we will call you back, as telephone contact is better suited for the response). 

Once we have completed your request, we will send you an e-mail with a customer satisfaction survey and an e-mail to rate how likely you are to recommend the product or service.

Personal data will be automatically deleted after five years unless you contact the customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

When you contact our customer service by telephone, we record the form of address, first names and surnames if they become known. If we have or require further personal data relating to you from previous contact with BLS, we use this for the purpose of helping you as quickly as possible. (Example: You call us with a question about a ticket purchased in the webshop. With the help of your e-mail address, we can find the transactions and help you further.)

After completing your request, we will send you a text message with a customer satisfaction survey if you contacted us using a mobile phone number.

Personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

The BLS Chatbot is your digital assistant. It helps you around the clock in submitting your enquiries and answering your questions.

Depending on the topic, when you use the chatbot, you will be asked for your request, your name, e-mail address and telephone number, as well as other data such as your online ticket or points card.

The data shared with the chatbot as well as the chat history are stored in the solution of knowhere GmbH, Steinhöft 9, D-20459 Hamburg for 90 days, after which they are deleted. Further information on data protection can be found directly at knowhere at: moin.ai chatbot: Data privacy and GDPR compliance.

The contact details enable us to reach you in case of queries. Data on the online ticket, the points card and the means of payment used make it possible to find the necessary documents in our systems to help you. If you have requested a handover to a human in the chatbot, personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.

The chatbot will be further developed using the questions you enter. For example, we can develop new answers for the chatbot or improve existing answers.

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.

Communication with the BLS Leisure Finder 

The BLS Leisure Finder is an AI-based advisory service that helps you to plan your excursions and generates personalised excursion ideas. The advisory service usually gives individually prepared answers to the user's queries. The answers are to be understood as an offer of information and not as a factual decision.

Personal data is not required to answer queries. For this reason, it is best to avoid entering personal information in queries. This also applies to entering personal data from third parties. Particularly sensitive personal information should never be entered.

Examples of particularly sensitive personal data include (list non-exhaustive):

• Health information
• Genetic data
• Biometric data
• Political opinions
• Religious or philosophical beliefs
• Trade union affiliation
• Sexual orientation
• Criminal records

We would like to point out that the queries will be forwarded to the operator of the chat engine. The Leisure Finder and the operator store and process the queries for the purpose of answering them. As the chat engine is powered by machine learning, the queries are also processed to improve the chat engine. If you have entered personal data in the Trip Planner despite the aforementioned request not to do so, this data will be deleted and not forwarded to the operators of the chat engine.

If you use social media, BLS may run advertising campaigns that are visible on your user profile based on your consent to the social media company. You have the option of contacting BLS in the course of these campaigns. If you contact us, we will use the following personal data that we have received from the social media company as part of your consent:

• form of address, last name, first name
• e-mail address

We use this data exclusively to send you the information requested when you contacted us.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

If you contact us via social media, we collect your user name (nickname) of the relevant social media platform. If you have stored a photo in your profile, this will also be transmitted. If we need further personal data to respond, we will ask you to switch to another channel for further contact, for example by calling us or submitting your enquiry via the contact form. 

Personal data will be deleted after five years unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored at the social media platform you use as well as in Zendesk.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

As part of the order process, you have the option of registering for a customer account. We collect the following personal data, where mandatory data for opening a customer account is marked with an asterisk (*).

• E-mail address*
• Password*
• Agreement to the GTC* 

We collect this information to provide you with an overview of your orders and the contracts concluded with you in this context. In this respect, it is a matter of data processing for which you have given us your consent. This is the legal basis for data processing.

You can withdraw your consent at any time with effect for the future. If you link your customer account with a SwissPass account, changes to your personal data (for example, changes of address) and the services you have purchased are automatically reconciled and recorded in both accounts. Please also note the following information for data processing in connection with your SwissPass account.

You have the option of creating a customer account at SwissPass. We require the following data from you:

• first and last name
• date of birth
• address (street, postcode, city and country)
• customer number (if you already have a public transport travelcard)
• e-mail address and password (login data)

By registering, we enable you to access the numerous online services (webshops and apps) of the public transport companies and associations with the login data (so-called SwissPass login) and to obtain services from them without having to carry out an additional, time-consuming registration in each case. Services that you purchase using the SwissPass login (in particular public transport tickets/travelcards) are recorded in your customer account and in a central database ("NDV database").

These data processing operations are necessary for the performance of the contract for the use of SwissPass and are therefore based on this legal basis. For further information, please refer to the sections on shared responsibility in public transport and on disclosure to third parties in this privacy policy as well as to the privacy policy on swisspass.ch under the link here.

BLS Ltd. and BLS Fernverkehr AG monitor their trains, its administrative buildings and workshops, Busland AG monitors its buses and BLS Netz AG monitors its stations and ticket offices with video cameras. In addition, BLS Netz AG uses video cameras or so-called thermoportals at the loading stations in Kandersteg and Goppenstein, which can detect overheated vehicles to prevent fires in the tunnel. Video surveillance serves to protect the clientele, the business and the infrastructure. 

BLS also uses webcams at the loading stations in Kandersteg and Goppenstein, which provide information on the current traffic situation by means of still images.

The video surveillance records image signals that enable the identification of individuals. The recordings are mainly stored locally in the vehicle, while recordings of the facilities and properties, the webcam recordings and the thermoportals are stored centrally. All recordings are stored for a maximum of ten days and then automatically deleted. Recordings are only backed up when incidents have been identified.  

Backed-up recordings containing personal data will, as a rule, be evaluated on the next workday; as an exception for operational or technical reasons, this may take place within two additional workdays. Evaluations take place in the following cases:

• in the event of security and vandalism incidents on or in the vehicles, in or on trains and on the infrastructure;
• based on the orders of authorities;
• upon requests for information from affected persons.
• The evaluation will be exclusively carried out by the responsible authorised functions within BLS.

Secured recordings are stored in such a way that they are protected from access by unauthorized persons. The recordings shall be destroyed no later than 100 days or six months after recording, unless they are disclosed in accordance with the following provisions.

Recordings will only be disclosed to the following authorities:

• the prosecuting authorities of the Confederation and cantons;
• the authorities to whom the companies report or pursue legal claims.

Disclosure will only take place where this is necessary for the proceedings. In the case of disclosure, the recordings shall be retained until the formal conclusion of the legal proceedings.

Insofar as the EU GDPR is applicable, Article 55 of the Passenger Transport Act (PBG) and Article 16b of the Railway Act (EBG) as well as the implementing provisions pursuant to the Public Transport Video Surveillance Ordinance (VüV-ÖV) form the legal basis for this processing of personal data.

If you agree, we will use your customer data (name, gender, date of birth, address, customer number, e-mail address), your performance data (in particular data on services purchased, such as subscriptions or single tickets) and your click behaviour on our websites or in e-mails you have received from us. With regard to the evaluation of click behaviour, please also see the section on tracking tools.

We evaluate this data in order to further develop our offers according to demand and to send or display information and offers that are as relevant as possible to you (by e-mail, letter, text message, push messages in the app and via personalised teasers on the web as well as in person at the counter). We only use data that we can clearly assign to you, for example because you have registered or identified yourself on our website with your SwissPass login and purchased a ticket. In addition, we implement methods that predict your future potential purchasing behaviour on the basis of your current purchasing behaviour.

The legal basis for this processing is our legitimate interest. In certain cases, under strict provisions, contact may also be made by the SBB or another company affiliated with the National Direct Service.

You are free to decline attempts made to contact you by SBB (for example in connection with your GA or Half-Fare) or by other public transport companies at any time. In this regard, the following options are at your disposal:

• Every e-mail you receive from us or other public transport companies contains an unsubscribe link that allows you to unsubscribe from further messages with one click.
• Provided you have a SwissPass login, you can log in to the user account at Login SwissPass and manage your settings for receiving messages at any time.
• You can also register or deregister at any counter, by telephone (+41 58 327 31 32) or via datenschutz@bls.ch.

Please also be aware of the information on your right to object with regard to the evaluation of click behaviour in the section on tracking tools.

We regularly carry out market research to continuously improve the quality of our services and offers. If you consent, we may use your contact details for customer surveys (for example, online surveys). 

In particular, as a member of the BLS Customer Circle, you can give us feedback on ideas for offers, test new services or make suggestions for improvements. To do this, we require certain data from you. You can find out how to register for the Customer Circle and what personal data are processed in the process at BLS-Customer Circle.

In general, all information provided by you in the context of BLS market research is exclusively evaluated in an anonymised form. Participation in BLS market research is voluntary. Conclusions about the identity of the participants are neither possible nor intended. By taking part in surveys, you are consenting to this use of data in each case.

If you do not wish to be invited to such surveys, you have the following options:

• Every e-mail you receive from us or other public transport companies contains an unsubscribe link that allows you to unsubscribe from further messages with one click.
• Provided you have a SwissPass login, you can log in to the user account at Login SwissPass and manage your settings for receiving messages at any time.
• You can also register or deregister at any counter, by telephone (+41 58 327 31 32) or via datenschutz@bls.ch.

Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.

We collect the following data for the claims handling of accidents with or without personal reference:

• first and last names
• address (street, postcode, city and country)
• phone/mobile number
• e-mail address
• number plate
• insurance company
• accident log

Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the performance of the contract form the legal basis for this processing of personal data.

We will pass on your personal data to third parties in Switzerland and abroad in connection with our contracts, the website, our products and services, our legal obligations or for the protection of our legitimate interests and the other listed purposes. The third parties include the following categories of recipients in particular:

Group companies:

You can find a list of group companies here. Group companies may use the data in accordance with this privacy policy for the same purposes as we do.

Service providers

We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us, or who receive data about you for which they are solely responsible (for example IT providers, mail order companies, service providers in connection with credit checks and debt collection, address management service providers, marketing service providers including providers of tracking tools and advertisements as well as market research service providers, security companies, banks, insurance companies). Our central service providers in the IT and customer management area are Microsoft Ireland Operation Limited and Zendesk, Inc, San Francisco, USA.

Transport companies and associations (public transport sector):

see chapter C

Contracting partners:

Recipients also include contracting partners with whom we cooperate in the following areas and to whom we consequently pass on data about you:

• If you use offers from SwissPass partners using SwissPass, data about any benefits you may have purchased from us (for example, a GA, Half-Fare or Regional Point-to-point travelcard) may be transmitted to SwissPass partners in order to check whether you can benefit from a specific offer from SwissPass partners (for example, discount for GA holders). In the event of loss, theft, misuse, forgery or card replacement after a service has been purchased, the partner company concerned will be informed. This data processing is necessary for the execution of the contract for the use of SwissPass and is therefore based on this legal basis. You can find more information in the privacy policy at swisspass.ch.
• Leisure partners in connection with the use of joint offers
• Service providers or government entities in connection with the arrangement of travel (for example, tour operators, accommodation, shipping companies, airlines and railway companies, booking platforms, government entities in the case of legal or administrative obligation, such as in connection with obtaining entry requirements and obtaining a VISA). If your journey involves foreign providers, the data will also be passed on to the respective foreign providers, who may also be based outside Switzerland, the EU or the European Economic Area (EEA), for example in the USA. Please also note the privacy policies of the respective providers.
  Our central service provider for package tours is the global sales system, or the platform of Travelport Services Limited, Langley/Berkshire, England. You can find more information on data protection here.

Authorities:

We may forward personal data to government departments, courts or other authorities in Switzerland and abroad if we are legally obliged or authorised to do so or if we deem this necessary in the protection of our legitimate interests. The authorities are solely responsible for any processing of the data about you that they receive from us.

Your personal data will not be disclosed to other third parties outside the public transport sector. 

The only exceptions are SwissPass partners (to the extent described below) and companies that have been authorised by the public transport companies, on the basis of a contractual agreement, to provide public transport services. These intermediaries only receive access to your personal data if you wish to obtain a public transport service through them and have given them your consent for access. Even in this case, they will only have access to your data to the extent necessary to determine whether you already have tickets or travel cards for the planned travel period that are relevant to your journey or the service you want from the third party. The legal basis for this data processing is therefore your consent. You can withdraw your consent at any time with effect for the future.

As explained in Clause 3, we also disclose your data to other organisations. These organisations are not exclusively based in Switzerland. Consequently, your data may be processed in both Europe and in a third country, such as the USA. 

If a receiving entity is located in a country without appropriate legal data protection, we contractually require the recipient to adhere to applicable data protection standards (to this end we use the revised standard contractual clauses of the European Commission, which can be viewed here), insofar as the recipient is not already subject to a legally recognised set of regulations for ensuring data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have consented to the disclosure, or if it is a matter of data that you have made generally accessible and to the processing of which you have not objected. 

We only store your personal data for as long as is required:

• to perform the services that you have requested or to which you have given your consent to the extent that is laid out in this data privacy statement;
• to use the tracking services mentioned in this privacy policy within the scope of our legitimate interest.

Contractual data are stored by us for a longer duration, since this is required by legal data retention obligations. Retention obligations that oblige us to retain data are based on accounting regulations and tax law regulations. Provided the data are no longer needed to carry out services for you, any further processing of the data will be terminated. This means that the data may then only be used to comply with our retention obligations.

To protect your personal data that we have stored, we operate suitable technical and organisational security measures against manipulation, partial or total loss and unauthorised access by third parties. Our security measures are subject to continuous improvement in line with technological developments. We also take internal data protection very seriously. Our employees and external service providers commissioned by us are obliged to maintain confidentiality and comply with data protection regulations. We take reasonable precautions to protect your data. However, the transmission of information via the internet and other electronic means is always subject to certain security risks, and we can offer no guarantee for the security of information that is transmitted in this way.

We use web analytics services for the purpose of designing and continuously optimising our website, apps and e-mails to meet needs. 

Insofar as the EU GDPR is applicable, your consent and/or our legitimate interest form the legal basis for this processing of personal data.

Tracking on websites

In connection with our internet pages, pseudonymised usage profiles are created and small text files ("cookies") stored on your computer are used. The information generated by cookies about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed above (see "What data are stored and what they are used for?"), we thereby obtain the following information:

• navigation path that a visitor follows on the website
• time spent on the website or subpage
• subpage from which the website is left
• country, region or city from which access takes place
• end device (type, version, colour depth, resolution, width and height of the browser window)
• returning or new visitors
• browser type/version
• operating system used
• referrer URL (the previously visited site)
• host name of the accessing computer (IP address) 
• time of the server request

The information is used to evaluate the use of the web pages.

Tracking the sending of e-mails

We use the e-mail marketing services of third parties when sending e-mails. Consequently, our e-mails may contain what is known as a web beacon (tracking pixel) or similar technological tools. A web beacon is an invisible graphic the size of a single pixel that is linked to the user ID of the respective e-mail subscriber.

For each newsletter sent, there is information on the address file used, the subject and the number of newsletters sent. In addition, it is possible to see which addresses have yet to receive the newsletter, to which addresses the newsletter was sent, and for which addresses the sending failed. In addition, the opening rate, including information on which addresses have opened the newsletter and which addresses have unsubscribed from the newsletter distribution list, is discerned.

The utilisation of appropriate services enables the evaluation of the information listed above. In addition, click behaviour can also be recorded and evaluated. We use these data for statistical purposes and optimising the content of our messages. This enables us to better align the information and offers in our e-mails to the individual interests of the respective recipients. The web beacon is deleted when you delete the e-mail.

If you would like to prevent the use of the web beacon in our e-mails, please configure your e-mail program in such a way that no HTML is displayed in messages, if this is not already the default setting. You can find example instructions for how to do this here.

We currently use the following tracking and analytics tools:

• Fusedeck tracking: Capture Media AG, Löwenstrasse 3, CH-8001 Zurich is the provider of the Fusedeck tracking solution, which enables detailed interaction measurements of user behaviour. You can find more information on data protection as well as on the rights of data subjects in connection with Fusedeck here.
• Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and functions as the order processor. Google Ireland relies on Google LLC (based in the US) as an order processor (both "Google") for this purpose. Google uses performance cookies to track the behaviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and compiles reports for us on this basis on the use of our website. We have configured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and cannot therefore be traced. We have switched off the "Data sharing" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (in particular website and app usage data, device information and individual IDs) to the USA and other countries. You can find information on the data protection of Google Analytics here.
  Users can prevent the collection of data generated by the cookie and related to the use of the website by the relevant users (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in.
• ClickDimensions: ClickDimensions is a marketing automation solution developed specifically for Microsoft Dynamics. ClickDimensions is seamlessly integrated into Microsoft Dynamics 365 CMR. Microsoft Ireland Operations Limited (based in Ireland) is the provider of the service and functions as our order processor. Microsoft Ireland Operations Limited relies on ClickDimensions LLC (based in the USA) as its order processor for this purpose. ClickDimensions enables the analysis, planning, organisation, implementation and control of marketing measures. The primary functionality of ClickDimensions lies in e-mail marketing. By using ClickDimensions, e-mails can be created, sent and tracked. After sending marketing e-mails, information is available in real time that allows conclusions to be drawn about which recipients have visited a website, for example, and what they were interested in.
  You can find further information here.
• Sitecore Analytics: Sitecore Holding II A/S is a Danish company with subsidiaries and affiliates around the world. We use Sitecore Analytics to assign page views to a user profile and thus to be able to present the website to you individually and to display suitable offers for you. We store the page views per use (session) and evaluate them in order to provide you with suitable and personalised content. The Sitecore Analytics tool identifies you anonymously and remains over multiple sessions. After a SwissPass login, using a contact form or visiting the page of a newsletter article, you can be identified via user data, which means that the information described above is not only available to you across sessions but also across devices. We save the time and the pages visited on our website. In addition, Sitecore Analytics also helps us to analyse the behaviour of website users and to tailor content to user needs. 
  You can find more information here.
• Chatbot: The moinAI chat widget uses to store and recognise user localStorage Keys, which are stored in the web browser when users interact with the chat widget or teaser. You can find more information here.

Cookies are small files that are stored on your computer or mobile device when you visit or use one of our websites or apps. Some cookies are necessary for the website or app to function, while others extend the range of functions and improve user comfort for you. You can adjust the cookie in the cookie-settings at any time. If you accept certain cookies, you also consent to the transfer of your data to third countries. These third countries may not have a level of data protection comparable to Switzerland. There may be a risk, for example, of your data being collected and processed by local authorities and that your rights as a data subject cannot be enforced. 

We also use cookies to evaluate general user behaviour. The aim is to optimise the digital presences. These are to be made easier to use and the content more intuitive to find.

We link to the following social media platforms on our website:

• Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, and by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. Information on data protection can be found here.
• Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Information on data protection can be found here.
• Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Information on data protection can be found here.
• Pinterest is operated by Pinterest Inc, 808 Brennan St, San Francisco, CA 94103, USA ("Pinterest"). Information on data protection can be found here.
• Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Information on data protection can be found here.
• LinkedIn is operated by LinkedIn Ireland Unlimited Company, Dublin. Information on data protection can be found here.
• Curator: On our website, content from our social media presences is displayed in the form of a "social wall". We use the "Curator" for this. The provider of the Curator is Group Pty Ltd, New South Wales, Australia. For the service, data from the aforementioned social media platforms are read and the relevant content displayed and linked on the website. Information on data protection can be found here.
• GoogleFonts: Our website uses so-called web fonts provided by Google for the uniform display of fonts. Your browser loads the required web fonts into the browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font is used by your computer. You can find more information here.

We do not use plug-ins on our website. The icons of the respective social media platform are only displayed on our website as a graphic with a link. We therefore do not send any data to the social networks. By clicking on the graphic, you will be redirected to the respective social media platform and the aforementioned terms and conditions of the respective provider(s) apply. 

Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data. 

• profile data (age, place of residence and gender)
• travel data (place of departure, time of departure, date of departure, day of departure, place of arrival, time of arrival, date of arrival, day of arrival, travel class)
• approximate GPS coordinates
• unique User ID (for the use of advertising frequencies, post click tracking and cookie targeting)
• IP address
• browser and operating system information
• unit manufacturer and unit model

For each ad hoc request, the ad server checks whether there is a suitable campaign and then delivers specific or non-specific advertising, or none at all, at random and depending on the capacity. No historical data are collected, nor are names, phone numbers and e-mail addresses shared. The information listed above is never forwarded to advertisers but is instead used exclusively for the one-time delivery of advertising and is not stored for further use. In the app settings, you can control the display of adverts under "Additional settings". Our legitimate interest forms the legal basis for the data processing described.

With regard to your personal data, you have the following rights:

• You can request information about your stored personal data.
• You can request a correction, completion, restriction of use, or deletion of your personal data. The use of data will be restricted rather than deleting the data outright if there are legal obstacles to deletion (for example, legal obligations to retain data).
• You may request that we provide certain personal data in a commonly used electronic format or transfer it to another controller.
• If you have set up a customer account, you can delete this or request that it be deleted.
• You can decline the use of your data for marketing and market research purposes.
• You can withdraw your consent at any time with effect for the future.
• In the case of automated, individual decisions, you have the right to express your point of view and request that the decision in question be reviewed by a natural person.

If you wish to exercise the above-mentioned rights against us or one of our group companies, please contact us in writing or send us an e-mail; our contact information can be found in section B. In order for us to rule out any potential misuse, we must identify you (for example, with a copy of your ID, if this is not possible via any other method).

If you wish to request information or deletion of the data stored about you in the entire public transport system, , you can do so by sending a web form to SBB. You can find further details of the information and deletion process within Public Transport Switzerland here. 

Requests for information from the information system on passengers without a valid ticket in accordance with Article 20a of the Federal Passenger Transport Act (PGB) should be sent to the operator of the system at the following address:

PostBus AG, 'SynServ', Pfingstweidstrasse 60b, CH-8080 Zurich or by e-mail to: synserv@postauto.ch 

If you do not agree with our handling of your rights or data protection, please communicate this to us. In particular, if you are located in the EEA, in the United Kingdom or in Switzerland, you also have the right to complain to the data protection supervisory authority within your country.

You can find a list of the authorities within the EEA here. 

You can reach the supervisory authority of the United Kingdom here. 

You can reach the supervisory authority of Switzerland here.