Data Privacy Statement
Data Privacy Statement
Data collected from visitors to this website whilst using the Login at www.postbus.ch (“Login”) as well as PostBus apps and PostBus services (hereinafter referred to as “online services”, e.g. microsites, etc.) is processed by PostBus Ltd (hereinafter referred to as “PostBus”, “we” or “us”) in its capacity as both the provider of this website and a service provider. The aforementioned services will be referred to hereinafter as “digital presence”. Further details about PostBus Ltd are available from the About us section of the website.
We regard the protection of your personal data as a very important matter. We therefore treat your personal data with great care and in accordance with the relevant statutory provisions of data protection law and postal legislation.
As a public transport company, we have a legal obligation to implement the so-called Direct Service (DS). We are therefore jointly responsible for individual data processing together with other transport companies and the public transport groups (see section 4 below).
1. Who owns the data collected?
PostBus is the provider of the digital presences and, as owner of the data collected, decides upon their purpose and content. The owner of the data collected is PostBus Ltd, Engehaldestrasse 39, 3030 Bern, Switzerland.
We are jointly responsible for processing data from the Direct Service together with other transport companies and public transport groups (see section 4.2 "What does joint responsibility in public transport mean?").
2. What data do we collect?
In principle, our publicly accessible digital presence can be used without requiring you to disclose any personal data. An exception to this, as is common practice with many websites, is certain data (such as IP addresses and other usage information) which is collected automatically by our web analytics software and then analysed and processed. By using our digital presence, you consent to the collection, use and disclosure of this data in accordance with the terms of this Data Privacy Statement.
2.1 Automatic logging
Our web servers automatically log every visit in a temporary log file. User-specific data (such as the identification data of the browser used, the operating system of the requesting computer, the amount of data transferred, the name of the Internet Service Provider, the date and time of access) and technical data (such as the name and URL of the referring web page, if the website was accessed via a link and, in addition, the search term if the website was accessed via a search engine) are logged and analysed anonymously. First and foremost, this data is needed to enable the use of our content (connection set-up), and is also used for internal, system-related purposes – such as technical administration and system security – and optimising your search experience. As part of this process, so-called cookies may be used (see section 5 below). IP addresses are used for automated security checks, e.g. automatically verified to combat fraud and immediately deleted. Furthermore, IP addresses are used for analytics purposes. In particular, Google Analytics anonymizes the IPs received immediately and only processes the anonymised IP addresses for the analysis (see section 7). We do not use your data for any other purposes, unless you have given your express consent to additional data processing when using certain services, or if we are legally bound to do so.
2.2 Additional data processing
In order to use some of our online services, you must first register for the login with some personal data. When using the services, the data is processed in accordance with a contractual agreement and the associated Subscriber Conditions (SC) or General Terms and Conditions (GTC).
In addition, we process personal data if you decide to send it to us; for example, by filling out an online form or sending us a message via our contact forms. In these cases, we will only ask you to provide the personal data we require to perform the services we offer. The information you provide will be recorded in our IT systems.
3. How do we use your data?
Collecting data helps us to continue developing and improving our digital presence and to optimize our range of services. We use the data collected by automatic logging for the following purposes:
- To enable you to use our digital presence (by establishing a connection).
- For internal management of the website, for example technical administration and maintenance of system security.
- To optimize user friendliness, we collect statistics on user behaviour on our digital presences. The data is analysed during this process (see also section 7).
- To provide the login, online services and contractually-compliant processing of these services.
- To tailor our websites to specific target groups (with targeted content or information on the website that may be of interest to you).
- Mailing and marketing (including the staging of events), provided that you have not objected to the use of your data (if we send you advertising materials as an existing customer, you can object to this at any time and we shall then place you on a blocked list to prevent any further advertising from being sent)
- For market and opinion research as well as media monitoring;
- To provide and continue to develop our offerings, services and websites, apps and other platforms where we are present;
- To prevent fraud and improve the security of the website.
- For other purposes in accordance with the contractual agreement and the associated Subscriber Conditions or General Terms and Conditions.
- To guarantee our operations, in particular our IT, websites, apps and other platforms.
- To prevent and investigate criminal acts and other misconduct (e.g. conducting internal investigations and data analyses to combat fraud).
- To assert legal claims and defend ourselves in connection with legal disputes and official proceedings.
We also use so-called re-targeting or re-marketing methods on our websites. These are online marketing tools. If you visit other third-party websites, you will then be shown product recommendations with targeted pop-up adverts. In order to achieve an optimized result for you in this regard, data is also transmitted to third-party providers who may also be domiciled abroad.
If PostBus services are used, your data is also processed in accordance with the contractual agreement and the Subscriber Conditions (SC) or General Terms and Conditions (GTC).
4. How do we manage data from "Direct Service"?
4.1 Public transport companies manage your data confidentially
Protecting your personal details and your privacy is also important to us when managing data from Direct Service. We guarantee to process this personal data in compliance with the law and in accordance with the applicable data protection provisions.
Public transport companies are setting an example for the confidential handling of your data with the following principles:
You make the decisions about the processing of your personal data.
In accordance with the legal data processing framework, you may refuse or revoke your consent or have your data deleted at any time.
We offer you added value when processing your data.
We use your data solely to provide services and to offer you added value (e.g. tailored offers, information and support). We therefore only use your data for the development, delivery, optimization and evaluation of our services or for maintaining customer relationships.
Your data will not be sold.
Your data will only be disclosed to selected third parties listed in this Data Privacy Statement and solely for the purposes explicitly mentioned. If we commission third parties to process data, they are obliged to comply with our data protection standards.
We ensure the security and protection of your data.
We guarantee the careful management of your data as well as its security and protection. We ensure the necessary organizational and technical precautions for this.
You will find detailed information below on how we manage your data.
4.2. “What does joint responsibility in public transport mean?”
In order for us to be able to provide our public transport service, there is disclosure at the national level within the framework of the National Direct Service (NDS) to a pool of over 240 transport companies (TC) and public transport associations. The individual TCs and associations are listed here (in German): https://www.allianceswisspass.ch/de/Themen/Datenschutz/Uebersicht-Transportunternehmen-und-Verbuende.
Data drawn from the purchasing of services and from contact details are saved in a central database maintained by Swiss Federal Railways as mandated by the NDS and for which we, together with the other companies and associations of the NDS, are responsible (“DS database”).
For services that you purchase using the SwissPass login, the data is then saved in a further central database («SwissPass database») for which we are jointly responsible alongside the TCs and the NDS associations, whereby the database is also maintained by Swiss Federal Railways as mandated by the NDS. To facilitate efficient service provision and collaboration between the participants, the data from the different databases will be combined if necessary. To enable single sign-on (SSO) (one login for all applications which offer the use of your services with the SwissPass login), the aforementioned login, card, customer and service data are also exchanged between the central SwissPass login infrastructure and ourselves as part of the authentication process.
The scope of access to the common database by the individual TCs and associations is regulated and limited by a joint agreement. Disclosure through the central storage and processing by the remaining TCs and associations of the NDS is, in principle, limited to processing contracts, ticket inspection, after-sales services and revenue distribution. Furthermore, the data collected during the purchase of services provided by the NDS (see Product range overview – Alliance SwissPass in German) are also processed for marketing purposes in certain cases.
4.3 Which data are processed in relation to marketing?
Data from the use of services are analysed to further develop and promote public transport services in a needs-oriented manner. If you are contacted for this purpose, this is generally carried out by us. You will only be contacted by other TCs and associations involved in the NDS in exceptional cases and in accordance with strict conditions, and also only if the evaluation of the data suggests that a specific public transport offer could provide added value for you as a customer. Contact by Swiss Federal Railways constitutes an exception to this rule. Swiss Federal Railways is responsible for the marketing mandate for the DS services on behalf of the NDS (e.g. GA Travelcard and Half Fare Travelcard) and may regularly contact you in this capacity.
You can decline to be contacted by us, by Swiss Federal Railways (e.g. in relation to your GA Travelcard or Half Fare Travelcard) and by other public transport companies at any time. To do this, the following options are available:
- Every e-mail that you will receive from us or other public transport companies will contain an unsubscribe link which you can click to unsubscribe from further messages.
- If you have a SwissPass login, you can unsubscribe at www.swisspass.ch and manage your settings in your account at any time with regard to receiving messages.
- You can also subscribe or unsubscribe at any counter or by phone or e-mail (see section 10 “Your rights”).
5.1 What is a cookie?
A cookie is a text file with short data sequences (a sequence of letters and numbers) that by itself cannot perform any operations. This text file is transferred to your browser by the web server when you visit a website. The cookie is stored on your local computer. There are two different types of cookie: temporary cookies and permanent cookies. We use both temporary cookies, which are automatically deleted from your mobile device or computer at the end of the browser session, and permanent cookies, which remain on your computer or mobile device for up to ten years after the browser session. They are automatically disabled after the programmed time.
You can view in your browser’s log at any time to see which cookies are being run.
5.2 How safe is it to enable cookies?
It is safe to enable cookies when visiting our digital presence. When using a third-party computer, however, we recommend deleting cookies and the history in the browser you are using to prevent subsequent users from being able to retrace your surfing behaviour.
5.4 How do we use third-party cookies?
6. Social media
On certain sites we use the Facebook, Twitter, LinkedIn and Xing sharing functions.
This allows you to share individual content. The individual social network’s data protection provisions apply to the processing of this data.
7. Which web analytics services do we use?
Most browsers accept cookies automatically. However, you can instruct your browser not to accept any cookies or to prompt you before accepting a cookie from a website you visit. You can also delete cookies on your computer or mobile device using the corresponding function in your browser.
To enable or disable cookies in your web browser:
Check which web browser you are using and then select the relevant link below. On the page you are taken to, you will find instructions on how to enable or disable cookies in your web browser.
If you choose not to accept our cookies or the cookies and tools of our partner companies, you will not be able to see certain information on our websites and will be unable to use some functions that improve your visit.
9. Will we share your data with anyone else?
In the event that PostBus engages third parties to provide the services, it will be authorized to make the data required for this purpose available to them. These third parties are subject to the same obligations with regard to data protection as PostBus itself.
In addition, data will be disclosed to third parties only within the parameters described in the sections above. Disclosure to other companies within Swiss Post Group is ultimately permitted. We will retain your information for no longer than necessary and will treat it as confidential. This excludes the transmission of personal data to payment collection service providers, governmental institutions and authorities as well as to private persons with a right thereto based on statutory regulations, court orders or regulatory decisions, as well as its transfer to governmental institutions for the purposes of taking legal action or prosecution should our legally protected rights be challenged.
10. Your rights
10.1. Amendment, blocking and deletion / withdrawal of consent
You have the right to request information on the processing of your personal data and can request that it be amended, blocked or deleted.
If you have expressly consented to additional data processing, you may revoke this at any time. Detailed information can be found in the relevant General Terms and Conditions and Subscriber Conditions.
10.2 Contact information
If you have questions, suggestions or concerns in relation to the handling of your data, you are welcome to contact us by post, telephone or e-mail:
K GP MS
Should you wish to contact us by e-mail, please note that e-mails are unencrypted and are therefore susceptible to the security risks typically associated with this method of communication.
11. How secure is your data?
The data we collect and save is treated confidentially and, using appropriate technical and organizational precautions, protected against loss or manipulation as well as against unauthorized access by third parties.
Login information exchanged between your hardware and us is encrypted. We do not accept liability for any unauthorized access or loss of personal data that is beyond our control.
Our digital presence may contain links to other digital solutions which are outside our control and are not covered by this Data Privacy Statement. If you access other digital solutions using the links provided, the operators of these digital solutions may collect information from you which will be used by these operators in accordance with their data privacy statements, which may differ from ours.
12. Amendments to the Data Privacy Statement
Amendments to this Data Privacy Statement may be required from time to time, for example due to the ongoing development of our digital presence or as a result of changes in legislation. PostBus therefore reserves the right to amend the Data Privacy Statement at any time, with effect from a future date. Accordingly, we recommend that you re-read this Data Privacy Statement on a regular basis.
This Data Privacy Statement was last updated on 15 December 2020.