Data protection and disclaimer

Anchor Navigation

Privacy Policy

The data collected from visitors to this website, from the use of PostBus apps (e.g. PubliCar App) and from the use of services offered by PostBus (hereinafter referred to as online services [e.g. microsites, etc.]) is processed by PostBus Ltd in its capacity as both provider of this website and a service provider. The above-mentioned services will be referred to hereinafter as “digital presence”. Further details about PostBus Ltd are available in the About us section of the website.

Protection of your personal data is of great importance to us. We therefore handle your personal data with great care and in accordance with the relevant statutory provisions set out in data protection law and the Passenger Transport Act (especially Art. 54 PTA) and the relevant ordinances.

In this Privacy Policy, we provide you with information about our data processing methods. We explain which data is processed by us whenever you access this website and other digital presences.

As a public transport company, we are legally obliged to provide transport services in conjunction with other transport companies and public transport associations (NDS – National Direct Service). In order to facilitate this on your behalf, data that is acquired from contact with you or from services you have purchased will be shared within the NDS (see section 4), and we are jointly responsible for its processing in cooperation with the other transport companies and public transport associations.

1. Who owns the data that is collected?

PostBus is the provider of the digital presences and, as owner of the data that is collected, decides upon its purpose and content. PostBus Ltd, Engehaldestrasse 39, 3030 Bern, Switzerland is responsible for protection of the data in question.

We are jointly responsible for processing data acquired from the Direct Service in cooperation with other transport companies and public transport associations (see section 4.2).

2. What data do we collect?

In principle, our publicly accessible digital presence can be used without requiring you to disclose any personal data. An exception to this, as is common practice with many websites, is certain data (such as IP addresses and other usage information) that is collected automatically by our web analytics software and then analysed and processed. By using our digital presence, you consent to the collection, use and disclosure of this data in accordance with the terms of this Privacy Policy. It is also possible to modify the data processing settings that relate to cookies via our cookie wall (section 8).

2.1 Automatic logging

Our web servers automatically log every visit in a temporary log file. User-specific data (such as the identification data of the browser used, the operating system of the computer used) and technical data (such as the name and URL of the referring website if the website was accessed via a link and, in addition, the search term if the website was accessed via a search engine) are logged and analysed anonymously. First and foremost, this data is needed to enable the use of our content (connection set-up), for internal, system-related purposes – such as technical administration and system security – and to optimize your surfing experience. As part of this process, cookies may be used (see section 5 below). IP addresses are automatically verified for automated security checks, e.g. for fraud prevention, and immediately deleted. Furthermore, IP addresses are used for analytics and marketing purposes. In particular, Google Analytics anonymizes the IPs received immediately and processes only the anonymized IP addresses for the analysis (see section 7).

2.2 Additional data processing

When using the services, data is processed in accordance with a contractual agreement and the associated Subscriber Conditions (SC) or General Terms and Conditions (GTC).

In addition, we process personal data if you decide to send it to us; for example, by filling out an online form or sending us a message via our contact forms. In these cases, we will ask you to provide only the personal data we require to perform the services we offer. The information you provide will be recorded in our IT systems.

If you register for PostBus WiFi using your mobile phone number, the MAC address of your device will be recorded. Due to the WiFi service, PostBus is deemed to be a telecommunications service provider and is therefore also registered with the Federal Office of Communications. PostBus is therefore obliged to comply with the legal provisions of the Federal Act of 18 March 2016 on the Surveillance of Post and Telecommunications and the associated ordinance.

3. How do we use your data?

Collecting data helps us to continue developing and improving our digital presence and to optimize our range of services. We use the data collected by automatic logging for the following purposes:

  • To enable you to use our digital presence (by establishing a connection).
  • For internal management of the website, e.g. technical administration and maintenance of system security.
  • To optimize user-friendliness, we collect statistics regarding user behaviour on our digital presences. This data is analysed (see also section 7).
  • To tailor our websites to specific target groups (with targeted content or information on the website that may be of interest to you).
  • Promotional mailing and marketing (including the staging of events), provided that you have not objected to the use of your data (if we send you advertising materials as an existing customer, you can object to this at any time and we will then place you on a block list to prevent any further advertising from being sent).
  • For market and opinion research and media monitoring.
  • To provide and continue developing our offerings, services, websites, apps (e.g. PubliCar App) and other platforms where we are present.
  • Online marketing (advertising).
  • To prevent fraud and improve the security of the website.
  • For other purposes in accordance with the contractual agreement and the associated Subscriber Conditions or General Terms and Conditions.
  • To guarantee our operations, in particular our IT, websites, apps (e.g. PubliCar App) and other platforms.
  • To prevent and investigate criminal acts and other misconduct (e.g. conducting internal investigations and data analyses to combat fraud).
  • To assert legal claims and defend ourselves in connection with legal disputes and official proceedings.

We also use re-targeting or re-marketing methods on our websites. These are online marketing tools. If you visit other third-party websites, you will be shown product recommendations with targeted pop-up adverts. In order to achieve an optimized result for you in this regard, data is also transmitted to third-party providers who may be domiciled abroad.

If PostBus services are used, your data is additionally processed in accordance with the contractual agreement and the Subscriber Conditions or General Terms and Conditions.

4. How do we handle data from the “National Direct Service” (NDS)?

4.1 Public transport companies handle your data confidentially

Protecting your personal details and your privacy is also important to us when managing data from Direct Service. We guarantee to process this personal data in compliance with the law and in accordance with the applicable data protection provisions.

Public transport companies are setting an example for the confidential handling of your data with the following principles:

You make the decisions about the processing of your personal data.

In accordance with the legal data processing framework, you may refuse or revoke your consent or have your data deleted at any time.

We offer you added value when processing your data.

We use your data solely to provide services and to offer you added value (e.g. tailored offers, information and support). We therefore use your data only for the development, delivery, optimization and evaluation of our services or for maintaining customer relationships.

Your data will not be sold.

Your data will be disclosed to selected third parties solely for the purposes explicitly mentioned. If we commission third parties to process data, they are obliged to comply with our data protection standards (for further details, see section 9).

We ensure the security and protection of your data.

We guarantee careful handling of your data, as well as its security and protection. We ensure the necessary organizational and technical precautions for this.

You will find detailed information below on how we handle your data.

4.2. What does joint responsibility in the public transport sector mean?

In order for us to be able to provide our public transport mandate, information is disclosed at national level within the National Direct Service (NDS), a federation of more than 240 transport companies (TCs) and associations operating in the public transport sector. The individual TCs and associations are listed here (in German): not accessible.

Data drawn from the purchasing of services and from contact details is saved in a central database maintained by Swiss Federal Railways as mandated by the NDS and for which we, together with the other companies and associations of the NDS, are responsible (“DS database”).

For services that you purchase using the SwissPass login, the data is then saved in a further central database (“SwissPass database”) for which we are jointly responsible alongside the TCs and the NDS associations, whereby the database is also maintained by Swiss Federal Railways as mandated by the NDS. To facilitate efficient service provision and collaboration between the participants, the data from the different databases will be combined if necessary. To enable single sign-on (SSO) (one login for all applications which offer the use of your services with the SwissPass login), the aforementioned login, card, customer and service data are also exchanged between the central SwissPass login infrastructure and ourselves as part of the authentication process.

The scope of access to the common database by the individual TCs and associations is regulated and limited by a joint agreement. Disclosure through the central storage and processing by the remaining TCs and associations of the NDS is, in principle, limited to processing contracts, ticket inspection, after-sales services and revenue distribution. Furthermore, the data collected during the purchase of services provided by the NDS (see Product range overview – Alliance SwissPass) is also processed for marketing purposes in certain cases.

4.3 Which data is processed in relation to marketing?

Data from the use of services is analysed in order to develop and promote public transport services in a needs-oriented manner. If you are contacted for this purpose, the communication is generally carried out by us. You will be contacted by other TCs and associations involved in the NDS only in exceptional cases and in accordance with strict conditions and also only if the evaluation of the data suggests that a specific public transport offer could provide added value for you as a customer. Contact by Swiss Federal Railways constitutes an exception to this rule. Swiss Federal Railways is responsible for the marketing mandate for the DS services on behalf of the NDS (e.g. GA Travelcard and Half Fare Travelcard) and may regularly contact you in this capacity.

You can decline to be contacted by us, by Swiss Federal Railways (e.g. in relation to your GA Travelcard or Half Fare Travelcard) and by other public transport companies at any time. To do so, the following options are available:

  • Every e-mail that you will receive from us or other public transport companies will contain an unsubscribe link that you can click to unsubscribe from further messages.
  • If you have a SwissPass login, you can unsubscribe at and manage your settings for receiving messages in your account at any time.
  • You can also subscribe or unsubscribe at any counter or by phone or e-mail (see section 10 “Your rights”).

5. How do we use cookies? 

5.1 What is a cookie?

A cookie is a text file with short data sequences (a sequence of letters and numbers) that by itself cannot perform any operations. This text file is transferred to your browser by the web server when you visit a website. The cookie is stored on your local computer. There are two different types of cookie: temporary cookies and permanent cookies. We use both temporary cookies, which are automatically deleted from your mobile device or computer at the end of the browser session, and permanent cookies, which remain on your computer or mobile device for up to ten years after the browser session. They are automatically disabled after the programmed time.

You can check your browser’s log at any time to see which cookies are being run.

5.2 How safe is it to enable cookies?

It is safe to enable cookies when visiting our digital presence. When using a third-party computer, however, we recommend not accepting cookies and deleting your browser history to prevent subsequent users from being able to see your surfing behaviour.

5.3 How do we use cookies?

We use cookies to carry out an analysis of general user behaviour. Our goal is to optimize our digital presence, in order to make it easier to use, to make finding content more intuitive and to ensure that can be laid out and structured more clearly. We are keen to make our digital presence user friendly in accordance with your requirements. This allows us to optimize our websites with targeted content or information that may be of interest to you (e.g. geolocated).

5.4 How do we use third-party cookies?

We use selected cookies from third-party providers (known as third-party cookies). These cookies are intended to optimize the user experience, to display personalized advertisingTarget not accessible (Google Ad Manager) or to prevent fraud. We draw attention to our use of cookies via a cookie banner. You have the ability to prevent the use of cookies at any time via the cookie settings in your browser (see section 8 below).

6. Social media

On certain sites we use the Facebook, Twitter, LinkedIn and XING sharing functions.

This allows you to share individual content. The individual social network’s data protection provisions apply to the processing of this data.

7. What web analytics services do we use?

We use various web analytics services. The web analytics services use cookies (see section 5.1) that evaluate the use of the digital presence in order to obtain information and improve our services and in order to provide a statistical evaluation of our visitor traffic. The services used for this purpose can be seen in the cookie banner. The information generated in this way may be transmitted to a server abroad and stored there. You can prevent cookies from being stored by modifying the settings in your browser software and the cookie banner accordingly (see section 8). Data collection and storage can be withdrawn at any time with future effect.

8. How do I prevent the use of cookies and web analytics tools?

The use of cookies can be managed via the cookie banner. Functionally necessary cookies are required from a technical perspective for the display of our digital presence and cannot be deselected via the cookie banner. Most browsers accept cookies automatically. However, you can instruct your browser not to accept any cookies or to prompt you before accepting a cookie from a website you visit. You can also delete cookies on your computer or mobile device using the corresponding function in your browser.

To enable or disable cookies in your web browser:

Check which web browser you are using and then select the relevant link below. On the page you are taken to, you will find instructions on how to enable or disable cookies in your web browser.

If you choose not to accept our cookies or cookies and tools from our partner companies, you will not be able to see certain information on our websites and will be unable to use some features that improve your visit.

More information on the use of cookies can be found on the following website:All About Cookies | Online Privacy and Digital SecurityTarget not accessible

Target not accessible9. Will we share your data with anyone else?

Your personal data will be passed on solely to selected service providers − and only to the extent required to provide the service.

This includes:

  • IT support service providers
  • Subscription card issuers
  • Shipping service providers
  • Service providers tasked with distributing transport revenue among the participating transport companies (in particular during the creation of distribution keys as set out in the Federal Act of 20 March 2009 on Passenger Transport (PTA))
  • Our hosting provider
  • Other companies within Swiss Post Group.

External service providers who process data on our behalf are contractually obliged to comply with the relevant data protection provisions and may process data only in the same manner in which PostBus is permitted to do.

We will retain your information for no longer than necessary and will treat it as confidential. This excludes the transmission of personal data to payment collection service providers, to governmental institutions and authorities and to private persons with a right thereto based on statutory regulations, court orders or regulatory decisions, as well as its transmission to governmental institutions for the purposes of taking legal action or prosecution should our legally protected rights be challenged.

10. Your rights 

10.1 Amendment, blocking and deletion / withdrawal of consent

You have the right to request information on the processing of your personal data and can request that it be amended, blocked or deleted.
If you have expressly consented to further data processing, you may revoke this at any time. Detailed information can be found in the relevant General Terms and Conditions and Subscriber Conditions.

10.2 Contact information 

If you have any questions, suggestions or concerns in relation to the handling of your data, you are welcome to contact us by post, telephone or e-mail as follows:

Postal address:

PostBus Ltd
Engehaldestrasse 39
3030 Bern

Tel.: +41 58 341 10 65

Should you wish to contact us by e-mail, please note that e-mails are unencrypted and are therefore susceptible to the security risks typically associated with this method of communication.

11. How secure is your data?

The data we collect and save is treated confidentially and, using appropriate technical and organizational precautions, protected against loss or manipulation and unauthorized access by third parties.

Our digital presence may contain links to other digital solutions that are outside our control and are not covered by this Privacy Policy. If you access other digital solutions using the links provided, the operators of these digital solutions may collect information from you that will be used by these operators in accordance with their privacy policies, which may differ from ours.

We do not accept liability for any unauthorized access or loss of personal data that is beyond our control.

12. Amendments to the Privacy Policy

Amendments to this Privacy Policy may be required from time to time, for example due to the ongoing development of our digital presence or as a result of changes in legislation. PostBus therefore reserves the right to amend the Privacy Policy at any time, with effect from a future date. Accordingly, we recommend that you re-read this Privacy Policy on a regular basis.

This Privacy Policy was last updated on 14 November 2022.

Phishing and other attempts at fraud on the Internet

A person uses their smartphone to find out about phishing

Online fraud attempts are increasingly targeting any potential carelessness on the part of users in order to access coveted data. Find out here what you and PostBus can do to combat fraud and where you can report suspicious cases.

Rich Content Section