Scope of application

This data protection declaration applies to Communauté tarifaire vaudoise Mobilis (hereinafter "CTV"), Rue du Port-Franc 22, 1003 Lausanne - www.mobilis-vaud.ch.

The Communauté tarifaire vaudoise is a simple partnership formed by the following thirteen transport companies (hereinafter ET):

  • Swiss Federal Railways Ltd: SBB, Bern
  • Chemin de fer Lausanne - Echallens - Bercher SA: LEB, Echallens, represented by tl
  • CarPostal SA: represented by CarPostal Secteur Ouest, Yverdon-les-Bains
  • Transports de la région Morges - Bière - Cossonay SA: MBC, Morges
  • Transports publics de la région lausannoise SA: tl, Renens
  • Compagnie du chemin de fer Nyon - St-Cergue - Morez SA: NStCM, Nyon
  • Transports publics de la Région Nyonnaise SA: TPN, Nyon, represented by NStCM
  • Transport Vallée-de-Joux - Yverdon-les-Bains - Sainte-Croix SA: TRAVYS, Yverdon-les-Bains
  • Société Anonyme des auto-transports de la Vallée de Joux: AVJ, Les Bioux, commune de l'Abbaye
  • Transports publics Vevey - Montreux - Chillon - Villeneuve SA : VMCV in Clarens
  • Compagnie du chemin de fer Montreux - Oberland Bernois SA: MOB, in Montreux
  • Transports Montreux - Vevey - Riviera SA: MVR, Montreux, represented by MOB
  • Transports publics du Chablais SA: TPC, Aigle

The CTV covers the entire canton of Vaud, with the exception of three communes (Rougemont, Rossinière and Château d'Oex) and certain tourist routes (see fare zone map).

CTV markets transport tickets under the trade name "Mobilis".

This data protection declaration informs you about the type of personal data we process, why we need it and how you can object to its collection.

This data protection declaration is based on the current legal regulations concerning the use of personal data. In particular, it refers to the law applicable in Switzerland and to the EU Basic Data Protection Regulation (EU-BDPR).

Public transport companies and fare associations take care to protect the confidentiality of customer data.

As a public transport tariff community, we attach the utmost importance to protecting your privacy. We guarantee that your personal data will be handled in accordance with the applicable legal provisions.

Swiss public transport companies and fare associations affirm their commitment to the confidentiality of your data by applying the following principles.

You decide how your personal data is processed.

To the extent permitted by law, you may at any time choose how your data is processed, withdraw your consent or have your data deleted. You can always travel anonymously, i.e. without entering your personal data.

By processing your data, we offer you added value.

The Swiss public transport companies and fare associations only use your personal data for the purpose of providing our services and offering you added value along the mobility chain (e.g. tailor-made offers, information or support). We therefore use your data exclusively to develop, provide, optimize and operate our services or to manage customer relations.

Your data will not be sold.

Your data will only be passed on to selected third parties mentioned in this data protection declaration and only for the purposes explicitly stated. If we entrust third parties with data processing, they are obliged to comply with our data protection requirements.

We guarantee the security and protection of your data.

Swiss public transport companies and fare associations are committed to taking care of customer data and guaranteeing its security and protection. We take the necessary organizational and technical measures.

Below you will find detailed information on how we process your data.

As a simple company, the CTV has no legal personality of its own. For this reason, responsibility for processing your data lies with the CTV's member companies (see Scope of application). As a public transport tariff community, we are required by law to provide the National Direct Service (NDS). To this end, Swiss public transport companies and fare associations, as well as third parties marketing public transport products, exchange certain data and organize their centralized storage in databases jointly managed by all public transport companies and associations. In this way, we share responsibility for data processing with these TSs and communities. You can find out more about the different types of data processing in the section entitled "What is shared responsibility in public transport?

If you have any questions or suggestions regarding data protection, please contact us at any time:

  • By post to :

Jérôme Michel
Communauté tarifaire vaudoise
Chemin du Closel 15
1020 Renens

  • or by e-mail to :

secretariat.mobilis@mobilis-vaud.ch

We are aware of the importance you attach to the careful handling of your personal data. Data is processed exclusively for specific purposes, which may arise, for example, from technical requirements, contractual obligations, legal requirements, overriding interests, i.e. for legitimate reasons or with your express consent.

We collect, store and process personal data where necessary, for example to manage customer relations, distribute our products and provide our services, fulfil orders and contracts, sell and invoice, answer questions and requests, provide technical support and provide information about our services and products, as well as to supply, evaluate, market and develop them.

To find out more about the purposes for which data is processed, please read the following paragraphs.

a. When purchasing services

Mobilis services can be purchased from a public transport company that is a member of the CTV (see Scope). In this case, the member company requires personal information for online orders or the purchase of certain services and products in order to provide the services and execute the contract, e.g. when purchasing a season ticket or an individual ticket.

When purchasing personalized services, ET collects the following data for each product or service. Mandatory information on the form concerned is marked with an asterisk (*).

  • Personal photo
    • Gender*, name*, e-mail address of buyer or traveler
    • Other information such as postal address*, date of birth*.
    • Phone number
    • Payment method
    • Acceptance of general terms and conditions

In addition, ET collects data relating to the services you purchase for the purpose of fulfilling the contract ("Service Data"). This includes the following information, depending on the product or service.

  • Type of product or service purchased
    • Price
    • Place, date and time of purchase
    • Purchasing channel (Internet, distributor, counter, etc.)
    • Travel date or validity period and departure time
    • Place of departure and destination.

To ensure that we can reach you by mail at any time, we compare your address with the one registered with the Swiss Post Office - provided that you have given your consent to the Swiss Post Office - and update it if necessary.

The data generated when purchasing services is stored in a central database (see 9. Shared responsibility), but is also processed for marketing and market research purposes in particular (for further information, please refer to the relevant sections of this data protection declaration).

The data is also used to check tickets, to identify the holder of a personal ticket and to prevent misuse (for further information, please refer to the relevant sections of this declaration, in particular 3b. In the event of service checks and 9. Joint liability).

The data is also made available to the Mobilis secretariat or to the after-sales service of the requested TTE in order to identify and assist you in the event of a request or difficulty, to inform you about your services (expiry notice, modification, etc.) or to process any claims for compensation.

In addition, the data is used to distribute the proceeds of ticket sales fairly between companies and fare communities. These data processing operations are legally based on our legitimate interests.

In the case of group travel, we send you information about your group booking and any delays or cancellations by SMS. You can choose whether or not to receive this information when you book your group trip.

Finally, we analyze the data anonymously, with the aim of developing the overall TP system as required.

Insofar as the GDPR-EU applies, our legitimate interest and the necessity required by the performance of the contract constitute the legal basis for the processing of personal data.

To find out more about the data collected by the DE with whom you purchased Mobilis services, please consult the DE's own data protection declaration.

b. In the event of a benefits check

Customer and season-ticket data is required to guarantee revenue (checking the validity of tickets or discounts, collection, combating misuse) and is processed for this purpose. As part of the overall control and collection procedure, ETs and communities are therefore authorized to process all data (ticket and control data as well as any particularly sensitive data relating to cases of passengers without a valid ticket, e.g. passengers with a partially valid ticket, an invalid ticket or who have forgotten their ticket or discount, as well as in the event of possible misuse) of passengers and/or contractual partners, to store them for the periods defined in data protection legislation and to exchange them with other DEs and communities (also across borders in the case of international tickets or discounts).

The following provisions apply to each service and/or data carrier:

SwissPass card

No control data is recorded when using the physical SwissPass card as a medium (see SwissPass Mobile section for exceptions).

SwissPass Mobile

When using the SwissPass Mobile application, the provisions that apply are those of which the customer is aware when activating SwissPass Mobile (see swisspass.ch data protection declaration). The following data is processed in this context: registration, activation and control data generated when using SwissPass Mobile. When the SwissPass Mobile application is used, this data is also collected on the SwissPass card.

The maximum retention period for registration data is eighteen months after deactivation of SwissPass Mobile or expiry of the SwissPass card. SwissPass Mobile and SwissPass card activation and control data are stored for one day on the control devices and for thirty days in the control database. In the event of indications of misuse, the retention period for activation and control data is extended to a maximum of 90 days. Passengers who misuse the SwissPass Mobile application will be excluded for a period of twelve months, after which they will be allowed to use the application again. The author's exclusion file will be deleted after a further period of twelve months.

E-Tickets

Control data is stored in SBB's central control data server when E-Tickets are used. This data is stored for a period of 360 days for the purposes of combating misuse and preventing misuse and improper refunds.

Insofar as the GDPR-EU applies, our legitimate interest and the necessity required by the performance of the contract constitute the legal basis for the processing of personal data.

c. In case of misuse

In the case of a passenger without a valid ticket, the data is stored in the company's own database and in a joint register. Passengers and/or contractual partners are informed that, in the event of misuse or falsification, ET is entitled to provide the relevant personal data to all internal departments and external ETs concerned by the misuse, in order to confirm or deny the presence of misuse and prevent further misuse. Under the Federal Law on Passenger Transport (LTV), various time limits apply to the processing of the data concerned. Data is deleted immediately if it is established that the person concerned has not caused any loss of earnings, and after two years provided that the person concerned has paid the surcharges and has not reoffended during this period; data may be kept for a maximum of ten years if it is required for the collection of the person concerned's debts.

Insofar as the RGPD-EU applies, these personal data processing operations are legally based on art. 20a LTV and art. 58a OTV.

d. If you use the website www.mobilis-vaud.ch

Each time you visit our website, our ISP's servers temporarily record each session in a log file. The following technical data is collected:

  • IP address of requesting computer
  • Access date and time
  • Internet page that immediately preceded the connection and, if applicable, the keyword searched.
  • Name and URL of consulted file
  • Searches (schedules, rates, general site search function, products, etc.)
  • Your computer's operating system (provided by the user agent)
  • Browser used (provided by user agent)
  • Device type for cell phone access
  • Transfer protocol used

The collection and processing of this data enables us to ensure the security and reliability of the system, to carry out error and performance analyses, to produce internal statistics and to optimize our Internet offering. It also enables us to tailor our website to our target groups, i.e. to offer targeted content or information that may be of interest to you.

The IP address is also used to predefine the language of the website. In addition, it is analyzed together with other data for information purposes and to combat attacks on the network infrastructure or other illegal or abusive use of the website. Where necessary, it is used for identification purposes in criminal proceedings and in civil and criminal actions against the users concerned.

Finally, we use cookies as well as applications and help tools (which rely on the use of cookies). You will find more information on this subject in the sections of this data protection declaration devoted to cookies, tracking tools, advertising and social plugins.

Insofar as the RGPD-EU applies, these data processing operations are legally based on our legitimate interest.

We cannot guarantee compliance with data protection provisions on external websites accessible via a link on our website.

e. When using a contact form

You can use a form to contact us. To do so, you must provide the following personal data:

  • First and last name
  • E-mail address

We use this data and other optional information (title, address, telephone number and company) only to respond to your request as effectively as possible.

Your (optional) response as to how you became aware of our offer is used for statistical purposes.

Insofar as the GDPR-EU applies, our legitimate interest and the necessity required by the performance of the contract constitute the legal basis for the processing of personal data.

f. During a telephone conversation with our secretariat

When you call our secretariat, you may be asked to provide personal data, such as :

  • First and last name
  • Date of birth
  • Address
  • Phone number
  • E-mail address

We use this optional information only to provide you with the best possible service. The subject of your request may be recorded for statistical purposes or to improve our services.

Insofar as the GDPR-EU applies, our legitimate interest and the necessity required by the performance of the contract constitute the legal basis for the processing of personal data.

g. When creating a SwissPass login/customer account at www.swisspass.ch

You can create a customer account at www.swisspass.ch. To do so, we need the following information from you:

  • First and last name
  • Date of birth
  • Address (street, postcode, town and country)
  • Customer number (if you already have a public transport pass)
  • E-mail address and password (login data)

We offer you the opportunity to register so that you can use your login data (SwissPass ID) to access the many online services (webshops and applications) offered by public transport companies and communities, and purchase their services without having to register each time. The services you purchase using your SwissPass ID (in particular public transport tickets and season tickets) are recorded in your customer account and in a central database ("SDN database"). This data processing is necessary for the execution of the SwissPass contract and has this legal basis. You will find further information on this subject in the sections of this data protection declaration devoted to shared responsibility in the context of public transport, as well as in the data protection declaration on the www.swisspass.ch website .

We store personal data only for as long as is necessary for :

  • to provide the services within the scope defined in this data protection declaration that you have requested or to which you have given your consent;
  • use the tracking services mentioned in this data protection declaration within the limits of our legitimate interest.

We retain contractual data for longer periods in order to comply with legal retention obligations. The retention obligations that compel us to retain data arise from accounting and tax regulations. This data is locked as soon as we no longer need it to provide our services to you. Thereafter, it will only be used to meet our legal archive obligations.

Icon

Storage times and locations

1 file-s 78.46 KB
Download

Your data is stored in databases located in Switzerland. However, in a few cases mentioned in this data protection declaration, data is also transferred to third parties based outside Switzerland.

If the country concerned does not have an appropriate level of data protection, we ensure that your data is adequately protected in these companies by entering into a contract with them.

Icon

Storage times and locations

1 file-s 78.46 KB
Download

Provided you have given your consent, we use your customer data (name, gender, date of birth, address, customer number, e-mail address), your service data (data on the services you have purchased, such as subscriptions or individual tickets) and your clicks on our website or in e-mails sent to you for marketing purposes. To find out more about click analysis, please see section 11: "How are tracking tools used?"

We analyze this data in order to develop our offers according to your needs and to send you the information and offers most likely to interest you (by e-mail or post). In addition, we apply methods that predict your potential buying behavior on the basis of your current buying behavior.

In some cases, SBB or another company participating in the Direct Service may also contact you under very strict conditions. In this respect, please note the information in section 9 on shared responsibility in public transport.

You can refuse contact from us, SBB (e.g. for your general or half-fare season ticket) or other public transport companies at any time.

You can choose from the following options:

  • Every e-mail you receive from us or from other public transport companies includes an unsubscribe link, enabling you to stop receiving further messages with a single click.
  • If you have a SwissPass login, you can log on to www.swisspass.ch and redefine your message reception options in your user account at any time.
  • You can also register or unsubscribe at any CTV member transport company counter or by e-mail at secretariat.mobilis@mobilis-vaud.ch.

In addition, please refer to the information on the right to object to the analysis of your clicks, in the section on tracking tools.

In order to continuously improve the quality of our services and offers, we regularly carry out market research. For example, if you have given your consent, we may occasionally use your contact data for customer surveys (e.g. online surveys).

If you do not wish to be invited to participate in these surveys, you have the following options:

  • Every e-mail you receive from us or from other public transport companies includes an unsubscribe link, enabling you to stop receiving further messages with a single click.
  • If you have a SwissPass login, you can log on to swisspass.ch and redefine your message reception options in your user account at any time.

You can also register or unsubscribe at any CTV member transport company counter or by e-mail at secretariat.mobilis@mobilis-vaud.ch.

You have the following rights with regard to your personal data:

  • You can request access to your stored personal data.
  • You can have your personal data corrected, supplemented, blocked or deleted. Data may be blocked instead of deleted if there are factual or legal obstacles to deletion (e.g. legal retention obligations).
  • If you have created a customer account, you can delete it or have it deleted.
  • You may object to the use of your data for marketing purposes.
  • You may withdraw your consent at any time with effect for the future.
  • You can request the transfer of your data.

To exercise your rights, simply send an e-mail to

  • a letter to :

Communauté tarifaire vaudoise
Chemin du Closel 15
1020 Renens

  • or send an e-mail to :

secretariat.mobilis@mobilis-vaud.ch

If you would like to view or delete your personal data at the level of the whole of SBB within the meaning of data protection legislation, you can send your request in writing to SBB. Requests should be addressed to: SBB AG, Law and Compliance, Data Protection Department, Hilfikerstrasse 1, 3000 Bern 65.

In addition, you have the right to lodge an appeal with a data protection authority at any time.

As a public transport community, we are required by law to provide certain transport services with other companies and communities ("Direct Service").

To this end, data collected when purchasing services and contact details, for example, are transmitted to the National Direct Service (SDN), which groups together over 240 public transport companies (ETs) and communities. A list of the various companies and communities can be found here.

The data is stored in the central NOVA database ("Network-wide Public Transport Platform"), managed by SBB on behalf of the SDN and for which we are jointly responsible with the other SDN ETs and communities. NOVA is a technical platform dedicated to the distribution of public transport offers. It includes all the central elements for selling public transport services, such as the customer database. The extent of access to the common databases by the various DEs and communities is defined by mutual agreement. The data transfer involved in centralized storage and processing by the TTEs and communities is limited to the following purposes:

a. Supply of transport services

To ensure that your trip runs smoothly, data relating to your trip and your purchase are transmitted within the SDN.

b. Contract performance

We process this data for the purpose of establishing, managing and executing contractual relations.

c. Customer relations and assistance management

We process your data for the purpose of communicating with you, in particular in order to respond to your requests and assert your rights, to identify you and assist you as best we can in the event of a request or difficulty, at the TP level, or to deal with any claims for compensation.

d. Ticket control and revenue guarantee

Data relating to customers and season tickets is required to guarantee revenue (checking the validity of tickets or discounts, collection, combating misuse) and is processed for this purpose.

The national free-rider register records cases of passengers without a valid ticket or with a partially valid ticket.

e. Revenue breakdown

The SwissPass Alliance Managing Authority, managed by ch-integral, assumes the legal task defined in the Federal Law on Passenger Transport, which is to collect data for the correct distribution of revenues. In doing so, the management body acts as an agent for the distribution of revenue within the National Direct Service on behalf of the SDN companies.

f. Identification as part of authentication with the SwissPass identifier (SSO)

For services purchased using the SwissPass ID, the data is stored in the central database (NOVA). In order to enable a single authentication procedure (single sign-on or SSO is a login for all applications that offer use of their services with the SwissPass ID), we also exchange login, card, customer and service data with the central SwissPass login infrastructure.

g. Joint marketing and market research activities

In addition, data collected when purchasing TP services is in some cases processed for marketing purposes. Provided that the customer has given his or her consent, any data processing or contact for this purpose will normally be carried out by the transport company or community from which the corresponding TP service was purchased. Other transport companies and communities participating in the SDN may exceptionally contact you or process your data according to strict rules, and only if data analysis indicates that a certain public transport offer would be likely to bring you added value as a customer. Data processing or contact by SBB is an exception. Insofar as SBB carries out the marketing mandate for SDN services (e.g. GA and half-fare), it may contact you on a regular basis.

We also process your data for the purposes of market research, service improvement and product development.

h. Development of TP systems with anonymous data

We analyze the data anonymously, with the aim of developing the overall TP system as required.

i. Customer information

In the case of group travel, we send you information about your group booking and any delays or cancellations by SMS. You can choose whether or not to receive this information when you book your group trip.

We do not sell your data. Your personal data will only be passed on to selected service providers, and only insofar as this is essential for the provision of the service. These include IT support providers, season ticket issuers, transport providers (e.g. Swiss Post), providers responsible for distributing revenue among participating transport companies (e.g. in connection with the establishment of distribution keys within the meaning of the Passenger Transport Act), our Internet service provider (see section on use of websites) and providers mentioned in the sections on tracking tools. In the case of service providers domiciled abroad, please see section 5 "Where is the data stored?

In addition, your data may be passed on to third parties if we are obliged to do so by law or if this is necessary to safeguard our rights, in particular to exercise the rights conferred on us by the contract concluded with you. The data processing mentioned here is legally based on our legitimate interests.

Your personal data will not be passed on to third parties outside the public transport sector, with the exception of SwissPass partners and companies authorized to provide public transport services on the basis of a contractual agreement (to the extent described below). These intermediaries will only have access to your personal data if you wish to purchase a public transport service from them and have consented to such access.

Even in this case, access to your data is limited to what is necessary to determine whether you already have tickets or season tickets for the planned period in connection with your journey or the desired service provided by the third party. Your consent is the legal basis for this data processing. You may withdraw your consent at any time with effect for the future (see 8. What are your rights regarding your personal data?).

If you use your SwissPass to access offers from a SwissPass partner, data relating to any services you may have purchased from us (e.g. GA travelcard, Half-Fare travelcard or Community travelcard) may be passed on to the said partner, who will check that you are eligible for one of their specific offers (e.g. discount for GA travelcard holders). In the event of loss, theft, misuse, falsification or replacement of a card after the purchase of a service, the partner concerned will be informed. This data processing is necessary for the execution of the SwissPass contract and is based on this legal basis. Further information can be found in the data protection declaration on the swisspass.ch website and in the data protection declaration of the SwissPass partner concerned.

In order to design and continuously optimize our website and e-mails to meet the needs of our users, we use Google's web analysis services. The following data processing operations are subject to your consent.

a. Follow-up on the website

In connection with our website, anonymized and pseudonymized usage profiles are created and small text files ("cookies"), which are stored on your computer, are used (see below "What are cookies and when are they used?"). The information generated by cookies about your use of this website is transmitted to the servers of the service providers, where it is stored and processed on our behalf. In addition to the above-mentioned data (see "What data is processed when you use our website?"), we receive the following information in this way:

  • Navigation path used by visitors to our site
  • Time spent on the site or the various pages
  • Last page viewed before leaving the site
  • Country, region or city from which access originates
  • Terminal (type, version, color intensity, resolution, width and height of browser window)
  • Regular user or new visitor
  • Browser type and version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name of computer requesting access (IP address)
  • Server request time.

This information is used to analyze the use of the website.

A few details about our monitoring tools:

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA or Google Ireland Limited, Gordon House Barrow St, Dublin 4, Ireland. Google Analytics uses methods such as cookies to analyze website usage (see "What are cookies and when are they used?" below). The information about your use of the website collected by the cookie, as described above, is transmitted to and stored on servers operated by Google, an Alphabet Inc. company, in the United States.

The IP address is then abbreviated by activating IP anonymization ("anonymizeIP") on this website before being transmitted to member states of the European Union, other signatory states of the Agreement on the European Economic Area or Switzerland.

The anonymized IP address transmitted by your browser within the framework of Google Analytics is not compiled with other Google data. In exceptional cases, the entire IP address may be transferred to Google servers in the USA, where it will be abbreviated. In such cases, we have taken contractual steps to ensure that Google observes an adequate level of data protection.

The information is used to analyze the use of the website, to compile reports on users' activities on the website and to provide other services related to the use of the website and the Internet as part of market research and to better tailor the website to customers' needs. This information may also be transferred to third parties if this is required by law or if these third parties are mandated to process this data.

Google does not associate your IP address with any other user data.

Users can prevent the transmission of the data generated by the cookie and the data relating to the use of the website by the user concerned (including the IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in accessible via this link.

In some cases, we use cookies. These are small files stored on your computer or mobile terminal when you visit or use our website. Cookies store certain preferences as well as data on exchanges with the website via your browser. A cookie may be assigned an identifier when it is activated, enabling your browser to be identified and the data contained in the cookie to be used. You can configure your browser so that a warning appears on your screen before a cookie is stored. It is also possible to forego the benefits of personal cookies. In this case, certain services will not be accessible.

b. What are cookies and when are they used?

We use cookies to analyze general user behavior. The aim is to optimize our digital interfaces to make them easier to use and content more intuitive to find. We want to be able to design and structure them in a more comprehensible way. We intend to adapt our digital interfaces to your needs and make them more user-friendly. Thanks to cookies, we can enrich the website with targeted content or information that may be of interest to you.

Among these cookies, we use :

- Google Analytics (see a. Website tracking)

- Facebook Pixel. This allows us to see whether our posts on our Facebook page have aroused interest and brought visitors to our site.

Most browsers accept cookies by default. However, you can configure your browser so that no cookies are stored on your computer, or so that you are notified each time a new cookie is stored. The following links explain how to configure cookie handling.

Deactivating cookies may make it impossible to use certain functions of our website.

The data processing described in this paragraph is legally based on our legitimate interests.

c. Follow-up when sending e-mails

We use third-party e-mail marketing services to send our e-mails. Consequently, our e-mails may contain a "web beacon" or similar technical means. A web beacon is an invisible, pixel-sized image file associated with the e-mail subscriber's user ID.

Each newsletter sent includes information on the address file used, the subject and the number of newsletters sent. It is also possible to find out which addresses have not yet received the newsletter, to which addresses it was sent and for which addresses the mailing was unsuccessful, as well as the opening rate and which addresses opened the newsletter and which unsubscribed from the mailing list.

Subsequently, access to the corresponding services enables the above-mentioned information to be analyzed. It is also possible to identify and analyze clicks. We use this data for statistical purposes and to optimize the content of our messages. In this way, we can better gear the information and offers contained in our e-mails to the personal interests of the recipients. The web beacon disappears when the e-mail is deleted.

If you wish to block the use of the web beacon in our e-mails, please set your e-mail program so that no HTML files are displayed in your messages (if this is not already the case by default). We suggest you follow these instructions.

d. What are social plugins and what do they do?

You can use the following social plugins on our website:

  • Facebook; Facebook Inc (1601 S. California Ave, Palo Alto, CA 94304, United States)
  • Twitter; Twitter Inc (795 Folsom St., Suite 600, San Francisco, CA 94107, United States)
  • LinkedIn; Microsoft Inc (1000 W Maude, CA 94085 Sunnyvale, United States)
  • WhatsApp; WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Social plugins are used to personalize our web pages. By default, plugins are deactivated on our web pages and therefore do not send any data to social networks. You can activate all plugins by clicking on the "Activate social media" button (2-click solution). Click again to deactivate the plugins.

When plug-ins are activated, your browser establishes a direct connection with the servers of the social network in question as soon as you visit our website. The content of the plugin is transmitted directly from the social network to your browser, which then integrates it into the website.

Once the plugin has been integrated, the corresponding provider is informed that your browser has called up this page of our website, even if you do not have an account with this social network or are not connected to it at the time. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there. We therefore have no influence on the management of the data collected by the plugin.

If you are connected to the social network, it may associate your visit to our website directly with your user account. Similarly, if you interact with the plugins, this information will be transmitted directly to a server of the provider for storage. This information may also be published on the social network and, in certain circumstances, presented to other users of the social network.

The social network provider may use this information for advertising and market research purposes, or to better tailor its offering to customer needs. Profiles of use, interests and relationships may be created in order to evaluate your use of our website in relation to advertisements presented to you on the social network, for example, or to inform other users of your activities on our website and provide you with other services related to the use of the social network.

To find out about the purpose and scope of data collection, how social network providers process and use data, your rights in this respect and how you can configure your equipment to protect your privacy, please consult the data protection statements of each provider directly.

If you do not want the social network provider to associate the data collected via our website with your user account, please remember to log out of this social network before activating the plugins.

The data processing described in this paragraph is subject to your consent.

We do not use the services of third-party providers (Adserver) to display advertisements on our website.

We use appropriate technical and operational security measures to protect the personal data we hold against manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

We also take data protection within our company very seriously. Our employees and external service providers are bound by confidentiality obligations and the provisions of the Data Protection Act.

We take appropriate precautions to protect your data. However, we ask you to remain vigilant when transmitting information via the Internet and other electronic means, as we cannot guarantee the security of information transmitted in this way.

SwissPass Alliance: Organization of the public transport industry (250 transport companies and 18 fare associations) committed to harmonized, comprehensible and cost-effective fare regulations, modern and attractive distribution solutions, and customer-oriented product ranges and information systems.

Branch: Collective term for transport companies, the National Direct Service and the Swiss tariff and transport communities.

CTV: Communauté tarifaire vaudoise. It groups together the 13 public transport companies operating in the canton of Vaud.

Joint Data Protection Declaration (JDPS): The DCPD (this document) contains minimum requirements to be met when drawing up a company-specific Data Protection Declaration, and thus establishes the framework conditions for data management within the public works sector. The DCPD also provides a detailed template for data protection declarations, which can be adapted to the individual requirements of different transport companies or communities. An important element of this DCPD is the "promise to customers", which explains in comprehensible terms the principles of data ethics that public transport companies undertake to apply to data management.

Distributor: Sale of the NOVA assortment by transport companies or communities providing services, in their own name and for their own account.

ET: Transport company.

Intermediary: Organization that sells products from the NOVA assortment on behalf of one or more transport companies providing services. This includes FOT-licensed transport companies, rail infrastructure managers, Swiss tariff and transport communities, and third parties affiliated to NOVA.

DPA: Federal Data Protection Act (DPA; FF 2020 7397).

NOVA: Network-wide central distribution platform for public transport (from the German "Netzweite öV-Anbindung").

NOVA platform: This term refers to the common distribution infrastructure (including intermediaries) made available to transport companies, communities and third parties (Swiss public transport distribution platform). The NOVA platform brings together the services provided to customers by transport companies and communities. It comprises six modules: network, product range and tariffs, people, billing, services and control.

Tariff owner: Body with tariff authority (national direct service [SDN], regional direct service [tariff or transport communities], transport companies).

Joint controllers: Two or more data controllers jointly determine the purposes and means of processing personal data.

GDPR : The General Data Protection Regulation is a regulation issued by the European Union governing the management of personal data.

RUD: The SwissPass Alliance's TP Data Usage Regulations govern the use of data within the TP industry.

SDN: National Direct Service. Links involving several communities and links connecting areas outside the community. Short form: SD national.

Direct service: Direct service (see also national direct service) as defined in art. 16 of the VVG and the VVG.

Regional SD: Communities.

Third parties: Organizations affiliated to the NOVA platform and offering NOVA services that are not FOT-licensed transport companies, railway infrastructure managers or members of a Swiss tariff or transport community. In legal language, a third party is defined as a person (legal or natural) who is not a party to a specific legal relationship. The term is used in this sense, for example, in relation to customers in the model data protection declaration.