BERNMOBIL, as the operator of the Public Transport Plus App, considers the protection of personal data to be of paramount importance and complies with applicable data protection laws in its handling of such data.
The legal basis for data processing includes the Federal Act on Passenger Transport (Passenger Transport Act; PBG; SR 745.1), the Federal Act on Data Protection (FADP; SR 235.1), the related ordinance to the Federal Act on Data Protection (FADP; SR 235.11), as well as the Joint Tariffs and Regulations of the National Direct Traffic and public transport consortia.
2. “Customer Commitment” of Public Transport Companies
Public transport companies handle customer data with trust and care.
The protection of your personal identity and privacy is of great importance to us, the public transport companies. We guarantee lawful processing of your personal data in accordance with applicable data protection laws.
Public transport companies operate based on the following principles for the responsible handling of your data:
You have control over the processing of your personal data. Within the legal framework, you can refuse data processing, revoke your consent, or request the deletion of your data at any time. You always have the option to travel anonymously with corresponding tickets, without providing your personal data.
We provide added value when processing your data. Public transport companies use your personal data exclusively within the scope of service provision and to offer added value along the mobility chain (e.g., customized offers and information, support, or compensation in case of disruptions). Your data is only used for the development, provision, optimization, and evaluation of our services or for maintaining customer relationships.
We do not sell your data. Disclosure of your data only occurs to selected third parties and for explicitly stated purposes. When third parties are commissioned with data processing, they are obliged to adhere to our data protection standards.
We ensure the security and protection of your data. Public transport companies guarantee the careful handling of customer data as well as the security and protection of your data. We implement necessary organizational and technical measures to ensure this.
Detailed information on how we handle your data is provided below.
3. What Does “Joint Responsibility in Public Transport” Mean?
BERNMOBIL is legally obligated to provide transport services in cooperation with other transport companies and consortia (referred to as “Direct Traffic”).
For services purchased using the SwissPass login, data is stored in another central database (“SwissPass Database”) for which we share joint responsibility with the TCs and consortia of NDV. This database is also managed by SBB on behalf of NDV. Data from different databases may be merged for efficient service provision and collaboration among parties. To enable Single Sign-On (SSO) (a single login for all applications offering their services through SwissPass login), login, card, customer, and performance data are exchanged between the central SwissPass login infrastructure and BERNMOBIL as part of the authentication process.
The extent of access to the shared databases by individual TCs and consortia is regulated and limited by a mutual agreement. The sharing and processing of data by other TCs and consortia of NDV are primarily limited to contract processing, ticket inspections, after-sales service, and revenue distribution. Additionally, data collected during the purchase of NDV services may, in certain cases, be used for marketing purposes. This includes data analysis to tailor public transport services to customer needs and promote them. If contact is made for this purpose, it is generally done by BERNMOBIL. Contact by other TCs and consortia participating in NDV occurs only in exceptional cases, under strict conditions, and only if data analysis suggests that a specific public transport offer could provide added value to you as a customer. An exception is contact by SBB, which, on behalf of NDV, handles marketing for DV services (e.g., GA and Half Fare) and may regularly get in touch with you in this capacity.
4. Is Your Data Shared with Third Parties?
BERNMOBIL does not sell your data. Disclosure of your personal data is limited to selected service providers and only to the extent necessary for service provision. This includes IT support service providers, issuers of subscription cards, shipping service providers (such as the Swiss Post), and service providers responsible for distributing revenue to participating transport companies (especially when creating distribution keys in accordance with Swiss passenger transport laws).
Furthermore, your data may be disclosed if required by law or necessary to protect our rights, particularly to enforce claims against you. When booking cross-border travel, your data may be shared with foreign providers, but only to the extent necessary to verify the validity of tickets and prevent abuse.
5. Who is Responsible for Data Processing?
BERNMOBIL is responsible for the processing of your data. In summary, BERNMOBIL, as a public transport company, is legally obligated to operate Direct Traffic (DV). For this purpose, certain data is exchanged within the TCs and consortia of public transport.
If you have any questions or concerns regarding data protection, please contact BERNMOBIL’s data protection officer at the following address:
Data Protection Officer BERNMOBIL; Eigerplatz 3, Postfach, CH-3000 Bern 14
Alternatively, you can send an email to firstname.lastname@example.org.
6. Why do we collect personal data?
BERNMOBIL is aware of how important the careful handling of your personal data is to you. All data processing is carried out for specific purposes. These purposes may arise, for example, from technical necessity, contractual requirements, legal regulations, overriding interests, meaning legitimate reasons, or your explicit consent. We collect, store, and process personal data as necessary, for instance, for the management of customer relationships, the distribution of our products, and the provision of our services, order and contract processing, sales and invoicing, responding to questions and concerns, providing information about our products and services, as well as their marketing, assistance with technical matters, and the evaluation and development of services and products. For more detailed information on which data is processed for which purposes, please read the following sections.
7. General ÖV Plus
i. Use of the ÖV Plus App
The following data is processed and/or stored when using the öV Plus App:
- First and last name, as well as date of birth (mandatory only for the purchase of direct traffic tickets)
- Information about accompanying passengers (first and last name, as well as date of birth)
- Email address (voluntary, mandatory if a purchase receipt is desired)
- Phone number (mandatory)
- Payment method information (mandatory for ticket purchase)
- Ticket purchases (type, price, date, departure and arrival location)
- Ticket purchase settings (full price/discounted, 1st/2nd class, additional discount entitlements)
Information about App and Smartphone Usage:
- Smartphone brand and model
- Operating system
- Wi-Fi signals
- Configured settings for app usage (favorites, sharing functions, location services, filter functions, etc.)
ii. When Using the Website: www.oevplus.ch
When visiting the öV Plus website, the servers of our hosting provider, Red Hat OpenShift, temporarily store each access in a log file. The following technical data is collected:
- IP address of the requesting computer
- Date and time of access
- Website from which the access originated
- Search keywords
- Name and URL of the retrieved file
- Conducted search queries (timetable, general website search function, products, etc.)
- Your computer’s operating system (provided by the user agent)
- Browser used by you (provided by the user agent)
- Device type in the case of mobile phone access
- Used transmission protocol
The collection and processing of this data serves system security and stability, error and performance analysis, as well as internal statistical purposes, allowing us to optimize the internet offering. Additionally, this enables us to tailor our website with targeted content or information that may be of interest to you.
No guarantee is provided for compliance with data protection regulations on external websites linked to öV Plus.
8. Processing Purposes
The operator exclusively collects and processes data related to the ÖV Plus App and website:
- Personal data and purchased tickets are stored exclusively in the systems of the operator. The operator employs appropriate security measures to protect personal data against foreseeable risks.
- In order to provide location-based timetable information, anonymous location data is transmitted to the systems. These location data are not stored. If you wish to avoid the transmission of location data, you must deactivate the GPS function.
- Anonymous tracking data is collected during app usage and transmitted to a third-party for the purpose of optimizing the app.
- Anonymous performance data and anonymized crash data related to technical errors are collected and sent to a third-party to enhance the app.
- Due to the anonymous nature of the location, performance, tracking, and crash data, it is not possible to draw conclusions about specific individuals.
Personal data generated during the purchase of services is stored in a central database. It is used for ticket inspections to identify the holder of a personalized ticket and to prevent misuse. This data is also provided to our customer service to assist with inquiries or issues and to handle any compensation claims. Furthermore, the anonymized data is used to distribute the revenue generated from ticket purchases among the companies and alliances of the Direct Traffic network fairly. In anonymized form, this data is also processed for other purposes, including marketing and market research.
The operator employs suitable technical and organizational security measures to protect the personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We take internal data protection within the company very seriously. Our employees and external service providers contracted by us are bound to confidentiality and compliance with data protection regulations.
While we take appropriate precautions to protect your data, the transmission of information over the internet and other electronic means always carries some security risks, and we cannot guarantee the security of information transmitted in this manner.
The registration of payment methods is carried out without the involvement of the operator by Datatrans AG, Kreuzbühlstr. 26, 8008 Zurich. They ensure the highest possible level of data protection and payment processing.
10. Data Sharing
Information related to payment methods is neither stored in the app nor by the operator. Registration is done without the involvement of the operator through Datatrans AG.
The app is offered in partnership with various public transport partners. To process customer feedback and fulfill service obligations, partners also have access to personal data stored in the app.
The operator also shares anonymized ticket data for the purpose of payment and ticket reconciliation with the transport companies partnering with the operator. Additionally, anonymized travel data and anonymized app usage data may be shared with the transport companies partnering with the operator for the improvement of their products, public transport offerings, and further statistical analysis purposes.
The usage of the app may be statistically analyzed using Google Analytics. Only anonymized data is used for this analysis. The data can be used to expand and enhance the app.
11. Customer Contact
The operator is authorized to contact users regarding topics related to the ÖV Plus App, including:
- Information within the app to assist with usage.
- Information within the app about changes to the service.
- Surveys in the app regarding the use of the ÖV Plus App.
Depending on the method of contact, messages may contain tracking pixels that allow for log file recording for anonymized statistical analysis.
12. Data Storage and Deletion
Users have the right to request information from the operator about whether and, if so, what data is being processed about them and for what purpose. Users have the right to request the deletion of the relevant data if the data is no longer needed for the purpose for which it was collected, or if the users have objected to data processing or revoked their consent. Legal retention obligations and the national fare dodger register are exempt from this. Furthermore, correction or destruction of incorrect data can be requested at any time. To exercise these rights, a written request should be sent by postal mail to the address mentioned below. The request should include your first name, last name, address, date of birth, and, if applicable, a customer number. The request must be accompanied by a copy of your passport or identity card.
Requests for information and deletion concerning data in the central customer database operated by SBB (DV database or SwissPass database) must be directed to SBB. Requests for information concerning data in the national fare dodger register for travelers without a valid ticket should be directed to PostAuto AG. All stored incidents, even those outside the app, can be found there.
Personal data is only stored for as long as necessary: