This Privacy Policy applies to the processing of personal data by SBB within the scope of the Swiss Data Protection Act and the General Data Protection Regulation (GDPR) of the European Union.
It gives you the most important information you need to know: What data we process, for what purpose we need the data, how we protect them, what added value you gain from the data processing, and how you can object to it. If further privacy policies are used - for example, for apps - these will be listed.
Protecting your personality and privacy is a major concern for us as public transport companies. We guarantee to you that we will process your personal data in accordance with the applicable provisions of data protection law. By adhering to the following principles, public transport companies give a clear signal that your data will be handled confidentially.
You decide yourself how your personal data are to be processed.
Where permitted by law, you can at any time object to data processing, withdraw your consent or require that your data be erased. You always have the option of travelling anonymously without your personal data being recorded.
We offer you added value by processing your data.
Public transport companies use your personal data to offer you added value throughout the mobility chain (e.g. bespoke offers and information, support or compensation in the event of disruption). Your data are therefore used only in relation to the development, provision, optimisation and assessment of our services or for customer support purposes.
Your data are not sold.
Your data are only disclosed to selected third parties specified in this Privacy Policy and only for the purposes specifically indicated. If we commission third parties to carry out data processing, they will be required to comply with our data protection standards.
We guarantee the security of your data and ensure that they are protected.
Public transport companies undertake to handle customer data with care and to guarantee their security and protection. We ensure this by adopting the necessary technical and organisational precautions.
You have the following rights with regard to your data. You can make use of them at any time.
Information about your stored personal data
Rectification, supplementation, blocking or erasure of your personal data (if due to legal storage obligations we can only erase your data at a later date, they will be blocked in the meantime)
Delete your customer account or have it deleted
Object to the use of your data for marketing purposes
Withdraw your consent for future data processing
Transmission of your data
To exercise your rights, all you need do is write a letter to our data protection officer.
In addition, you have the right to put any questions or concerns you may have at any time to the Federal Data Protection and Information Commissioner.
In order to guarantee direct transport - as we are legally obliged to - we cooperate with other transport companies, public transport associations and companies that sell public transport products. Data is exchanged and stored in shared databases. This ensures that you can travel seamlessly with different transport companies and in different fare networks with one ticket.
Together with these companies and networks, we assume responsibility for the processing of your data.
There are clear legal regulations for the use of personal data, to which we refer again and again in this Privacy Policy. They refer to the applicable law in Switzerland and the EU General Data Protection Regulation (EU-GDPR).
The applicable law requires us to retain certain data concerning you. At the request of law enforcement or other authorities, we are required to disclose some of this data.
Example:
When connecting to SBB WiFi, we must retain and, if necessary, disclose connection and identification data in accordance with the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF) and the associated ordinance (VÜPF).
The Federal Act on Combating Money Laundering and Terrorist Financing (Money Laundering Act, AMLA) requires us to retain customer and transaction data for a specific period of time.
If you have any questions regarding data protection, please contact our data protection officer in confidence.
Our data processing brings you advantages and makes travelling easier for you. Here you can discover how you can benefit from it.
Book tickets, make reservations or buy a subscription - for this we need basic information from you.
E.g.:
Your name and email address so that you can be issued a ticket online.
Your date of birth for discounts to which you are entitled (senior citizens' or children's tickets).
Your licence plate, so that we can reserve a parking space for you.
Certain data make our websites and apps more efficient to use. This makes things more convenient, especially when you are on the move.
E.g.:
Session cookies remember your purchases, allowing you to pay for all items at once.
For correct screen display, we need to know which device you are using.
Route suggestions and route guidance are calculated from the GPS data of your current location - provided you have given your consent.
If we store your preferences, you will be able to access services more quickly and use additional features. That is, of course, only if you do not refuse.
E.g.:
We use cookies to maintain your language preference on the website and in apps.
We will send you "push notifications" to inform you of delays or diversions. So you can react faster.
We are committed to improving our website and apps to make them even easier for you to use. To do this, we test existing and new applications - your feedback is needed for internal statistics and is of great assistance to us.
E.g.:
Your responses to online customer satisfaction surveys help us improve our services.
By evaluating the click behaviour on websites and in apps, we can adapt the user interface to your needs.
Support is important to us. Certain data can be used to send you information by telephone or email and to answer questions in live chat or forums.
Some data helps us to inform you about products and new services or to adapt advertisements on our websites to your interests. That is, of course, only if you do not refuse.
E.g.:
If we know your purchases such as single tickets or subscriptions, only relevant offers will land in your mailbox.
If you register with SBB Mobile, you will receive offers that match your travel habits.
The types of data we store and how they are used.
Data you give us.
This is data that you give us when you buy a ticket online, create a customer account, make enquiries or take part in surveys. We use this data
to identify and support you in case of concerns or difficulties
for ticket inspection
to prevent abuse
in order to contact you
in order to settle compensation claims
Data that we automatically store.
This is technical data that ensures the functionality of the web pages, improves services and usage and provides us with information about your usage behaviour. We use cookies and tracking tools for this purpose.
As far as the EU-GDPR applies, our legitimate interest and the contractual performance requirement form the legal basis for this processing of personal data.
You do not have to reveal any data to surf on our website pages. What happens automatically is that our servers record every access, store the following data for seven months and then automatically delete it again.
IP address of the computer requesting access
date and time of access
the website from which our website was accessed, including the search term where applicable
the name and URL of the file being requested
searches performed (timetable, products, etc.)
the computer’s operating system
the browser being used
device type of the mobile phone, if used
the transmission protocol being used
Good performance.
These data are used to ensure system security and stability, to facilitate error and performance analysis, and to help to optimise our range of products and services so they meet your wishes and needs.
Protection against hackers.
The IP address provides intelligence if there are attacks on the network infrastructure or other misuse or abuse. It may be used in criminal proceedings for identification purposes and for civil and criminal proceedings against the users concerned.
As far as the EU-GDPR applies, our legitimate interest forms the legal basis for this processing of personal data.
We cannot guarantee that non-SBB websites that are linked to our web pages comply with the relevant data protection regulations.
We offer you a range of apps that support your mobility and make travelling easier. You can identify which data is processed in the privacy policy of the respective app.
These apps are available to you:
SBB Mobile
SBB Preview
P+Rail
My station
SBB AR
SmartWay
Push notifications in the apps inform you about delays, redirected trains, or other relevant information. You can decide for yourself whether you wish to receive them and simply set them up when you initially install the app. You can also turn off push notifications at any time.
Your SwissPass customer account allows you to use our websites and apps to their full extent. For this we need the following data from you:
Full name
Date of birth
Address (street, postcode, city and country)
Customer number (if you have a public transport subscription)
Email address and password (login data)
With your SwissPass login, you can access the online services of public transport companies and networks without having to additionally register. This is practical and makes many things easier for you.
Services that you purchase using the SwissPass login (in particular public transport tickets/subscriptions) are recorded in your customer account and in a central database ("IT database").
Data exchange via Single Sign-On (SSO).
During authentication, login, customer and performance data are exchanged between the central login infrastructure of the Public Transport Network, the partner platform and ourselves. This applies to the name, date of birth, address, email address and performance data.
Insofar as the EU-GDPR applies, the legal basis for the processing of personal data is the contractual performance requirement.
By using the contact form on our website you can easily get in touch with us. We need the data you provide - e.g. title, address, telephone number and company name - in order to answer your enquiry.
You are not obliged to give us information on how you came across our offer. If you do, we use it exclusively for statistical purposes.
As far as the EU-GDPR applies, our legitimate interest and the contractual performance requirement form the legal basis for this processing of personal data.
About the SBB Contact Centre.
Your call will be recorded for training purposes and kept for 6 months along with your phone number and the time of the call. The recording is then deleted. You are notified at the beginning of the call that your conversation will be recorded.
We store all of the e-mails which we receive via contact forms.
As far as the EU-GDPR applies, our legitimate interest and the contractual performance requirement form the legal basis for this processing of personal data.
About forums and chats.
You can participate in forums and chats on SBB.ch and other SBB websites. Please remember that any information you disclose online will be made public.
About SBB Customer Say.
Your voice counts: By participating in SBB Customer Say, you can have a say in the development of new processes and products. The aim is to design products and services according to customer needs. Certain data is required from you for this.
You can find out which data is processed at kundenstimme.sbb.ch.
Using SBB WiFi is easy: Register the device and surf away. Your access is valid for 12 months.
By registering, your mobile phone number and the MAC address of your device as well as the data concerning the station area visited are recorded with the time, date and device.
Our statutory obligations.
As a telecommunications service provider, we are registered with the Federal Office of Communications and must therefore comply with the statutory obligations of the Federal Act of 18 March 2016 on the Surveillance of Postal and Telecommunications Traffic and its associated ordinance.
For us, this means.
Provided the legal conditions are met, we are required, on behalf of the competent authority, to monitor, either directly or through a third party, the use of the Internet and data traffic between the customer and the Internet. Furthermore, we may be required to disclose the customer’s contact, usage and peripheral data to the authorised administrative bodies.
For your data, this means.
The usage and peripheral data generated when establishing and ending electronic connections will be stored in personally identifiable form for six months before being anonymised.
From the time participation in the WiFi service is cancelled or 12 months after registration, the contact data will be stored for another six months and then destroyed.
Data for advertising and marketing.
We use your customer data for advertising and marketing purposes. You can exercise your right of revocation at any time or control the advertising in the apps under "Settings”.
As far as the EU-GDPR applies, our legitimate interest forms the legal basis for this processing of personal data.
We use the data we receive from you - by e-mail, letter, SMS or personally at the counter - to make you offers that correspond to your buying behaviour.
The following data can be used for this purpose:
Name
Gender
Date of birth
Address
Customer number
E-mail address
Information about subscriptions or single tickets
Clicking behaviour on our websites or in e-mails that we have sent you
Click-through rate on displays / banners with SBB advertising
Information concerning interests, affinities and user behaviour
We use third-party e-mail marketing services that use tracking tools when sending e-mails. We collect the data for statistical purposes and subsequent dispatch as well as to optimise the content of our messages.
The following data is used:
Information about the address file used
Subject and number of newsletters sent
Addresses to which the newsletter has not yet been sent
Addresses to which the newsletter has been sent
Addresses with failed dispatch
Opening rate
Addresses that have opened the newsletter
Addresses that have unsubscribed from the newsletter distribution list
Clicking behaviour
For advertisements on our websites and in our apps, we use third-party services. AdServers are automated ad management systems that are used to store, deliver and measure the success of Internet advertisements. These allow you to see only those ads that interest you. NB: No data is passed on to third parties.
The AdServer processes the following information when you visit our websites and apps:
Profile data (age, place of residence and gender)
Travel data (place, time, date and day of departure, destination, arrival time, date and day, class of travel, article number, zone and subscription type)
Website accessed, including search performed, if applicable
Rough GPS coordinates
Unique User ID, IP address (hashed)
Information on the browser and operating system
Device manufacturer and model
Travel data, if you have agreed to its use
How the AdServer works.
For each request, the ad server checks whether a suitable campaign is running and then delivers specific, non-specific or no advertising at all at random and depending on capacity.
Your data are secure.
These data are never transmitted to the advertiser and are not stored for further use, but are used exclusively for the one-time display of advertising. No personal identifying profiles are created in this process, nor are any names, telephone numbers, addresses or e-mail addresses stored.
On SBB.ch, Adobe Target is used for website optimisation and the display of personalised content.
The following data will be processed:
Anonymised IP address
Tracking data on how you use the site, such as your preferred topics
You can request that your data not be processed by Adobe Target.
To improve the quality of our services and offerings, we conduct market research. This may mean that we use your contact details for customer surveys (e.g. online surveys). If you do not wish to participate in such surveys, you can have yourself excluded from participating in surveys here or by emailing mafo-unsubscribe@sbb.chLink opens in new window..
Your data will not be sold by us to third parties.
Your personal data will only be passed on to selected service providers - and only to the extent necessary to provide the service.
These include:
IT support service providers
Issuers of subscription tickets
Shipping service providers (e.g. Swiss Post)
Service providers charged with allocating traffic revenues to the transport companies involved (in particular in the course of drawing up so-called distribution keys within the meaning of the Federal Passenger Transport Act of 20 March 2009 (Personenbeförderungsgesetz, PBG))
Our Hosting Provider
We may be legally required to pass on such information or it may be necessary to pass it on in order to safeguard our rights.
External service providers who process data on our behalf are contractually obliged to comply with the relevant data protection regulations and are not considered third parties under data protection law.
As far as the EU-GDPR applies, our legitimate interest and legal requirements form the legal basis for this processing of personal data.
To ensure that your journey runs smoothly, the following data is forwarded within Direct Service, an association of more than 240 public transport companies, and to networks:
Personal identification and contact details
Identity verification (SwissPass login)
Travel and purchase data
These are required for the following:
To get you from A to B
Ticket inspection
After-sales service
Revenue distribution
Joint marketing (to a limited extent)
Single Sign-On (SSO)
Analysis of the data helps us to further develop and advertise public transport services according to your needs.
On behalf of Direct Service, we carry out the marketing mandate for the services of Direct Service (e.g. GA and Half-Fare travelcard). We may contact you regularly in this role. Contact is always made by us. Only in exceptional cases and under strict conditions may another participating transport company or network get in touch with you.
As public transport companies, we are obliged by law to provide transport services with other transport companies and public transport networks (DS - Direct Service). To enable you to have these, data originating from contact made with you or from services you have purchased will be passed on within DS.
If you book an international trip, your data will be transmitted to foreign public transport providers in order to check tickets or prevent their misuse.
We are entitled to transfer your personal data to contract data processors in or outside the EU. If we do this, these companies are obliged to comply with data protection to the same extent as we are.
Data storage.
Data that is passed on within DS is stored in a central database. This is supervised by us as we are mandated by DS b – we are jointly responsible with the DS companies and networks.
Access is regulated.
In order to be able to offer you efficient services from the joint work of the transport companies and public transport networks, information from the databases is combined. For example: Single Sign-On (SSO), a login for all services of your SwissPass account.
Access to the joint databases by the individual transport companies and networks of DS is regulated by a joint agreement and is limited to contract processing, ticket inspection, after-sales service and revenue distribution.
In the case of services that you purchase using the SwissPass login, the data is additionally stored in the SwissPass database. This is supervised by us under the mandate of the DS. Together with the DS transport companies and networks, we are responsible for this.
Advantages of Single Sign-On.
So that we can get you from A to B efficiently, the login, ticket, customer and performance data from the various databases are merged. Single Sign-On (SSO) enables you to use all the services of the SwissPass account with a single login.
Data protection.
We protect your personal data stored with us against manipulation, loss or unauthorised third-party access. In order to ensure continuous protection, we are constantly developing our security measures. Our data protection officer will be pleased to provide you with additional information concerning this. You can find him or her at Your contact for questions on data protection.
The transmission of data over the internet and via other electronic means always entails risks. Despite taking appropriate precautions, we cannot therefore guarantee the security of any information transmitted over the Internet.
Cookies.
Cookies are small files that are stored on your computer or mobile device when you visit our websites or use apps. Some cookies are necessary for the website or app to function, while others extend the range of functions and improve user comfort for you.
Together with tracking tools, cookies can analyse the usage behaviour when online offers are made.