In order to create a SwissPass login, you will be redirected to the SwissPass website. There, you must open a customer account (cf. also www.swisspass.ch/datenschutz); in such cases, SwissPass will bear sole responsibility for such processing.
You can find out how the data is processed in their privacy policy.
What personal data is stored?
- Gender
- First name
- Last name
- Address
- Language
- E-mail
- Mobile
- Date of birth
- Passport photo
- Credit card information
- KeyCard number
- SwissPass number
- Personal photo
- Consent to the GTC
For what purpose?
Identity verification.
The SwissPass Card is personal, and the customer's identity must be verified when the card is acquired for the first time or when changing customer data (surname, first name, date of birth, gender). The verification of identity is carried out either directly at the ticket counter, by means of a copy of ID in the case of travelcard orders through the SBB Contact Centre, or online.
Regardless of the channel selected, surname, first name, date of birth and gender are read and stored. All other data required for the online identity check are irretrievably deleted after the verification process.
Further information on the online identity check can be found in the GTC.
In the control of services.
Customer and subscription data are required and processed for revenue protection (checking the validity of tickets or reduced-fare tickets, collection, combating misuse). Transport companies and networks are therefore entitled to process all data (ticket and inspection data and, where applicable, particularly sensitive data in connection with all types of travel without a valid ticket, such as passengers with a partially valid ticket, passengers with an invalid ticket or travellers with forgotten tickets and reduced-fare tickets and any misuse) of travellers or contracting parties, store them for the periods defined under data protection law and exchange them with other transport companies and networks (including across borders in the case of international tickets or reduced-fare tickets).
The following provisions shall apply to individual services or carrier media:
SwissPass Card
When the physical SwissPass Card is used as a wallet, no inspection data is stored (exception see SwissPass Mobile).
SwissPass Mobile.
When using the SwissPass Mobile application, the provisions acknowledged when activating SwissPass Mobile apply. In this regard, the following data is processed: Registration, activation and inspection data generated when using SwissPass Mobile. As soon as SwissPass Mobile is used, this data is also collected from the SwissPass Card.
Registration data are retained for up to 18 months after deactivation of SwissPass Mobile or expiry of the SwissPass Card. The activation and inspection data for SwissPass Mobile and the SwissPass Card are stored on the inspection devices for one day and in the inspection database for thirty days. If there are indications of misuse, the maximum retention period for activation and control data is ninety days. Travellers who commit misuse using SwissPass Mobile will be banned from SwissPass Mobile for twelve months. After that, the use of SwissPass Mobile is possible again. After a further twelve months, the traveller's exclusion file will be deleted.
Insofar as the EU GDPR applies, our legitimate interest and the fact that it is required for the performance of a contract constitute the legal basis for this processing of personal data.
Data in the event of misuse of tickets.
In the event of travel without a valid ticket, the data will be stored in a separate database and in a jointly operated register. Travellers or contracting parties acknowledge that, in the event of any misuse or falsification, the transport companies are authorised to provide the relevant personal data to all internal units affected by the misuse as well as to other transport companies so that any misuse can be ruled out or confirmed and further misuse can be prevented. Pursuant to the Swiss Federal Act on Passenger Transport (PBG), different deadlines apply to the processing of the aforementioned data. The data shall be erased as soon as it is established that the person concerned has not caused a loss of revenue and after two years if the person concerned has paid the surcharges and has demonstrably no longer travelled without a valid ticket during this period. The data may be retained for a maximum of ten years if it is required for enforcing claims against this person.
Insofar as the EU GDPR is applicable, Art. 20a PBG and Art. 58a VPB provide the legal basis for this processing of personal data.
Partner Services.
When registering with a partner or purchasing or using partner services, your card and customer data (card ID, customer number, title, form of address, surname and first name, address, date of birth, travelcard information and photo) are transmitted to SwissPass Plus partners for the purpose of processing transactions. If any partner services are purchased, SBB stores the service data. SBB shall inform SwissPass partners in the event of loss, theft, misuse, forgery or card replacement.
In order to use certain partner services (e.g. SwissPass Parking), you must deposit a valid means of payment with a transport company.
In order to enable you to take advantage of discounted services, Swiss Pass partners are authorised to retrieve directly required subscription data.
SwissPass customer account.
You do not need a SwissPass Card or a public transport travelcard in order to issue a SwissPass account. You can access your data at any time in your customer account on swisspass.ch. With a SwissPass login, you have access to various online public transport services and selected partners. This allows you to log in to websites, online shops and apps without further registration. We need at least the following information from you in order to create a SwissPass account:
- Title, surname and first name
- Date of birth
- Customer number (if you have a public transport travelcard or a SwissPass)
- E-mail address and password (login data)
Your data will be stored in Switzerland.
Inactive customer accounts are deleted after 18 months.
Data exchange via single sign-on (SSO).
During authentication, login and customer data (name, address, date of birth, gender, title, correspondence email address, login email address, landline and mobile numbers, language, card information, technical customer ID) are exchanged between the central login infrastructure of the Public Transport Association and the partner platform (e.g. swisspass.ch, SBB.ch, SBB Mobile, Helvetic Motion, etc.).
Insofar as the EU General Data Protection Regulation (EU GDPR) is applicable, the legal basis for this processing of personal data is the requirement for the performance of a contract.
Website swisspass.ch.
You can visit the swisspass.ch websites without having to provide any personal information. If you agree, we analyse usage data, such as the last page visited, click behaviour, frequency of access, browser used, date, time, etc., in an anonymised manner in order to identify trends and improve our online content. In doing so, we do not draw any conclusions about your person.
Passenger rights.
Your personal data will be processed by SBB AG on behalf of the Swiss public transport authority in connection with compensation claims for the following purposes and stored for 13 months:
- Processing, examination and provision of information on compensation claims and
- Identifying and defending against abusive claims
Your personal data will not be disclosed to third parties outside Switzerland and will not be used for marketing purposes.
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR); Performance of a contract (Art. 6(1)(b) GDPR)