Data privacy
All you need to know about how we handle your personal data: Here you can find the privacy policy of BLS Schifffahrt AG and manage your cookie settings individually.
All you need to know about how we handle your personal data: Here you can find the privacy policy of BLS Schifffahrt AG and manage your cookie settings individually.
This data privacy statement informs you about what we do with your data when you visit bls-schiff.ch, other websites we operate, or use our apps (hereinafter collectively referred to as “website”), make use of our products or services, are otherwise associated with us in the scope of a contract, communicate with us, or have any other dealings with us. Where necessary, you will receive prompt written communication from us about additional processing activities not mentioned in this privacy policy. In addition, we can inform you separately about the processing of your data, e.g. in declarations of consent, contractual conditions, additional data privacy statements, forms and notices (e.g. FAQs).
BLS Schifffahrt AG, Lachenweg 19, 3604 Thun, hereinafter referred to as "BLS Schifffahrt", is responsible in accordance with data protection law for the data processing described in this data privacy statement unless otherwise communicated in individual cases, e.g. in other data privacy statements, forms, or contracts.
Furthermore, as a transport service provider, we are required by law to perform what is known as the "National Direct Service" (NDS). For this purpose, an exchange of certain data takes place among the transport service providers (TSPs) and public transport partners (see overview here) as well as third parties that sell public transport products, and these data are stored centrally in the databases operated jointly by all TSPs and public transport partners. Consequently, we are responsible for individual data processing together with these TSPs and tariff associations. You can reach us at the following address for all your concerns relating to data protection and in order to exercise your rights in accordance with Section 10:
BLS Ltd.
Legal / Data Protection
Genfergasse 11, 3001 Bern
datenschutz@bls.ch
In addition, we have appointed the following data protection representatives in the EU in accordance with Art. 27 GDPR:
Swiss Infosec (Deutschland) GmbH
Friedrichstrasse 123
10117 Berlin
BLS Schifffahrt is a public transport operator in Switzerland. Public transport operators handle customer data on the basis of trust.
The protection of you personally and your privacy is an important concern for us as public transport operators. We guarantee that we will process your personal data in accordance with the applicable provisions of data protection law.
The public transport operators set an example for the trustworthy handling of your data with the following principles:
You make your own decisions about the processing of your personal data.
Within the legal framework, you can refuse and/or withdraw your consent to data processing or have your data deleted at any time. You always have the opportunity to travel anonymously, that is without the collection of your personal data. Exceptions to this are any purchases from our web store.
We offer you added value when processing your data.
The public transport operators exclusively use your personal data to offer you added value along the mobility chain (e.g. tailored offers and information, support or compensation in the event of service disruption). Your data will be used exclusively for the development, delivery, optimisation and evaluation of our services or for the maintenance of the customer relationship.
Your data will not be sold.
Your data will only be disclosed to selected third parties listed in this data privacy statement and only for the explicitly stated purposes. Where we commission third parties with data processing, they will be obliged to adhere to our standards pertaining to data protection law.
We guarantee that your data will be secure and protected.
The public transport operators guarantee the conscientious handling of customer data and that your data will be secure and protected. We ensure that the necessary organisational and technical precautions for this are in place.
In the following, you will receive detailed information on how we handle your data.
We are aware that conscientious handling of your personal data is important to you. All data processing is only carried out for specific purposes. This could result from, for example, technical necessity, contractual requirements, legal provisions, prevailing interests, i.e. legitimate reasons, or your express consent. We collect, store and process personal data where this is necessary, for example, for initiating, managing and handling the customer relationship, communication with you, marketing purposes and relationship management, as well as for market research and the further development of services and products.
That way, some of your personal characteristics can be automatically evaluated for the purposes mentioned above ("profiling"), if we want to determine preference data, but also to identify misuse and security risks, perform statistical evaluations, or for operational planning purposes. We can also create profiles for the same purposes. This means we can combine behavioural and preference data but also master and contract data and technical data assigned to you to better understand you as a person with your various interests and other characteristics. However, we can also create anonymous mobility profiles for you and – with your consent – personalised mobility profiles.
In certain situations, for reasons of efficiency and the uniformity of decision-making processes, it may be necessary that we automate discretionary decisions that affect you and have legal implications or possibly significant disadvantages ("automated individual decisions," such as the automatic acceptance of orders by our web store). In this case, we will inform you accordingly and ensure compliance with measures required by the applicable law.
For detailed information on which data are processed for which purposes, please read the following sections.
For contractual reasons, for online orders and reservations as well as the purchase of certain services and products, we require personal information to provide our services and process the contractual relationship. One example is the purchase of a travel card, a single ticket or a reservation.
We collect the following data when you purchase personalised services – depending on the product or service:
In order to process the contractual relationship, we also collect data relating to the services purchased by you ("service data"). These include – depending on the product or service – the following information:
For group reservations also:
To ensure that we are always able to reach you by post, we match your address with a service provider and update it if necessary.
Data that are generated by the purchase of services will be processed by BLS Schifffahrt, stored in a central database, and processed for additional purposes, which include marketing and market research. Moreover, the data are used within the scope of ticket inspection in order to identify the owner of a personalised ticket and to avoid any misuse of said ticket. Data are also used for the provision of our after-sales service to identify and assist you in the event that you have any concerns or difficulties and to process any compensation claims. Finally, data are used to ensure fair distribution of the revenue generated by the sale of tickets among transport service providers and affiliates of the National Direct Service.
Finally, we evaluate your data anonymously in order to be able to further develop the overall system of public transport according to demand.
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
The following then applies in connection with payment in the web stores we use:
Debit/credit cards/PostFinance card
For payment by credit card, we forward your card details to your card issuer via our payment service provider (acquirer and Payyo). The transmission takes place exclusively for the purpose of authorisation and transaction processing and in encrypted form. If you choose to make a card payment, you will be asked to enter all mandatory information (payment card type, payment card number, CVC2/CVV2, expiry date, first name, last name). In certain circumstances it may be necessary to authenticate yourself as an authorised cardholder, e.g. using the 3DSecure procedure.
Wallet solutions (Twint, Apple and Google Pay)
With wallet payment solutions, your card details have been securely stored in the wallet beforehand. If you decide to pay with a wallet solution, you usually do not have to enter any payment card information. Only the data required for authorisation and transaction processing is transferred via the wallet.
Insofar as the GDPR is applicable, the legal basis for the transfer of data is the necessity for the performance of the contract.
Customer and travelcard data are required and processed for the purpose of securing revenue (checking the validity of travel or discount passes, collection, combating abuse). The TSPs, associations and third parties who arrange tickets are therefore entitled to process all data (ticket and control data, as well as, where applicable, data worthy of protection in connection with all types of travel without a valid ticket, such as travellers with a partially valid ticket, travellers with invalid tickets, or travellers who have forgotten their tickets or discount cards, and any kind of misuse) relating to the travellers or the contracting parties and to store them for the periods defined by data protection law and to exchange them with other TSPs, associations and third parties who arrange tickets (in the case of international tickets or discount cards, also across borders).
The following provisions apply to individual services or bearer media:
Swisspass card
Where the physical Swisspass card is used as a bearer medium, no control data is stored (exception: see Swisspass Mobile).
Swisspass Mobile
For use of the Swisspass Mobile application, the provisions that apply are those acknowledged during the activation of Swisspass Mobile (see separate data privacy statement). The following data are processed in this regard: registration, activation and control data that accrue through use of Swisspass Mobile. As soon as Swisspass Mobile is used, these data are also collected from the Swisspass card.
Electronic tickets
When electronic tickets (e-tickets) are used, control data are stored in the central control data server at SBB. This data is stored for 360 days for the purpose of combating misuse and for measures to prevent misuse and abusive refunds.
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
When visiting our website, the servers of our hosting provider temporarily save each access as log data. The following technical data is collected in this context:
The collection and processing of these data contribute to system security and stability and error and performance analysis, which enables our hosting provider to optimise our internet offering. In addition, this enables us to configure our website in accordance with the specific target group, i.e. to provide targeted content or information that may be of interest to you.
The IP address, together with other data, will be evaluated for the purposes of clarification and defence in the event of attacks on the network infrastructure or other prohibited or improper use and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users in question.
Finally, when you visit our websites, we use cookies in addition to applications and tools that are based on the use of cookies. More detailed information can be found in the sections on cookies, tracking tools, advertising and social plug-ins within this data privacy statement.
Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.
We can make no guarantee for compliance with data protection regulations for external web pages that are linked to our website.
When a booking is made via our web store, our servers temporarily store the following personal data in addition to the technical data listed in section 2.4:
Personal data of the person making the booking:
Personal details of the tickets/products booked per person:
The following information is also recorded:
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
You have the opportunity to get in touch with our customer service via a contact form or e-mail. The following personal data must be entered as a minimum when contacting us via the contact form:
We use these and other voluntarily supplied data (in particular the address, telephone number and company) to answer your query in the best possible, personalised manner. Moreover, we may use the information you provide to our customer service via contact form or e-mail for internal analytical purposes or the improvement of our services. Any voluntary information on how you became aware of our offer will also be used for internal statistical purposes.
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
When you contact our customer service by telephone, we record the form of address, first names and surnames if they become known. If we have or require further personal data relating to you from previous contact with BLS, we use this for the purpose of helping you as quickly as possible. (Example: You call us with a question about a ticket purchased in the web store. With the help of your e-mail address, we can find the transactions and help you further.)
After completing your request, we will send you a text message with a customer satisfaction survey if you contacted us using a mobile number. If the initial contact was made by e-mail, we will send the customer satisfaction survey by e-mail.
Personal data will be deleted after five years, unless you contact customer service again in the meantime or request the deletion of the data yourself. The data are stored in the CRM MS Dynamics (Microsoft) as well as in Zendesk.
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
If you use social media, BLS Schifffahrt may run advertising campaigns that are visible on your user profile based on your consent to the social media provider. You have the option of contacting BLS Schifffahrt in the course of these campaigns. If you contact us, we will use the following personal data that we received as part of your consent from the social media provider:
We use this data exclusively to provide you with the information you requested through your contact.
Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.
Based on Art. 55 of the Passenger Transport Act (PBG), Art. 128 of the Inland Navigation Ordinance (BSV) and the implementing provisions pursuant to the Public Transport Video Surveillance Ordinance (VüV-ÖV), BLS Schifffahrt monitors its Interlaken West station by means of video cameras, which serve to protect customers, operations and infrastructure, and uses live camera images on the port and starboard sides for the purpose of safe navigation of the boat.
With the exception of the live camera images for the safe navigation of the boat, the image signal recordings that enable the identification of individuals are stored centrally. All recordings are stored for a maximum of 10 days and then automatically deleted. Recordings are only backed up when incidents have been identified. Instructions to back up and the backing up of recordings themselves may only be initiated and/or carried out by clearly defined functions within BLS Schifffahrt.
Backed-up recordings containing personal data will, as a rule, be evaluated on the next workday; as an exception for operational or technical reasons, this may take place within two additional workdays. Evaluations take place in the following cases:
The evaluation will be exclusively carried out by the responsible authorised functions within BLS Schifffahrt.
Backed-up recordings will be stored in such a way as to protect them from unauthorised access. The recordings will be deleted 100 days after their creation at the latest unless disclosed in accordance with the following.
Recordings will only be disclosed to the following authorities:
Disclosure will only take place where this is necessary for the proceedings. In the case of disclosure, the recordings shall be retained until the formal conclusion of the legal proceedings.
Provided that you agree, we will use the following for marketing purposes: your customer data (in particular name, gender, date of birth, address, customer number, e-mail address), your service data (in particular data about services used by you such as travel cards or single tickets) as well as your click behaviour on our web pages or in emails that you have received from us. With regard to the evaluation of click behaviour, please see the section on tracking tools.
We evaluate this data to further develop our offering in line with requirements and show or provide you with the most relevant information and offers (via email, letter, SMS, push notifications in the app and personalised teasers on the web, in person at the counter). To this end, we use only the data that can be unequivocally assigned to you. In addition, we implement methods that predict your future potential purchasing behaviour on the basis of your current purchasing behaviour.
The legal basis for this processing is our legitimate interest. In certain cases, under strict provisions, contact may also be made by the SBB or another company affiliated with the National Direct Service. Please see also the reference in the section "General responsibility within public transport."
You can refuse to be contacted by SBB (e.g. in connection with your GA or half-fare travelcard) or by other public transport companies or us at any time. In this regard, the following options are at your disposal:
Please also be aware of the information on your right to object with regard to the evaluation of click behaviour in the section on tracking tools.
We regularly carry out market research to continuously improve the quality of our services and offers. Consequently, we may use your contact details to invite you to take part in surveys. This may be either via e-mail or over the phone.
In general, all information provided by you in the context of BLS Schifffahrt market research is exclusively evaluated in an anonymised form. Participation in BLS Schifffahrt market research is voluntary. It is not possible to draw conclusions about the individual participants (unless the participants voluntarily provide their e-mail address to enter a competition in connection with the survey), nor is this the intention. By taking part in surveys, you are consenting to this use of data in each case.
If you do not wish to be invited to such surveys, you have the following options:
Insofar as the EU GDPR is applicable, your consent forms the legal basis for this processing of personal data.
In order to return lost items (on boats, at stations, etc.) to their owners or to contact the owners, we record certain personal data in connection with the management of lost property, including the following:
Insofar as the EU GDPR is applicable, our legitimate interest and the necessity for the execution of the contract form the legal basis for this processing of personal data.
If we organise competitions, prize draws and similar events, we will process personal data, such as your contact details and information about your participation, for the purpose of organising the competitions and prize draws and, where applicable, communicating with you in this regard. Further details can be found in the relevant conditions of participation.
We will pass on your personal data to third parties in Switzerland and abroad in connection with our contracts, the website, our products and services, our legal obligations or for the protection of our legitimate interests and the other listed purposes. The third parties include the following categories of recipients in particular:
As explained in Clause 3, we also disclose your data to other organisations. These organisations are not exclusively based in Switzerland. Consequently, your data may be processed in both Europe and in a third country, for example the USA.
If a recipient is situated in a country without appropriate legal data protection, we contractually require the recipient to adhere to applicable data protection standards (to this end we use the revised standard contractual clauses of the European Commission, which can be viewed here), insofar as the recipient is not already subject to a legally recognised set of regulations for ensuring data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have consented to the disclosure, or if it is a matter of data that you have made generally accessible and to the processing of which you have not objected.
We only store your personal data for as long as is required:
Contractual data is stored by us for a longer duration, since this is required by legal data retention obligations. Retention obligations that oblige us to retain data are based on accounting regulations and tax law regulations. Provided the data is no longer needed to carry out services for you, any further processing of the data will be terminated. This means that the data may then only be used to comply with our retention obligations.
Below is an overview of the storage duration and locations of databases that process our customers' personal data.
Database | Storage period | Storage location |
Database for group bookings | Customer data will be deleted after 5 years of inactivity at the latest. | Switzerland |
Sales database | Personal data is only stored for as long as necessary for the respective purpose or as required by law. Master data of registered persons will be deleted after five years of inactivity at the latest, provided there are no statutory retention obligations. Earlier deletion can take place at any time at the request of the person concerned. In the case of orders without an account, the master data will be deleted after the warranty period has expired or after the service has ended, provided there are no legal obligations for further storage. The deletion takes place either immediately or as part of regular deletion runs. Contract data that may contain personal information is stored for up to ten years in accordance with legal requirements. Once the period of active use has expired, this data is blocked and used exclusively for legally prescribed purposes such as accounting or tax matters. Data relating to misuse, payment defaults or other legitimate reasons may be stored for five years, or ten years in the event of recurrence.
| Switzerland/EU/EEA |
Database for reservation management for culinary and event cruises | Customer data will be deleted after 5 years of inactivity at the latest. | EU/EEA |
Database for management of vouchers | Customer data will be deleted after 5 years at the latest, provided the voucher has been fully redeemed and there are no statutory retention obligations. | EU/EEA |
Analytics database | Raw data (incl. IP addresses) is deleted within 25 months. | EU/EEA |
Financial database | Data that we have to retain for accounting reasons is archived after the statutory period. | EU/EEA |
Customer relationship management system | Completed customer contacts are anonymised after 2 years. | Switzerland |
To protect your personal data that we have stored, we operate suitable technical and organisational security measures against manipulation, partial or total loss and unauthorised access by third parties. Our security measures are subject to continuous improvement in line with technological developments. We also take internal data protection very seriously. Our employees and external service providers commissioned by us are obliged to maintain confidentiality and comply with data protection regulations. We take reasonable precautions to protect your data. However, the transmission of information via the internet and other electronic means is always subject to certain security risks, and we can offer no guarantee for the security of information that is transmitted in this way.
We use web analytics services for the purpose of designing and continuously optimising our website and mailings to meet needs.
Insofar as the EU GDPR is applicable, your consent and/or our legitimate interest form the legal basis for this processing of personal data.
Tracking on internet pages
In connection with our internet pages, pseudonymised usage profiles are created and small text files ("cookies") stored on your computer are used (see "What are cookies and when are they used?" below). The information generated by cookies about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed above (see "What data is processed when you use our internet pages?"), we thereby obtain the following information:
The information is used to evaluate the use of the web pages.
Tracking the sending of e-mails
We use the e-mail marketing services of third parties when sending emails. Consequently, our emails may contain what is known as a web beacon (tracking pixel) or similar technological tools. A web beacon is an invisible graphic the size of a single pixel that is linked to the user ID of the respective email subscriber.
For each newsletter sent, there is information on the address file used, the subject and the number of newsletters sent. In addition, it is possible to see which addresses have yet to receive the newsletter, to which addresses the newsletter was sent, and for which addresses the sending failed. In addition, the opening rate, including information on which addresses have opened the newsletter and which addresses have unsubscribed from the newsletter distribution list are discerned.
The utilisation of appropriate services enables the evaluation of the information listed above. In addition, click behaviour can also be recorded and evaluated. We use these data for statistical purposes and optimising the content of our messages. This enables us to better align the information and offers in our emails with the individual interests of the respective recipients. The web beacon is deleted when you delete the e-mail.
If you would like to prevent the use of the web beacon in our emails, please configure your email program in such a way that no HTML is displayed in messages, if this is not already the default setting. You can find example instructions for how to do this here.
We currently use the following tracking and analytics tools:
We use cookies in certain cases. Cookies are small files that are stored on your computer or mobile device when you visit or use one of our websites. Cookies store certain settings about your browser and data about exchanges with the website through your browser. When a cookie is activated, it can be assigned an identification number that identifies your browser and allows the information contained in the cookie to be used. You can configure your browser to display a warning on the screen before saving a cookie. You can also choose not to take advantage of personal cookies. Certain services cannot be used in this case.
We use cookies to evaluate general user behaviour. The aim is to optimise the digital presences. These are to be made easier to use and the content more intuitive to find. The aim is to structure them in a more comprehensible way. It is important to us to make the digital presences user-friendly according to your needs. This allows us to optimise the website by providing targeted content or information on the website that may be of interest to you.
You can configure your cookies using the following consent management tools:
Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin
Disabling cookies may result in you not being able to use all the functions of our website.
Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.
On our website, we link to the following social networks or our corresponding profiles on the sites:
Either the plugins are only displayed as graphics or with a link on our website, or the plugins are deactivated on our websites and therefore do not send any data to the social networks. When you click on the graphic or the plugin, you will be forwarded to the respective social media platform and the aforementioned provisions of the respective provider apply (see bullet points). Or you can activate all plugins by clicking on the "Activate plugins" button (so-called two-click solution). The plugins can, of course, be deactivated again with one click.
If the plugins are activated, your browser will establish a direct connection with the servers of the respective social network as soon as you access our website. The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it.
By integrating the plugins, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We therefore have no influence on the scope of the data that the provider collects with the plug-in.
If you are logged in to the social network, it can assign the visit to our website directly to your user account. If you interact with the plug-ins, the corresponding information will also be transmitted directly to a server of the provider and stored there. The information can also be published on the social network and, under certain circumstances, may be displayed to other users of the social network.
The provider of the social network may use this information for the purposes of advertising, market research, and to customise the design of the respective offering. For this purpose, usage, interest and relationship profiles could be created, for example, to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network.
The purpose and scope of the data collection and further processing and use of data by the providers of the social networks and the relevant rights and settings to protect your privacy can be found in the data protection information of the relevant providers.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins.
Insofar as the EU GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data.
We do not use third-party providers (ad servers) to place and use personalised adverts on our website bls-schiff.ch.
With regard to your personal data, you have the following rights:
If you wish to exercise the above-mentioned rights against us or one of our group companies, please contact us in writing or send us an email; our contact information can be found in Section B. In order for us to rule out any potential misuse, we must identify you (e.g. with a copy of your ID, if this is not possible via any other method).
If you wish to request information or deletion of the data stored about you in the entire public transport system, you can do so in writing and with a copy of your ID card to SBB (SBB AG, Recht & Compliance, Fachstelle Datenschutz, Hilfikerstrasse 1, CH-3000 Bern 65). You can find further details of the information and deletion process within Public Transport Switzerland here.
Requests for information from the information system on travellers without a valid ticket in accordance with Art. 20a of the Swiss Federal Law on Passenger Transport (Bundesgesetzes über die Personenbeförderung, PGB) should be sent to the operator of the system at the following address:
PostAuto AG, 'SynServ', Pfingstweidstrasse 60b, CH-8080 Zurich
or via e-mail to: synserv@postauto.ch
If you do not agree with our handling of your rights or data protection, please communicate this to us. In particular, if you are located in the EEA, in the United Kingdom or in Switzerland, you also have the right to complain to the data protection supervisory authority within your country.
You can find a list of the authorities within the EEA here.
You can reach the supervisory authority of the United Kingdom here.
Changes to this privacy policy may be necessary from time to time. BLS Schifffahrt reserves the right to amend this data privacy statement at any time with effect from a future date. The version published on this website is the currently applicable version.
Last updated in May 2025