Privacy statement

1 General information

This privacy statement applies for Jungfraubahnen Management AG (JBM) (hereinafter referred to as “JBM” or “we”) based in Switzerland, Harderstrasse 14, CH - 3800 Interlaken, entered in the commercial register of the Canton of Berne under the number CH-092.3.014.071-4.

Jungfraubahnen Management AG (JBM) manages the business activity of the companies and is thus responsible for the lawful collection, processing and use of your personal data on the domains and systems operated by JBM:

  • jungfrau.ch
  • top4.ski
  • Jungfrau App (IOS & Android)
  • snowpenair.ch
  • bergrestaurant-kleine-scheidegg.ch

We are committed to handling your personal data responsibly. Consequently, we consider it as a matter of course to meet the statutory requirements of the Swiss Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OFDPA) as well as the EU General Data Protection Regulation (EU-GDPR).

With this privacy statement, we would like to inform you as to which of your data we process, why we need this data and how you can object to the data collection.

Please note that the information below may be reviewed and amended from time to time. We therefore recommend that you read this privacy statement on a regular basis.

Last updated on: 29/01/2020

No guarantee is assumed for compliance with the data protection regulations for third-party websites that are linked on our website.

1.1 As a tourist and public transport company, we handle customer data confidentially

Protecting your personal information and privacy is an important concern for us as a tourist and public transport company. We guarantee lawful processing of your personal data in compliance with the applicable regulations of the data protection law.

The tourist and public transport companies set an example for the confidential handling of your data with the following principles.

1.2 You decide about the processing of your own personal data

Within the legal framework, you can refuse the data processing, revoke your consent to it or have your data deleted at any time. You always have the option of travelling anonymously, i.e. without your personal data being collected.

1.3 We offer you added value when it comes to the processing of your data

The tourist and public transport companies only use your personal data within the framework of the service provision and to offer you added values along the mobility chain (e.g. customised offers and information, support or compensation in the event of disruption). Your data is therefore only used to develop, provide, optimise and evaluate our services or to maintain customer relationships.

1.4 Your data is not sold

Your data is disclosed only to selected third parties listed in this privacy statement and only for the explicitly stated purposes. If we commission third parties to process data, they are obligated to comply with our data protection standards.

1.5 We guarantee the security and protection of your data

The tourist and public transport companies guarantee the careful handling of customer data and the security and protection of your data. We take the necessary organisational and technical precautions for this. Below, you shall find detailed information as to how we handle your data.

2 Who is responsible for the data processing?

JBM is responsible for the processing of your data. As a tourist and public transport company, we are legally obligated to operate so-called “Direct Services” (DS). For this purpose, certain data is exchanged within the transport companies and public transport networks as well as with third parties, who sell public transport products, and is stored centrally in databases jointly operated by all transport companies and public transport networks. We are therefore responsible for individual data processing together with these transport companies and networks. You can find more information on individual data processing in the section “What does shared responsibility in the public transport sector mean?”.

You can get in touch with our internal Data Protection Officer at any time, if you have questions or suggestions on data protection.

Internal Data Protection Officer of Jungfraubahnen
Daniel Messerli
Jungfraubahnen Management AG
Harderstrasse 14
CH-3800 Interlaken

E-Mail: datenschutz@jungfrau.ch

Customers based in an EU Member State can also contact our EU representative pursuant to Art. 27 of the GDPR:

Stefan Fischerkeller – Deutsche Datenschutzkanzlei
Dr.-Klein-Str. 29
BRD–-8069 Tettnang

E-Mail: anfragen@ddsk.de

3 Why do we collect personal data

We know how important it is to you for your personal data to be handled carefully.

Data is always processed only for specific purposes. This may be done, for example, due to technical necessity, contractual requirements, legal provisions, an overriding interest, i.e. for legitimate reasons, or based on your explicit consent.

We collect, store and process personal data to the extent that this is necessary, e.g. for managing customer relationships, distributing our products and providing our services, executing orders and contracts, selling and invoicing, responding to questions and concerns, providing information on our products and services and their marketing, providing support in technical matters as well as evaluating and developing services and products further.

For more detailed information as to which data is processed for which purposes, please read the following sections.

4 Which data is stored and what is it used for

4.1 When purchasing services

For contractual reasons, we need personal information for online orders or for purchases of certain services and products so that we can provide our services and process the contractual relationship. For example, when purchasing a travel card or a single ticket.

When buying personalised services, we collect the following data, depending on the product or service, whereby mandatory information is marked with an asterisk (*) in the corresponding form:

  • Personal photo
  • Gender, name, e-mail address of the purchasing or travelling person
  • Further information such as postal address, date of birth
  • Phone number
  • Payment means/method
  • Consent to the GTC, data protection statement and general terms of use

We also collect data on the services purchased by you (“service data”) for executing the contractual relationship.

Depending on the product or service, this includes the following information:

  • Type of product or service purchased
  • Price
  • Place, date and time of purchase
  • Purchase channel (Internet, machine, counter, etc.)
  • Travel date or validity period as well as departure time
  • Place of departure and destination
  • The arrival and departure dates are also collected for booking a parking space

The legal basis of this data processing is necessary for processing the contract pursuant to Art. 6 para.1 lit. b of the EU-GDPR.

Data generated during the purchase of services is stored in a central database and is also processed for other purposes, including marketing and market research purposes (more information can be found in the respective sections of this privacy statement).

Furthermore, the data is used within the framework of ticket inspection to identify the holder of a personalised ticket and to prevent misuse. The data is also used to provide our After Sales Service to identify and support you if you have any concerns or difficulties and to process compensation claims, if any.

When purchasing train tickets, the data is shared with the Swiss Federal Railways (SBB) as well as with any other transport service providers via a technical interface.

Finally, the data is used for the fair distribution of income from the purchase of tickets among Direct Services companies and networks. Our legitimate interest forms the legal basis of this data processing.

4.2 When using the websites

When our website is visited, the servers of our hosting provider temporarily store every access in a log file. The following data is recorded without any action on your part and is stored by us until it is automatically deleted after fourteen days:

  • IP address of the requesting computer
  • Date and time of access
  • Website, from which the page was accessed; possibly with the search word used
  • Name and URL of the retrieved file
  • Search queries conducted (timetable, general search function on the website, products, etc.)
  • Operating system of your computer (provided by the user agent)
  • Browser used by you (provided by the user agent)
  • Device type, in case of access through mobile phones
  • Transmission protocol used

This data collection and processing provides system security and stability and is used for error and performance analysis as well as for internal statistical purposes and allows us to optimise our Internet offering.

It also helps us design our websites tailored to specific target groups, i.e. providing targeted content or information that could be of interest to you.

The IP address is also used to pre-set the website language.

It is also evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or improper uses of the website for information and defence purposes and is, where appropriate, used within the framework of criminal proceedings for identification purposes and in civil and criminal proceedings against the users concerned.

Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. You can find more information on this in the sections on cookies, tracking tools, advertisements and social plug-ins in this privacy statement.

For this processing, our legitimate interest forms the legal basis within the meaning of Art. 6 para. 1 lit. f of the EU-GDPR.

No guarantee is assumed for compliance with the data protection regulations for third-party websites that are linked on our website.

4.3 Sweepstakes, competitions, forms and similar actions

On our website, we offer permanent or temporary options to take part in sweepstakes, competitions and similar actions. Personal data such as e-mail address, name, address and, if required, other data necessary for the action may be collected in forms, processed and forwarded to third parties to implement these actions. All personal data provided in the context of such an action shall be used exclusively for implementing the action, e.g. for determination of the prize, notification or dispatch of the prize.

4.4 During telephone contact with our Rail Info Interlaken

Our legitimate interest is the legal basis for the data processing when you contact our Rail Info in Interlaken, telephone +41 33 828 72 33; or, if your contact is aimed at the conclusion of a contract, this shall be based on the implementation of the pre-contractual measures requested by you.

4.5 When registering on www.jungfrau.ch

During the order process, you have the option of registering for a customer account. We collect the following personal data, whereby mandatory information for opening a customer account is marked with an asterisk (*):

  • Title (*)
  • Name (*)
  • First name (*)
  • E-mail address (*)
  • Password (*)
  • Subscription to our newsletter
  • Consent to the GTC, data protection and general terms of use (*)

We collect this information to give you an overview of your orders and the contracts concluded with you in this regard.

In this respect, it involves data processing for which you have given us your consent. Hence, this is the legal basis for the data processing.

The legal basis for the processing of your data for the above purpose lies in the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b of the EU-GDPR as well as in our legitimate interest in the most optimal administration of the customer relationship with you (Art. 6 para. 1 lit. f of the EU-GDPR). You can object to such data processing at any time; this would however result in the deletion of your customer account.

4.6 Purchases in the souvenir shop

You can also buy souvenirs through our website.

Within the framework of the purchase process, you are informed about the mandatory information you must provide. This includes, e.g. the type of contact (private person, company), the first and last name, address, telephone number and e-mail address.

4.7 When using the Jungfrau app

When the Jungfrau app is used, the servers of our hosting provider temporarily store every access in a log file. The following data is recorded without any action on your part until it is deleted:

  • IP address of the device
  • Date and time of access
  • IMEI and IMSI
  • If enabled, the location data
  • Device type
  • Operating system of the device
  • Identification number of the customer

This data collection and processing provides system security and stability and is used for error and performance analysis as well as for internal statistical purposes and allows us to optimise our offer.

It also helps us design our app tailored to specific target groups, i.e. providing targeted content or information that could be of interest to you.

The default language of the app is based on the language settings of the device operating system.

It is also evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or improper uses of the app for information and defence purposes and is, where appropriate, used within the framework of criminal proceedings for identification purposes and in civil and criminal proceedings against the users concerned.

Finally, when you visit our app, we use applications and tools that are based on the use of cookies. You can find more information on this in the sections on cookies, tracking tools, advertisements and social plug-ins in this privacy statement.

For this processing, our legitimate interest forms the legal basis within the meaning of Art. 6 para. 1 lit. f of the EU-GDPR.

4.8 When registering on the Jungfrau app

During the order process, you have the option of registering for a customer account. We collect the following personal data, whereby mandatory information for opening a customer account is marked with an asterisk (*):

  • Title
  • Company/Association
  • Name (*)
  • First name (*)
  • Address (street, postal code, place and country)
  • Product-specific data as necessary, e.g. ski boot size, age, etc.
  • E-mail address (*)
  • Password (*)
  • Consent to the GTC, data protection and general terms of use (*)

We collect this information to give you an overview of your orders and the contracts concluded with you in this regard.

In this respect, it involves data processing for which you have given us your consent. Hence, this is the legal basis for the data processing.

The legal basis for the processing of your data for the above purpose lies in the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b of the EU-GDPR as well as in our legitimate interest in the most optimal administration of the customer relationship with you (Art. 6 para. 1 lit. f of the EU-GDPR). You can object to such data processing at any time; this would however result in the deletion of your customer account.

5 For how long is your data stored

We store personal data only for as long as necessary,

  • to provide services requested by you or for which you have given your consent to the extent mentioned in this privacy statement.
  • to use the tracking services mentioned in this privacy statement within the scope of our legitimate interest.

We retain contract data for longer as this is prescribed by statutory retention requirements. Retention requirements that obligate us to retain data are derived from provisions of accounting and tax regulations.

The data is blocked if we no longer need this data to provide the services to you. This means that the data may then only be used for fulfilling our retention requirements.

6 Where is the data stored

As a general rule, your data is stored in databases within Switzerland.

We are entitled to transfer your personal data also to third-party companies abroad insofar as this is required for processing your bookings, requests, provision of services and marketing campaigns. While doing so, we obviously comply with the legal provisions on the disclosure of personal data to third parties. These third parties are obligated for the same level of data protection as the provider. If the level of data protection in a country does not correspond to the Swiss level or to the EU data protection law, we contractually ensure that the protection of your personal data always corresponds to that in Switzerland or to that of the European Economic Area (EEA).

However, some of the third-party service providers mentioned in this privacy statement are based in the USA (refer to “Tracking tools”, “Re-marketing” and “Links to our social media presence”). Further information on data transfers to the USA can be found in the section “Tracking tools used”.

7 Which marketing data is processed

Unless you object, we use the following of your data for marketing purposes:

  • Customer data
    (name, gender, date of birth, address, customer number, e-mail address),
  • Service data
    (data about services purchased such as travel cards or single tickets) as well as
  • clicking behaviour on our websites or in e-mails you receive from us
    (Regarding assessment of clicking behaviour, please refer to the tracking tools section)
  • If enabled: GPS coordinates.
  • If connected with Skiline: Activities in the ski area, which are recorded within the scope of Skiline (separate GTCs and data protection conditions must be confirmed when connecting with Skiline).

We evaluate this data to develop our offering further in line with the needs and to send or present information and offers that are as relevant to you as possible (e.g. via e-mail, letter, SMS, push notifications in the Jungfrau app, personalised teasers on the web, in person at the counter).

For this purpose, we only use data that we can clearly assign to you, for example because you have purchased a ticket on our website.

We also use methods that predict possible future buying behaviour based on your current buying habits. Our legitimate interest forms the legal basis for this processing. In certain cases, SBB or another company involved in Direct Services may get in touch with you under strict conditions. For this, please note the information in the section “Shared responsibility in the public transport sector”.

You can refuse being contacted by us, SBB (e.g. in connection with your GA or Half Fare Card) or other public transport companies at any time. To do this, you have the following options:

  • Every e-mail you receive from us or other public transport companies contains an “Unsubscribe” link that you can click to unsubscribe from further messages.
  • If you have a SwissPass login, you can login to [website] and manage your settings for receiving messages in your user account at any time.

Please also note the information about the right to object to the assessment of clicking behaviour in the tracking tools section.

7.1 Use of your data for advertising purposes

7.1.1 Newsletter/ E-mail advertising/ Online advertising

You will receive a newsletter from us only upon express request. For this, you need to register on the website. The following information must be provided for registration:

  • E-mail address

We use your data for sending newsletters until you revoke your consent. You can revoke your consent at any time. In addition, you will find an unsubscribe link in all newsletter e-mails.

For marketing newsletters, we use the system from: Emarsys North America Inc, 10 W Market St., Suite 1350, Indianapolis, IN 46204, United States.

For corporate newsletters and ad-hoc notifications from the stock market, we use the system from: EQS Group AG, Karlstrasse 47, D-80333 Munich

For e-mail communication within the framework of the Jungfrau app, we use the system from: Braze Inc., 330 West 34th Street, New York, NY 10001, United States

By registering, you give your consent to the processing of the data provided in order to enable us to regularly send the newsletter to the address specified by you, and for the statistical evaluation of user behaviour and optimise our newsletter. This consent represents our legal basis for processing your data for the newsletter within the meaning of Art. 6 para. 1 lit. a of the EU-GDPR.

7.1.2 Re-targeting

We use so-called re-targeting technologies. Your user behaviour on our website is analysed to enable partner websites to offer you advertising that is individually tailored to your preferences. Your user behaviour shall be recorded under a pseudonym.

Most of the re-targeting technologies work with cookies (refer to the section Cookies - When are they used).

This website uses Doubleclick by Google, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to display ads based on the use of previously visited websites. For this purpose, Google uses the DoubleClick cookie, which makes it possible to recognise your browser when visiting other websites. The information generated by the cookie on the visit to this website (including your IP address) is sent to a Google server in the USA and stored there.

Google uses this information to evaluate the use of the website by you for the advertisements to be shown in order to compile reports for the website operator regarding the website activities and advertisements, and to provide further services related to the use of the website and the Internet. Google may also transfer this information to third parties insofar as this is prescribed by law or if third parties process this data on behalf of Google. However, under no circumstances shall Google link your IP address to any other data held by Google. Google is listed as a Privacy Shield participant. The Privacy Shield agreement between the EU and the USA guarantees minimum data protection standards. More information on data protection at Google can be found here.

We also use the Google Tag Manager to manage the services for usage-based advertisement. The Tag Manager tool itself is a no-cookie domain that does not record personal data. The tool rather ensures other tags are triggered, which may, under certain circumstances, record data on their part (refer above). If you have made a deactivation at the domain or cookie level, it remains applicable for all tracking tags that are implemented with the Google Tag Manager.

For managing the services for usage-based advertisement, we also use adwebster, a service provided by Adwebster AG, Geroldstrasse 31, 8005 Zurich, Switzerland. adwebster uses user tracking to mainly record the type of websites visited by you as well as the websites of companies that place advertisements with adwebster, which are called up by you. You may deactivate tracking if you do not want your behaviour data to be recorded. For this, visit the website: http://adwebster.com/Pages/about/opt-out.aspx.

You can prevent re-targeting at any time by rejecting or deactivating the relevant cookies in the menu bar of your web browser.

The legal basis for processing data for the above purposes lies in our legitimate interest in the interest-based and personalised advertising communication with you (Art. 6 para. 1 lit. f of the EU-GDPR).

8 Which data is processed for market-research purposes

Unless you object, we use the following data for marketing purposes:

  • Your customer data (name, gender, date of birth, address, customer number, e-mail address),
  • your service data (data about services purchased such as travel cards or single tickets)

as well as your clicking behaviour on our websites or in e-mails you receive from us. Regarding assessment of clicking behaviour, please refer to the tracking tools section.

We evaluate this data to develop our offering further in line with the needs and to send or present information and offers that are as relevant to you as possible (e.g. via e-mail, letter, SMS, push notifications in the app and personalised teasers on the web, in person at the counter).

For this purpose, we only use data that we can clearly assign to you, for example because you have registered or identified yourself on our website with your Swiss-Pass login and purchased a ticket.

We also use methods that predict possible future buying behaviour based on your current buying habits. Our legitimate interest forms the legal basis for this processing. In certain cases, we may also get in touch with you under strict conditions.

You can refuse being contacted by us, SBB (e.g. in connection with your GA or Half Fare Card) or other public transport companies at any time. To do this, you have the following options:

  • Every e-mail you receive from us or other public transport companies contains an “Unsubscribe” link that you can click to unsubscribe from further messages.
  • If you have a SwissPass login, you can login to [website] and manage your settings for receiving messages in your user account at any time.
  • You can also register or de-register yourself at every counter or over the telephone ([telephone]) or via e-mail ([e-mail address]).

Please also note the information about the right to object to the assessment of clicking behaviour in the tracking tools section.

9 Which rights do you have regarding your personal data

You can object to data processing, particularly data processing relating to direct advertisement (e.g. against advertising e-mails) at any time. You also have the following rights:

9.1 Right to access

You have the right to inspect your personal data saved with us any time and free of charge, if we are processing such data. You can check which of your personal data is being processed by us, and whether we are using it according to the applicable data protection regulations.

9.2 Right to rectification

You have the right to have incorrect or incomplete personal data rectified and be informed about the rectification. In this case, we inform the recipients of the data in question about the corrections made, unless this is impossible or is associated with disproportionate effort.

9.3 Right to erasure

You shall have the right to have your personal data erased under certain circumstances. The right to erasure can be ruled out in individual cases.

9.4 Right to restriction of the processing

Under certain conditions, you have the right to demand restriction of the processing of your personal data.

9.5 Right to data transfer

If you have your domicile in an EU or EEA Member State, you have the right under certain circumstances to get the personal data that was provided to us by you in a readable format free of charge.

9.6 Right of appeal

If you have your domicile in an EU or EEA Member State, you have the right to appeal to a competent supervisory authority against the method of processing of your personal data.

9.7 Right of revocation

You shall basically have the right to revoke an issued consent at any time. However, processing activities from the past based on your consent shall however not become illegal through your revocation.

With a request for information, you can demand information as to which of your data is being processed. For this, we ask you to kindly provide us with an identification document.

Please send it to the internal Data Protection Officer pursuant to Art. 12a of the OFDPA.

Internal Data Protection Officer of Jungfraubahnen
Daniel Messerli
Jungfraubahnen Management AG
Harderstrasse 14
CH-3800 Interlaken

E-Mail: datenschutz@jungfrau.ch

You shall also have the right to file a complaint with a data protection authority at any time.

9.8 National fare evasion register

Since 1 April 2019, the public transport sector has been keeping a central register of passengers who were unable to present a valid ticket or only a partially valid ticket when requested. The introduction dates back to a bill passed in the Swiss parliament in 2015. In this way, people who repeatedly evade fares can be identified more quickly, practices can be standardised throughout Switzerland and processes can be simplified.

The most important information on the national fare evasion register can be found here: https://www.allianceswisspass.ch/de/ueberuns/Mandate-Alliance-SwissPass/Das-nationale-Schwarzfahrerregister

By entering their name, address and date of birth, travellers may at any time submit a written request for information and inquire whether data about them has been collected in the SynServ database. A copy of the traveller’s passport or identity card must be submitted with the request for information. It should be addressed to PostAuto AG:

PostAuto AG
‘SynServ’
Pfingstweidstrasse 60b
8080 Zurich

E-mail: synserv@postauto.ch

10 What does “shared responsibility” mean

As a public transport company, we are legally obligated to provide certain transport services together with other transport companies and networks (“Direct Services”).

For this purpose and for other purposes described in this privacy statement, data is disclosed at national level within the so-called National Direct Services (NDS), an amalgamation of over 240 transport companies (TC) and public transport networks. Data arising from the purchase of services and communication is stored in a central database maintained by SBB under the mandate of the NDS and for which we are responsible together with other NDS companies and networks (“DS database”).

Data from various databases may be merged, if necessary, to ensure the efficient provision of services and cooperation among the parties involved. To allow you to use the so-called Single Sign-On (SSO) (one login for all applications that offer the use of their services with the SwissPass login), the aforementioned login data, card data, customer data and service data are also exchanged between the SwissPass central login infrastructure and us as part of the authentication process.

The extent of the access to the joint databases by the individual TCs and networks is regulated and restricted through a collective agreement. The disclosure and processing by other TCs and networks of the NDS carried out with central storage is generally limited to processing contracts, inspecting tickets, providing After Sales service and distributing income.

Furthermore, in certain cases, the data collected when purchasing NDS services is also processed for marketing purposes. This includes assessing data in order to develop public transport services further in line with the needs and to advertise them. If you are contacted for this purpose, this shall generally be done by us (JBM).

The other TCs and networks participating in the NDS shall contact you only in exceptional cases and under strict conditions and only if an assessment of the data reveals that a specific public transport offer could bring added value for you as a customer. Communication by SBB constitutes an exception. On behalf of the NDS, SBB is in charge of the marketing mandate for DS services (e.g. GA and Half-Fare) and can get in touch with you regularly in this capacity.

Our legitimate interest forms the legal basis for the data processing mentioned here.

11 Is your data disclosed to third parties

We do not sell your data. Your personal data is thus disclosed only to selected service providers and only to the extent required to provide the service.

These providers are IT service providers, travel card issuers, shipping service providers (such as Swiss Post), service providers tasked with distributing income from transport services to participating transport companies (in particular in the context of creating so-called distribution keys within the meaning of the Swiss Passenger Transport Act), our hosting provider (see “Using the website” section) as well as the providers mentioned in the tracking tools, social plug-ins and advertisement sections.

Different third-party service providers shall be explicitly mentioned in this privacy statement (e.g. in the “Newsletter”, “Tracking tools”, “Re-targeting” and “Social plug-ins” sections).

A service provider, to which the personal data collected through the website is disclosed or which has or can have access to such data, is our web host Nine Internet Solutions AG, Badenerstrasse 47, 8004 Zurich. The website is hosted on servers in Switzerland.

We also forward your personal data to insurance companies, if you have booked cancellation insurance via our website. The legal basis for the disclosure lies in the fulfilment of a contract pursuant to Art. 6 para.1 lit. b of the EU-GDPR.

Finally, in case of a credit card payment on the website, we forward your credit card information to your credit card issuer as well as to the credit card acquirer. This is done via:

  • Datatrans Ltd., Kreuzbühlstr. 26, CH-8008 Zurich
  • Scheidt & Bachmann Schweiz GmbH, Güterstrasse 5, 3072 Ostermundigen

If you decide to make a payment using a credit card, you are requested to enter all mandatory information in each case. Regarding the processing of your credit card information by these third parties, we request you to also read the General Terms and Conditions as well as the privacy statement of your credit card issuer. The legal basis for the disclosure lies in the fulfilment of a contract pursuant to Art. 6 para.1 lit. b of the EU-GDPR.

Within the framework of the contracts, the following service providers have access to personal data:

  • Web shop and Jungfrau app creator Alturos Destinations AG, Churerstrasse 54, 8808 Pfäffikon
  • Ticketing and access management operator Axess AG, Sonystrasse 18, 5081 Anif, Austria
  • Ticketing and access management operator SKIDATA (Switzerland) AG, Soodstraße 53, 8134 Adliswil (within the framework of Top4)

Your data can also be disclosed, if we are legally obligated to do so or if this is necessary to protect our rights, in particular to assert claims arising from the relationship with you.

Our legitimate interest forms the legal basis for the data processing mentioned here.

Your personal data is not disclosed to other third parties outside the public transport sector. Some exceptions are (to the extent described below) SwissPass partners and companies that have been granted permission by the public transport companies to provide public transport services on the basis of a contractual agreement.

These intermediaries only get access to your personal data, if you want to use them to purchase a public transport service and have given your consent to such an access. Even in this case, they can only access your data to the extent required to determine as to whether you already have tickets or travel cards for the planned travel period that are relevant for your journey and the third-party service requested by you. Your consent thus forms the legal basis for this data processing. You can revoke your consent at any time with effect for the future (refer to the section “Which rights do you have in relation to your personal data?”).

If you use offers from a SwissPass partner through your SwissPass, data regarding the services you have purchased from us (e.g. a GA, Half Fare Card or point-to-point network card) may be transferred to the SwissPass partners to check whether you can benefit from a specific offer from the relevant SwissPass partner (e.g. discount for GA holders).

The relevant partner shall be informed in the event of loss, theft, misuse or forgery or a card replacement after the purchase of a service. This data processing is required for execution of the contract regarding the use of the SwissPass and is therefore based on this legal foundation. You can find more information in the privacy statement at swisspass.ch as well as in the privacy statement of the respective SwissPass partner.

12 How are tracking tools used

In order to continuously optimise and design our websites, apps and e-mails in line with the needs, we use the analytics services provided by Google Analytics, Google Firebase and Braze.

Our legitimate interest forms the legal basis for the data processing described below.

12.1 Tracking on websites

In connection with our websites, pseudonymised user profiles are created and small text files (“cookies”) that are stored on your computer (see below “13 Cookies – when are they used”) are used. The information generated by cookies about your use of this website is passed on to the servers of the service providers, where it is stored and prepared for us. In addition to the data listed above (refer to “Which data is processed when you use our websites?”), we also receive the following information:

  • Navigation path that a visitor takes on the site
  • Length of stay on the website or sub-page
  • Sub-page, on which the user exits the website
  • Country, region or city, from where access takes place
  • End device (type, version, colour depth, resolution, width and height of the browser window),
  • Recurring or new visitor
  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address) and
  • Time of the server query

The information is used to assess the use of the websites.

12.2 Tracking on the Jungfrau app

Anonymised profiles are used in connection with our app. The information generated about your use of this app is passed on to the servers of the service providers, where it is stored and prepared for us. In addition to the data listed above (see “4.7 Using the Jungfrau app”), we also receive information about which screens have been called up and what content has been activated.

12.3 Tracking when sending e-mails

Our e-mails may contain a web beacon (tracking pixel) or similar technical resource. A web beacon is a 1x1 pixel, invisible graphic that is associated with the user ID of the e-mail subscriber in question.

For each newsletter sent, there is information about the address file used, the subject and the number of newsletters sent. In addition, you can see which addresses have not yet received the newsletter, to which addresses the newsletter was sent and in which case the dispatch addresses that have failed. In addition, the opening rate including information on the addresses that have opened the newsletter and the addresses that have unsubscribed from the newsletter mailing list can also be explained.

Use of relevant services allows the above information to be assessed. This also allows clicking behaviour to be recorded and assessed. We use this data for statistical purposes and to optimise the contents of our messages. This enables us to tailor the information and offers in our e-mail to the individual interests of the respective recipient in a better way. The tracking pixel is deleted if you delete the e-mail.

To prevent the use of the web beacon in our newsletter, please set your mail client such that no HTML is displayed in messages, if this is already not the case by default. On the following pages, you shall find explanations as to how you can make this setting for the most common e-mail clients.

Microsoft Outlook

Mail for Mac (“Load removed contents in messages”)

12.4 Tracking tools used

12.4.1 Google Analytics

For the purpose of tailor-made designing and continuous optimisation of our pages, we use the web analytics service Google Analytics provided by Google. In this connection, pseudonymised user profiles are created and small text files (“cookies”) that are stored on your computer are used. The information generated by the cookie regarding your use of this website such as

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address)
  • Time of the server query
  • Device

is transferred to Google servers in the USA and is stored there. The IP address shall thereby be truncated through the activation of IP anonymisation (“anonymizeIP”) on this website before it is transmitted within the Member States of the European Union or other signatory states to the Agreement on the European Economic Area. Google shall not merge the anonymised IP address transmitted by your browser within the scope of Google Analytics with other data. Only in exceptional cases, the full IP address shall be transferred to a Google server in the USA and truncated there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.

The information is used to evaluate the use of the website, compile reports on the activities on the website and provide other services related to the use of the website and the Internet for the purposes of market research and the tailor-made designing of this website. Google may also transfer this information to third parties insofar as this is prescribed by law or if third parties process this data on order. According to Google, no connection is ever made between the IP address and other data relating to the user.

As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have activated personalised ads and linked your devices to your Google account, subject to your consent to the use of Google Analytics pursuant to Art. 6 DSG and Art. 6 para. 1 lit. a GDPR, Google may analyse your usage behaviour across devices and create database models, including on cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the “Personalised ads” function in the settings of your Google account. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en More information on Google Signals is available here: https://support.google.com/analytics/answer/7532985?hl=en

Users can prevent the collection of the data (including the IP address) generated by the cookie and related to the website use by the respective user by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link:

Google Analytics Browser-Plugin

The legal basis for the processing of data for the above purposes lies in our legitimate interest in the optimisation and personalisation of our website and the services provided on it (Art. 6 para. 1 lit. f of the EU-GDPR).

12.4.2 Braze

The software solution Braze is used for the personalisation of the app contents. Braze is necessary for the functioning of the app. Data is stored exclusively on servers within the European Union.

Find out more about Braze at (https://www.braze.com/legal/)

12.4.3 Monitoring measures by US authorities

For the sake of completeness, we would like to point out that monitoring measures are taken in the USA by US authorities, which generally allow the storage of all personal data of all persons, whose data has been transmitted from the Union into the USA. This takes place without differentiation, restriction or exception by means of the aim pursued and without an objective criterion that allows restricting the US authorities’ access to the data and its subsequent use for certain, strictly limited purposes, which justify the intervention that is associated with the access to this data as well as with its use.

We would like to point out to users domiciled in a Member State of the EU that the USA does not have sufficient level of data protection from the point of view of the European Union – among other things, due to the topics mentioned in this section. As long as we have stated in this privacy statement that recipients of data (e.g. Google) have their registered office in the USA, we shall ensure either through contractual regulations with these companies or by ensuring the certification of these companies under the EU- or Swiss-US Privacy Shield that your data is protected by our partners at an appropriate level.

13 Cookies - when are they used

We use cookies in certain cases. Cookies are small files that are stored on your computer or mobile end device, when you visit or use one of our Internet pages.

In many respects, cookies help to make visiting our website easier, more pleasant and more useful. Cookies are information files stored automatically by your web browser on the hard disk of your computer, when you visit our website.

For example, we use cookies to temporarily save your selected services and entries, when completing a form on the website, so that you do not have to repeat the entries when you call up a different sub-page. Cookies may also be used to enable you to be recognised as a registered user after registration, so that you do not have to repeat the login process when accessing another sub-page.

We use cookies to assess general user behaviour. The goal is to optimise digital performances. These should become easier to use and the contents should be retrieved more intuitively. It should be possible to make the arrangement and structure easier to understand. We are committed to making our digital performances user-friendly in accordance with your requirements. This is how we can optimise the website with targeted content or information that may be of interest to you.

Most Internet browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer or a notice always appears when you receive a new cookie. The following pages explain how to configure the processing of cookies for the most common browsers:

Deactivating cookies may however result in you not being able to use all the features of our website. Our legitimate interest forms the legal basis for the data processing described.

14 Links to our social media presences and social plug-ins

14.1 Social media networks

On our website, you can find links to social media networks. These are not plug-ins from the provider, which already transmit data to the provider when loading the page without any action on the user’s part. The interfaces to the social media networks only contain a link to the social media network including transfer of the website to be shared. No user data shall be transmitted from the website to the social media network.

The links lead to the following networks:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
  • Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
  • TripAdvisor Inc., 400 1st Avenue, Needham, MA 02494 USA
  • YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA

When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network concerned. This gives the network the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while being logged in to your account on the network concerned, the contents of our page may be linked with your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the network in question after clicking on the link.

14.2 Social plug-ins

14.2.1 Facebook Inc.

Social plug-ins of Facebook are also used on our websites in order to make the online shop more personalised. For this, we use the "SHARE"button. This is offered by the American company Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA).

When you call up a page of our website that contains such a plug-in, your browser connects directly to the Facebook servers. The content of the plugin transmitted directly to your browser from Facebook and incorporated in the website from this.

By integrating the plug-in, Facebook receives information that your browser has accessed the relevant page of our website, even if you do not have a Facebook account or are currently not logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and is stored there.

If you have logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. When you interact with the plug-ins, e.g. click the "SHARE" button, the corresponding information is also directly transferred to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends.

Facebook can use this information for the purpose of advertising, market research or tailor-made designing of the Facebook pages. For this purpose, Facebook user, interest and relationship profiles are created, e.g. to evaluate your use of our website in terms of the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide further services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our web presence directly to your Facebook account, you must log out of Facebook before visiting our website.

To find out about the purpose and extent of data collection and further processing and use of the data by Facebook and your rights in this regard and the setting options for protecting your privacy, please refer to Facebook’s privacy notices.

15 Data security

We use suitable technical and organisational security measures to protect your personal data stored by us from manipulation, partial or total loss and unauthorised access by third parties. Our security measures are continuously updated in keeping with technological developments.

When you register with us as a customer, your customer account can, in each case, be accessed only after entering your personal password. You should always keep your payment information confidential and close the browser window after finishing the communication with us, especially if you share your computer with other people.

We also take the protection of our internal company data very seriously. Our staff and the service providers engaged by us are obligated by us to maintain confidentiality and comply with the data protection regulations. Moreover, these are granted access to personal data only to the extent required.

We take reasonable precautions to protect your data. However, transferring information via the Internet and using other electronic means always entails certain security risks, and we cannot guarantee the security of information transmitted in this way.

16 Retention periods

We store personal data only for as long as this is necessary to carry out the aforementioned tracking services and further processing within the framework of our legitimate interest. We retain contract data for longer as this is prescribed by statutory retention requirements. Retention requirements that obligate us to retain data are derived from provisions of accounting and tax regulations. According to these provisions, business communication, concluded contracts and booking documents must be stored for up to 10 years.

17 Applicable law and legal domicile

The courts at the domicile of Jungfraubahnen Management AG (JBM) shall have exclusive jurisdiction for any disputes between visitors/users of the website and Jungfrau Management (JBM), which arise from the operation of/visit to the website. Swiss law shall apply exclusively.

Only the German version of the privacy statement shall be deemed as legally valid; translations of the privacy statement shall not be legally valid.

© Jungfraubahnen Management AG (JBM)