Tickets
Tickets

Data protection

The protection of your data is important to us - here you can find out everything you need to know.

General privacy policy of PILATUS-BAHNEN AG

  1. What is this privacy policy about?
  2. Who is responsible for processing your data?
  3. What personal data do we process?
  4. For what purposes do we process your personal data?
  5. Which online tracking and online advertising techniques do we use?
  6. What applies to profiling and automated decisions?
  7. How do we process data in connection with social media?
  8. To whom do we disclose your personal data?
  9. Do we disclose personal data abroad?
  10. How long do we process personal data?
  11. What is the legal basis for data processing?
  12. How do we protect your data?
  13. What rights do you have?
  14. Updating the privacy policy

1 What is this privacy policy about?

PILATUS-BAHNEN AG, Schlossweg 1, 6010 Kriens, Switzerland ("Pilatus-Bahnen", "we" or "us") processes personal data concerning you or other persons in different ways and for different purposes. "Personal data" means any information relating to an identified or identifiable natural person, and "processing" means any handling of it, regardless of the means and procedures used, e.g. collection, use and disclosure.

This Privacy Policy explains our processing of such data (hereinafter referred to as "personal data" or "data") when

  • you visit our website www.pilatus.ch,
  • you purchase our services or products,
  • you are otherwise in contact with us as part of a contract
  • you contact us by email, letter, on social media, by text message, via the contact form
  • you register for our newsletter
  • you have dealings with us in the context of all other data processing in connection with our offers.

For ease of reading, this privacy policy does not refer to more than one gender. However, we refer to persons of all genders.

Please take the time to read this privacy policy to find out how and why PILATUS-BAHNEN AG processes your personal data, how PILATUS-BAHNEN AG protects your personal data and what rights you have in this regard. If you have any questions or would like further information on our data processing, please do not hesitate to contact us (Section 2).

We have aligned this privacy policy with both the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). If the data protection declaration refers to "personal data" or "processing", this also includes "personal data" or "processing" in accordance with the GDPR. However, whether and to what extent the GDPR is applicable at all depends on the individual case.

2 Who is responsible for processing your data?

The following company is the "controller", i.e. the entity primarily responsible under data protection law, for data processing in accordance with this privacy policy, unless otherwise communicated in individual cases:

PILATUS-BAHNEN AG
Schlossweg 1
6010 Kriens
Switzerland

If you have any questions about data protection or would like to exercise your rights as a data subject, you are welcome to contact us at the following address so that we can process your request quickly:

E-mail: info@pilatus.ch

3 What personal data do we process?

We process different categories of personal data depending on the occasion and purpose. The most important categories are listed below, although this list is not exhaustive.

You provide us with much of the data mentioned in this section yourself (e.g. via the contact form, as part of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases. If you wish to conclude contracts with us or make use of services, you must also provide us with the data necessary for the fulfilment of the contract or provision of the services, in particular master data and contract data.

If you transmit or disclose data about other persons (e.g. work colleagues or family members) to us, we assume that you are authorised to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy (e.g. by a reference to this privacy policy).

3.1 Master data

We define master data as the basic data that we require for the processing of our business relationships or for marketing and advertising purposes and that relate directly to your person and characteristics. Depending on the relationship with you, different personal data is processed. For example, we process the following master data:

  • Title, surname and first name, gender
  • Address, contact details such as e-mail address and telephone and mobile phone number
  • Further information from identification documents
  • Information on language preferences
  • Information on professional profile and employment (e.g. employment relationship, employer, start of employment) and, if applicable, on training
  • In the case of company contacts, also relationships with the company you work for
  • Customer history
  • Authorisations to sign and declarations of consent

We generally receive this master data from you yourself, but may also receive it from other persons who work for your company, but may also obtain personal data from third parties, e.g. from organisations for which you work or from third parties such as our contractual partners, associations and address brokers and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.).

3.2 Contract data

Contract data is information that arises in connection with the conclusion or execution of the contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, information about the conclusion of the contract itself (e.g. the date of conclusion and the subject matter of the contract), as well as the information required or used for processing. We process the following contract data, for example:

  • Date, application process, information on the type and duration as well as conditions of the contract in question, data on the termination of the contract
  • Contact details and billing address
  • Information on the use of services
  • Information on payments and payment methods, invoices, mutual claims, contacts with customer service, complaints, defects, returns, information on customer satisfaction, complaints, feedback, etc.

We receive this data from you, but also from partners with whom we work. Again, this data may relate to your company, in which case it is not "personal data", but also to you if you work for a company or if you receive services from us yourself.

3.3 Communication data

Communication data is data in connection with our communication with you, e.g. if you contact us via the contact form or other means of communication. Communication data are e.g.

  • Content of correspondence (e.g. emails, written correspondence, telephone conversations, etc.)
  • Information on the type, time and possibly place of communication and other peripheral data of the communication.

3.4 Technical data

Technical data is collected in connection with the use of our website. This includes, for example, the following data

  • IP address of the end device and device ID
  • Information about your device, the operating system of your device or language settings
  • Information about your internet provider
  • content accessed or logs in which the use of our systems is recorded
  • Date and time of access to the website and your approximate location

We may also assign you or your end device an individual code (e.g. by means of a cookie; see section 5.1). This code is stored for a certain period of time, often only during your visit.

3.5 Behavioural data

In order to tailor our offers and services to you or your company in the best possible way, we try to get to know you better and tailor our services to you. To do this, we collect and use data about your behaviour. Behavioural data is, in particular, information about your use of our website. It can also be collected on the basis of technical data. This includes, for example, information about your use of electronic communications (e.g. whether and when you have opened an email or clicked on a link). We can also use your other interactions with us as behavioural data, and we can link behavioural data with other data (e.g. with anonymous data from statistical offices) and evaluate this data on a personal and non-personal basis.

3.6 Preference data

Preference data provides us with information about your likely needs and which services you - or your company - are interested in. We therefore also process data on your interests and preferences. For this purpose, we can link behavioural data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behaviour.

3.7 Other data

We may also collect data from you in other situations. In connection with official or legal proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. With your consent, we may receive or produce photos, videos and audio recordings in which you may be recognisable (e.g. at events).

4 For what purposes do we process your personal data?

We primarily use the personal data we collect to process your orders. In addition, we also process your personal data for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose, insofar as this is permitted and appears appropriate to us:

  • For communication purposes, i.e. to contact you and maintain contact with you. This includes responding to enquiries and contacting you in the event of queries, e.g. by email. In particular, we process your communication and master data for this purpose.
  • For customer care and for marketing purposes, in order to inform you specifically about offers according to your personal interests and preferences, e.g. through personalised advertising. For this purpose, we process in particular technical data, master data and communication data as well as behavioural data.
  • We also process data to improve our services and for product development.
  • To ensure IT security and for prevention: We process personal data to monitor the performance of our operations, in particular IT, our website, applications and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes. This includes, for example, the evaluation of system-side records of the use of our systems (log data), the prevention, defence against and investigation of cyber attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks.
  • For legal defence: We may also process personal data in order to enforce claims in court, before or outside of court and before authorities in Switzerland and abroad or to defend ourselves against claims. Master data and communication data may be processed for this purpose.
  • To comply with legal requirements: This includes, for example, the processing of complaints and other reports, compliance with orders of a court or authority, measures to detect and clarify abuses and generally measures to which we are obliged under applicable law, self-regulation or industry standards. In particular, we may process your master data and communication data for this purpose.
  • For administration and support: In order to organise our internal processes efficiently, we process data to the extent necessary for IT administration, accounting or data archiving. In particular, communication and behavioural data as well as technical data may be used for this purpose.
  • We may also process data for other purposes. These include corporate management, including business organisation and corporate development, other internal processes and administrative purposes (e.g. management of master data, accounting and archiving), training and education purposes and the preparation and processing of the purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data, as well as measures for business management and the protection of other legitimate interests.

If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by sending us an e-mail.

5 Which online tracking and online advertising technologies do we use?

We use various technologies on our website with which we and third parties engaged by us can recognise you when you use our website and, in some cases, track you over several visits. The use of such technologies is specially regulated. You can find more information on this in our separate cookie notice.

6 What applies to profiling and automated decisions?

We may process and analyse your data automatically in accordance with section 3. This also includes so-called profiling, i.e. automated analyses of data for analysis and forecasting purposes, to determine preference data (section 3.6). The most important examples are profiling for customer care and marketing purposes.

In order to ensure the efficiency and consistency of our decision-making processes, we make certain decisions with the help of computers according to certain rules and, if necessary, without a review by one of our employees. If decisions are made exclusively by automated means and lead to a negative legal consequence for you or otherwise significantly affect you ("automated individual decisions"), we will inform you accordingly. In this case, you have a special right as a data subject in the context of this automated individual decision. You can find more information on this under point 13.

7 How do we process data in connection with social media?

On our website, we offer you the option of using a "social media plugin" from Facebook, Instagram and LinkedIn to integrate functions from these providers into our websites. These plugins are deactivated by default. As soon as you activate them (e.g. by clicking on the button), the relevant providers can recognise that you are on our website. If you have a corresponding account with the social media provider, they can assign this information to you and thus track your use of online services.

We are generally jointly responsible with the relevant providers for the exchange of data that this provider collects via plugins or comparable functions (but not for the further processing of a provider). We have concluded a corresponding supplementary agreement with the provider. You can address requests for information and other requests from data subjects in connection with joint responsibility directly to us or the provider in question.

If you communicate with us via social media and our profiles there (e.g. on Facebook, Instagram and LinkedIn) or comment on or disseminate content, we collect information that we use primarily to communicate with you, for marketing purposes and for statistical analyses. Please note that the provider of the platform also collects and uses data itself (e.g. on user behaviour) when you visit our social media sites, possibly together with other data known to it (e.g. for marketing purposes or to personalise the platform content). Further information on data processing by social network providers can be found in the privacy policies of the relevant social networks.

8 Who do we disclose your personal data to?

In connection with our data processing, we also disclose your personal data to other recipients.

We disclose the personal data required for their services to service providers. This applies in particular to IT service providers, but also to consulting companies, analytics service providers, debt collection service providers, marketing service providers, etc. Insofar as service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take measures to ensure data security.

Data may also be disclosed to other recipients, e.g. to courts and authorities as part of proceedings and statutory duties to provide information and cooperate, to purchasers of companies and assets, to financing companies in the case of securitisations and to debt collection agencies.

In individual cases, we may also pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or authorised to do so.

9. do we disclose personal data abroad?

The personal data collected about you will generally be stored and processed by us within Switzerland and the EEA (European Economic Area). If it is necessary to transfer your personal data to a country outside the EEA, we can only do so if this is necessary for the data processing described in this privacy policy and is in accordance with the applicable data protection legislation.

If a recipient is located in a country without an adequate legal level of data protection, we contractually oblige the recipient to comply with the applicable data protection legislation. To this end, we use the revised standard contractual clauses of the European Commission approved and adapted by the Swiss supervisory authority, the Federal Data Protection and Information Commissioner (FDPIC), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the fulfilment of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

10 How long do we process personal data?

We store and process your personal data for as long as is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship). If the data is subject to a longer retention period (e.g. a ten-year retention period applies to certain data) and there is also a longer legitimate interest in the storage (e.g. to enforce legal claims, for archiving and/or to ensure IT security), the personal data will be stored for this longer period. If there are no legal or contractual obligations to the contrary, we will destroy or anonymise your data at the end of the storage or processing period as part of our normal processes.

As a rule, we store master data for 8 years from the last exchange with you, but at least from the end of the contract. As described above, this period may also be longer if this is necessary to comply with statutory retention periods or for reasons of proof. In the case of pure marketing and advertising contacts, the period is normally much shorter, usually no more than 2 years from the last contact.

We generally store contract data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if this is necessary to comply with statutory retention periods or for reasons of proof.

We anonymise or delete your behavioural and preference data when it is no longer relevant for the purposes pursued, which can be between 2-3 weeks (for movement profiles) and 24 months (for product and service preferences), depending on the type of data. This period may be longer if this is necessary to comply with statutory retention periods or for reasons of proof.

11 What is the legal basis for data processing?

Depending on the circumstances, data processing is only permitted if the applicable law specifically authorises it. This does not apply according to the Swiss Data Protection Act, but e.g. according to the GDPR, insofar as it applies. In this case, we base the processing of your personal data on the following legal bases

  • on your consent (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR);
  • that the processing is necessary for the fulfilment of the contract or pre-contractual measures (e.g. the examination of a contract application; Art. 6 para. 2 lit. b GDPR)
  • that the processing is necessary for the establishment, exercise or defence of legal claims or civil proceedings (Art. 6 para. 1 lit. f and Art. 9 para. 2 lit. f GDPR)
  • the processing is necessary for compliance with domestic or foreign legal provisions (Art. 6 para. 1 lit. c and lit. f; Art. 9 para. 2 lit. g GDPR)
  • the processing is necessary for a legitimate interest in data processing, in particular the interests mentioned in section 4 (Art. 6 para. 1 lit. f GDPR).

12. how do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorised access. However, security risks cannot generally be completely ruled out; residual risks are unavoidable.

13 What rights do you have?

You have certain rights under applicable data protection law to obtain further information about our data processing and to influence it. These are in particular the following rights:

  • Right to information: You can request further information about our data processing. We are at your disposal for this purpose. You can submit a request for information if you would like information and a copy of your data.
  • Right to restriction, objection and erasure: You can restrict our data processing, object to it and also request that we erase your personal data at any time if we are not obliged to continue processing or retaining this data and if it is not required to fulfil the contractual relationship.
  • Correction: You can have incorrect or incomplete personal data corrected or completed or have it supplemented by a confirmation note.
  • Transfer: You also have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have it transferred to a third party, provided that the corresponding data processing is based on your consent or is necessary for the fulfilment of the contract.
  • Revocation: If we process data on the basis of your consent, you can revoke your consent at any time. The revocation only applies to the future, and we reserve the right to continue processing data on another basis in the event of a revocation.
  • If we make an automated individual decision that may have legal consequences for you, you have the right to speak to one of our representatives and request a review of this decision. In this case, you will no longer be able to use certain automated services.

Please note that these rights are subject to legal requirements and restrictions and are therefore not always fully available. In particular, we may need to continue processing and storing your personal data in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to protect legitimate interests, we may therefore also refuse a data subject's request in whole or in part (e.g. by blacking out certain content that concerns third parties or our business secrets).

If you wish to exercise your rights against us, please contact us by e-mail or post. You will find our contact details in section 2, where we will generally have to verify your identity. You are also free to lodge a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

14 Updating the data protection declarations

We reserve the right to amend, supplement or otherwise change the data protection declarations at any time and without giving reasons. The data protection declarations as published on the website apply.

Last update: 24.04.2025

top

Cookie notice

  1. How and why do we use cookies and similar technologies?
  2. How can cookies and similar technologies be deactivated?
  3. Cookies from partners and third parties on our website

1. How and why do we use cookies and similar technologies?

We use third-party services for our website in order to measure and improve the user-friendliness of the website and online advertising campaigns. For this purpose, we may integrate third-party components on our website, which in turn may use cookies and similar technologies (see below). When we use such technologies, the aim is to be able to distinguish between access by you (via your system) and access by other users so that we can ensure the functionality of the website and carry out statistical analyses. We do not want to infer your identity. The technologies used are therefore designed in such a way that you are recognised as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (e.g. so-called "cookie"), but that you are not identified by name.

Such technologies are only used if you have expressly consented to this in the storage and tracking settings.

Cookies are files that your browser automatically saves on your end device when you visit our website. Cookies contain a unique identification number (an ID) that enables us to distinguish individual visitors from others, but generally without identifying them. Depending on their intended use, cookies contain further information, e.g. about pages accessed and the duration of a page visit. We use session cookies, which are deleted when the browser is closed, and persistent cookies, which remain stored for a certain period of time after the browser is closed and are used to recognise visitors on subsequent visits.

We may also use similar technologies, e.g. [LinkedIn Insight Tags, Pixel Tags or Fingerprints] to store data in the browser. Pixel tags are small, usually invisible images or programme code that are loaded by a server and thereby transmit certain information to the server operator, e.g. whether and when the website was visited. Fingerprints are information that is collected when you visit our website via the configuration of your end device or your browser and that make your end device distinguishable from other devices.

Similar to cookies, browser storage technologies such as local storage and session storage are used to store user data and make it available across multiple page views and sessions.

We use the following types of cookies and similar technologies:

  • Necessary cookies: Necessary cookies are required for the functionality of the websites, e.g. so that you can switch between pages without losing information entered in a form.
  • Functional cookies: Functional cookies enable extended functions and can display personalised content.
  • Performance cookies: These cookies collect information about the use of a website and enable analyses, e.g. which pages are the most popular. They can simplify the visit to a website and improve user-friendliness.
  • Marketing cookies: Marketing cookies help us and our advertising partners to target you on our websites and on third-party websites with adverts for products or services that may be of interest to you, or to display our adverts when you continue to use the internet after visiting our website.

We use cookies, local storage and session storage in particular for the following purposes

  • Personalisation of content
  • Displaying personalised advertisements and offers
  • Displaying adverts on third-party websites and measuring success, i.e. whether you respond to these adverts (remarketing)
  • Saving settings between your visits
  • Determining whether and how we can improve our website
  • Collecting statistical data on the number of users and their usage habits and to improve the speed and performance of the website
  • We may process your contact details to target you with adverts on third party platforms.

2. How can cookies and similar technologies be deactivated?

When you visit our website, you have the option of activating or deactivating certain categories of cookies (see checkboxes below). You can configure your browser settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also add software (so-called "plug-ins") to your browser that blocks tracking by certain third parties. You can find out more about this on the help pages of your browser (usually under the heading "Data protection"). Please note that our website may no longer function fully if you block cookies and similar technologies.

3. Cookies from partners and third parties on our website

We use third-party services to measure and improve the user-friendliness of the website and online advertising campaigns. Third-party providers may also be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analysis services so that we can optimise and personalise our website. The relevant third-party providers may record the use of the website for this purpose and combine their recordings with other information from other websites. This allows them to record user behaviour across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers can also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites.

Two of our most important third-party providers are Google and HubSpot. You can find more information about them below. Other third-party providers generally process personal and other data in a similar way.

Google Analytics, an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland; both together "Google", whereby Google Ireland Ltd. is responsible under data protection law for users in the European Economic Area (EEA). Google uses cookies and similar technologies to collect certain information about the behaviour of individual users on or in the relevant website and the end device used for this purpose (tablet, PC, smartphone, etc.). Google collects information about the behaviour of users on the website and the end device used and provides us with evaluations on this basis, but also processes certain data for its own purposes. We have configured Google Analytics in such a way that visitors' IP addresses are anonymised before being forwarded to the USA. Information on data protection at Google Analytics can be found here. You can deactivate Google Analytics by installing an appropriate browser add-on. We do not record any personal data such as names, email addresses etc. for custom events in Google Analytics. Custom events are used exclusively to record the performance of the website.

HubSpot, an analysis service of HubSpot Inc (25 1st St Fl 2, Cambridge, Massachusetts, 02141, United States) and HubSpot Ireland Ltd (2nd Floor 30 North Wall Quay, Dublin 1, Ireland, both together "HubSpot", whereby HubSpot Ireland Ltd. is the data controller under data protection law for users in the EEA. HubSpot is an integrated software solution that covers various aspects of online marketing. We use Hubspot as a CRM integration on our website to optimise communication processes with you. This enables us to ensure a smooth communication and consulting service. We have configured the analysis service so that visitors' IP addresses are anonymised before being forwarded to the USA. Further information on Hubspot's data protection can be found in Hubspot's Data Processing Agreement and in Hubspot's Privacy Policy.

top

Supplementary privacy policy of PILATUS-BAHNEN AG as a public transport company (ÖV)

The following privacy policy applies in addition to the general privacy policy of PILATUS-BAHNEN AG. It is aimed at customers who receive services in connection with public transport - in particular when using the SwissPass login or purchasing tickets.

Our promise to you

Public transport companies handle your data confidentially. The protection of your personality and your privacy is important to us, the public transport companies. We guarantee that your personal data will be processed in accordance with the applicable provisions of data protection law.

With the following principles, the public transport companies are setting an example for the trustworthy handling of your data:

  • You yourself decide on the processing of your personal data.
    Within the legal framework, you can refuse data processing or withdraw your consent at any time or have your data deleted.
  • We offer you added value when processing your data.
    We use your data exclusively in the context of providing services and to offer you added value (e.g. customised offers, information and support). We therefore only use your data for the development, provision, optimisation and evaluation of our services or for maintaining the customer relationship.
  • Your data will not be sold.
    Your data will only be disclosed to selected third parties listed in this privacy policy and only for the explicitly stated purposes. If we commission third parties to process data, they are obliged to comply with our data protection standards.
  • We guarantee the security and protection of your data.
    We guarantee the careful handling, security and protection of your data. We take the necessary organisational and technical precautions to ensure this.

What does "joint responsibility in public transport" mean?

PILATUS-BAHNEN AG is responsible for the processing of your data. As a public transport company, we are required by law to provide transport services jointly with other transport companies and associations ("direct transport", Art. 16 and 17 of the Passenger Transport Act). In order to make this possible, data that originates from contacting you or from your purchased services, for example, is passed on at national level within the National Direct Transport (NDV), an association of over 240 transport companies (TU) and public transport networks. The individual transport companies and networks are listed here.

The data is stored in the central database NOVA (network-wide public transport connection), which is managed by SBB on behalf of the NDV and for which we are responsible together with the other companies and associations of the NDV. NOVA is a technical platform for the sale of public transport services. It contains all the central elements for the sale of public transport services, such as the customer database. The scope of access to the shared databases by the individual transport companies and associations is governed by a joint agreement. The forwarding of data and its processing by the transport companies and associations in connection with centralised storage is limited to the following purposes:

  • Provision of the transport service
    To ensure that your journey runs smoothly, your travel and purchase data will be forwarded within the NDV.
  • Contract processing
    We process this data for the initiation, administration and fulfilment of contractual relationships.
  • Customer relationship management and support
    We process your data for purposes related to communication with you, in particular to respond to enquiries and assert your rights and to identify and provide you with the best possible support in the event of concerns or difficulties across the public transport network, as well as to process any claims for compensation.
  • Ticket control and revenue protection
    Customer and season ticket data is required and processed to secure revenue (checking the validity of travelcards or discount cards, collection, combating misuse).
    Incidents of travelling without a valid or partially valid ticket can be recorded via the national fare evasion register.
  • Revenue distribution
    The Alliance SwissPass office, managed by ch-integral, fulfils the legal mandate defined in the Swiss Passenger Transport Act to collect travel data for the correct distribution of revenue. The office acts as the mandate holder for revenue distribution in national direct transport on behalf of the companies that are members of the NDV.
  • Identification as part of the authentication of the SwissPass login (SSO)
    For services that you purchase using the SwissPass login, the data is then stored in the central customer database (NOVA). To enable single sign-on (SSO) (one login for all applications that offer use of your services with the SwissPass login), the aforementioned login, card, customer and service data is also exchanged between the central SwissPass login infrastructure and us as part of the authentication process.
  • Joint marketing and market research activities
    In addition, the data collected when purchasing public transport services is also processed for marketing purposes in certain cases. If you have given your consent and processing or contact is made with you for this purpose, this will generally only be carried out by the transport company or association from which you purchased the corresponding public transport service. Processing or contact by the other transport companies and networks involved in the NDV will only take place in exceptional cases and under strict conditions, and only if the evaluation of the data shows that a particular public transport service could provide added value for you as a customer. An exception to this is processing and contacting by SBB. SBB manages the marketing mandate for NDV services (e.g. GA travelcard and Half-Fare travelcard) on behalf of NDV and can contact you regularly in this role. We also process your data for market research, to improve our services and for product development.
  • Further development of public transport systems with anonymous data
    We analyse your data anonymously in order to further develop the overall public transport system in line with your needs.
  • Customer information
    For group journeys, we will inform you via SMS about your group reservation and any delays or cancellations. You can decide for yourself whether you would like to receive these notifications when you book a group journey.

Will your data be passed on to third parties?

Your data will not be sold on by us. Your personal data will only be passed on to selected service providers and only to the extent necessary for the provision of the service. These are IT support service providers, issuers of subscription cards, shipping service providers (such as Swiss Post), service providers who are commissioned to allocate the transport revenue to the transport companies involved (in particular in the course of creating so-called distribution keys in accordance with the Swiss Passenger Transport Act), our hosting provider (see section "Use of website") and the providers mentioned in the sections on tracking tools, social plug-ins and advertisements.

In addition, your data may be passed on if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you.

If you book cross-border holidays, your data will also be passed on to the respective foreign providers. However, this will only take place to the extent necessary to check the validity of the tickets and to prevent misuse.

Our legitimate interest forms the legal basis for the data processing mentioned here.

Your personal data will not be disclosed to other third parties outside the public transport sector. The only exceptions (to the extent described below) are SwissPass partners and companies that have been authorised by public transport companies to broker public transport services on the basis of a contractual agreement. These intermediaries will only receive access to your personal data if you wish to obtain a public transport service through them and have given them your consent for access. Even in this case, they will only have access to your data to the extent necessary to determine whether you already have tickets or travelcards for the planned travel period that are relevant to your journey and the service you require from the third party. The legal basis for this data processing is therefore your consent. You can withdraw your consent at any time with effect for the future.

If you use offers from a SwissPass partner using your SwissPass, data about any services you have purchased from us (e.g. a GA travelcard, Half-Fare travelcard or regional railcard) may be transmitted to the SwissPass partners in order to check whether you can benefit from a specific offer from the SwissPass partner (e.g. discount for GA travelcard holders). In the event of loss, theft, misuse, forgery or replacement of a card after the purchase of a service, the partner concerned will be informed. This data processing is necessary for the fulfilment of the contract for the use of the SwissPass and is therefore based on this legal basis.
Further information can be found in the privacy policy on swisspass.ch and the privacy policy of the respective SwissPass partner.

Further information on the handling of personal data can be found in the general privacy policy at www.pilatus.ch/datenschutz

Last update: 01.05.2025

top

Privacy policy on video surveillance

PILATUS-BAHNEN AG (hereinafter "we" or "us") informs affected persons - in particular guests, employees, suppliers and other visitors - about the collection and processing of personal data in the context of video surveillance. Surveillance is carried out for the purpose of ensuring the safety of persons and property, preventing and investigating security-related incidents and protecting against vandalism. Personal data is processed in accordance with the Swiss Data Protection Act (DPA) and other applicable legal requirements.

Further information on the processing of your personal data and your rights can be found in our general data protection provisions at: www.pilatus.ch/datenschutz.

1 Who is responsible for processing your personal data?

The controller responsible for processing your personal data in accordance with the applicable data protection legislation is

PILATUS-BAHNEN AG
Schlossweg 1
6010 Kriens

E-mail: datenschutz@pilatus.ch

2 What is the purpose of video surveillance?

We process personal data in the context of video surveillance in order to protect legitimate interests. Video surveillance is used in particular to protect guests, employees and property, to prevent and clarify security-related incidents and to protect against vandalism or theft. Surveillance is only carried out in areas where there is a corresponding need for protection and surveillance is proportionate. The recordings are treated confidentially and processed in compliance with the applicable data protection regulations.

3 Where does video surveillance take place?

PILATUS-BAHNEN AG has installed cameras at the following locations:

  • Alpnachstad and Ämsigen cogwheel railway stations

  • Car park entrance P1 Kriens and Kriens underground car park

  • Kriens ticket office entrance area

  • Provisional ticket office Kriens

4 How long will your data be stored?

The recorded data is generally deleted automatically after 7 days (168 hours), unless legal or security-related reasons require longer storage.

5 Who has access to the video recordings?

Only authorised persons within PILATUS-BAHNEN AG have access to the video recordings. These are in particular the management and the IT department.

6. how are you informed about the video surveillance?

In all monitored guest areas, video surveillance is indicated by appropriate signage.

7. what rights do you have in relation to your personal data?

You have the right to obtain information about the personal data processed about you. You can also request the rectification, erasure or restriction of processing and object to processing. Please address any such requests to:

PILATUS-BAHNEN AG
E-mail: datenschutz@pilatus.ch

PILATUS-BAHNEN AG would like to point out that individual data protection rights may be restricted in accordance with legal requirements. Restrictions may be imposed in particular if we are legally obliged to retain or process certain data, if there is a legitimate overriding interest, if there are compelling legitimate grounds for not processing the data or if the data is required for the establishment, exercise or defence of legal claims.

PILATUS-BAHNEN AG reserves the right to amend, supplement or otherwise change this privacy policy at any time and without giving reasons.

Last update: 01.06.2025

to the top

Privacy policy for job applicants

A note on form of address: We use informal language in the recruitment process. However, for reasons of consistency, we use formal language in this privacy policy.

PILATUS-BAHNEN AG (hereinafter referred to as ‘we’ or ‘us’) informs job applicants (hereinafter referred to as “you” or ‘your’) about which personal data is processed about them, for what purposes the personal data is used, to whom it is passed on and what rights applicants have when their personal data is processed.

‘Personal data’ refers to all details and information that relate or can be related to individual job applicants.

‘Processing’ refers to any operation in connection with personal data, such as collecting, recording, organising, arranging, storing, adapting, modifying, retrieving, using, disclosing, transmitting, disseminating, archiving, deleting or destroying.

1. Who is responsible for processing your personal data?

In accordance with applicable data protection legislation, the following entity is responsible for processing your personal data:

PILATUS-BAHNEN AG
Schlossweg 1
6010 Kriens

PILATUS-BAHNEN AG determines the purposes and means of processing personal data and is responsible for processing and using personal data in accordance with this privacy policy, other internal guidelines and applicable law.

If you have any questions about data protection, please contact us at the following address so that we can deal with your enquiry quickly:
E-Mail: datenschutz@pilatus.ch

2. What kind of personal data do we process?

PILATUS-BAHNEN AG will collect and process the following personal data about you:

  • Information you provide to us: This includes, in particular, your first and last name, date of birth, telephone number, address, email address, nationality, photo, identity card, immigration status, information about your professional career and qualifications, as well as your CV, diplomas and references.
  • Information we obtain from other sources: This includes, for example, personal data that we collect as part of screening, background and/or reference checks that we carry out as part of the application or recruitment process, including your address history, qualifications and CV. We also work with recruitment agencies that may provide us with application documents.

In certain cases, it may be necessary to collect particularly sensitive personal data (e.g. medical fitness examination) as part of the recruitment process. If applicants provide particularly sensitive personal data in their application documents, this data may only be processed within the scope of the application.

If you provide us with information about your family or other third parties (e.g. references) as part of the application process, we assume that this data is correct and that you are authorised to do so. We ask you to inform these third parties accordingly and to provide them with this privacy policy.

3. What sources of personal data do we consider?

We process personal data that we receive from applicants during our search for new employees for the purposes described below. In addition, we generate further personal data about you during the recruitment process (e.g. interviews, email correspondence). We may also obtain your personal data from a third party (e.g. to obtain a reference, provided we have your consent to do so).

4. What is our legal basis?

Depending on the purpose of processing, the use of your personal data is based on the following legal grounds:

  • Necessity for the performance of a contract,
  • Necessity for compliance with legal obligations,
  • On the basis of our legitimate interest, or
  • On the basis of your consent to data processing.

5. For what purpose do we process your data?

Your personal data may be processed by PILATUS-BAHNEN AG in the following ways and for the following purposes:

  • To review your application (including, in some cases, verifying your qualifications and references with the third parties you have named) and to contact you in this regard.

  • To comply with our legal and regulatory obligations.

  • To process your personal data for the purposes of monitoring equal opportunities.

  • If you are not hired as a result of an application process, the data you have provided will not be further processed after the process has been completed and will be deleted in accordance with legal requirements. If we believe that your profile may be of interest for future job openings, we will contact you and expressly ask for your consent to include your data in our talent pool.

With your consent, we will store your data in the talent pool so that we can notify you of suitable job vacancies at a later date. We regularly check whether you wish to remain in the talent pool. You can, of course, revoke your consent at any time and request that your data be deleted.

6. Who do we share your personal data with?

We may share your personal data for the above purposes within the scope of the applicable legal provisions with the following categories of third parties (hereinafter referred to as ‘recipients’), who process your personal data on our behalf for the above-mentioned purposes or for their own purposes.

  • Third-party providers who are contractually bound to confidentiality, such as our IT system providers or hosting providers, cloud service providers, consultants and third parties who carry out pre-employment checks on potential employees;
  • Authorities, e.g. enforcement or exchange agencies or courts or parties to proceedings, if we are obliged to disclose information by applicable law or at their request or in order to protect our legitimate interests.

The recipients are obliged to comply fully with confidentiality and applicable data protection law at all times and to implement the appropriate technical and organisational measures to secure personal data and protect it against unauthorised or unlawful processing, accidental loss, alteration, disclosure or access.

7. Is your personal data transferred abroad?

PILATUS-BAHNEN AG processes and stores personal data on servers in Switzerland.

Where necessary and legally permissible, we also transfer your personal data to recipients outside Switzerland and the European Economic Area, to countries that do not guarantee adequate data protection. If personal data is transferred to a country without adequate data protection, we ensure adequate protection by means of sufficient safeguards, such as on the basis of the EU standard contractual clauses, which have been recognised and supplemented by the Federal Data Protection and Information Commissioner (FDPIC), binding internal company data protection regulations, data protection guidelines, or rely on legal exemptions for specific cases, such as consent, if this is necessary for the recruitment process or for the establishment, exercise or enforcement of legal claims.

Questions about such data transfers and which safeguards apply in specific cases can be addressed at any time to the contact details above.

8. How long will your data be stored?

PILATUS-BAHNEN AG will process your personal data for as long as is necessary to fulfil the above-mentioned purposes. If another applicant is selected, your personal data will be deleted.

Your personal data may also be processed beyond this period, for example if you consent to the further storage of your application documents, due to legal storage obligations or for the period during which claims can be asserted against PILATUS-BAHNEN AG. The storage period is largely based on the statutory retention periods or the period during which claims can be asserted against PILATUS-BAHNEN AG. (For further explanations, see 5. For what purpose do we process your data?)

9. What do we do to ensure the security of your data?

Pilatus-Bahnen AG has taken technical and organisational measures to ensure the security of personal data and to protect it from unauthorised or unlawful processing, accidental loss, alteration, disclosure or access.

10. What rights do you have with regard to your personal data?

You have the right to obtain information about your personal data that we process. Furthermore, you have the right to request that we correct, delete or restrict the processing of your personal data, as well as to object to the processing of your personal data. If the processing of your personal data is based on your consent, you can revoke this consent at any time with effect for the future (i.e. without affecting the lawful processing prior to revocation).

We do not carry out profiling or automated decision-making as part of our normal business activities.

You can contact us at any time with any enquiries or concerns relating to your data protection rights or other questions about the processing of your personal data. Please use the following email address for this purpose:datenschutz@pilatus.ch. We reserve the right to restrict your rights to the extent permitted by law.

PILATUS-BAHNEN AG reserves the right to amend, supplement or otherwise change this privacy policy at any time and without giving reasons. The current privacy policy as communicated at the time of application applies.

Last update: 01.05.2025

to the top
Functional information stored as cookies or in local storage or session storage is essential for a website to function. They are used, for example, to save the shopping cart in an online store or to set the language of a website. Technically necessary information may be set without the user's consent and cannot be deactivated, as otherwise the website will no longer function properly. This information also stores user preferences such as "dark mode", ad sizes, language, etc.
Statistical information is used to analyze user behavior on a website. For this purpose, various data such as the pages visited, the time spent on a page or the clicks on certain elements are recorded. This data can then be used to improve the website, for example to make it more user-friendly or to better tailor content to users' interests.
This consent enables the storage of advertising-related cookies (web) or device identifiers (apps).
This consent enables the use of personalized ads from Google Ads and social media platforms such as Facebook, Instagram, LinkedIn, etc.
This consent allows user data to be sent to Google and social media platforms such as Facebook, Instagram, LinkedIn etc. for online advertising purposes.

Do you already have a ticket for the cogwheel railway?

You will need a valid train ticket to reserve a seat.

Yes, I already have a ticket

Seat reservation

No, I don't have a ticket yet.

Buy ticket now