Data privacy statement
for distribution model surveys by National Direct Service (NDS) on the use of the GA Travelcard and GA-FVP travel pass based on the myJourney app
Issued 22 April 2026
Contents
- 1 Applicability
- 2 Contact
- 3 Purposes of processing and legal basis for the distribution model survey
- 4 Where does the data come from?
- 5 What data do we process?
- 5.1 Data processing for the delivery of invitations
- 5.2 Data processing for registration in the myJourney app
- 5.3 Data processing in the myJourney app
- 5.4 Further processing of data by the Alliance Swiss Pass Office
- 5.5 Data processing for support
- 5.6 Data processing for participation in the competition
- 6 Where is the data stored?
- 7 How long will your data be kept for?
- 8 Will your personal data be shared with third parties?
- 9 Push notifications
- 10 Crash reports
- 11 What are beacons and how are they used?
- 12 What are your rights?
- 13 Data security
1 Applicability
This data privacy statement applies to the processing of personal data in connection with the distribution model surveys of public transport tickets carried out by National Direct Service (NDV) with the "myJourney" app from Alliance SwissPass.
In this data privacy statement, we will explain how we use your personal data and why we need it. This data privacy statement applies to the processing of personal data within the scope of the Swiss Data Protection Act and the General Data Protection Regulation (GDPR) of the European Union.
2 Contact
The company responsible for processing personal data for the NDV distribution model surveys is the ch-integral association, which is responsible for managing the office of Alliance SwissPass. If you have any questions about data privacy, please use the following contact details:
c/o Alliance SwissPass Office
Data privacy
Länggassstrasse 7
3012 Bern
datenschutz@allianceswisspass.ch
3 Purposes of processing and legal basis for the distribution model survey
Your National Direct Service (NDS) travelcard entitles you to use the route networks of public transport companies all over Switzerland. This app-based survey uses tracking technology to tell us about the journeys you have made within a specific period (for example, one month). We need this information so that we can distribute the income from NDS travel passes – such as the GA Travelcard or GA-FVP travel pass, for example – fairly to the different transport companies. By taking part, you help us discharge our legal responsibilities (cf. Art. 17, para 1d of the Swiss law governing the carriage of passengers (PBG).
The office of Alliance SwissPass, managed by the ch-integral association, is required by the Swiss law governing the carriage of passengers (PBG) to collect travel data to support the allocation of income from ticket sales. The office has a mandate to distribute the revenues received by National Direct Service on behalf of the transport companies. The mandate is embodied in the agreement on the cooperation between National Direct Service and the public transport associations. For more information about the distribution model survey, please visit the following link.
Your travel data, once anonymised, may also be processed for the following secondary purposes:
- Continued development and improvement of the public transport system (with a particular emphasis on fares and the fare system, travel information, transport services, connections/timetable and the improvement of services)
- Quality control of the travel data collection service
- Continued development of the myJourney app
Anonymised analysis is also permitted for additional statistical and research purposes.
ch-integral may make anonymised travel data available to the member companies and clients of Alliance SwissPass for processing in connection with the aforementioned purposes.
Under no circumstances will your data be used for advertising purposes or sold to third parties.
4 Where does the data come from?
Data from the sale of NDS travel passes is kept in a central database, which is managed on our behalf by SBB AG. Access to the shared databases by individual transport operators and associations is regulated and limited by a common agreement. Sharing and processing of the centrally stored data is normally limited to contract processing, ticket control, after-sales service and revenue distribution. The sharing of data with service providers is explained in the data privacy statements of the individual transport companies.
We obtain the personal data required to distribute revenues and administer the distribution model from the above-mentioned database, from the tickets collected by the sales systems and from the myJourney app (see Chapter 5).
5 What data do we process?
5.1 Data processing for the delivery of invitations
In order to invite our target groups to participate in the public transport ticket survey, we need their contact and travel pass details (see Chapter 4). More specifically, we and our partner MBC process the following data:
- First name and surname of customer/passenger
- Adress
- Gender
- Language of communication
- Date of purchase
Personal data stored at MNC is completely anonymized after invitations have been sent out.
5.2 Data processing for registration in the myJourney app
Your invitation to use the myJourney app contains a personal invite code. There is no need to provide any personal data, such as your first or last name, when you register; we use your email address. We identify your user account via a pseudonymized identifier (known as a UUID) in our partner's backend system. This is derived from your invite code, email address and the password you have chosen.
5.3 Data processing in the myJourney app
Data processing in the app occurs only if you install the app and agree to the terms of use. In other words, it requires your explicit consent. To accomplish the purpose of revenue distribution, the following data is collected and stored on the server of our partner, our partner, motiontag GmbH:
Mobility data:
- Pseudonymized Universally Unique Identifier (UUID)
- Period covered by the survey
- Date of travel
- Route (departure point, destination, connection points)
- Time of the localization
- Geocoordinates and accuracy (obtained via GPS or the device's location service)
- Acceleration values (obtained from sensors in the smartphone)
- Location tracking by the operating system
- Validation, corrections or additions of travel routes (manual input)
- Beacon signals (scanned by the app and processed when beacons from public transport vehicles), see Section 11
- Mode of transport and operator used
Technical details:
- Metadata (device type, device settings, app settings)
- Operating system version
- App version
- Usage and communication data (app use and data transmission times, battery status, connection status)
The travel data collected is evaluated without reference to individuals. The data is anonymized and consolidated into general, impersonal information on the use of the ticket. The data is therefore completely anonymous and cannot be linked to any specific or identifiable persons.
Please note that revenue distribution is calculated using only data from journeys made within the area covered by your travel pass. For technical reasons, however, it is possible that journeys outside this area may be recorded.
5.4 Further processing of data by the Alliance Swiss Pass Office
The travel data collected is evaluated without any direct reference to individuals. The data is first pseudonymised with reference to the travel sheet number. It is then consolidated into general, impersonal information on the use of the travel pass. The data is therefore fully anonymised throughout both the processing and revenue calculation stages, ensuring that it cannot be linked to any specific or identifiable individual. However, the pseudonymised data will be retained by the Office for up to six years for auditing purposes. During this time, access to the data will be restricted to a very limited group of authorised persons.
5.5 Data processing for support
To enable us to respond to your queries, we will process your email address, usage data (e.g., access and transmission times), meta/communication data (e.g., device information and settings) and the message you have sent. No connection will be made with the mobility data collected in the app.
5.6 Data processing for participation in the competition
Your contact details will also be used in connection with the competition provided you have consented to this and only for the purpose of delivering the prizes.
6 Where is the data stored?
Your personal data will be processed and stored in Switzerland, the Netherlands, Ireland and Germany.
7 How long will your data be kept for?
The data is irrevocably anonymized six months after the end of the project. From then on, no personal references to individuals will exist. The travel data stored by our partner motiontag is deleted in its entirety on an ongoing basis or at the latest after eighteen months.
8 Will your personal data be shared with third parties?
Your personal data will only be shared with selected, authorized service providers – and only to the extent necessary for them to provide their service.
These include:
- IT and hosting service providers
- Delivery service providers
We operate the myJourney app in cooperation with motiontag GmbH, based in Berlin, Germany. We send out invitations (see Chapter 5.1) together with MNC, based in Winterthur and Lausanne, Switzerland.
All of our partners process your data on behalf of the ch-integral association or the office of the Alliance SwissPass and are contractually obliged to comply with this data privacy statement and all relevant data protection regulations.
9 Push notifications
We use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, in conjunction with the myJourney app. Google Ireland Limited is responsible for users based in the European Economic Area (EEA).
If you agree, we can send you "push notifications". These are messages that are displayed on your device even when you are not actively using our app. Push notifications require the explicit consent of the recipient. As part of the app's onboarding process, you will be asked if you agree to receive notifications. You are free to accept or decline. If you reject the request, you will not receive any notifications. You can revoke authorization at any time or limit the notifications to certain categories (such as error messages) from the Settings section of your device.
Push notifications may contain:
- Information about the survey being carried out or reminders about the start or end of the survey period
- Reminders to validate the routes detected
- Hints and tips on the content of the app and how to use it
- Information about new features, settings or problems that require action on your part
10 Crash reports
We use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, in conjunction with the myJourney app. Google Ireland Limited is responsible for users based in the European Economic Area (EEA).
As part of the app's onboarding process, you will be asked whether you agree to Firebase Crashlytics collecting crash reports. You are free to accept or decline. If you decline, no crash reports will be sent. You can check your decision and (de)activate the crash reports setting at any time via the app's Settings section. The app only uses the default Firebase Crashlytics configuration and shares as little data as possible. The app does not make use of the option provided by Firebase Crashlytics to add additional parameters or user identities to the crash reports.
The types of data provided include
- Meta/communication data (device information, operating system information, app or SDK runtime data).
- Usage data (access times)
11 What are beacons and how are they used?
Beacons are small, mostly autonomous transmitters that use Bluetooth Low Energy (BLE) to send an identification number to smartphones. When a smartphone receives this identification number, it is matched by the myJourney app. This enables locations to be established more accurately and in a more energy-efficient way than is possible with GPS alone. The beacons themselves cannot store any personal data.
12 What are your rights?
You have the following rights to your data, which you can exercise at any time
- You may request information about your stored personal data
- You may request that your personal data be corrected, supplemented, blocked or deleted
- You can delete your account or ask to have it deleted
- You can revoke your consent to future data processing
- You can ask for your data to be transferred
You can request information about your stored data at any time. To do this, please refer to our contact details.
You also have the right to submit any concerns or questions to the Federal Data Protection and Information Commissioner (FDPIC) at any time.
13 Data security
We use appropriate technical and organizational security measures to protect the personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continually improved in line with technological developments.
We take all necessary steps to ensure the safekeeping of your data. Sending information via the internet and other electronic means, however, always involves a degree of risk and we cannot guarantee the security of information sent in this way.