DATA PROTECTION NOTICE
FAIRTIQ is the operator and responsible entity of data processing in connection with the FAIRTIQ App («application») and processes personal data in accordance with
● the Swiss Federal Law on Data Protection (“DPA”), including the ordinance as an addition to DPA, if the customer obtains services from FAIRTIQ in Switzerland,
● the EU General Data Protection Regulation 2016/679 ("GDPR"), including the applicable data protection legislation of the EU member states, if the customer obtains services in the European Union or the European Economic Area, and
● other applicable privacy legislation, if the customer obtains services outside the European Union or Switzerland.
Within the framework of "Service Après Vente" and the clarification and control of abuse, FAIRTIQ and the partner companies / partnering tariff communities are independently responsible (see Section F). In exceptional cases, a joint responsibility applies, which is indicated accordingly in the application.
The following data is saved / processed:
General information about the customer:
● Mobile phone number;
● Payment details: means of payment and charged amounts;
● Ticket settings: first or second class; full or discounted price;
● Email address (mandatory depending on the applicable law and tariff regulations and if purchase receipt is needed, voluntary in all other cases);
● Specifications, if the customer has a zone subscription (optional);
● First and last name, birth date according to the applicable tariff regulations;
● User ID
● IP-address and device ID;
● IDFA identifier (only for customers with iOS version older than 14.5 for risk analysis purposes in order to prevent fraud).
Details of fellow travellers in accordance with Chapter III. A. 2.
● First and last names, dates of birth
● Settings for the selected fare and any discount entitlements
Travel data:
● Tracing and activity data (based on a motion sensor, if active) as well as the registered electronic tickets (ticket data) and the calculated journey.
The recording of travel data starts with opening the application and ends 5 minutes after the checkout process has been completed. The completion of the checkout process is signalled in the application.
Information about the smartphone:
● Smartphone: brand and model
● Operating system
● Wi-Fi signals
● Battery status
Usage data
Data may be collected about how customers interact with the services. This includes data such as the date and time of access, app functions or pages accessed, app crashes and other system activity, and browser type.
FAIRTIQ collects and processes exclusively data in connection with the application and the purchase of electronic tickets.
Personal data transferred by the customer to FAIRTIQ via the application are processed by FAIRTIQ for the following purposes:
● To provide electronic ticketing applications, in particular the purchase and processing of electronic tickets, the identification and payment of decisive rides, including customer coupons (FAIRTIQ bonus), for customer service (help desk) and functions serving to support the check-out process. Furthermore, the data is also processed to combat abuses (prevention from and investigation of unlawfully obtained journeys).
● To capture the next public transport stop before check-in, location data is collected when the application is active in the foreground of the device display. This data is stored in temporary log files. A delayed shutdown of the collection of activity and location data (see above, Section B) serves combating abuse and the continuous improvement of the functions used to support the check-out process and thus optimise the services provided by FAIRTIQ to the customer. The completion of the check-out process is signalled in the application.
● For the provision of free rides, i.e. the generation of an individual code for a free journey of a new customer.
● For the further development of the application. In particular, FAIRTIQ may use the location and activity data in a non-anonymised form for 12 months (see Section H) in order to further develop the application.
● For the means of communication with the customer.
● In relation to legal proceedings.
IN ORDER TO EXERCISE HIS RIGHT TO OBJECT TO THE USE OF HIS PERSONAL DATA FOR THE PURPOSES OF OPTIMISING THE APPLICATION OR EVALUATING ITS USE, THE CUSTOMER SHALL NOTIFY FAIRTIQ BY MEANS OF THE CONTACT FORM IN THE APPLICATION OR AT https://fairtiq.ch/en/contact.
The processing of personal data for electronic tickets is required to fulfil the services of FAIRTIQ. The further development of the service and the provision of free travel and the utilisation analysis are in the legitimate interest of FAIRTIQ and serve to optimise and spread the application. Communication with the customer serves to support the customer's use, to inform the customer about services in relation to the application and to improve the offer and is in the legitimate interest of FAIRTIQ.
Sending newsletters and the related processing of data take place on the basis of the customer’s consent.
The legal basis for the processing of personal data of customers within the European Union is Art. 6 para. 1 a), b), c), f) GDPR as well as § 7 para. 3 UWG (Germany), § 107 TKG (Austria).
FAIRTIQ protects personal data against foreseeable risks and unauthorised access with suitable technical and organisational measures. FAIRTIQ minimises the use of personal data.
For security reasons, the data for the means of payment are stored only at the service provider of the payment service and not on the mobile phone of the customer. Also, the registration of the means of payment takes place directly without the intervention of FAIRTIQ with the contractual partner of FAIRTIQ.
To service providers of FAIRTIQ: Third-party companies in Switzerland and in the European Union (see point L for exceptions), commissioned by FAIRTIQ to control the electronic ticketing, hosting, operation, maintenance and improvement of the application as well as the payment transactions and customer communication, process the personal data of the customers (including storage). FAIRTIQ has entered into privacy agreements with these service providers to ensure the protection of personal data. A list of sub-processors is available at https://fairtiq.com/docs/subprocessor_list.pdf
To payment providers: Information about the mode of payment is not recorded on the mobile phone, in the application, with FAIRTIQ or any partner association. The registration of the means of payment in connection with the application is directly arranged by the payment provider (in particular Datatrans AG, Stadelhoferstrasse 33, CH-8001 Zurich, info@datatrans.ch and Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, the Netherlands, dpo@adyen.com.
To partners: FAIRTIQ forwards the required personal data to the allied transportation company / tariff community to fulfil the “Service Après Vente" and to combat abuse and to communicate with users (see the “Partner-Companies” on fairtiq.com). In this context, the relevant partner companies are each responsible for the personal data.
FAIRTIQ forwards ticket data to partner transportation companies of FAIRTIQ for the purpose of payment and accounting. FAIRTIQ further forwards location data in an anonymised form to partner transportation companies / partner tariff communities for improving their products and their public transport offer, for the partially personalised communication of information and offers as well as for further statistical evaluation purposes.
Information based on the recording of personal data by the partners in accordance with Art. 13, paras. 1 & 2 GDPR in case personal data is transferred to partners can be found on https://fairtiq.com/docs/fairtiq_Privacy_principles_annex_1.pdf
FAIRTIQ is entitled to contact the customer concerning topics affecting FAIRTIQ. This includes:
● Information in connection with the offer or about its amendment
● Information to help customers use the app
● Surveys on the use of FAIRTIQ. Participation in surveys is voluntary.
If the customer has given consent, FAIRTIQ is allowed to contact the customer concerning further offers and information not necessarily related to FAIRTIQ. The customer can revoke his consent at any time.
Depending on the type of contact, the messages may contain tracking pixels that enable a log file recording for the statistical evaluation of the contact. FAIRTIQ can see if and when a message has been opened and which links in the message have been activated.
The customer can unsubscribe from being contacted by writing FAIRTIQ at app.privacy@fairtiq.com or following the unsubscription link or the instructions in each message that FAIRTIQ sends to the customer.
The travel data and the means of payment data in accordance with Section B shall be retained for after-sales services of partner transportation companies and tariff communities and for the purpose of combating abuse for 12 months after the end of the journey. Subsequently, anonymisation of this data takes place, so that no conclusions about the customers are possible anymore. The further personal data is kept for five years and then deleted.
Data relevant under tax law and for accounting purposes for FAIRTIQ or the partner companies shall be retained by FAIRTIQ or the partner companies in accordance with the legally prescribed retention periods and subsequently deleted.
Subject to the foregoing storage provision and if FAIRTIQ or a partner company does not require the data to safeguard and exercise its rights, the customer has at any time the right to request the deletion of travel and other personal data. FAIRTIQ strongly advises the request is sent directly in the application via the menu item "Contact" or via the contact form https://fairtiq.ch/en/contact.
General information about the customer can also be saved in backup files and temporary databases (caches) after deletion. The final deletion takes place when the backup files are overwritten.
With the relevant request for deletion, the customer expressly waives the right to use customer service and complain about any trips.
If the customer has been excluded from using FAIRTIQ due to a justified suspicion of misuse, FAIRTIQ has the right to prevent repeated misuse and to enforce their legal claims, to store the personal data in accordance with section B, including the date and reason for the exclusion, for longer than the period in accordance with section H and against the customer's request. If the exclusion is reversed (e.g., because the suspicion of abuse turns out to be unfounded), the retention period of 12 months until the anonymisation of the travel data starts anew.
If the customer does not purchase a ticket with the application during the period of one year at a time, FAIRTIQ has the right to delete the customer's user account. The customer must then repeat the registration process before he can use FAIRTIQ to purchase electronic tickets again. With the deletion of the user account, the customer also loses access to his or her travel and payment history with FAIRTIQ.
If the customer does not purchase a ticket with the application within four months, FAIRTIQ has the right to delete the customer's payment method data. The customer must then repeat the registration of a valid means of payment before being able to purchase electronic tickets with FAIRTIQ again.
The customer has the right to correct and limit the data stored for the respective customer account, if they are faulty or a limitation does not affect the processing purposes. The customer can adjust the general account information according to Section B directly in the app.
The customer has the right to request information about the data stored on the customer’s account and its transmission. FAIRTIQ strongly advises the request is sent directly via the application via the menu item "Contact".
In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority.
THE CUSTOMER HAS THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA RELATING TO THEM FOR REASONS ARISING FROM THEIR PARTICULAR SITUATION, IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F DSGVO. THIS ALSO APPLIES TO PROFILING AND AUTOMATED DECISION MAKING BASED ON THESE PROVISIONS. IF THE CUSTOMER OBJECTS, FAIRTIQ WILL NO LONGER PROCESS THEIR PERSONAL DATA UNLESS COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING CAN BE DEMONSTRATED WHICH OVERRIDE THE INTERESTS, RIGHTS AND FREEDOMS OF THE CUSTOMER, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF THE CUSTOMER'S PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, THE CUSTOMER SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING THEM FOR THE PURPOSE OF SUCH MARKETING; THIS SHALL ALSO APPLY TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF THE CUSTOMER OBJECTS, THEIR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING.
TO MAKE USE OF THE RIGHT OF OBJECTION, AN EMAIL TO APP.PRIVACY@FAIRTIQ.COM IS SUFFICIENT.
The Client acknowledges that all Personal Data, with the exception of the data referred to in Clause L, will be stored and processed in the European Union or any other country for which an adequacy decision has been issued by the European Commission.
THE CUSTOMER ACKNOWLEDGES THAT THE FOLLOWING PERSONAL DATA CAN BE STORED AND PROCESSED ON SERVERS OUTSIDE THE EUROPEAN UNION OR A COUNTRY FOR WHICH AN ADEQUACY DECISION HAS BEEN ISSUED BY THE EUROPEAN COMMISSION:
● REGISTERED PHONE NUMBER, FOR SENDING AUTOMATIC SMS MESSAGES BY TWILIO, WEWORK C/O TWILIO, STRESEMANNSTRASSE 123, 10963 BERLIN MITTE, GERMANY (SENDING THE REGISTRATION CODE). THE DATA TRANSFER IS BASED ON THE FOLLOWING DATA PROTECTION GUARANTEES: EU STANDARD CONTRACTUAL CLAUSES, BINDING CORPORATE RULES, CASE-BY-CASE ASSESSMENT. PROCESSING SITE: EU, EVENTUALLY USA.
● INFORMATION IS SENT VIA THE CONTACT FORM IN THE APPLICATION OR ON WWW.FAIRTIQ.COM WHEN THE CUSTOMER CONTACTS FAIRTIQ. FAIRTIQ USES ZENDESK, NEUE SCHÖNHAUSER STR. 3-5,10178 BERLIN, DEUTSCHLAND TO PROCESS CONTACT REQUESTS. THE DATA TRANSFER IS BASED ON THE FOLLOWING DATA PROTECTION GUARANTEES: EU STANDARD CONTRACTUAL CLAUSES, BINDING CORPORATE RULES, CASE-BY-CASE ASSESSMENT. PROCESSING SITE: EU, EVENTUALLY USA. THE FOLLOWING DATA IS COLLECTED:
○ TELEPHONE NUMBER
○ EMAIL ADDRESS
○ CLIENT NUMBER
○ JOURNEY ID
○ TEXT OF THE MESSAGE
○ DATE AND TIME OF THE MESSAGE.
IF FAIRTIQ TRANSFERS DATA TO A COUNTRY WITHOUT ADEQUATE LEGAL DATA PROTECTION, FAIRTIQ WILL, AS PROVIDED FOR BY LAW, USE APPROPRIATE CONTRACTS (NAMELY ON THE BASIS OF THE SO-CALLED STANDARD CONTRACT CLAUSES OF THE EUROPEAN COMMISSION) AND APPROPRIATE OR SUITABLE SAFEGUARDS (AVAILABLE VIA APP.PRIVACY@FAIRTIQ.COM) AND / OR RELY ON THE STATUTORY EXCEPTIONS OF CONSENT, CONTRACT EXECUTION, THE ESTABLISHMENT, EXERCISE OR ENFORCEMENT OF LEGAL CLAIMS, OVERRIDING PUBLIC INTERESTS, PUBLISHED PERSONAL DATA OR BECAUSE IT IS NECESSARY TO PROTECT THE INTEGRITY OF THE PERSONS CONCERNED.
For questions about data protection our Data Protection Officer is available via the following contact details:
FAIRTIQ AG
Data Protection
Aarbergergasse 29
3011 Bern
Switzerland
In case of questions or uncertainties about data protection, FAIRTIQ’s data protection representation in the EU is available for interested parties at the following address. FAIRTIQ Austria GmbH, Data Protection, Straubingerstraße 12, 5020 Salzburg, Austria, app.privacy@fairtiq.com
FAIRTIQ regularly checks this data protection notice. To be informed about the latest version, it is recommended to check it regularly via https://fairtiq.com/de-de/politik/app-privacy.
The current version of the data protection declaration can be viewed and printed at https://fairtiq.com/en-ch/policy/app-privacy-policy
FAIRTIQ LTD.
Aarbergergasse 29
3011 Bern
Switzerland
CEO: Dr. Gian-Mattia Schucan
UID: CHE-370.720.489