Data protection statement

tl-leb data protection statement

  1. General principles

1.1. Scope of application

This data protection statement applies to the companies "transports publics de la région lausannoise sa" (tl) and "la Compagnie du chemin de fer Lausanne-Echallens-Bercher SA" (leb), hereinafter jointly referred to by the abbreviation "tl-leb".

tl-leb sets great store by protecting your personality and your private life. The aim of this data protection statement is to inform you about the type of personal data we process, about the reasons why we need it, about the associated protective measures and about the way in which you can exercise your rights with regard to the processing of your personal data.

1.2. Definitions

Personal data

Personal data is all the information about an identified or identifiable person.


Processing refers to any operations involving personal data − whatever the means and processes used − and in particular the collection, storage, exploitation, modification, communication, archiving or destruction of data.

  1. Data processed

2.1. General points

In order to fulfil their tasks of transporting the public, developing suitable products and services and constantly improving their services, tl-leb needs to collect and process the necessary personal data. Depending on the products or services used, we process the data listed below in particular:

Identification and contact details

  • Surname, first name, username, photo, marital status (Mr, Ms)
  • Communication languages (French, German, Italian, English)
  • Date of birth
  • Mobile phone number, landline number, e-mail address, postal address (street, C/O, postcode, city, country)

Sales data and customer relationship data

  • Identification number (Mobilis and/or SwissPass number)
  • "Subscription by e-mail or mobile" registration
  • "Receive the general newsletter" registration
  • "Receive the tl_Club newsletter" registration
  • Type of account
  • Purchases (travelcards and tickets), including price, date, time and place of departure and destination, date and place of purchase and/or journey, validity period, purchasing channel (Internet, ticket office, SMS, applications)
  • Purchases for a third party (surname, first name, date of birth, company name for B2B services)
  • Requests (contact, feedback, questions)
  • Participation in competitions

Connection data

  • Date and time of the last connection

Video monitoring

  • Video sequences filmed during network monitoring

The only data collected in the event of violations is the data permitted by the relevant legislation. This data is processed in accordance with the legislation.

The use of video monitoring data is governed by the relevant legislation, and in particular by the Ordinance on CCTV Surveillance of Public Transport (PT-CCTVO).

2.2. Data collected during the use of our websites

You can consult our websites without having to provide information about you. On each visit, our servers provisionally record your session in a log file. The technical data listed below is recorded and stored by us until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of the connection
  • Internet page from which the connection took place and, if applicable, the search term used
  • Name and URL of the file consulted
  • Searches carried out (time, general search function on the site, products etc.)
  • Your computer's operating system (made available by the user agent)
  • Browser used (made available by the user agent)
  • Type of device if accessing the site from a mobile phone
  • Transfer protocol used

The collection and processing of this data allows us to ensure the security and stability of our system, to analyse errors and performance, to collect internal statistics and to optimise our web services.

The IP address is analysed with other data for information purposes and to combat attacks targeting the network infrastructure or to prevent other unlawful or improper usage of the website. If necessary, it is then used for identification purposes in the course of judicial proceedings and during civil or criminal proceedings brought against the users concerned.

Finally, we use cookies and support tools and applications (based on the use of cookies). More information on this subject is available below in this data protection statement.

If the tl-leb website contains links to other sites, tl-leb cannot guarantee that these third-party sites comply with data protection provisions.

  1. Use of the data collected

We are committed to only collecting and processing the data needed for the required purposes (principles of minimisation and proportionality), such as:

  • Operation of the public transport network
  • Completion of orders and contracts
  • Sales and invoicing
  • Customer relationship management
  • Technical support
  • Information about our services and products
  • Development of our range of products and services to suit the needs and expectations of our customers

We only process your personal data if we are authorised to do so by the legislation, if you have given your consent, if there is a predominant interest for us to do so, or to fulfil a contract.

  1. Places and duration of storage

Your personal data is stored mainly in electronic form in secure computer systems as set out in the section below regarding data security. Geographically, the computer servers on which your data is stored may be located in Switzerland or in a country where the level of personal data protection is recognised as equivalent by Switzerland (see information on transborder data flows on the website FDPIC – Transborder data flows).

The duration of storage of your data is defined:

  • Either by the legislation
  • Or, if there is no legislation, for the duration for which this data is needed for the purpose for which it was collected.

Once the storage deadline has expired, your data will be deleted.

If there are factual or legal reasons which prevent its deletion (e.g. legal storage obligations), the data may be locked instead of being deleted.

  1. Data transfer

The information needed for order management is processed by computer and can be passed on to other companies during order management.

Outside the public transport network, your personal data is not transmitted, sold or transferred in any other way to third parties unless this is essential for the performance of a contract or you have expressly given your consent.

Data is transmitted as part of the "Service direct" process (CH-Direct) which includes more than 240 public transport companies, and to fare networks for the implementation of contracts (e.g. Mobilis), for ticket inspections, for after-sales service and (to a very limited extent) for marketing purposes.

  1. Data security

We implement appropriate technical and operational security measures in order to protect the personal data we store against tampering, partial or total loss and non-authorised access by third parties. Our security measures are constantly being improved in line with technological progress.

Our employees and the external service providers commissioned by us are bound by confidentiality obligations and obligations for complying with the applicable provisions with regard to data protection.

tl-leb takes appropriate precautions to protect your data. However, the transfer of information via the Internet and other electronic means is always a security risk and we cannot guarantee the security of information transferred in this way.

The customer is explicitly asked to take all the necessary preventive measures to protect their personal data (particularly registration data, login and password). tl cannot be held liable for damages suffered by the customer following misuse or loss of this data.

Irrespective of general technical progress, tl is entitled to improve or modify existing methods, or to opt for another system, at any time and without having to state the reason, without customers being able to base any claims thereon.

  1. Specific characteristics of sites, applications and means of communication

7.1. Cookies

Cookies are small files that are stored on your computer or mobile device when you visit or use our website. Cookies register a number of preferences via your browser and record data about the exchanges with the website via your browser.

tl may use cookies on its official site in order to provide the user with personalised services, taking into account their usual visiting patterns, and to monitor personal data. Cookies can also allow tl to implement preventive security measures to protect its website and user data (in particular thanks to information about the server to which your computer is connected). tl memorises certain information regarding the machine of the site user (browser used, the machine's operating system etc.) and the IP address of visitors (the IP address consists of a series of numbers automatically assigned to your computer by your access provider or by the Internet server of your company every time you start an Internet session). tl's aim in collecting this data is to collect information about site usage and performance.

7.2. Pixels and social plug-ins

We also use other technologies on our website which enable us and third-party providers to offer you a more personalised and enhanced Internet experienced, for example by showing you adverts that are more relevant to you on social media channels, or by allowing you to share your experiences on our website via social networks. To do so, we use the following technologies:

- Facebook pixels. Facebook pixels are little software programmes and tiny, virtually invisible “points” the size of a pixel on our website which create a link between your visit to our website and Facebook. When the pixel loads, Facebook places a cookie on your computer which helps it to show you more personalised adverts, and to measure and improve these adverts. This cookie remains in place for 90 days. You can find more information about Facebook cookies here: Please note that when an "fr" cookie is placed on your computer, Facebook is able to monitor your browsing behaviour on other sites which have implemented a Facebook pixel or Facebook social plug-in.

- Social plug-ins. Social plug-ins are small parts of software programmes which create a link between your visit to our website and the social media platform of a third-party provider. This social plug-in allows the third-party provider to establish that you have visited our website, and can enable the provider to receive cookies placed on your computer beforehand. We use social plug-ins from the following third-party providers:

  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
  • Google
  • YouTube
  • Snapchat

- Google Analytics. The most widely used analysis tool is Google Analytics, a service provided by Google Inc. When this tool is used, any data entered can, in principle, be transferred to a Google server located in the USA or another country. IP addresses are anonymised so that it is no longer possible to identify you. According to Google Inc., the IP address transmitted by your browser by means of Google Analytics will not be associated with any other data in the possession of Google. It is possible to object to the entry and processing of this data via Google Analytics by installing an opt-out cookie which prevents your data from being entered in future when you are browsing this website. You can find detailed information on this subject at:

7.3. Location data

Location data (GPS position) will be processed by computer to allow the customer to access multi-platform management of their favourites and to enable us to provide mobility information in real time (e.g. next departures, information about nearby stops, estimated journey time). You can activate or deactivate this function in the application at any time.

Detailed location data (GPS trace) is exploited in the tl application but is not stored by tl-leb.

7.4. Telephone calls

When you contact tl-leb by telephone, telephone calls are recorded in order to improve quality of service (quality and training) and for operation monitoring purposes.

  1. Contact

In accordance with data protection legislation, you have the following rights:

  • Right to access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict data processing
  • Right to object
  • Right to reject automated individual decision-making

To exercise your rights regarding your personal data, please contact the controller of the data file (as defined by FADP) or the data controller (as defined by GDPR):

To exercise your rights set out above regarding your personal data, please contact the controller of the data file (as defined by the Federal Act on Data Protection (FADP) or the data controller (as defined by GDPR):

Transports publics de la région lausannoise SA
Chemin du Closel 15
CP 1020 Renens 1

For any other questions or suggestions regarding data protection, you can contact our data protection committee by writing to:

Transports publics de la région lausannoise SA
Comité à la protection des données tl-leb
Chemin du Closel 15
CP 1020 Renens 1

Or by sending an e-mail to:

  1. Modification of this statement

tl-leb reserves the right to modify and supplement this statement at any time and at its own discretion. Please consult this statement regularly.

Last updated on 29 May 2019