GoldenPass Panoramic Autumn 002

Scope of application of Privacy Policy

This privacy policy applies to the following companies:

  • Montreux Railway Company – Oberland Bernois SA: MOB, in Montreux

  • Transports Montreux - Vevey - Riviera SA: MVR, in Montreux, represented by MOB.

Contact details of the person responsible and the company's data protection officer

This privacy policy applies to the processing of data by :

  • Legal Department, MOB SA, Rue de la Gare 22, 1820 Montreux, Switzerland

  • Email :

Processing of personal data (nature, purpose and use)

The MOB processes personal data in strict compliance with the applicable legislation, in particular the Federal Data Protection Act (DPA, SR 235.1).

The standards of the General Data Protection Regulation of the European Union (GDPR) are also respected by the MOB.

When booking services

In this context, the company requires personal information for online orders or the purchase of certain services and products in order to provide the services and fulfil the contract, e.g. when purchasing a subscription or individual ticket.

When purchasing personalised services, the company may collect the following data for each product or service. Mandatory data on the relevant form is marked with an asterisk.

  • Personal photo

  • Gender, name, e-mail address of the buyer or traveller

  • Other information such as postal address, date of birth, etc.

  • Phone number

  • Means of payment

  • Acceptance of the general terms and conditions

In addition, ET collects data relating to the services you purchase for the purpose of executing the contract. This includes in particular the following information, depending on the product or service.

  • Type of product or service purchased

  • Prices

  • Place, date and time of purchase

  • Purchase channel (Internet, ATM, counter, etc.)

  • Date of travel or period of validity and departure time

  • Place of departure and destination.

Such data processing is legally based on the obligation to perform the contract.

The data generated during the purchase of services is stored in a central database, but also processed for marketing and market research purposes in particular.

In addition, the data is used for ticket control, to identify the holder of a personal ticket and to prevent misuse. The data is also made available to the company's customer service department in order to identify you and to assist you in the event of queries or difficulties, or to process any claims for compensation. Finally, the data enables the proceeds from ticket sales to be distributed fairly among the companies and fare communities. These data processing operations are legally based on our legitimate interest.

When visiting our websites

Each time you visit our website, our hosting provider's servers temporarily record each session in a log file. The following technical data is then collected:

  • IP address of the requesting computer

  • Date and time of access

  • Internet page immediately preceding the connection and, if applicable, the keyword searched for

  • Name and URL of the accessed file

  • Searches carried out (timetables, rates, general site search function, products, etc.).

  • Operating system of your computer (provided by the user agent)

  • Browser used (provided by the user agent)

  • Type of device in case of access from a mobile phone

  • Transfer protocol used

The collection and processing of this data makes the system secure and reliable, allows us to carry out error and performance analyses, to produce internal statistics and to optimise our Internet offer. They also enable us to organise our website according to our target groups, i.e. to offer targeted content or information that may be of interest to you.

The IP address is also used to predefine the language of the website. In addition, it is analysed together with other data for information purposes and to combat attacks on the network infrastructure or other unlawful or abusive use of the website. If necessary, it is used for identification purposes in the context of criminal proceedings and in civil and criminal actions against the users concerned.

Finally, we use cookies as well as applications and help tools (based on the use of cookies). You can find further information on this subject in the sections of this data protection statement dealing with cookies and tracking tools.

Such data processing is based on our legitimate interest.

We cannot guarantee compliance with data protection provisions on external websites that can be accessed via a link on our website.

When using the contact form

You can use a form to contact us. In order to do so, you must provide the following personal data:

  • Name and surname

  • E-mail address

We use this data and other information provided on a voluntary basis (title, address, telephone number and company) only to respond to your request as best as possible. Your (optional) answer as to how you became aware of our offer is used for statistical purposes. As far as the legal basis is concerned, we justify this data processing by our legitimate interest or, if you contact us with the aim of concluding a contract, by the execution of the pre-contractual measures you ask us to carry out.


If you wish to receive the newsletter offered on the site, we require an e-mail address, as well as information enabling us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No other data is collected. We use this data exclusively for the purpose of sending the requested information and do not pass it on to third parties. The consent granted for the storage of data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the "unsubscribe" link in the newsletter.

When phone calling our railcenter

When you call our counters, you may be asked to provide us with personal data, such as :

  • Name and surname

  • Date of birth

  • Address

  • Phone number

  • E-mail address

We only use the data provided on a voluntary basis to respond to your request as best as possible. The subject of your request may be recorded for statistical purposes or to improve our services. As far as the legal basis is concerned, we justify such data processing by our legitimate interest or, if you contact us with the aim of concluding a contract, by the execution of the pre- contractual measures you request us to carry out.

When opening a customer SwissPass account

You have the possibility to create a customer account on In order to do so, we need you to provide us with the following information:

  • Name and surname

  • Date of birth

  • Address (street, postcode, town and country)

  • Customer number (if you already have a public transport season ticket)

  • E-mail address and password (login data)

Such data processing is necessary for the execution of the SwissPass user contract and is based on this legal basis. Further information on this subject can be found in the sections of this data protection declaration dealing with shared responsibility in the context of public transport and in the data protection declaration on

Data processing is based on your request and is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b of the GDPR for the purposes indicated for the execution of the contract and pre- contractual measures.

Forwarding of data to third parties (including data controllers and sub- contractors)

For the execution of the contract

We do not resell your data. Insofar as this is legally permitted in accordance with Art. 6, para. 1, 1st sentence, lit. b of the GDPR, and for the proper conduct of our contractual relationship with you, your personal data will only be passed on to selected service providers and only to the extent that it is indispensable for the provision of the service. These include IT support providers, subscription card issuers, transport service providers (e.g. Swiss Post), service providers responsible for the distribution of revenue to the participating transport companies (in particular in the context of establishing distribution keys within the meaning of the Passenger Transport Act), and our Internet service provider (see section on the use of websites).


We use cookies on our website. These are small files that your browser automatically creates and which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. A cookie does not always mean that we can identify you.

The use of cookies makes it possible to record the frequency of use, the number of users and behaviour on our site, to increase security during use of the site and to facilitate access to our content.

We also use temporary cookies that are stored on your device for a specific period of time to facilitate navigation on the site. If you visit our site again to take advantage of our services, it will automatically recognise that you have already visited it and which entries and settings you have entered, so that you do not need to enter them again.

Cookies required for the execution of the electronic communication process or for the provision of certain desired functions (e.g. the shopping basket function) will be stored on the basis of Art. 6, para. 1, lit. f of the GDPR.

You can configure your browser settings so that cookies are not stored on your computer. Disabling cookies completely may prevent you from using the full functionality of our website.

By continuing to use our website and/or by accepting this privacy policy, you agree that we store cookies and that personal usage data is collected, stored and used, even after the browser session has ended. You can revoke this consent at any time by activating the browser settings to refuse third-party cookies.

Tracking tools

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies (see Cookies). These enable an analysis of the use of our content by Google in the USA, including IP addresses. We would like to point out that Google Analytics has been extended on this website with the code "gat._anonymizeIp();" in order to ensure anonymous collection of IP addresses (IP masking). If anonymisation is active, Google truncates IP addresses in the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. It is therefore impossible to know your identity. Only in exceptional cases is the full IP address sent to a Google server in the US and then truncated on the spot. Google complies with the data protection provisions of the Swiss- USA Privacy Shield agreement and thus has an adequate level of data protection. Google uses the information we collect to evaluate the use of our websites, to compile reports and to provide other related services. Further information can be found, including information on how to deactivate Google Analytics at

Cookies from Google Analytics are stored in accordance with Art. 6 para. 1 lit. f of the GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our offer and the associated advertising.

Your rights

You have the following rights:

Access to information on the personal data we have processed about you. In particular, you may request information on the purposes of the processing, the nature of the personal data, the categories of recipients to whom your data have been disclosed, the period of retention provided for, the right to rectification, deletion, restriction of or opposition to processing, the existence of a right of complaint, the origin of your data if they have not been collected by us, as well as the existence of automated decision-making including profiling and, where appropriate, significant information on their details (art. 15 of the GDPR). In the case of a disproportionate investment, we reserve the right to require that you have proof of identity as well as the assumption of the actual costs in advance.

To quickly request the correction or completion of incorrect personal data stored with us (art. 16 of the GDPR).

To require the deletion of personal data that we keep about you, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (art. 17 of the GDPR).

To demand the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, that its processing is unlawful, that you object to its deletion and that we no longer need the data, but that you require it for the assertion, exercise or defence of legal claims or that you object to its processing in accordance with art. 21 of the RGPD (art. 18 of the GDPR).

To receive the personal data you have provided in a structured, common and machine-readable format or to request transmission to another responsible person (art. 20 of the GDPR).

To revoke your consent at any time once given. As a result, we are no longer entitled to continue processing data on the basis of this consent in the future (Art. 7, para. 3 of the GDPR). To lodge a complaint with a supervisory authority (art. 77 of the GDPR).

Right to appeal

If your personal data is processed on the basis of legitimate interests according to Art. 6 para. 1 lit. f of the GDPR, you have the right according to Art. 21 of the GDPR to object to the processing of your personal data, provided that this is due to your particular situation or if the objection is directed against direct mailing. In the latter case, you have a general right of recourse, which we implement without specifying any particular situation.

Data security

Your personal data will be transmitted by SSL encryption from this site to us. We protect our website with technical and organisational measures against unauthorised access.

Storage of data

We store personal data only for as long as necessary in order to use the above-mentioned tracking services within the scope of our legitimate interest. Contract data is stored for longer periods as this is required by statutory obligations governing data retention. Requirements obliging us to retain data arise from accounting and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents must be kept for up to 10 years. As and when we no longer need this data to perform our services for you, we will block the data. This means that the data may then be used only for accounting and for tax purposes.

Updating and Modification of this Privacy Policy

We reserve the right to change this privacy policy at any time or to adapt it to new processing methods.