Personal data protection

Information on the processing of personal data.

Wich data are collected on

This privacy policy applies to:

Via C. Pellandini 2
6500 Bellinzona

This data protection declaration provides you with information about which of your data we process, why we require these data, and how you can object to the collection of data.

We manage the data based on trust.

Protecting personality and privacy is a major concern for us. We guarantee that we will process your personal data in accordance with the applicable provisions of data protection law.

Personal data are only processed according to the following basic principles:

You decide yourself how your personal data are to be processed.

Within the legal framework, you can at any time refuse data processing, revoke your consent to it, or have your data deleted.

We offer you added value by processing your data.

We use your personal data to offer you added value (e.g. bespoke offers, information and support). Your data are used only in relation to the development, provision, optimisation, and assessment of our services or for customer support purposes.

Your data are not sold.

Your data are only disclosed to selected third parties specified in this privacy policy and only for the purposes specifically indicated. If we commission third parties to carry out data processing, they will be required to comply with our data protection standards.

We guarantee the security and protection of your data.

We undertake to handle your data with care and to guarantee their security and protection. We ensure this by adopting the necessary technical and organisational precautions. 

Below you will find detailed information on how we handle your data.

Who is responsible for data processing?

TILO is responsible for the processing of personal data. If you have any questions or suggestions regarding data protection, please contact us at any time by mail at:

6500 Bellinzona

or per e-mail: [email protected]

Why do we collect personal data?

We know how important it is to you that your personal data are handled carefully. Data are only ever processed for specific purposes. This could be out of technical necessity or due to contractual requirements, legal provisions, overriding interest, i.e. for legitimate reasons, or if you have granted your express consent. We collect, store and process personal data where necessary. This includes for the purposes of managing customer relationships, preparing information on and marketing our products and services, assisting with technical issues and evaluation and further developing products and services.

What data are processed and what are they used for?

Using the website:

When you visit our website, our servers temporarily store each access in a log file. The following technical data are collected in the process and stored until it is automatically deleted after fourteen months at the latest:

  • IP address of the computer requesting access
  • The date and time of access
  • The website from which our website is being accessed, including the search term where applicable
  • The name and URL of the file being requested
  • Any search queries performed (timetable, webpage’s general search functions, products, etc.)
  • The operating system on your computer (provided by the user agent)
  • The browser you are using (provided by the user agent)
  • The type of device when accessed via mobile phone
  • The transmission protocol being used

These data are processed and collected for the purposes of system security and stability and for analysing errors and performance as well as for internal statistical purposes. It enables us to optimise our website.

The IP address is also used to preset the language of the website. Furthermore, it is analysed together with other data when there is an attempt to access the network infrastructure or in the event of other unauthorised or improper use of our websites for information and defence purposes and, where applicable, is used for the purposes of identification during criminal proceedings and in civil and criminal procedures against the data subject.

Finally, when you visit our websites, we use cookies and other applications and tools which are based on cookies. You can find further details in the cookie guidelines.

Within the scope of the applicability of the EU General Data Protection Regulation (GDPR), the legal basis for this data processing is our legitimate interest.

We do not accept any guarantee for compliance with data protection regulations for external websites that are linked to our webpages.

Using a contact form:

You have the option of using a contact form to get in touch with us. The following mandatory personal data must be provided when completing the form:

  • Surname and first name
  • E-mail address

We use these data and other freely given data (such as title, address, telephone number and company) only for the purpose of answering your contact request in a personalised manner.

Within the scope of the applicability of the EU General Data Protection Regulation (GDPR), the legal basis for this data processing is our legitimate interest and our legal requirement for the purpose of fulfilling the contract.

Use of a contact form to submit an application:

When a contact form is filled in to send an application, the following mandatory personal data must be provided:

  • First name and surname
  • Date of birth
  • Nationality
  • E-mail address
  • Mobile phone
  • Home address

These data will only be seen and used by the staff responsible for the recruitment process and treated with the utmost confidentiality. At the end of the application process, the data will be deleted after a period of six months.

How long will your data be stored for?

We only store personal data for as long as this is required,

  • to provide services you have requested or consented to, to the extent set out in this privacy notice.
  • to use the tracking services mentioned in this privacy policy within the scope of our legitimate interest.

Where are data saved?

In principle, data are stored in databases in Switzerland. However, in certain cases listed in this privacy policy, data are also transferred to third parties whose registered office is outside Switzerland, however, always within the European Union and thus in full compliance with the EU GDPR.

What are the rights in relation to personal data?

You are granted the following rights in connection with personal data:

  • You can request information on your saved data.
  • You can request correction, supplementation, blocking or deletion of your data. If legal impediments prevent deletion, the data will be blocked (e.g. due to legally prescribed retention obligations).
  • You can object to the use of data for marketing purposes.
  • You can withdraw consent at any time with effect in the future.
  • You can request data portability.

To exercise the above rights, simply send a letter by post to:


Via C. Pellandini 2
6500 Bellinzona

or via e-mail to: [email protected]

You also have the right to file a complaint at any time with a data protection authority.

Are personal data passed on to third parties?

We do not resell personal data. A transmission of personal data therefore takes place only to selected service providers and only to the extent necessary for the provision of the service. This is the case with IT service providers, hosting providers (see the section “Using the website”) and the providers mentioned in the sections on “Tracking tools” and “Social plug-ins”. With regard to service providers based abroad, please also consider the information contained in the “Where are data stored” section.

Furthermore, transmission of personal data may take place if we are required to do so by a legal obligation or if this is necessary for the exercise of our rights, in particular the assertion of requests arising from the relationship with the user.

The legal basis for the data processing activities mentioned here is our legitimate interest.

Personal data will not be disclosed to other third parties outside of public transport.

How are the tracking tools used?

To ensure a needs-oriented design and continuous optimisation of our Internet pages, we use the web analysis tool Matomo. For the data processing activities described below, the legal basis is our legitimate interest.

Tracking on Internet pages:

In relation to our Internet pages, pseudonymised usage profiles are created and short text files (“cookies”) stored on the user’s computer are used (see “What are cookies and when are they used?”). The information generated by the cookies on the use of Internet pages is transmitted to the servers of the aforementioned service providers, where they are saved and processed on our behalf. In addition to the data indicated above (see “What data are processed when using our Internet pages?”), we thus obtain the following information:

  • Navigation path followed by the visitor on the Internet page
  • Length of stay on the page or sub-page
  • Internet exit subpage
  • Country, region or city from which access takes place
  • Terminal (type, version, colour depth, resolution, width and height of the browser window)
  • Recurring or new visitor
  • Browser type / browser version
  • Operating system used
  • Referral URL (the previously visited page)
  • Host name of the accessing computer (IP address)
  • Time of the server query

The information is used to analyse the use of the Internet pages.

Below is more information about our tracking tools:

Matomo Analytics

Our website uses Matomo Analytics, a web analytics service provided by InnoCraft Ltd. having its registered office at 7 Waterloo Quay, PO625, 6140 Wellington. As the registered office is outside the European Union, InnoCraft has appointed a representative within the EU: ePrivacy Holding GmbH, Grosse Bleichen 21, 20354 Hamburg, Germany.

Matomo Analytics uses methods that enable an analysis of the use of the website, such as cookies (see below “What are cookies and when are they used?”). The information generated by a cookie about your use of this website, as listed above, is transmitted to the Matomo servers in Germany and Ireland in full compliance with the EU GDPR.

The information is used for the purpose of evaluating the use of the Internet page, compiling reports on the activities on the Internet page and providing other services associated with the use of the Internet page This information is also transmitted to third parties where this is required by law or where such third parties are in charge of processing the aforementioned information.


What are cookies and when are they used?

In certain cases, we use cookies. Cookies are short text files that are saved on the user’s computer or mobile device when visiting or using the Internet pages. Cookies record certain browser settings and the data exchanged with the Internet page via the browser. In the event of activation, the cookie can be assigned an identification number that allows the user’s browser to be identified and the data contained in the cookie to be used. TILO uses the OneTrust tool to manage cookie permissions. See the cookie policy for more information.

Data security

We employ suitable technical and organisational security measures to protect the personal data we store from improper use, partial or total loss and unauthorised access by third parties. Our security measures are continuously updated in line with technological progress.

We also take data protection within TILO very seriously. Our staff and the external service providers working on our behalf are committed to maintain confidentiality and to comply with data protection provisions.

We will take appropriate security measures to protect data. However, the transmission of information over the Internet and other electronic means always carries certain risks, so that no guarantee can be given as regards the security of information transmitted in this way.

Last update: July 2023