The DB Group aims to act in an ethical manner in all business transactions and in compliance with statutory provisions.
However, it is possible for situations to occur in which information about suspected white collar crime needs to be reported. The goal of DB Group’s whistleblowing management is to protect the company from damage resulting from corruption, restrictive practices and fraud.
DB Group therefore offers various channels for employees, business partners and customers to submit reports about suspected infringements. These are presented below.
Reports are treated with strict confidentiality as well as anonymously on request.
You have the option of calling whistleblowing management telephone number:
Phone: +49 (0) 30 297 62710
You can contact whistleblowing management by mail or e-mail:
Electronic whistleblowing system (BKMS)
The "BKMS" tool (Business Keeper Monitoring System) offers anonymous, web-based access for reporting tip-offs. It is available in fifteen languages).
Attorneys of Trust
Our Attorneys of Trust are available for non-committal preliminary talks on all questions that arise when there are grounds to suspected infringements.
Our lawyers are bound by professional discretion in their function. They are not allowed to forward any personal information without the explicit consent of the person who has contacted them.
Data protection information, effective from 25 May 2018
Who is my personal data collected and processed by?
Deutsche Bahn AG (hereinafter referred to as "DB"), Potsdamer Platz 2, 10785 Berlin, Germany, is the controller for compliance whistleblowing management and collects and processes your data in this regard. Whistleblowing management offers a secure, confidential way to receive and process reports about certain crimes and serious violations of the law related to economic ("white-collar") crime and corruption.
DB's data protection officer can be reached at email@example.com.
What data do you collect, and why and how do you process it?
DB treats personal data – personal information about natural persons, such as names and other communication and content data – confidentially. This personal data are solely used for the purpose of receiving and investigating information, in a secure and confidential manner. It concerns certain crimes and serious violations of the law related to economic ("white-collar") crime and corruption. If we ask for and receive your consent to perform processing operations on your personal data, your consent is considered, in accordance with point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), to give us the legal basis to perform such processing operations. In all other cases, the legal basis stems from point (f) of Article 6(1) of the GDPR: we process your personal data to protect our overriding legitimate interest in processing DB-related crimes and violations of the law and in protecting the DB Group and its employees from the potentially detrimental effects of such crimes and violations.
Do we share your data with other parties?
Only DB can consult personal data provided to the compliance whistleblowing management team by e-mail, by mail, by fax, by phone or in person. Access to your data is limited to a very small group of explicitly authorized, specially trained persons from DB's compliance organization. Depending on the information you report to us, and depending on the steps taken to investigate this information, a very limited number of additional authorized persons – such as, in particular, persons at DB's corporate security department, or persons in the compliance organization of a DB subsidiary or subsidiaries if for example the information relates to actions or occurrences at one or more subsidiaries – may be granted access to your data. Those DB subsidiaries may be headquartered outside the European Union or the European Economic Area.
Every person who is granted access to your data is required to treat the data as confidential. If the actions or occurrences you report are prosecuted under criminal law, it is possible that we will be required by law to share your data with the officials investigating the situation.
How long do we store your data?
We store your data only for as long as is necessary to fulfil the purpose for which the data was collected or as long we do need to comply with legal requirements. In every specific case, we use a set of criteria established as part of our data erasure policy to check whether and how long your data may be stored or archived before it is erased. At the latest, data will be erased six years after the case it relates to is closed.
What rights do data subjects have?
You, that means all whistleblowers and all persons named in the report(s), have the right of access to your personal data; the right to rectification, erasure and restriction of processing (blocking) of your personal data; and the right to object to the processing of your personal data.
You have the right, at any time within the applicable legal framework, to obtain information about the personal data which has been stored about you ("right of access"). You also have the right to have inaccurate personal data concerning you rectified; this includes having incomplete personal data completed, if applicable by means of a supplementary statement. You have the right under certain circumstances to have personal data which has been stored about you erased. If retention periods or other legal regulations preclude erasure, you have the right to have the processing of your data restricted instead (in other words, to have your data blocked), so that your data will only be accessible for the purposes of compliance with mandatory legal regulations. If you provide personal data to us and we process it by automated means on the basis of consent provided by you or on the basis of a contract to which you are party, you have the right to have the data transmitted to you or, if you so wish, to a third party specified by you. You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on our overriding legitimate interest or is necessary for the performance of a task carried out in the public interest.
If a person is accused of something by a whistleblower, we are generally required by law to inform that person that we have received information about them, as soon as doing so would not jeopardize our investigation into the information. We will not reveal the whistleblower's identity in such cases unless we are required to do so by law.
You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for DB is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstrasse 219, 10969 Berlin, Germany; e-mail: firstname.lastname@example.org. You also have the option of lodging a complaint with any other data protection supervisory authority in the European Union.
If the processing of your personal data is based on consent you have granted, you can withdraw this consent at any time in the same way you originally granted it.
To exercise your rights, it is also sufficient to send a letter or e-mail to the following address:
Deutsche Bahn AG (DB Group)
Compliance Whistleblowing Management
Potsdamer Platz 2