BKMS System
Deutsche Bahn AG
Cookies are disabled in your browser.
Please enable cookies to use the BKMS® System.
For more information about cookies, please click here.
In a case of emergency, please call +49 30 297 1066.

Working together against corruption and white-collar crimes

Help us fight corruption and white-collar crimes. Every report of possible crimes is important and helps to prevent losses. With your support, we can effectively safeguard the dependability and integrity of our group, thereby also ensuring our success.

In order to guarantee accessibility to every employee of our group as well as our business partners and customers regardless of time or place, this electronic whistleblower system was installed as a supplement to the existing reporting channels, such as via DB Group Compliance or the attorney of trust. Here, you can report situations with inclusion of your name or on an anonymous basis.

We have established this whistleblower system for reporting on topics that are especially concerned with corruption and white-collar crimes. Reports that refer to topics outside of these categories will not be further pursued via this system.

This whistleblower system may not be used to knowingly submit false or slanderous statements or information. Reports that denounce other persons or defame them against better judgement can give rise to consequences under civil or criminal law.

We would like to expressly encourage you to include your name when submitting your report. Whether you do so or not, we ask that you establish a secured postbox. This simplifies your communication with us. Your reports will be handled strictly confidentially.

You can find additional information in this regard on this page under "Data protection information".

If you would like to send your first report, please click here:
If you have already set up a postbox, you may login here:
  • Why should I submit a report?

    The relationship of trust that exists between our company and our customers, and our employees, is our most important asset. We want to set standards in everything we do. Standards for competency, performance and service – but also for running our business on an ethical basis. This includes above all the compliance with statutory regulations.

    Maybe you are aware of harmful acts that are endangering our company. And maybe you are also hesitant to pass on this information personally.

    We want to effectively protect your identity as a whistleblower. The whistleblower communications channel is protected by the latest technologies and can be used for submitting completely anonymous or personalized reports.
    You alone decide if you want to remain anonymous or not!

  • What kinds of reports can I submit?

    Information regarding white-collar crime and corruption will be submitted using a structured format consisting of separate questions and spaces for you to describe the misconduct you are reporting. You report will be received and handled by the Deutsche Bahn AG Compliance Department. You will receive feedback from a Compliance Department specialist regarding the report you submitted (please see items 3 and 4 in the next section “How will my report be processed?” and the section entitled “How can I receive feedback and still remain anonymous?” for more information on this).

    You will find detailed information about white-collar crime and corruption in the 2nd step of the reporting form. We would also be happy to take your call at +49 30 297 62710.

  • How will my report be processed? What is a postbox and how do I open one?

    To submit an anonymous or personalized report start by clicking the “Submit Report“ button located on the top left side of our information page.

    The reporting process consists of four steps:

    1. First, read the informational section about protecting your identity. This section also includes a security questionnaire.
    2. Second, you will be asked to describe the key facts of your report on the following page.
    3. On the Report Page you will be asked to use your own words to describe the incident you are reporting – using no more than 4,096 letters, or a fully completed DIN A4 sheet of paper – and to answer specific questions. You may also submit smaller files of up to 2MB to support your report. Please remember that documents can contain information about their author. After you have submitted your report it will be given a case number as proof that you submitted this specific report to Deutsche Bahn AG.
    4. Finally, you will be asked to set up your own anonymous post box. This post box will be used to communicate with you, answer your questions and keep you posted on the status of your report.

    Once you have established an anonymous post box you will be able to access it via the "Login" button. Prior to opening your postbox you will have to complete a security procedure to ensure that only the authorized person – you – has access.

    The electronic BKMS® Whistleblower System’s technology will maintain your anonymity as long as you do not submit any information that contains your personal identity.

  • How can I receive feedback and still remain anonymous?

    The uppermost purpose of the BKMS® System that is used is to protect the whistleblower’s identity. The system’s anonymity protection function is certified. You select your own personal pseudonym and codeword that you use to establish your post box. Encryption and other special security procedures are employed by the system to ensure that your anonymous submission of information remains anonymous at all times.

    The BKMS® System’s technology will maintain your anonymity as long as you do not submit any information that contains your personal identity.

    You can additionally ensure your anonymity by following the privacy policy on the following page of the BKMS® System.

    Compliance Department specialists will contact you via your postbox to provide feedback or to ask you further questions if certain details need to be clarified - you will remain completely anonymous even during these exchanges.

  • Data protection information
    Controller/contactData collection: purpose and legal basisSharing of dataData erasureRights of data subjects

    Who is my personal data collected and processed by?

    Deutsche Bahn AG, Potsdamer Platz 2, 10785 Berlin, Germany (hereinafter referred to as "DB"), is the controller for its whistleblowing system and collects and processes your data in this regard. The DB whistleblowing system is operated on behalf of DB by Business Keeper AG, Bayreuther Str. 35, 10789 Berlin, Germany. It offers a secure, confidential way to receive and process reports about certain crimes and serious violations of the law that are related to the DB Group.

    DB's data protection officer can be reached at konzerndatenschutz@deutschebahn.com.

    What data do you collect, and why and how do you process it?

    Personal data – personal information about natural persons – that is entered into DB’s whistleblowing system is stored in an encrypted, password-protected form in a database which is operated by Business Keeper AG on DB's behalf. It is stored at a data center on a high-security level in Germany.

    DB treats personal data (such as names and other communication and content data) confidentially. T Personal data are solely used for the purpose of receiving and processing information in a secure and confidential manner. It concerns certain crimes and serious violations of the law, such as economic ("white-collar") crime, corruption, human rights violations and data protection violations. If we ask for and receive your consent to perform processing operations on your personal data, your consent is considered, in accordance with point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), to give us the legal basis to perform such processing operations. In all other cases, the legal basis stems from point (f) of Article 6(1) of the GDPR: we process your personal data to protect our overriding legitimate interest in addressing DB-related crimes and violations of the law and in protecting the DB Group and its employees from the potentially detrimental effects of such crimes and violations.

    Do we share your data with other parties?

    Only DB can consult your data. Access to your data is limited - based on the specifics of what your report pertains to and depending on the specialized competence- to a very small group of explicitly authorized, specially trained persons from DB's compliance organization, corporate privacy department, procurement organization or HR organization. Depending on the information contained in your report, and depending on the steps taken to investigate this information, a very limited number of additional authorized persons – in particular persons at DB's corporate security department or persons in the compliance organization of a DB subsidiary or subsidiaries if for example the information relates to actions or occurrences at one or more subsidiaries – may be granted access to your data. Those DB subsidiaries may be headquartered outside the European Union or the European Economic Area.

    Every person who is granted access to your data is required to treat the data as confidential. If the actions or occurrences you reported are prosecuted under criminal law, it is possible that we will be required by law to share your data with the officials investigating the situation.

    How long do we store your data?

    We store your data only for as long as it is necessary to fulfil the purpose for which the data was collected or as long we do need to comply with legal requirements. In every specific case, we use a set of criteria established as part of our data erasure policy to check whether and how long your data may be stored or archived before it is erased. At the latest, data will be erased six years after the case it relates to is closed.

    What rights do users of the DB whistleblowing system have?

    As a whistleblower you have the right of access to your personal data; the right to rectification, erasure and restriction of processing (blocking) of your personal data; and the right to object to the processing of your personal data. Equally rights have the person(s) named in the report(s) you submit in regards to their own personal data.

    You have the right, at any time within the applicable legal framework, to obtain information about the personal data which has been stored about you ("right of access"). You also have the right to have inaccurate personal data concerning you rectified; this includes having incomplete personal data completed, if applicable by means of a supplementary statement. You have the right under certain circumstances to have personal data, which has been stored about you, erased. If retention periods or other legal regulations preclude erasure, you have the right to have the processing of your data restricted instead (in other words, to have your data blocked), so that your data will only be accessible for the purposes of compliance with mandatory legal regulations. If you provide personal data to us and we process it by automated means on the basis of consent provided by you or on the basis of a contract to which you are party, you have the right to have the data transmitted to you or, if you so wish, to a third party specified by you. You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on our overriding legitimate interest or is necessary for the performance of a task carried out in the public interest.

    If a person is accused of something in a report submitted by a whistleblower, we are generally required by law to inform that person that we have received information about them, as soon as doing so would not jeopardize our investigation into the information. We will not reveal your identity as the whistleblower in such cases unless we are required to do so by law.

    You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for DB is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany; e-mail: mailbox@datenschutz-berlin.de. You also have the option of lodging a complaint with any other data protection supervisory authority in the European Union.

    If the processing of your personal data is based on consent you have granted, you can withdraw this consent at any time in the same way you originally granted it. If you have a postbox in the DB whistleblowing system, you can use it to let us know you are withdrawing your consent. You can also submit a new report in which you withdraw your consent (make sure that your new report includes the reference number of the report in which you originally granted your consent). Any processing of your personal data that took place from the time at which you granted your consent to the time at which you withdrew it will still be considered to have been lawful.

    To exercise your rights, it is also sufficient to send a letter or e-mail to the following address:

    Deutsche Bahn AG
    Compliance Hinweismanagement
    Potsdamer Platz 2
    10785 Berlin
    Germany

    compliance.hinweismanagement@deutschebahn.com