Policies (S1-1)

Protecting the personal data of employees, customers and business partners is essential for us, as data protection is a fundamental right and forms one of the cornerstones of responsible and legally compliant action.

The term “employees” is to be understood in the sense that it is defined under data protection law. This means that applicants are also included, as the collection of data from the application onwards is already relevant from a data protection perspective.

DB Group’s data protection guidelines set out binding minimum standards for the processing of personal data throughout the Group. They apply to employees as well as customers and business partners and are intended to ensure that the personal rights of data subjects are protected. Further information on the data protection guidelines can be found under Policies (S4-1). in the “S4 Consumers and end-users” chapter. In addition, specific agreements regulate the handling of employee data.

The coordinated guidelines and agreements ensure the legally compliant, transparent and secure handling of employee data throughout DB Group.

• KBV on employee data protection: This KBV sets out principles for the processing of employees’ personal data –for example from HR systems, staff scheduling or payroll accounting – and defines requirements for transparency, authorization management and data security. The top level of a Group company is responsible for implementing the KBV.
• Group Spokesperson Committee Agreement (Konzernsprecherausschussvereinbarung; KSprAuV BDS): For executives, the KSprAuV BDS applies additionally. It is intended to ensure that their personal data is only processed for clearly defined, legitimate purposes, that the co-determination of the Group Spokesperson Committee for executives is strengthened and that a binding framework for the protection of this data is established. The highest organizational level of each Group company is responsible for implementing the KSprAuV BDS.
• Framework Group employer/works council agreement on the introduction and operation of procedures for processing employee personal data (Rahmenkonzernbetriebsvereinbarung; RKBV Beschäftigten-DV): This RKBV defines the Group-wide approval process for new or amended procedures. One special feature of DB Group is the involvement of data committees: the Group Data Committee is responsible for cross-company processes with Group-wide relevance, while company data committees ensure coordination at Group company level.