Data protection declaration – intranet app

Protecting the security and privacy of your personal data is important to us. To reflect this, Knorr-Bremse processes your data in accordance with the provisions of the European General Data Protection Regulations (GDPR) and further applicable laws concerning protection of personal data and data security.

The following information applies to our Intranet App (hereinafter "App"). They are designed to give you an overview of what personal data we collect in the app, why we collect the data and how we use it. We also inform you of your rights against us in connection with your personal data.

1. Who is responsible for your personal data?

Responsibility under data protection law lies with

Knorr-Bremse AG
Moosacher Str. 80
80809 Munich, Germany
Tel.: +49 89 3547-0

Contact details for Data Protection Officer

Knorr-Bremse Group Data Protection Officer
Moosacher Str. 80
80809 Munich, Germany

1.1 What are the purposes and legal basis of processing your personal data?

1.2 Login and use of the app

1.2.1 The app enables you to access the full scope of content on the Knorr-Bremse Intranet and view this content on your device.

1.2.2 When you log in, we use your access data (employee ID and date you joined the company) to provide your access to the app. If you do not supply this data, you will not be able to log in or access the Intranet in the app. The data is not processed in text form, but is pseudonymized ("hashed") and matched with a comparable hash value.

1.2.3 We also automatically process the following personal data:

• Device ID
• Session ID
• User ID
• IP address
• Information about your operating system
• App version number
• Device model
• Time of access
• Auth token
• Local user settings

This information is automatically transmitted to us (but not stored) in order to

• provide you with the app and its associated functions
• improve the functions and features of the app, and
• avoid and remedy abuse or malfunctions.

1.2.4 The lawful basis is our legitimate interest in guaranteeing the functionality and fault-free operation of the app in order to provide a service in line with the market and our users' interests. (Art. Art. 6 (1) 1 lit. f GDPR).

1.3 Comments and ratings

You have the option of posting comments and ratings on selected articles. A unique ID is generated for each comment or rating, which is stored exclusively in the app on your device.

You can post comments without needing to enter personal data. However, by adding your name to a comment you automatically consent to our storage of your personal data and to your data being accessible to other app users when your comment is published (Art. Art. 6 (1) 1 lit. a GDPR).

1.4 Information about new Intranet articles

The app automatically asks for your consent to send you push messages to inform you when new Intranet articles are posted. You can also grant or withdraw this consent at any time, including later, by changing your device settings.

To send you push messages, we use the following personal data:

• Device ID
• Push token

The lawful basis for this processing is your consent as per Art. 6 (1) 1 lit. a GDPR.

2. Recipients of your data / third country transfers

2.1 We use IT and support service providers to provide you with the app. These providers are carefully selected by us and have the function of contract data processing operatives.

2.2 All processing of your personal data takes place exclusively within the territory of a member state of the European Union or in a further signatory country to the Agreement on the European Economic Area. Transfer of your personal data to a third country or access thereto from a third country only occurs where the special provisions set forth in Art. 44 ff GDPR are fulfilled (e.g. by agreement of standard contractual clauses or where the recipient is EU-US Privacy Shield certified.

3. Duration of data storage

We erase your data, taking statutory retention periods into consideration, as soon as the data is no longer required for the specific purpose for which it was collected. Data stored in the app on your device is erased when you delete the app from your device. The hash values generated during login are deleted at the latest when you leave the company.

4. Your Rights

Assuming fulfillment of the statutory preconditions, you have the following rights:

• The right to receive information about your own personal data,
• The right to require rectification or completion of incorrect or incomplete personal data,
• The right to require erasure of your personal data,
• The right to require restriction of processing of your personal data,
• The right to require transmission of your personal data within the scope of statutory provisions,
• The right to object to processing of your personal data.

Where your consent forms the basis of our processing of your personal data, you can withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing completed on the basis of consent which was granted prior to its subsequent withdrawal.

If you have any questions concerning data privacy or wish to exercise your rights, please contact Knorr-Bremse Data Privacy at

We take your inquiries and concerns very seriously and strive to meet your wishes at all times. However, you also have the right to file an objection with the responsible data privacy authority. In Bavaria, the responsible data privacy authority is the Bayerische Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Data Protection Authority), Promenade 27, 91522 Ansbach, Germany.

As at: April 2020

Language Versions

[PDF, 527.3 KB]

[PDF, 522.8 KB]

[PDF, 522.8 KB]

[PDF, 521.2 KB]

[PDF, 524.8 KB]

[PDF, 525.7 KB]

[PDF, 525.6 KB]

[PDF, 527.5 KB]

[PDF, 916.2 KB]