Data Protection Note


1.    Data Protection Note

Thank you for visiting the websites and mobile applications (also referred to jointly as the "online service") of Robert Bosch Power Tools GmbH (hereinafter referred to as "Bosch Power Tools" or "we" or "us") and for your interest in our company and products.


2.    Bosch Power Tools respects your privacy

For us, the protection of your privacy during the processing of personal data and the security of all business data are important matters which we take into account in our business processes. We process the personal data that is collected when you visit our online service confidentially and strictly in accordance with statutory regulations.


3.    Controller

The controller responsible for processing your data is Bosch Power Tools; any exceptions are clearly indicated in this Data Protection Note.

Our contact details are as follows: Robert Bosch Power Tools GmbH, Max-Lang-Straße 40-46, 70771 Leinfelden-Echterdingen, Germany kontakt@bosch.de.


4.    Collection, processing and use of personal data

4.1 Categories of processed data

We process the following categories of data:
•    Communication data (e.g. name, telephone number, e-mail, address, IP address)
•    Contract master data (contractual relationship, product or contractual interests)
•    Customer history
•    Planning and management data
•    Transaction data

4.2  Basic principles

Personal data is all information that relates to an identified or identifiable natural person, for example names, addresses, telephone numbers, e-mail addresses and contractual, accounting and billing information, that expresses an individual's identity.

We only collect, process and use personal data (including IP addresses) if there is a legal basis to do so or you have granted us your consent to do so, for example during registration.

4.3 We, and the service providers we engage, process your personal data for the following purposes:

– Provision of this online service
(Legal basis: Performance of the contract).

– Identification of defects and for security reasons
(Legal bases: To fulfil our legal obligations regarding data security, and our legitimate interest in eliminating defects and ensuring the security of our services).

– Self-promotion and third-party promotion, as well as market research and reach analysis to the legally permitted extent or on the basis of consent
(Legal basis: Consent/our legitimate interest in direct marketing provided it complies with data protection and competition regulations).

– Product and/or customer surveys by e-mail and/or telephone, provided you have expressly opted into them
(Legal basis: Consent).
NB: If we engage a market research institute to conduct surveys, it will act solely on our behalf and in accordance with our instructions.

– Competitions or discount campaigns in accordance with the respective terms and conditions for competitions or discount campaigns
(Legal basis: Performance of the contract).

– Sending a newsletter with the recipient's consent by e-mail or text message/MMS
(Legal basis: Consent).

– Safeguarding and defending our rights
(Legal basis: Our legitimate interest in asserting and defending our rights).

4.4 Registration

If you would like to use services that require a contract to be entered into, we will ask you to register. During the registration process, we will collect the personal data required in order to establish and perform the contract (e.g. first name, last name, date of birth, e-mail address, information (if applicable) about the preferred method of payment or concerning the account holder) and, if applicable, further data on a voluntary basis. Mandatory information is marked with a *.

4.5 Log files

Every time you use the Internet, your web browser automatically transfers certain information, which we store in "log files".

We store the log files for 30 days in order to identify defects and for security reasons (e.g. for information on hacking attempts), and then delete them. Log files that need to be stored for a longer period for evidence purposes are not deleted until the incident in question has been fully clarified and may be passed on to investigation authorities in individual cases.

Log files (without an IP address or with a partial IP address) are also used for analysis purposes; see the "Web analysis" section. The following information in particular is stored in log files:
– IP address (Internet protocol address) of the device from which the online service is accessed;
– Internet address of the website from which the online service is accessed (referrer URL);
– Name of the service provider via which the online service is accessed;
– Name of the files or information retrieved;
– Date, time and duration of the visit;
– Data volume transferred;
– Operating system and information about the web browser used including any add-ons installed (e.g. for Flash Player);
– Http status code (e.g. "request successful" or "requested file not found").

4.6 Children

This online service is not suitable for children under the age of 16.

4.7 Forwarding data to other controllers

We will only ever pass on your personal data to other controllers if this is necessary in order to perform the contract, if we or the third party have/has a legitimate interest in passing on the data, or if you have granted your consent to this. Details about the legal bases are provided in the "Processing purposes and legal bases" section. Third parties may also be other companies in the Bosch Group. Passing on data to third parties on the basis of a legitimate interest is explained in this Data Protection Note.

In addition, data can be passed on to other controllers if we are obliged to do so on the basis of legal provisions or enforceable official or judicial orders.

4.8 Service providers (general)

We commission external service providers to perform tasks such as data hosting. We have selected these service providers with care and monitor them on a regular basis, particularly with regard to the careful handling and safeguarding of the data they store. All the service providers are required by us to maintain confidentiality and comply with statutory requirements. Service providers may also be other companies in the Bosch Group.

4.9 Duration of storage; retention periods

We store your data for as long as necessary to provide our online services and the services associated with them, or for as long as we have a legitimate interest in storing it further (e.g. we may still have a legitimate interest in postal marketing even after the contract has been performed). In all other cases, we delete your personal data, with the exception of the data we are obliged to store for longer in order to fulfil legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a specific period of time due to fiscal and commercial retention period regulations).


5.    Competitions or discount campaigns

If you participate in a competition or discount campaign held by us, we will use your data to notify you about the winner and for the purpose of advertising our products to the legally admissible extent or if you have consented to this. You can find detailed information about competitions and discount campaigns in the associated terms and conditions of participation.


6. Use of cookies

Cookies and tracking mechanisms may be used in the context of providing our website. Cookies are small text files that may be stored on your end device when you visit a website. Tracking is made possible by various different technologies. We process information using pixel technology and log file analysis in particular.

6.1 Categories

We distinguish between cookies that are essential in order to enable use of a website and its features, and cookies and tracking mechanisms that are not strictly necessary to the functioning of a website.

Websites can still generally be used without cookies that are not strictly necessary.

6.1.1 Strictly necessary cookies

Strictly necessary cookies are cookies without which the functions and features of the website cannot be provided. These include, for example, cookies that store information in order to guarantee flawless playback of video or audio content.

These cookies are deleted when you leave the website.

6.1.2 Cookies and tracking mechanisms that are not strictly necessary

We only use these cookies and tracking mechanisms with your prior consent. These cookies and tracking mechanisms can be divided into two sub-categories:

6.2 Functionality cookies

These cookies facilitate navigation and make it easier for you to use our website. An example of such cookies are ones that remember your language setting.

6.3 Marketing cookies and tracking mechanisms

General

Targeting/advertising cookies and tracking mechanisms collect information about your browsing habits, analysis of which makes it possible for us and our partners to show you adverts that are more relevant to your interests:

-Statistics:

We use statistics tools to measure behaviour, such as the number of pages you view.

- Conversion tracking:

Our conversion tracking partners place a cookie on your PC (conversion cookie) if you have been redirected to our website by clicking on an advert published by the partner in question. These cookies normally expire after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and the relevant conversion tracking partner can detect that a particular user clicked on the advert and was consequently redirected to our site. The information collected using conversion cookies enables conversion statistics to be produced, as well as the total number of users who clicked on the advert in question and were redirected to a page with a conversion tracking tag to be ascertained.

- Social plugins:

Some pages of our website incorporate content and services from other providers (e.g. YouTube, Facebook, Google, Twitter) who, in turn, may use cookies and active components. You can find more information about social plugins in the Social plugins section.

- Retargeting:

These tools create usage profiles using advertising cookies, third-party advertising cookies, "web beacons" (invisible graphics also known as pixels or tracking pixels) or similar technologies. These usage profiles are used to show users advertising that is relevant to their interests and to control the frequency with which users see particular adverts. The controller responsible for processing data in connection with these tools is the respective provider. The providers of the tools may also forward information to third parties for the purposes listed above. Please refer to the relevant provider's privacy policy for details in this regard.

Please be aware that these tools may transfer your data to recipients outside the EEA, to countries where the standards of data protection are not comparable to those of the GDPR (e.g. the USA). You can find more detailed information about this in the following descriptions of the individual marketing tools.

Name: WebTrends

Provider: WebTrends Inc., 851 SW 6th Ave., Suite 1600, Portland Oregon 97206, USA

Purpose: Analysing browsing habits (page views, number of visitors and visits, downloads)

 

Name: Monetate

Provider: Monetate Inc., 100 Crosby Street #402, New York, NY 10012, USA

Purpose: Cookies can track how users browse across multiple pages; usability testing

 

Name: Tealium

Provider: Tealium Inc., 11095 Torreyana Road San Diego, CA 92121, USA

Purpose: Segmenting and profiling in real time; tag management

 

Name: Google Analytics

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Purpose: Analysing browsing habits (page views, number of visitors and visits, downloads), usability testing

6.4 Managing cookies and tracking mechanisms

You can manage your cookie and tracking-mechanism settings in your browser and/or in our privacy settings:

Please be aware that the settings you configure will only apply to that particular browser.

6.4.1 Disabling all cookies

If you would like to disable all cookies, you can do so in your browser settings. Please be aware that doing this may affect the functionality of the website.

 

6.4.2 Managing your settings for tracking mechanisms and cookies that are not strictly necessary

When you visit our website, a cookie layer will appear and ask for your consent to us processing your personal data when using cookies on this site in accordance with the privacy notices issued.

You can withdraw your consent (if given) with future effect or grant your consent at a later date in our privacy settings at any time.


7.   Social plugins

In our online service, we use "social plugins" of various social networks; these are described individually in this section.

When plugins are used, your web browser establishes a direct link to the servers of the social network in question. This tells the provider in question that your web browser has accessed the relevant page of our online service, even if you do not have a user account with that provider or are not currently logged in to this account. Your web browser transfers log files (including the IP address) directly to a server of the provider in question, and they are stored there if applicable. The provider or its server may be located outside the EU or EEA (e.g. in the USA).

The plugins are independent extensions of the social network providers. Therefore we have no influence over the extent of data collected and stored by social network providers via the plugins.

Please refer to the relevant social network's data protection notice for information about the purpose and scope of the collection, further processing and use of data by the social network, as well as your associated rights and the settings options for protecting your privacy.

If you do not want the social network providers to obtain data about this online service or to store or re-use it, you should not use the plugins.

7.1 Facebook plugins

Facebook (www.facebook.com) is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and www.facebook.de is operated by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, ("Facebook"). You can find an overview of Facebook plugins and what they look like here: http://developers.facebook.com/plugins; you can find information about data protection at Facebook here: http://www.facebook.com/policy.php.

7.2 Twitter plugins

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). You can find an overview of Twitter plugins and what they look like here: https://twitter.com/about/resources/buttons; you can find information about data protection at Twitter here: https://twitter.com/privacy.

7.3 Google+ plugins

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). You can find an overview of Google+ plugins and what they look like here: https://developers.google.com/+/plugins; you can find information about data protection at Google+ here: http://www.google.com/intl/de/+/policy/+1button.html.


 

8.    Newsletter with subscription; right to withdrawal

As part of our online service, you can subscribe to our newsletter. For this we use what is known as a double opt-in process, whereby we will send you a newsletter by e-mail, mobile messaging service (e.g. WhatsApp), text message or push notification only if you have explicitly confirmed in advance, by clicking a link in a notification, that the newsletter service is to be activated.
Should you later decide that you do not want to receive newsletters, you can cancel the subscription at any time by withdrawing your consent. You can unsubscribe from e-mail newsletters by clicking on the link in the newsletter or by changing the administration settings of the online service in question. Alternatively, please contact us using one of the methods indicated in the Contact section.


9.    Communities

We offer the option of becoming a member of one of our BOB Communities. In these Communities, you can register, create a user profile and communicate with other members. We will only use the data you have generated there for the relevant marketing, market research and customer service purposes that you agree to in your declaration of consent. You can withdraw your consent at any time. by using the link in the Communities. Alternatively, please contact us using one of the methods indicated in the Contact section.
In the input screen for the Community in question, you have the option to select whether individual details of your user profile are to be published to all members of the Community or only to your "Community friends", or whether they are to be kept private.
All other data that you generate in the Communities, e.g. by posting comments or images, will automatically become publicly accessible and will be linked to your user profile.


10.    External links

Our online service may contain links to third-party websites, i.e. providers not affiliated with us. After you have clicked the link, we have no further control over the collection, processing and use of any of the personal data (such as IP address or URL of the page containing the link) transmitted to the third party when the link is clicked, since the conduct of third parties is clearly beyond our control. We accept no responsibility for the processing of this personal data by third parties.


11.    Security

Our employees and the service providers we commission are committed to maintaining confidentiality and complying with the provisions of the applicable data protection laws.
We take all necessary technical and organisational measures to guarantee an adequate level of protection and to protect your data that is managed by us, particularly against risks from unintentional or unlawful destruction, manipulation, loss, alteration or unauthorised disclosure or access. Our security measures are constantly being improved in line with technological developments.


12.    User rights

To exercise your rights, please use the details in the Contact section. When doing so, please ensure that we can clearly identify you.

Right to information and right of access by the data subject:
You have the right to receive information from us about the processing of your data. In this respect, you can exercise your right to obtain information about the personal data concerning you that we process.


Right to rectification and erasure:
You can demand that we rectify incorrect data and – provided the legal requirements are met – complete or erase your data.
This does not apply to data that is required for invoicing and accounting purposes, or that is subject to the statutory retention obligation. If access to such data is not required, any processing of it will, however, be restricted (see below).

Restriction of processing:
Provided the legal requirements are met, you can demand that we restrict the processing of your data.
Data portability:
You also have the right to receive data, which you have provided to us, in a structured, commonly used and machine-readable format and, where technically possible, have the right to transmit that data to a third party.

Objection to data processing:
You also have the right to object at any time to data processing by us if the data processing is based on a legitimate interest. We will then stop processing your data unless we can demonstrate – in accordance with legal requirements – compelling legitimate grounds for the processing that override your rights.

Objection to direct marketing:
In addition, you can object at any time to the processing of your personal data for marketing purposes ("objection to marketing"). Please note that, for organisational reasons, there may be an overlap between the submission of your objection and the use of your data during a campaign that is already ongoing.

Objection to data processing where the legal basis is a legitimate interest:
You also have the right to object at any time to data processing by us if the data processing is based on a legitimate interest. We will then stop processing your data unless we can demonstrate – in accordance with legal requirements – compelling legitimate grounds for the processing that override your rights.

Withdrawal of consent:
If you have given us your consent to process your data, you can withdraw it at any time with effect for the future. This will not affect the lawfulness of processing before the withdrawal.


12.1 Right to lodge a complaint with the supervisory authority:
You have the right to lodge a complaint with a data protection authority. To this end, you can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us. This is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit

Address:
Königstrasse 10a
70173 Stuttgart, Germany
GERMANY

Postal address:
Postfach 10 29 32
70025 Stuttgart, Germany
GERMANY

Tel.: +49 (0) 711/615541-0
FAX: +49 (0) 711/615541-15
E-mail: poststelle@lfdi.bwl.de.


13.    Changes to the Data Protection Note

We reserve the right to change our security and data protection measures if required due to technical developments. In such cases, we will also amend our data protection information accordingly. Therefore please observe the latest version of our Data Protection Note.


14.    Contact

If you would like to contact us, you can use the address given in the "Controller" section.
Please use the following link to exercise your rights and report data protection incidents:
https://www.bkms-system.net/bosch-datenschutz.

For suggestions and complaints with regard to how your personal data is processed, we recommend that you contact our Data Protection Officer:

Datenschutzbeauftragter
Abteilung Informationssicherheit und Datenschutz Bosch-Gruppe (C/ISP)
Postfach 30 02 20
70442 Stuttgart, Germany
GERMANY
or
mailto: DPO@bosch.com


Date of last revision: 09.07.2019