Data Privacy Policy


1. Data privacy policy

Robert Bosch Power Tools GmbH (referred to as "Bosch Power Tools" or "We" or "Us" in the following) appreciates your visit to our internet pages and mobile applications (including our "Online Service") and your interest in our company and products.


2. Bosch Power Tools respects your privacy

The protection of your privacy while processing personal data, as well as the security of all business data, is an important matter to us which we take into account in our business processes. We process personal data that are collected during your visit to our online services in confidence and only as legally specified.


3. Responsible party

Bosch Power Tools is the party responsible for the processing of your data; exceptions are explained in this data privacy policy.

Our contact details are as follows: Robert Bosch Power Tools GmbH, Max-Lang-Straße 40-46, 70771 Leinfelden-Echterdingen, kontakt@bosch.de.


4. Collecting, processing and using personal data

4.1 Processed data categories

The following data categories are processed:

• Communication data (e.g. name, telephone, e-mail, address, IP address)
• Contract master data (contractual relationship, product - or contractual interest)
• Customer history
• Contract accounting – and payment data
• Planning and control data
• Transaction data
• Report data (from third parties, e.g. credit agencies, or from public directories)

4.2 Basic principles

Personal data are any information relating to an identified or identifiable natural person, i.e. names, addresses, telephone numbers, e-mail addresses, contractual, booking and accounting data that reveal the identity of a person.

We collect, process and use personal data (including IP addresses) only when a legal basis exists for us to do so or you have given us your consent, e.g. when registering.

4.3 Processing purposes and legal bases

We and service providers commissioned by us process your personal data for the following purposes:

4.3.1 Making this online service available and contractual performance pursuant to our contract terms including accounting. The sale of receivables may also involve accounting
(legal bases: contractual performance or legitimate interest on our part in efficient receivables management for the sale of receivables).

4.3.2 Detection of malfunctions and for security reasons
(legal bases: pursuance of our legal obligations in respect of data security and legitimate interest in the correction of malfunctions and the security of our services).

4.3.3 Self-promotion and also market research and reach measurement to the extent permitted by law or based on consent
(legal basis: consent / legitimate interest on our part in direct marketing, as long as this is performed in compliance with data protection and competition law).

4.3.4 Product or customer surveys via post
(legal basis: legitimate interest in the improvement of products / services).
Note: If we engage a market research institution for surveys, it acts exclusively on our account and in accordance with our instructions.

4.3.5 Protection and defence of our rights
(legal basis: legitimate interest on our part in the exercise and defence of our rights).

4.4 Registration

If you wish to take advantage of services that require a contract, we ask you to register. During registration, we collect the personal data required for the establishment and fulfilment of the contract (e.g. first name, last name, birth date, e-mail address, if need be information about the mode of payment desired or the account holder), as well as other data on a voluntary basis if applicable. Mandatory details are marked with an *.

4.5 Log files

Every time you use the internet your Internet browser automatically transmits certain information and we store it in so-called log files.

We save the log files for a period of 30 days to investigate malfunctions and for security reasons (e.g. to clarify attempted hacks) and then delete them. Log files whose retention is required for evidentiary purposes are excluded from deletion until the final investigation of the relevant incident and, in individual cases, may be forwarded to the investigating authorities.

Log files are also used (with or without complete IP address) for analytical purposes; see the Web analysis section in this regard. The following information is stored in the log files:
– IP address (internet protocol address) of the terminal from which the online service is accessed;
– Internet address of the website from which the online service was accessed (so-called origin or referrer URL);
– Name of the service provider via which access to the online service is made;
– Name of the files or information called up;
– Date and time as well as duration of the call;
– Volume of data transferred;
– Operating system and information about the internet browser used including add-ons installed (e.g. for Flash Player);
– http status code (e.g. "query successful" or "requested file not found").

4.5 Children

This online service is not aimed at children under 16 years of age.

4.6 Transfer of data to other responsible parties

As a matter of principle, we only transmit your personal data to other responsible parties insofar as this is required for contractual fulfilment, we or third parties have a legitimate interest in the transfer or your consent to do so is given. Details about the legal bases can be found in the Processing purposes and legal bases section. Third parties may also be other companies of the Bosch Group. If data are transmitted to third parties on the basis of a legitimate interest, this is explained in this data privacy policy.

Furthermore, data may be transmitted to other responsible parties to the extent to which we might be obligated to do so on the basis of legal requirements or on account of enforceable administrative or judicial order.

4.7 Service providers (general)

We assign tasks like data hosting to outside service providers. We have carefully selected these service providers and monitor them regularly, in particular the careful handling and protection of the data stored with them. All service providers are obliged by us to maintain confidentiality and to comply with legal requirements. Service providers may also be other companies of the Bosch Group.


4.8 Duration of storage; retention periods

We store your data basically for as long as this is necessary to perform our online service and associated services or we have a legitimate interest in additional storage (e.g. we may still have a legitimate interest in mail order marketing after the fulfilment of a contract). In all other cases we delete your personal data, except for such data that we need to save further to meet legal requirements (e.g. due to retention periods based on fiscal and commercial law we are obligated to have documents like contracts and invoices available for a particular interval of time).


5. Prize games or discount promotions

If you participate in one of our prize games or in a discount promotion, we use your data to notify you if you win a prize and for the purpose of advertising our products to the extent permitted by law or provided you have given your consented. Detailed information about the prize games or discount promotions can be found in the respective conditions of participation.


6. Use of cookies

Cookies and tracking mechanisms may be used in connection with providing our online services.

Cookies are small text files that may be stored on your terminal while visiting an online service.

Tracking is possible using various technologies. We process information in particular in connection with pixel technology or log file analysis.

6.1 Categories

We make a distinction between cookies that are absolutely essential for the technical functions of the online service and those cookies and tracking mechanisms that are not absolutely essential for the technical functions of the online services.

Use of the online service is generally possible without cookies that serve no technical purpose.

6.1.1 Technically necessary cookies

By technically necessary cookies we mean cookies without which it is technically impossible to ensure the availability of the online service. This includes, for example, cookies that store data to ensure smooth playback of video and audio content.

These cookies are deleted when your visit ends.

6.1.2 Technically unnecessary cookies and tracking mechanisms

We only use these cookies and tracking mechanisms if you have given us your prior consent in each case. An exception to this is the cookie that stores the current status of you privacy setting (selective cookie). This is done on the basis of a legitimate interest.

We divide these cookies and tracking mechanisms into two sub-categories:

6.2 Comfort cookies

These cookies facilitate the use of our website and thus enable a more comfortable surfing experience, e.g. you language settings can be stored in these cookies.

6.3 Marketing cookies and tracking mechanisms

General

The use of marketing cookies and tracking mechanisms enables us and our partners to display interest-based offers based on an analysis of your usage behaviour:

- Statistics:
Using statistical tools we measure the number of your page views, for example.

- Conversion tracking:
Our conversion tracking partners place a cookie on your computer ("conversion cookie") if you have accessed our website via an ad of the relevant partner. These cookies usually expire after 30 days. If you visit a specific page of ours and the cookie has not expired, we and the conversion tracking partner can recognise that a certain user clicked on the ad and was redirected to our site. This can also be done across multiple devices. The information collected using the conversion cookie is used to generate conversion statistics and to determine the total number of users who clicked on the ad and were redirected to a page equipped with a conversion tracking tag.

- Social plugins:
Contents and services of other providers (e.g. Facebook, Twitter), which may use cookies and active components themselves, are integrated in several pages of our online service. Details about social plugins can be found in the Social plugins section.

- Retargeting:
These tools use advertising cookies or third-party advertising cookies, so-called web beacons (invisible graphics that are also called pixels or tracking pixels) or comparable technologies to create user profiles. These are used for interest-based advertising and to control the frequency with which the user sees certain ads. The respective provider is the party responsible for processing data associated with the tools. The providers of the tools may also pass on information to third parties for the above-mentioned purposes. In this context, please refer to the privacy policy of the respective provider.

Please note that when using the tools, your data may be transferred to recipients outside the EEA where an adequate level of data protection in accordance with the GDPR does not exist (e.g. USA). Details about this can be found in the following description of each marketing tool.

6.3.1 Google Analytics

Name: Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: analysing user behaviour (page impressions, number of visitors and visits, downloads), creation of pseudonymous user profiles based on information from Google users logged in across multiple devices (cross-device tracking), enhancement of pseudonymous user data with target group specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in association with Google Ads

6.3.2 Tealium

Name: Tealium
Provider: Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121
Function: management of website tags by means of a user interface, integration of program codes on our websites

6.4 Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in the browser and/or in our privacy settings:

Note: The settings that you execute always only apply to the browser used.

6.4.1 Deactivating all cookies

If you want to deactivate every cookie, then please go to your browser settings and deactivate the setting of cookies. Please take into account that on doing so the functionality of the website may be impaired.

6.2.2 Management of your settings in terms of cookies and tracking mechanisms that are technically unnecessary

When you visit our internet pages, you will be asked in a cookie layer whether you give your consent for us to process your personal data by the use of cookies on this page in accordance with the data privacy policy issued.

In our privacy settings you can cancel consents already given with effect for the future or also give us your consent at a later point in time.


7. Newsletter with registration; right of withdrawal

You can subscribe to a newsletter as part of our online service. We use the double opt-in procedure for this purpose, according to which we will only send you a newsletter by e-mail, mobile messengers (like WhatsApp), SMS or push news if you have previously expressly confirmed the activation of the newsletter service by clicking on a link in a notification.

Should you decide at a later time that you no longer wish to receive newsletters, you can cancel your subscription at any time by revoking your consent. For e-mail newsletters, the revocation takes place via the link printed in the newsletter, if applicable in the management settings of the particular online service. Alternatively, please contact us using the information in the Contact Us section.


8. Communities

We provide you with the opportunity to become a member of our 1-2-do.com community. There you can register, create a user profile and communicate with other members. We use your data generated there only within the context of the declaration of consent that you issued there for the marketing, market research and service purposes concerned. You can cancel this consent at anytime. You can withdraw from the communities via the link indicated there. Alternatively, please contact us using the information in the Contact Us section.
Using an input screen in the particular community you have the option of selecting whether individual details of your user profile are disclosed to all members of the community or just to your "community friends" or should remain private.

All other data that you generate in the communities, e.g. by making comments or creating images, are, however, open to the public automatically and are linked to you user profile.


9. External links

Our online service may contain links to the internet pages of third parties not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing and use of any personal data transferred to the third party by clicking on the link (such as the IP address or the URL of the page on which the link is located), since the conduct of third parties is of course beyond our control. We assume no responsibility for the processing of such personal data by third parties.


10. Security

Our employees and the service provider companies commissioned by us are committed to confidentiality and adherence to the requirements of the applicable data protection laws.

We take all necessary technical and organisational measures to ensure an adequate level of protection and to protect your data managed by us, in particular against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorised disclosure or access. Our security measures are constantly being improved in line with technological developments.


11. Rights as a user

Please take advantage of the information in the Contact Us section to exercise your rights. Please make sure on doing so that it is possible for us to identify you unambiguously.

Information and access right:
You are entitled to receive information from us about how your data are processed. To this end, you may exercise a right to access regarding your personal information that we process.

Right of correction and deletion:
You can demand that we correct inaccurate data and - provided the legal requirements are met - supplement or delete your data.

This does not apply to data that are required for invoicing and accounting purposes or subject to a legal obligation to retain. However, if access to such data is not required, its processing will be restricted (see below).

Restriction of processing
Provided the legal requirements are met, you can demand that we restrict the processing of your data.

Data portability:
You also have the right to receive data that you have made available to us transmitted in a structured, standard and machine-readable format or - if technically feasible - to demand that the data be transmitted to a third party.

Opposition to data processing:
Moreover, you have the right to oppose data processing by us at any time, provided that this is based on the legal basis of legitimate interest. We will then discontinue the processing of your data unless we can - pursuant to the requirements provided by law - prove compelling legitimate reasons to continue the processing, which outweigh your rights.

Opposition to direct marketing:
You can also lodge an objection against the processing of your personal data for promotional purposes ("objection to advertising") at any time. Please take into account that for organisational reasons this may involve an overlap between your opposition and the use of your data within the scope of a campaign that is already running.

Opposition to data processing on the legal basis of "legitimate interest":
Moreover, you have the right to oppose data processing by us at any time, provided that this is based on the legal basis of legitimate interest. We will then discontinue the processing of your data unless we can - pursuant to the requirements provided by law - prove compelling legitimate reasons to continue the processing, which outweigh your rights.

Revocation of consent:
If you have given us your consent to allow your data to be processed, you can revoke your consent at any time with future effect. This will be without prejudice to the lawfulness of the processing of your data before consent is revoked.

Right of appeal to the supervisory authority:
You have the right to file a complaint with a data protection authority. To do this, you can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us. It is:

The State Commissioner for Data Protection and Freedom of Information

Office address:
Königstrasse 10a
70173 Stuttgart
GERMANY

Postal address:
Postfach 10 29 32
70025 Stuttgart
GERMANY

Tel.: +49 (711)/615541-0
FAX: +49 (711)/615541-15
E-mail: poststelle@lfdi.bwl.de


12. Changes to the data privacy policy

We reserve the right to change our security and data privacy practices as necessary due to technical developments. In such cases, we will also modify our policy on data protection accordingly. For this reason, please note the latest version of our data privacy policy.


13. Contact

If you would like to contact us, you can reach us at the address given in the "Responsible party" section.

Please use the following link to exercise your rights: https://request.privacy-bosch.com/entity/PTDE/?app=c23c367f-9431-476a-a6ad-cce8400c20cb.

Please use the following link for messages about data protection incidents: https://www.bkms-system.net/bosch-datenschutz.

For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:

Data Protection Officer
Department for Information Security and Data Protection Bosch Group (C/ISP)
Postfach 30 02 20
70442 Stuttgart
GERMANY
or
mailtto: DPO@bosch.com

Effective: 24.11.2020