Robert Bosch Power Tools GmbH (hereinafter referred to as "Bosch" or "We" or "Us") appreciates your interest in our company and our products and your visit to our website and mobile applications (together also referred to as "Online Offer").
The protection of your privacy when processing personal data as well as the security of all business data are important concerns for us, which we take into account in our business processes. We process personal data collected during your visit to our online offers confidentially and only in accordance with legal requirements.
Data protection and information security are part of our corporate policy.
The Controller for processing your data is Robert Bosch Power Tools GmbH, Max-Lang-Strasse 40-46, 70771 Leinfelden-Echterdingen, kontakt@bosch.de.
The following categories of data are processed:
- Communication data (e.g. IP address, e-mail, name).
- Personal data that you may voluntarily provide to us when contacting us using the contact form or when registering for the newsletter
• Image and sound data if you use our offer to contact us via CALLSTR (audio and video support)
Personal data is any information that relates to an identified or identifiable natural person, for example, names, addresses, telephone numbers, e-mail addresses, contract, booking and billing data that are an expression of a person's identity.
We collect, process and use personal data (including IP addresses) only if there is a legal basis for doing so or if you have given us your consent in this regard, e.g. in the context of a registration.
We and service providers commissioned by us process your personal data for the following processing purposes:
- To provide this online offer, including the contact form, in order to contact us with inquiries about the products and services offered by us for the purpose of contract performance
(legal basis: fulfillment of contract)
- Sending a newsletter and sending marketing information with the consent of the recipient.
(legal basis: consent)
- To investigate malfunctions and for security reasons
(Legal basis: fulfillment of our legal obligations in the area of data security and legitimate interest in the elimination of disruptions and the security of our offerings).
- Safeguarding and defending our rights
(Legal basis: legitimate interest on our part in asserting and defending our rights).
• To provide online support via audio and video chat:
(legal basis: your consent)
Every time you use the Internet, certain information is automatically transmitted by your Internet browser and stored by us in so-called log files.
The log files are stored by us for a period of 7 days for the purpose of investigating malfunctions and for security reasons (e.g. to clarify attempted attacks) and then deleted. Log files whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases.
The following information is stored in the log files:
- IP address (Internet protocol address) of the end device from which the online offer is accessed;
- Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);
- Name of the retrieved files or information;
- Date and time as well as duration of the retrieval;
- amount of data transferred;
- Operating system and information on the Internet browser used, including installed add-ons (e.g. for Flash Player);
- http status code (e.g. "request successful" or "requested file not found").
This online offer is not intended for children under the age of 16.
Your personal data will only be transferred to other responsible parties if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in the transfer or if we have your consent. For details on the legal basis and the recipients or categories of recipients, please refer to the section Processing purposes and legal basis. In addition, data may be transferred to other responsible parties if we are required to do so by law or by enforceable official or court order.
4.6.1 Service providers (general)
We commission external service providers with tasks such as website design and data hosting. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them. All service providers are obligated by us to maintain confidentiality and to comply with legal requirements. Service providers may also be other companies of the Bosch Group.
4.6.2 Transfer to recipients outside the EEA
We may also disclose personal data to recipients located outside the EEA in so-called third countries. In this case, we ensure before the transfer that either an adequate level of data protection exists at the recipient or that their consent to the transfer has been obtained.
You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed arrangements for ensuring an adequate level of data protection. Please use the information in the Contact section for this purpose.
4.6.3 CALLSTR
We use CALLSTR as a technical deletion service to provide you with video and audio support. The provider of this service is CALLSTR UG (haftungsbeschränkt), Fritschestraße 43A, 0627 Berlin, Germany. Your personal data will only be processed if you actively use the service. In addition, the use of the camera function is not required for the service and is voluntary. CALLSTR processes the following data on our behalf exclusively in Germany:
- Pseudonymized identification data: IP address, login information, browser type and version, time zone and language settings of the users.
- Interaction data, including usage logs & server log files
- Chats or the content of your request
As well as voluntarily, if you indicate so in the callback form:
- Name
- Phone number
- Email address
CALLSTR automatically deletes all personal data after 180 days; unless you request earlier deletion. We have an order processing agreement with CALLSTR. For details on data processing, please see CALLSTR's privacy policy: https://callstr.de/datenschutz.
We generally store your data for as long as is necessary to provide our online offer and the associated services or for as long as we have a legitimate interest in continuing to store it (e.g., we may still have a legitimate interest in postal marketing even after a contract has been fulfilled). Thereafter, we delete your personal data with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g., we are required to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
The use of marketing cookies and tracking mechanisms enables us and our partners to show you interest-based offers based on an analysis of your usage behavior:
- Statistics:
By using statistics tools, we measure, for example, the number of page views you make.
- Conversion Tracking:
Our conversion tracking partners place a cookie on your computer ("conversion cookie"), provided that you have reached our website via an advertisement of the partner in question. These cookies usually expire after 30 days. If you visit certain pages of ours and the cookie has not yet expired, we and the respective conversion tracking partner can recognize that a certain user clicked on the ad and was thus redirected to our site. This can also take place across devices. The information obtained using the conversion cookie is used to create conversion statistics and to record the total number of users who clicked on the relevant ad and were redirected to a page tagged with a conversion tracking tag.
- Retargeting
These tools use advertising cookies or third-party advertising cookies called web beacons (invisible graphics also called pixels or tracking pixels) or similar technologies to create usage profiles. These are used for interest-based advertising and to control the frequency with which the user sees certain ads. The person responsible for processing data in connection with the tools is the respective provider. The providers of the tools may also pass on information to third parties for the aforementioned purposes. In this context, please refer to the data protection information of the respective provider.
Please note that when using the tools, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR (e.g. USA). Details on this can be found in the following description of the individual marketing tools.
Name: Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Function: Analyze user behavior (page views, number of visitors and visits, downloads), create pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrich pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in connection with Google Ad
Name: Tealium
Provider: Tealium Inc, 11095 Torreyana Road San Diego, CA 92121
Function: Management of website tags via an interface, integration of program codes on our websites
Name: Hotjar
Provider: Hotjar Ltd,Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta.
Function: cookies can track how users browse across multiple pages; heat map creation, session recording, surveys
Name: LinkedIn Insight Tag.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Function: LinkedIn processes your personal data based on your consent via the pixel "LinkedIn Insight Tag" to create campaign reports, track conversions, click events as well as targeted advertising outside our websites (retargeting) based on URL, referrer URL, IP address shortened or hashed (for cross-device retargeting), devices and browser properties (user agent) and timestamp. We do not receive any personal data from you from LinkedIn, only anonymized campaign reports on website audience and ad performance.
LinkedIn storage period: pseudonymization after 7 days, final deletion after 180 days.
For more information, please visit: https://www.linkedin.com/legal/privacy-policy
Name: Wistia
Provider: Wistia Inc, 120 Brookline Street, Cambridge, Massachusetts, 02139 USA.
Function: We use the video hosting platform Wistia for our videos based on your consent. The videos are embedded in such a way that data about you as a user is only transmitted when you play the videos. By playing a video, Wistia receives information on our behalf such as IP address, geographic location, browser information, device information and information related to the use of the Sites, Media and Services include (e.g., how many and which media were viewed by a particular user, from where particular media were accessed by a particular user).
The processing of the data also takes place in the USA as part of this service. The information generated by the cookies about use of our website is usually transmitted to a Wistia server in the USA and stored there.
For more information on data processing by Wistia, please refer to the Wistia data protection information https://wistia.com/privacy.
In the browser and/or in our privacy settings, you can manage your cookie and tracking mechanism settings.
Note: The settings you make only apply to the browser you are using in each case.
6.7.1 Switching off all cookies
If you would like to disable all cookies, please go to your browser settings and disable the setting of cookies. Please note that this may affect the functionality of the website.
6.7.2 Managing your settings regarding technically unnecessary cookies and tracking mechanisms
When you visit our website, you will be asked in a cookie layer whether you give us your respective consent for the use of marketing cookies or tracking mechanisms.
In our privacy settings, you can revoke consent already given with effect for the future or also give us your consent at a later date.
You can subscribe to a newsletter as part of our online offer. For this purpose, we use the so-called double opt-in procedure, according to which we will only send you a newsletter by e-mail, mobile messaging services (such as WhatsApp), SMS or push message if you have previously expressly confirmed the activation of the newsletter service to us by clicking on a link in a notification. If you later decide not to receive newsletters, you can unsubscribe at any time by revoking your consent. The revocation takes place for e-mail newsletters via the link printed in the newsletter. Alternatively, please contact us using the details in the Contact section.
Our online offer may contain links to websites of third parties, providers not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing and use of any personal data transmitted to the third party when the link is clicked on (such as the IP address or the URL of the page on which the link is located), as the behavior of third parties is naturally beyond our control. We do not assume any responsibility for the processing of such personal data by third parties.
Our employees and the service companies contracted by us are obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. We take all necessary technical and organizational measures to ensure an adequate level of protection and to protect your data managed by us in particular against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or access. Our security measures are constantly being improved in line with technological developments.
Please use the information in the Contact section to assert your rights. Please make sure that we are able to clearly identify you.
Right to information and disclosure
You have the right to receive information from us about the processing of your data. To this end, you can assert a right to information with regard to the personal data we process about you.
Right of correction and deletion
You may request us to correct incorrect data. Insofar as the legal requirements are fulfilled, you may request the completion or deletion of your data.
This does not apply to data that is required for billing and accounting purposes or is subject to the legal obligation to retain data. However, if access to such data is not required, its processing will be restricted (see below).
Restriction of processing
You may request us ̶ insofar as the legal requirements are met ̶ to restrict the processing of your data.
Data portability
Insofar as the legal requirements are met, you may request that data which you have provided to us be transferred in a structured, common and machine-readable format or ̶ insofar as technically feasible ̶ that the data be transferred to a third party.
Objection to direct marketing
You may also object at any time to the processing of your personal data for advertising purposes ("advertising objection"). Please take into account that, for organizational reasons, there may be an overlap between your objection and the use of your data in the context of an already ongoing campaign.
Objection to data processing on the legal basis of "legitimate interest".
In addition, you have the right to object to data processing by us at any time, insofar as this is based on the legal basis of "legitimate interest". We will then stop processing your data, unless we can prove ̶ in accordance with the legal requirements ̶ compelling reasons worthy of protection for the further processing, which outweigh your rights
Revocation of consent
If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.
You have the right to file a complaint with a data protection authority. To do so, you can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us. This is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Address:
Lautenschlagerstraße 20
70173 Stuttgart
GERMANY
Postal address:
P.O. Box 10 29 32
70025 Stuttgart
GERMANY
Tel.: 0711/615541-0
Fax: 0711/615541-15
E-mail: poststelle@lfdi.bwl.de
We reserve the right to change our security and data protection measures. In these cases, we will also adapt our data protection information accordingly. Therefore, please refer to the current version of our data protection notice.
If you wish to contact us, you can reach us at the address indicated in the section "Controller".
To exercise your rights, use the following link: https://request.privacy-bosch.com/entity/PTDE/?app=3e8c6be4-83b0-4e41-96f0-c591f6bdc4fe.
To report data protection incidents, use the following link:
https://www.bkms-system.net/bosch-datenschutz.
For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:
Data Protection Officer
Bosch Group Information Security and Privacy Department (C/ISP)
P.O. Box 30 02 20
70442 Stuttgart
GERMANY
Or
mailto: DPO@bosch.com
Status: September 2022