Robert Bosch Power Tools GmbH (hereinafter referred to as "Bosch" or "We" or "Us") appreciates your interest in our company and our products and your visit to our website and mobile applications (together also referred to as "Online Offer").
The protection of your privacy when processing personal data as well as the security of all business data are important concerns for us, which we take into account in our business processes. We process personal data collected during your visit to our online offers confidentially and only in accordance with legal requirements.
Data protection and information security are part of our corporate policy.
The Controller responsible for processing your data is Robert Bosch Power Tools GmbH, Max-Lang-Strasse 40-46, 70771 Leinfelden-Echterdingen, kontakt@bosch.de.
Please note that in the course of registration "Bosch Power Tools" is "Joint Controller" with other companies of the Bosch Group according to Art. 26 GDPR . For more information on this and your rights in this regard, please refer to Section 4.4.: "Registration".
The following categories of data are processed:
- Communication data (e.g. name, telephone, e-mail, address, IP address).
- Contract master data (contractual relationship, product or contractual interest)
- customer history
- Contract billing and payment data, if applicable
- Planning and control data
- transaction data
Personal data is any information relating to an identified or identifiable natural person, such as names, addresses, telephone numbers, e-mail addresses, contract, booking and billing data, which is an expression of the identity of a person.
We collect, process and use personal data (including IP addresses) only if there is a legal basis for doing so or if you have given us your consent in this regard, e.g. in the context of a registration.
We and service providers commissioned by us process your personal data for the following processing purposes:
- Provision of this online offer, with the possibility of exchanging information with other members and sharing image material of the trades.
(Legal basis: fulfillment of contract).
- To identify malfunctions and for security reasons
(Legal basis: fulfillment of our legal obligations in the area of data security and legitimate interest in the elimination of malfunctions and the security of our offers).
- Preservation and defense of our rights
(Legal basis: legitimate interest on our part in asserting and defending our rights).
In order to use extended functionalities, registration in our online offers is required. Below you will find more information about the registration and login process.
This is structured as follows:
4.4.1 Integrated Customer Profile Management - enables the integration of various registration options such as Bosch Single Key ID and Social Sign In.
4.4.2 Single Key ID - one of the sign-in options provided by Bosch IO.
4.4.3 Social Sign In - one of the sign-in options provided by the respective provider, e.g. Apple or Google.
4.4.4 iCPM, Joint Controllership, according to Art. 26 GDPR
Bosch "Integrated Customer Profile Management" (iCPM) connects different Bosch applications, with the aim that you as a business partner (user, customer) do not have to provide your data multiple times, thus offering you the best possible customer experience. In addition, iCPM offers the possibility to log in to Bosch applications via different login options.
Within the framework of iCPM,
Robert Bosch Power Tools GmbH
Max-Lang-Strasse 40-46, D-70771 Leinfelden-Echterdingen
hereinafter referred to as "Bosch PT
and
the parties listed in the "List of Parties" (hereinafter referred to as "Parties")
work
closely together. This also applies to the processing of your personal data. The Parties have jointly determined the order in which this data is to be processed in the individual process phases and are therefore to be regarded as joint controllers under data protection law pursuant to Art. 26 GDPR.
Here is a detailed overview of the joint and separate data processing activities and responsibilities of the parties:
|
Data processing: |
Responsibility: |
|
Identity Brokering with Bosch own as well as other, external Identity Providers (Facebook,Apple, Google) for B2C and external B2B users Bosch PT.
|
Bosch PT |
|
Identity brokering with BCD/Bosch ADFS for B2E (Bosch administrators) |
Bosch PT |
|
Capturing, storage and provision of user attributes for connected applications |
The Parties |
What this means for you:
- The parties shall provide you, as data subjects, with the information required by Articles 13 and 14 GDPR in a precise, transparent, understandable and easily accessible form in clear and simple language, free of charge. Each party shall provide the other party with all necessary information from its sphere of activity.
- The parties shall inform each other without delay of the data subject rights asserted by you as a data subject. They shall provide each other with all information required to respond to your requests for information.
- You may assert your data subject rights directly against either party at any time.
4.4.5. Login with SingleKey ID, Joint Controllership
You can log in to our website with SingleKey ID.
SingleKey ID was developed by Bosch.IO GmbH for the Bosch Group to provide users with an overarching login option on Bosch websites, stores, apps and services. Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany, is responsible for providing SingleKey ID.
Bosch.IO GmbH processes your data for the purposes of "registration and login with SingleKey ID", as well as "overview and maintenance of master data and apps with SingleKey ID" under joint responsibility with us. For more information, please visit: https://singlekey-id.com/data-protection-notice/.
After one-time registration you can use SingleKey ID to log in. For this purpose you will be redirected to a login mask of Bosch.IO GmbH. After successful authentication, Bosch.IO GmbH will provide us with the required personal data (e.g. e-mail address, telephone number, first name, last name, language, country). Your password will not be transmitted to us.
You can terminate your SingleKey ID user contract at any time on the SingleKey ID website by deleting your SingleKey ID: https://singlekey-id.com/myprofile/. Please note that by deleting your SingleKey ID you will lose access to all Bosch websites, stores, apps and services where you have logged in with SingleKey ID.
Every time you use the Internet, certain information is automatically transmitted by your Internet browser and stored by us in so-called log files.
The log files are stored by us for the purpose of investigating faults and for security reasons (e.g. to clarify attempted attacks) for a period of 7 days and then deleted. Log files whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases.
The following information is stored in the log files:
- IP address (Internet Protocol address) of the end device from which the online offer is accessed;
- Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);
- Name of the service provider used to access the online offer;
- Name of the retrieved files or information;
- Date and time as well as duration of the retrieval;
- amount of data transferred;
- Operating system and information on the Internet browser used, including installed add-ons (e.g. for Flash Player);
- http status code (e.g. "request successful" or "requested file not found").
This online offer is not intended for children under the age of 16.
Your personal data will only be transferred to other responsible parties if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in the transfer or if we have your consent. For details on the legal basis and the recipients or categories of recipients, please refer to the section Processing purposes and legal basis. In addition, data may be transferred to other responsible parties if we are required to do so by law or by enforceable official or court order.
4.7.1 Service providers (general)
We commission external service providers with tasks such as programming and data hosting. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them. All service providers are obligated by us to maintain confidentiality and to comply with legal requirements. Service providers may also be other companies of the Bosch Group.
We generally store your data for as long as is necessary to provide our online offer and the associated services or for as long as we have a legitimate interest in continuing to store it (e.g. we may still have a legitimate interest in postal marketing even after a contract has been fulfilled). Thereafter, we delete your personal data with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g., we are required to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
In addition to our online offering, we provide you with mobile applications ("apps") that you can download to your mobile device. In addition to the data collected on websites, we collect further personal data via our apps that specifically result from the use of a mobile device. However, this only happens if you have given us your consent in each case.
No data collection on our part and outside our area of responsibility is the transmission of data such as user name, e-mail address and individual device identification number to an app store (e.g. Google Play by Google, App Store by Apple, Galaxy App Store by Samsung) when downloading the respective application. We have no influence on this data collection and further processing by the App Store as the responsible party.
Cookies and tracking mechanisms may be used as part of the provision of our online services. Cookies are small text files that can be stored on your terminal device when you visit an online offer.
Tracking is possible using various technologies. We process information in particular within the framework of pixel technology or log file analysis.
We distinguish between cookies that are absolutely necessary for the technical functions of the online offer and such cookies and tracking mechanisms that are not absolutely necessary for the technical function of the online offers.
The use of the online offer is generally possible without cookies that do not serve technical purposes.
6.1.1 Technically necessary cookies
By technically necessary cookies we understand cookies, without which the technical provision of the
online offer cannot be guaranteed. This includes, for example, cookies that store data to ensure the trouble-free playback of video or audio content.
These cookies are deleted at the end of your visit.
6.1.2 Technically unnecessary cookies and tracking mechanisms
We only use these cookies and tracking mechanisms if you have given us your prior consent in each case. The exception to this is the cookie that stores the current status of your privacy setting (selection cookie). This is set due to legitimate interest.
We divide these cookies and tracking mechanisms into two subcategories:
These cookies facilitate the operation and thus enable a more comfortable surfing on our online offer, e.g. your language settings can be stored in these cookies.
General
The use of marketing cookies and tracking mechanisms enables us and our partners to show you interest-based offers based on an analysis of your usage behavior:
- Statistics:
By using statistics tools, we measure, for example, the number of page views you make.
- Conversion Tracking:
Our conversion tracking partners place a cookie on your computer ("conversion cookie"), provided that you have reached our website via an advertisement of the partner in question. These cookies usually expire after 30 days. If you visit certain pages of ours and the cookie has not yet expired, we and the respective conversion tracking partner can recognize that a certain user clicked on the ad and was thus redirected to our site. This can also take place across devices. The information obtained using the conversion cookie is used to compile conversion statistics and to record the total number of users who clicked on the relevant ad and were redirected to a page tagged with a conversion tracking tag.
- Retargeting:
These tools create usage profiles using advertising cookies or third-party advertising cookies, so-called web beacons (invisible graphics also called pixels or tracking pixels) or similar technologies. These are used for interest-based advertising and to control the frequency with which the user sees certain ads. The responsible party for the processing of data in connection with the tools is the respective provider. The providers of the tools may also pass on information to third parties for the aforementioned purposes. In this context, please refer to the data protection information of the respective provider.
Please note that when using the tools, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR (e.g. USA). Details on this can be found in the following description of the individual marketing tools.
6.3.1 DATADOG
Name: DATADOG
Provider: Datadog, Inc, 620 8th Ave, 45th Floor, New York, NY.
Function: Datadog is an analysis system from the American company Datadog, Inc, 620 8th Ave, 45th Floor, New York, NY 10018 USA. The system notifies our development team about possible bugs in the application. For this purpose, log data and performance data are transmitted to Datadog, Inc.
In the course of user monitoring, the following data is also collected, but any personal reference is removed beforehand, so that it is not possible to draw conclusions about you as a person
- Device type, model, Internet connection, operating system, geolocation
- Event data (user journey through the app, network requests, errors/crashes, actions)
The data collected through this processing activity is transferred to DataDog servers in the EU and processed there.
For more information about the collection and use of data by Datadog, Inc. please visit: www.datadoghq.com/legal/privacy/.
6.3.2 Firebase
Name: Google Firebase
Provider: Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Function: We use various features of Firebase in our app:
(a) Crashlytics
We use the Firebase function Crashlytics to stabilize and improve our apps. In doing so, data about the end device you use and the use of our apps is collected (device ID and the timestamp, when the respective app was started and when a malfunction occurred), which enables us to diagnose and fix malfunctions. When using Firebase Crashlytics, your data is processed by us in pseudonymized form - without user ID. Google assures in its Firebase privacy statement that this data is not merged with other data and thus no conclusions can be drawn about your person. The legal basis for this processing is your consent pursuant to Art. 6 (1) a) GDPR.
(b) Firebase Cloud Messaging
In addition, we use the Firebase Cloud Messaging service to send you technically-related push notifications or so-called in-app messages to your end device. In the process, your end device is assigned a pseudonymized device token ID, a unique connection number generated from the device ID, which we can use to address the push messages or in-app messages to you. Google acts as a service provider on our behalf here. The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR, as we use Cloud Messaging exclusively for features of the app.
As a result of the settings we have made, personal data (device ID) is processed and stored as far as possible in the member states of the European Union or in other contracting states of the Agreement on the European Economic Area and Switzerland. Google assures that personal data is processed within the EU or the EEA and Switzerland.
In the browser and/or in our privacy settings, you can manage your cookie and tracking mechanism settings:
Note: The settings you make only apply to the browser you are using in each case.
In the browser and/or in our privacy settings, you can manage your cookie and tracking mechanism settings:
Note: The settings you make only apply to the browser you are using in each case.
6.4.1 Switching off all cookies
If you would like to disable all cookies, please go to your browser settings and disable the setting of cookies. Please note that this may affect the functionality of the website.
6.4.2 Managing your settings regarding technically unnecessary cookies and tracking mechanisms.
When you visit mobile app, you will be asked in a cookie layer whether you give us your respective consent for the use of convenience cookies and marketing cookies or tracking mechanisms.
In our privacy settings, you can revoke consent already given with effect for the future or also give us your consent at a later date.
Our online offer may contain links to Internet pages of third parties not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing and use of any personal data transmitted to the third party when the link is clicked on (such as the IP address or the URL of the page on which the link is located), as the behavior of third parties is naturally beyond our control. We do not assume any responsibility for the processing of such personal data by third parties.
Our employees and the service companies contracted by us are obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. We take all necessary technical and organizational measures to ensure an adequate level of protection and to protect your data managed by us in particular against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or access. Our security measures are constantly being improved in line with technological developments.
Please use the information in the Contact section to assert your rights. Please make sure that we are able to clearly identify you.
Right to information and disclosure
You have the right to receive information from us about the processing of your data. To this end, you can assert a right to information with regard to the personal data we process about you.
Right of correction and deletion
You may request us to correct incorrect data. Insofar as the legal requirements are fulfilled, you may request the completion or deletion of your data.
This does not apply to data that is required for billing and accounting purposes or is subject to the legal obligation to retain data. However, if access to such data is not required, its processing will be restricted (see below).
Restriction of processing
You may request us - provided that the legal requirements are met - to restrict the processing of your data.
Data portability
Insofar as the legal requirements are met, you may request that data you have provided to us be transferred in a structured, common and machine-readable format or - insofar as technically feasible - that the data be transferred to a third party.
Objection to data processing on the legal basis of "legitimate interest".
In addition, you have the right to object to data processing by us at any time, insofar as this is based on the legal basis of "legitimate interest". We will then stop processing your data unless we can prove - in accordance with the legal requirements - compelling reasons for further processing that are worthy of protection and which outweigh your rights.
You have the right to file a complaint with a data protection authority. To do so, you can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us. This is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Address:
Lautenschlagerstraße 20
70173 Stuttgart
GERMANY
Postal address:
P.O. Box 10 29 32
70025 Stuttgart
GERMANY
phone: 0711/615541-0
FAX: 0711/615541-15
e-mail: poststelle@lfdi.bwl.de
We reserve the right to change our security and data protection measures. In these cases, we will also adapt our data protection notice accordingly. Therefore, please note the current version of our data protection notice.
If you would like to contact us, you can reach us at the address given in the "Controller" section.
To assert your rights, use the following link: https://request.privacy-bosch.com/entity/PTDE/?app=3e8c6be4-83b0-4e41-96f0-c591f6bdc4fe.
To report data protection incidents, use the following link:
https://www.bkms-system.net/bosch-datenschutz.
For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:
Data Protection Officer
Bosch Group Information Security and Privacy Department (C/ISP)
P.O. Box 30 02 20
70442 Stuttgart
GERMANY
Or
mailto: DPO@bosch.com
Status: January 2023