Data Protection Notice


1.    Data Protection Notice

Thank you for visiting our websites and mobile applications (also referred to jointly as the "online service") of Robert Bosch Limited (hereinafter referred to as "Bosch " or "we" or "us"), and for your interest in our company and our products.


2.    Bosch respects your privacy

For us, the protection of your privacy during the processing of personal data and the security of all business data are important matters which we take into account in our business processes. We process personal data, which is collected when you visit our online service, confidentially and only in accordance with statutory regulations.

Data protection and information security form an integral part of our company policy.


3.    Controller

The controller responsible for processing your data is Robert Bosch Limited with registered office at C/O Bosch Rexroth, Viewfield Industrial Estate, Glenrothes, KY6 2RD, UK; any exceptions are clearly indicated in this Data Protection Notice.

Our contact details are as follows:
Robert Bosch Limited, P.O. Box 98, Uxbridge UB9 5HN
Email: DSO@uk.bosch.com
Telephone: +44(0)344 892 0115


4.    Collection, processing and use of personal data

4.1 Categories of processed data

The following categories of data are processed:

•    Communication data (e.g. name, telephone number, e-mail, address, IP address)

•    Contract master data (contractual relationship, product or contractual interests)

4.2    Basic principles

Personal data is all information that relates to an identified or identifiable natural person, including  for example names, addresses, telephone numbers, e-mail addresses and contractual, accounting and billing information that expresses an individual's identity.

We only collect, process and use personal data (including IP addresses) if there is a legal basis to do so or you have granted us your consent to do so, e.g. during registration.

4.3    Processing purposes and legal bases

We and service providers whom we have commissioned process your personal data for the following processing purposes:

4.3.1    Provision of this online service
(Legal basis: Performance of the contract, including the contact form to contact us for enquiries about the products and services we offer for the purpose of contract performance).

4.3.2    Identification of defects and for security reasons
(Legal bases: Fulfilment of our legal obligations regarding data security, and our legitimate interest in eliminating defects and ensuring the security of our services).

4.3.3    Self-promotion and third-party promotion, as well as market research and reach analysis to the legally permitted extent or on the basis of consent
(Legal basis: Consent / legitimate interest on our part in direct marketing provided it complies with data protection and competition regulations).

4.3.4    Product and/or customer surveys by post
(Legal basis: Legitimate interest in improving products/services). Remark: If we engage a market research institute to conduct surveys, it will act solely on our behalf and in accordance with our instructions.

4.3.5    Product and/or customer surveys by e-mail and/or telephone, provided you have expressly opted into them
(Legal basis: Consent). Remark: If we engage a market research institute to conduct surveys, it will act solely on our behalf and in accordance with our instructions.

4.3.6    Implementation of competitions, prize draws or discount campaigns in accordance with the respective terms and conditions for competitions, prize draws or discount campaigns
(Legal basis: Performance of the contract).

4.3.7    Sending a newsletter with the recipient's consent by e-mail or text message/MMS
(Legal basis: Consent).

4.3.8    Safeguarding and defending our rights
(Legal basis: legitimate interest on our part in asserting and defending our rights).

4.4      Registration

If you would like to use services that require the conclusion of a contract, we will ask you to register. During the registration process, we will collect the personal data required in order to establish and perform the contract (e.g. forename, surname, date of birth, e-mail address, any information about the preferred method of payment or concerning the account holder) and any other data on a voluntary basis. Mandatory information is marked with a *.

4.5 Registration via the central Bosch ID

You may register for our online offers [exclusively] using the central Bosch ID. The centralised Bosch ID was devised by Bosch.IO GmbH for the Bosch Group in order to allow for the joint users to benefit from offers of different group companies using centralised application data and increase data safety.

 

Bosch.IO GmbH, Ullsteinstrasse 128, Germany (“BIO”) is responsible for the provision of this single sign-on service.

 

If you want to apply for a centralised Bosch ID, the General Terms of Use for the Registration and Use of a centralised Bosch ID and the Data Protection Notice of BIO shall apply.

 

After successful registration you may utilise the registration data used for the centralised Bosch ID also for registering for this online offer. To this end, we shall provide an BIO registration template for the centralised Bosch ID. BIO then shall confirm your authorisation and provide us with the master data required for using our offers (e.g. surname, first name, date of birth, company name, email address, telephone numbers, mail address). Your password shall not be communicated to us.

 

Concerning further data transfers within the Bosch Group associated with the centralised Bosch ID, please refer to the Data Protection Notice. You may cancel your user agreement concerning the centralised Bosch ID at any time by unregistering. To this end, please click on the following link: https://myaccount.bosch.com/BeaPUssWeb/unregistration



4.6    Log files

Every time you use the Internet, your web browser automatically transfers certain information which we store in so-called “log files”.

We store the log files for 7 days in order to identify defects and for security reasons (e.g. for information on hacking attempts). The log files are deleted after this period. Log files that need to be stored for a longer period for evidence purposes are not deleted until the incident in question has been fully clarified. Log files may be passed on to investigation authorities in individual cases.

The following information is stored in log files:

o    IP address (Internet protocol address) of the device from which the online service is accessed;
o    Internet address of the website from which the online service was accessed (so-called origin URL or referrer URL);
o    Name of the files or information retrieved;
o    Date, time and duration of the visit;
o    Data volumes transferred; and
o    http status code (e.g. “request successful” or “requested file not found”).

4.7    Children

This online service is not suitable for children under the age of 16.

4.8    Forwarding data to other controllers

In principle, we will only ever pass on your personal data to other controllers if this is necessary in order to perform the contract, if we or the third party have/has a legitimate interest in passing on the data, or if you have granted your consent to this. Details about the legal bases and recipients and/or categories of recipients can be found in the “Processing purposes and legal bases” section. Data may also be passed on to other controllers if we are obliged to do so on account of legal provisions or enforceable official or judicial orders.

4.8.1 Service providers (general)

We commission external service providers to perform programming tasks and to assist us in administering the promotion campaign run by us on website (including but not limited to distributing the products). We have carefully selected these service providers and monitor them on a regular basis, particularly with regard to the careful handling and safeguarding of the data which they store. All the service providers are required by us to maintain confidentiality and comply with statutory requirements. Service providers may also be other companies in the Bosch Group.

4.8.2 Parcel notification

In order to give notification of your parcels, we will pass on your e-mail address and telephone number when implementing the contract either to:

DX Network Services Ltd
Ditton Park Riding Court Road
SL3 9GL Datchet Slough
Great Britain

This company processes the data in its capacity as a controller.

Or to:
Interlink Ireland Limited trading as DPD Ireland.
Athlone Business Park, Dublin Road,
Athlone, Co Westmeath, Ireland

This company processes the data in its capacity as a controller.

4.9   Storage period; retention periods

We will store your data for as long as necessary to provide our online services and the associated services, or for as long as we have a legitimate interest in storing this data further (e.g. we may still have a legitimate interest in postal marketing even after the contract has been performed). After this time, we will erase your personal data, with the exception of the data that we must continue storing in order to comply with legal obligations (e.g. due to retention periods under tax and commercial law, we are obliged to retain, for example, contracts and invoices for a certain period).


5.    Competitions, prize draws or discount campaigns

If you participate in a competition, prize draw or a discount campaign conducted by us, we will use your data to notify you about the winner and for the purpose of advertising our products to the legally admissible extent or if you have consented to this. You can find detailed information about competitions, prize draws and discount campaigns in the associated terms and conditions of participation.


6.    Use of cookies

Cookies and tracking mechanisms may be used in the context of providing our online service.

Cookies are small text files that may be stored on your end device when you visit a website.

Tracking is made possible through the use of different technologies. We mainly process information using pixel technology and log file analysis.

6.1    Categories

We make a distinction between cookies that are essential for the technical functions of the website and those cookies and tracking mechanisms that are not strictly necessary for the technical function of the website.
Websites can normally be used without cookies that are not strictly necessary.

6.1.1 Strictly necessary cookies

Strictly necessary cookies are cookies without which the functions and features of the website cannot be provided. These include, for example, cookies that store information in order to guarantee flawless playback of video and/or audio content.

These cookies are deleted when you leave the website.

6.1.2 Cookies and tracking mechanisms that are not strictly necessary

We only use these cookies and tracking mechanisms with your prior consent. One exception to this is the cookie which saves the current status of your privacy setting (selection cookie). This cookie is set due to a legitimate interest.

We divide these cookies and tracking mechanisms into two sub-categories:

6.2    Functionality cookies

These cookies facilitate navigation and make it easy for you to use our website. An example of such cookies are ones that remember your language setting.

6.3    Targeting/advertising cookies and tracking mechanisms

General

Targeting/advertising cookies and tracking mechanisms enable us and our partners to show you interest-related adverts which are based on an analysis of your browsing behaviour:

-    Statistics:
We use statistical tools to measure behaviour, e.g. the number of pages you view.

-    Conversion tracking:
Our conversion tracking partners place a cookie on your PC ("conversion cookie") if you have been redirected to our website by clicking on an advert published by the partner in question. These cookies normally expire after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and the relevant conversion tracking partner can detect that a particular user clicked on the advert and was consequently redirected to our site. This may also take place across different devices. The information collected using conversion cookies is used to produce conversion statistics and record the total number of users who clicked on the advert in question and were redirected to a page with a containing a conversion tracking tag.

-    Retargeting
These tools create usage profiles by means of advertising cookies or third-party advertising cookies, so-called "web beacons" (invisible graphics also known as pixels or tracking pixels) or similar technologies. These usage profiles are used to show interest-related advertising and control the frequency with which users see particular adverts. The controller responsible for processing data in connection with these tools is the respective provider. The providers of the tools may also forward information to third parties for the above-mentioned purposes. Please refer to the relevant provider's privacy policy for details in this regard.
Please be aware that these tools may transfer your data to recipients outside the EEA in countries where the data protection standards are not comparable with those in the EU General Data Protection Regulation (GDPR) (e.g. the USA). You can find more detailed information about this in the following descriptions of the individual marketing tools.

6.3.1    Google Analytics

Name: Google Analytics
Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Function: Analysis of browsing habits (pages viewed, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information from logged-in Google users (cross-device tracking), enhancement of pseudonymous user data using target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads

6.3.2    Tealium

Name: Tealium
Provider: Tealium Inc., 11095 Torreyana Road San Diego, CA 92121
Function: Administration of website tags via a user interface, integration of program codes on our websites

6.4    Managing cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in the browser and/or in our privacy settings.

Note: Please be aware that the settings you configure will only apply each time to the utilised browser.

6.4.1    Disabling all cookies

If you want to disable all cookies, you can do so in your browser settings. Please be aware that doing this may affect the functionality of the website.

6.4.2    Managing your settings for tracking mechanisms and cookies that are not strictly necessary

When you visit our website, a cookie layer will appear and ask for your consent to us using functionality cookies, targeting/advertising cookies and/or tracking mechanisms.

You can withdraw your consent (if given) with future effect or grant your consent at a later date in our privacy settings at any time.


7.    Newsletter with subscription; right of withdrawal

As part of our online service, you can subscribe to our newsletter. For this purpose we use what is known as a double opt-in process, whereby we will only send you a newsletter by e-mail, mobile messaging services (e.g. WhatsApp), a text message or push notification if you have explicitly confirmed in advance, by clicking a link in a notification, that the newsletter service is to be activated. Should you later decide that you do not want to receive newsletters, you can cancel the subscription at any time by withdrawing your consent. You can unsubscribe from e-mail newsletters by clicking on the link in the newsletter or by changing the administration settings of the online service in question. Alternatively, please contact us using one of the methods indicated in the Contact section.


8.    External links

Our online service may contain links to third-party websites, i.e. providers not affiliated with us. After you have clicked the link, we have no further control over the collection, processing and use of any of the personal data (e.g. IP address or URL of the page containing the link) transmitted to the third party when the link is clicked since the conduct of third parties is clearly beyond our control. We accept no responsibility for the processing of this personal data by third parties.


9.    Security

Our employees and the service providers we have commissioned are obliged to maintain confidentiality and comply with the provisions of the applicable data protection legislation.

We take all required technical and organisational measures in order to guarantee an appropriate level of protection and protect your data that is managed by us, especially against the risks of unintentional or wrongful destruction, manipulation, loss, modification or unauthorised disclosure and unauthorised access. Our security measures are continually improved in accordance with technological development.


10.    User rights

To exercise your rights, please use the details in the Contact section. When doing so, please ensure that we can clearly identify you.

Right to information and right of access by the data subject:
You have the right to obtain information from us about the processing of your data. To do so, you can assert your right of access in relation to your personal data that we process.

Right to rectification and erasure:
You may request that we rectify incorrect data and, provided the legal requirements are met, complete or erase your data.

This does not apply to data that is necessary for billing and accounting purposes, or that is subject to legal obligations to retain data. If access to this data is not required, its processing will, however, be restricted (see below).

Restriction of processing:
You may ask us to restrict the processing of your data, provided the legal requirements are met.

Data portability:
You also have the right to receive data that you provided us with in a structured, commonly used and machine-readable format or to request that this data be transmitted to a third party, where this is technically feasible;.

Withdrawal of consent:
If you have granted us your consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data will remain unaffected by this up to the point at which your consent is withdrawn.


11.    Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection authority. To do so, you can contact the data protection authority responsible for your place of residence or state or the data protection authority under whose jurisdiction we fall (which is the ICO in the UK). This is:

For the UK
Information Commissioner's Office
Address:
First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
or
Phone: +44 (0)303 123 1113
Email: casework@ico.org.uk

For Ireland
The Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

or

Phone: +353 (0)761 104 800
Email: dpo@dataprotection.ie


12.    Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In these cases, we will also adapt our Data Protection Notice accordingly. Please therefore note the current version of our Data Protection Notice.


13.    Contact us

If you would like to contact us, you can use the address given in the "Controller" section.

Please use the following link to enforce your rights: https://request.privacy-bosch.com/entity/RBGB/?app=4440a502-1538-4389-afd7-8b90a65d330e.

Please use the following link to report data breaches: https://www.bkms-system.net/bosch-datenschutz.

For suggestions and complaints with regard to how your personal data is processed, we recommend that you contact our Data Protection Officer (Datenschutzbeauftragter):

Datenschutzbeauftragter
Abteilung Informationssicherheit und Datenschutz Bosch-Gruppe/Information Security and Privacy (C/ISP)
Postfach 30 02 20
70442 Stuttgart
GERMANY

Or

e-mail to: DPO@bosch.com

Current as at: 09.12.2020