Data Protection Notice

 

1.    Data Protection Notice

Bosch Power Tools GmbH (hereinafter “Bosch” or “We” or “Us”) welcomes you to our internet pages and mobile applications (together also referred to as “Online Offers”). We thank you for your interest in our company and our products.

2.    Bosch Power Tools respects your privacy

The protection of your privacy throughout the course of processing personal data as well as the security of all business data are important concerns to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

3.    Controller

Bosch Power Tools GmbH is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.

Our contact details are as follows:
Robert Bosch Power Tools GmbH, Max-Lang-Straße 40-46, 70771 Leinfelden-Echterdingen, kontakt@bosch.de.

Please note that within the context of registration, “Bosch Power Tools” and other companies within Bosch Group act as “jointly responsible” according to Art. 26 GDPR. . For more information on this subject and your respective rights, see Section 5: “Registration”

4.     Gathering, processing and using personal data

4.1     Processed data categories

The following data categories are processed:

  • Communication data (e.g. name, phone number, email, address, IP address)

 

4.2.    Basic principles

Personal data are any information relating to an identified or identifiable natural person, i.e. names, addresses, telephone numbers, e-mail addresses, contractual, booking and accounting data that reveal the identity of a person.

We only gather, process and use personal data (including IP addresses) if there is a legal basis to do so or if you have given consent accordingly, e.g. as part of a registration.

 

4.3     Processing purpose and legal basis

We, and service providers we have commissioned, process your data for the following processing purposes:

 

4.3.1    Providing this online offering

(Legal basis: Fulfillment of contract.)

 

4.3.2    Operating a community for logged-in members

(Legal basis: Fulfillment of contract)

 

4.3.3    Promotion of our companies and third-party promotion as well as market research and measuring the range within the legally permitted scope or based on consent.

(Legal basis: Consent/legitimate interest on our behalf in terms of direct marketing as long as this is done in compliance with specifications defining data privacy and competition laws.)

 

4.3.4     Product and/or customer surveys by email and/or phone, providing you have given your explicit consent to do so.

(Legal basis: Consent)

 

4.3.5     Competitions or discount campaigns as per the corresponding terms and conditions of competitions or discount campaigns.

(Legal basis: Fulfillment of contract)

 

4.3.6     Sending newsletters with the consent of the recipient by email and/or SMS/MMS.

(Legal basis: Consent).

 

4.3.7     Identifying malfunctions and for security reasons

(Legal basis: Compliance with our legal obligations relating to data privacy and legitimate interest in eliminating malfunctions and maintaining the security of our offerings.)

 

4.3.8     Protecting and defending our rights

(Legal basis: Our legitimate interest in asserting and defending our rights).

 

5.     Registration

Registration with our online offerings is required to use enhanced functionalities. The following section provides more information about the registration and login process.

This process is structured as follows:

5.1 Integrated customer profile management – enables an integration of different login options, such as Bosch Single Key ID and social sign-in.

5.2 Single Key ID – one of the login options provided by Bosch IO.

5.3 Social sign-in – one of the login options provided by the corresponding provider, for instance Apple or Google

 

5.1 iCPM, shared responsibility as per Art. 26 GDPR

Bosch integrated customer profile management (iCPM) links various Bosch applications with the objective of you as a business partner (user, customer) not having to provide your data several times and thus be able to offer you the best possible customer experience. iCPM also provides the option to log in to Bosch applications using various login options.

 

As part of iCPM,

 

Robert Bosch Power Tools GmbH

Max-Lang-Strasse 40-46, D-70771 Leinfelden-Echterdingen,

hereinafter referred to as "Bosch PT"

 

and

 

The parties listed in the "List of parties" (hereinafter referred to as "parties")

work together

closely. This also applies to the processing of your personal data. The parties have jointly determined the sequence in which this data is intended to be processed in individual process phases and for this reason, they shall be considered jointly responsible within the context of data privacy laws as per Art. 26 GDPR.

The following section features a detailed overview of parties’ shared and separate data processing activities and responsibilities:

 

Data processing:

Responsibility:

Identity brokering with Bosch’s own and additional, external identity providers (Facebook, Apple, Google) for B2C and external B2B users

Bosch PT

Identity brokering with BCD/Bosch ADFS for B2E (Bosch administrators)

Bosch PT

Recording, saving and providing user attributes for linked applications

Parties

In your context, this means:

- Parties provide you, as affected persons, with accurate, transparent, comprehensible, and easily accessible information required as per Articles 13 and 14 GDPR in a clear as well as easy-to-understand way and free of charge. Each party provides the other party with all required information from their area of activity.

- Parties shall immediately notify each other about the rights of an affected person asserted by you as the affected person. They mutually provide each other with any information required to respond to your request for information.

- You can directly assert your rights as an affected person towards any party at any time.

 

5.2 Logging in with SingleKey ID, shared responsibility

You can log in to our login area using SingleKey ID.

SingleKey ID was developed by Bosch.IO GmbH for Robert Bosch Group to provide users with a universal login option. Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany, is responsible for providing this.

Bosch.IO GmbH processes your data for the purpose of “Registration and login” as well as “Overview and management of master data and linked applications” and shares the responsibility for this with us. For more information in this context visit: https://singlekey-id.com/de/data-protection-notice/

You can use SingleKey ID to log in after having registered once. For this purpose, you are forwarded to a Bosch.IO GmbH login screen. Bosch.IO GmbH subsequently confirms your authorization to us and provides us with the required personal data (e.g. email address, name, first name, date of birth, company name, phone number, address).

Your password is not sent to us.

You can cancel your SingleKey ID usage contract at any time using your SingleKey ID account: https://singlekey-id.com/de/myprofile/

 

5.3 Social sign-in

We also provide you with the option to log in to our online offering using so-called social sign-ins, such as your Apple or Google account.

You are forwarded to a page of the corresponding social network for registration where you can log in using your credentials from this provider. This has the consequence that your account with the corresponding provider is linked to our service. In this process, the corresponding provider sends the information of the respective public profile, your email address and the identification tags to us.

The provider can link information they already have available, such as IP address or browser information with the use and usage duration of the provided services (including our login service). The provider of the social network or its servers may be located outside the EU or EEC (e.g. in the USA).

If you prefer not to authorize a data transfer between us and social networks, refrain from logging in using social registration services, and instead use our own login services.

 

6.     Log files

With every use of the Internet your Internet browser automatically sends certain information and we save this data in so-called log files.

We save log files to identify malfunctions and for security reasons (e.g. to investigate attempted attacks) for a duration of 30 days. Log files are deleted after the aforementioned period. Log files that must be saved for longer periods for evidence purposes must be excluded from deletion until final clarification of the corresponding incident and can be forwarded to investigating authorities in individual cases.

The following information is saved in log files:

-    IP address (Internet protocol address) of the terminal from where the online offering was accessed;

-    URL of the website from where the online offering was accessed (so-called origin or referrer URL);

-    Name of the service provider used to grant access to the online offering;

-    Name of the accessed files or information;

-    Date and time as well as duration of the access;

-    Data transfer quantity;

-    Operating system and information about the Internet browser used, including installed add-ons (e.g. for Flash Player);

-    http status code (e.g. "request successful" or "requested file not found").

 

7.     Persons under age

This online offering is not intended for children under 16 years of age.

 

8.     Forwarding data to other responsible parties

As a rule, we exclusively forward your personal data to other responsible parties if this is required to fulfill the contract, we or the third party have a legitimate interest in forwarding or you have granted your consent for this purpose. Individual details about the legal basis and the recipients or categories of recipients have been listed in the section entitled Processing purpose and legal basis.

Your data may also be forwarded to other responsible parties, provided we are obliged to do so on the basis of statutory stipulations or have been ordered to do so by enforceable official or legal orders.

 

8.1   Service providers (general)

We commission external service providers with activities, such as marketing services, programming and data hosting. We have carefully selected said service providers and regularly audit them, in particularly their careful handling with and the protection of the data saved on their infrastructure. We oblige all service providers to adhere to confidentiality standards and compliance with statutory specifications. Other companies within Bosch Group may also be acting as service providers.

 

8.2   Forwarding to recipients outside the EEC

We may also forward data to recipients based outside the EEC in so-called third-party countries. In this case, we make sure, prior to forwarding, that the recipient has implemented an adequate data security level or your have given your consent to forwarding.
We can provide you with an overview of recipients in third-party countries and a copy of the specifically agreed regulations concerning the adequate data security level. For this purpose, please use the information in the Contact Us section.

 

9.     Duration of storage; retention periods

As a rule, we save your data for the period of time required to provide our online offering and the associated services and/or for the time period in which we have a legitimate interest in continuing to do so (e.g. we may continue to have a legitimate interest in marketing by post even after performance of a contract). After this period of time, we delete your personal data with the exception of data we must continue to save to comply with legal obligations (e.g. on the basis of retention periods specified by tax and commercial law, we are obliged to save documents, such as contracts and invoices for a certain period of time).

 

10. Using our mobile applications

In addition to our online offering, we provide mobile applications ("apps") that you can download to your mobile terminal. Beyond the data gathered on websites, we use our apps to gather further personal data specifically resulting from the use of a mobile terminal. However, this is only done once you have granted your consent for this purpose.

 

10.1 App analysis

We require statistical information about the use of our online offering to make it more user-friendly, measure the range and for market research purposes. For this purpose, we use the app analysis tools described in this section.

Tool providers exclusively process data as processors as per our instructions and not for their own purposes.

The following section provides information about each tool and the corresponding provider. If these tools use tracking mechanisms or user profiles, we shall exclusively use these tools once you have granted your prior consent for this purpose.


10.2      UXCam

Name: UXCam

Provider: UXCam Inc, 814 Mission St, San Francisco, California, USA

Function: We use UXCam to create heat maps, session records and the way users browse several sites.

 

10.3      Google Analytics

Name: Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Analyzing user behavior (pages opened, number of visitors and visits, downloads), creating pseudonymous user profiles based on cross-device information about Google users who have logged in (cross-device tracking), enriching pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads

 

10.4      Tealium

Name: Tealium

Provider: Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA

Function: Tealium serves to manage website tags using an interface as well as the integration of program codes.

 

11.   Newsletter with login; right of revocation

As part of our online offering you can subscribe to our newsletter. For this purpose, we use the so-called double opt-in procedure, as part of which we will only send you a newsletter by email, mobile messaging service (e.g. WhatsApp), SMS or push notification once you have explicitly confirmed activation of the newsletter service by clicking a link in a notification. In the event that you decide at a later point to opt out from the newsletter, you can cancel the subscription at any point by revoking your consent. Use the link included in the email newsletter or potentially in the management settings of the corresponding online offering to revoke your consent. Alternatively, please reach out to us using the details in the Contact Us section.

 

12.    Communities

We offer you the option to become a member of our community. As part of our community, you can sign up to it, create a user profile and communicate with other users. We will only use the data generated here within the framework of your declaration of consent granted in this context for the affected marketing, market research and service purposes. You can revoke this consent at any time and this will apply from then on. Use the link in the communities to enforce your revocation. Alternatively, please reach out to us using the details in the Contact Us section.

Use an input screen in the community to choose whether you would like to make available individual details of your user profile to all community members or merely to your friends within the community, or whether you would like this information to remain completely private.

In contrast, any further data you generate in communities, e.g. by commenting or uploading images, is automatically publicly accessible and will be linked to your user profile.

 

13.     External links

Our online offering may contain links to Internet pages run by third-parties who are not linked to us. After having clicked the link, we no longer have any influence on gathering, processing and using personal data potentially transferred to the third party as a result of you having clicked the link (e.g. IP address or URL of the page where the link is), as the actions of third-parties, of course, are beyond our control. We do not assume any responsibility for the processing of such personal data by third parties.

 

14.     Security

Our staff members and the service providers we commission have been obliged to observe confidentiality and compliance with the specifications and applicable data privacy laws.

We have taken all required technical and organizational measures to guarantee an appropriate level of protection and protect your data managed by us, in particular from the risks of unintentional or illegal deletion, manipulation, loss, modification or unauthorized disclosure as well as unauthorized access. Our security measures are subject to continuous improvement in line with technological developments.

 

15.     User rights

Please use the information in the Contact Us section to exercise your rights. In doing so, please ensure that we are able to uniquely identify you.

Information and access right:

You are entitled to receive information from us about how your data are processed. To this end, you may exercise a right to access regarding the personal information that we process about you.

Right of rectification and erasure:

You can request from us the correction of incorrect data and, providing the legal prerequisites have been met, demand the completion or deletion of your data.

This does not apply to data that is required for invoicing and accounting purposes, or that is subject to the statutory retention obligation. However, if access to such data is not required, its processing will be restricted (see below).

Restriction of processing:

Provided the legal requirements are met, you can request that we restrict the processing of your data.

Data portability:

You continue to have the right to request to receive data that you have made available to us transmitted in a structured, standard and machine-readable format or – if technically feasible – that we transmit the data to a third party.

Revocation of consent

If you have given us your consent to allow your data to be processed, you can revoke your consent at any time with future effect. This will be without prejudice to the lawfulness of processing your data before consent is revoked.

 

16.     Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection authority. To do this, you can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us. This is:

The federal state's data protection and freedom of information officer
The data protection and freedom of information officer of the federal state of Baden-Württemberg

Address:

Lautenschlagerstrasse 20

D-70173 Stuttgart

GERMANY

Address:

Postbox 10 29 32

D-70025 Stuttgart

GERMANY

Phone: 0711/615541-0

FAX: 0711/615541-15

email: poststelle@lfdi.bwl.de

 

17.    Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please, therefore, notice the current version of our data protection notice, as this is subject to changes.

If you wish to contact us, please find us at the address stated in the "Controller" section.

To assert your rights please use the following link: https://request.privacy-bosch.com/entity/PTDE/?app=e59d6a4a-c3db-4272-8df6-217b9a2d67e9.

To notify data protection incidents please use the following link: https://www.bkms-system.net/bosch-datenschutz.

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer
Information Security and Privacy (C/ISP)
Robert Bosch GmbH
Postfach 30 02 20
70442 Stuttgart
GERMANY

or

mailto: DPO@bosch.com.

Effective date: April 2023