Data Protection Policy

1. Data Protection Notice

Robert Bosch Limited UK (hereinafter “Bosch” or “We” or “Us”) welcomes you to our internet pages and mobile applications (together also referred to as “Online Offers”). We thank you for your interest in our company and our products.

2. Bosch respects your privacy

The protection of your privacy throughout the course of pro-cessing personal data as well as the security of all business data are important concerns to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy

3. Controller

Robert Bosch Limited is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.

Our contact details are as follows:

Robert Bosch Limited.
P.O. Box 98,
Uxbridge
UB9 5HN

Email: DSO@uk.bosch.com
Telephone: +44(0)344 892

4. Collection, processing and usage of personal data

Processed categories of data

The following categories of data are processed:

Communication data (e.g. name, telephone, e-mail, address, IP address)

4.1 Principles

Personal data are all the information which relate to an identified or identifiable natural person, for example, names, addresses, telephone numbers or e-mail addresses which are the expression of the identity of a person.

We collect, process and use personal data (including IP ad-dresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration..

4.2 Processing purposes and legal grounds

Our delegated service providers and we process your personal data for the following objectives:

4.2.1 · Provision of these online offers

Legal basis: Predominantly, justified interest in direct marketing on our part, as long as this is carried out in compliance with data protection regulations and competition law regulations

4.2.2 · In reply to user inquiries in the framework of a contact form

Legal basis: Predominantly, justified interest in direct marketing on our part and in the enhancement of our products and services, as long as this is carried out in compliance with data protection regulations and competition law regulations resp. contractual performance resp. consent

4.2.3 · Determination of malfunctions and for safety reasons

Legal basis: Fulfilment of our legal obligations in the field of data security and predominantly, justified interest in the rectification of malfunctions and the security of our offers.

4.2.4 · Our own and third party advertising as well as market research and reach measurement in accordance with the legally permissible extent resp. consent-based

Legal basis: Consent or predominantly, justified interest in direct marketing on our part, as long as this is carried out in compliance with data protection regulations and competition law regulations.

4.2.5 · Safeguarding and defending our rights

Legal basis: Justified interest on our part in the assertion and defense of our rights.

4.3 · Registration

If you wish to use or get access to benefits requiring to enter into the fulfillment of a contract, we request your registration. With your registration we collect personal data necessary for entering into the fulfillment of the contract (e.g. first name, last name, date of birth, email address, if applicable, details on the preferred payment method or on the account holder) as well as further data on voluntary basis, if applicable. Mandatory information is marked with an *.

4.4 · Log files

Whenever you use the Internet, specific information will be automatically transmitted from your Internet browser and stored by us in so-called log files.

We save the log files for the determination of malfunction and for safety reasons (e.g. for the investigation of attempted attacks) for a short period and delete them afterwards. If a further retention of log files is required for evidence purposes, these will be exempted from deletion until the final clarification of the respective incident and can be handed over to investigating authorities in individual cases.

Log files are (without or without the complete IP address) under the prerequisites of section 4.2.4 “Our own and third party advertising as well as market research and reach measurement in accordance with the legally permissible extent resp. consent-based” also used for analytical purposes.

The following information, in particular, is stored in the log files:

IP address (internet protocol address) of the terminal device used to access the Online Offer
Internet address of the website from which the Online Offer is accessed (so-called URL of origin or referrer URL)
Date and time as well as duration of recalling the data
Amount of data transferred
Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player)
http status code (e.g., “Request successful” or “File requested not found”)

4.5 · Children

This Online Offer is not meant for children under 16 years of age.

4.6 · Special data categories

This Online Offer processes special data about your person (e.g., statements about your health, religion or sexual orientation) in accordance with the statutory regulations only with your express consent or if they have explicitly been made public by yourself.

4.7 · Transfer of data

4.7.1 · Transfer of data to other responsible parties

We will principally only transfer your personal data to other responsible parties insofar as if this is necessary for the contract performance, we or the third party has a predominantly justified interest in the transfer or if you have given your consent. You will find details concerning the legal bases in section “Processing purposes and legal bases” (see no. 4.2). Third parties can also be other companies in the Bosch Group. It will be explained in this data protection policy if data are transferred on the basis of a predominantly justified concern.

Moreover, data can also be transferred to other responsible parties, insofar as we are obligated to do this on the basis of statutory regulations or due to enforceable official or judicial order.

4.7.2 · Transfer of data to service providers

We assign tasks such as marketing services, programming, data hosting and hotline services to external service providers. We have selected these service providers with utmost care and monitor them on a regular basis, in particular with regard to their diligent handling and protection of the data stored by them. All providers are bound to confidentiality and adherence to the legal specifications by us. Service providers can also be other companies in the Bosch Group.

4.8 · Transfer to recipients outside the EEA

We can also transfer personal data to recipients with headquarters outside the EEA in so-called non-member countries. In this case, we ensure before transfer that the recipient either possesses an appropriate standard of data protection (e.g. on the basis of an adequacy decision of the EU Commission for the relevant country or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or if you have consented to the transfer.

You can obtain an overview of the recipients in non-member countries and a copy of the concrete agreed regulations to guarantee the appropriate standard of data protection from us. Please use the information contained in section “Responsible authority and contact” (see no. 2).

4.9 · Duration of storage; retention periods

On principle, we store your data for as long as it takes for the provision of our online offer and the associated services or when we have a justified interest in further storage (e.g. after the fulfilment of a contract, we could still have a justified interest in postal marketing). In all other cases, we will delete your personal data with the exception of such data that we are obliged to retain for the fulfilment of legal obligations (e.g. as a result of fiscal and commercial retention periods, we are obliged to retain documents such as contracts and invoices for a specific period of time).

5. Usage of cookies

In the context of our online service, cookies and tracking mechanisms may be used. Cookies are small text files that may be stored on your device when visiting our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis.

5.1 · Categories

We distinguish between cookies that are mandatorily required for the technical functions of the online service and such cookies and tracking mechanisms that are not mandatorily required for the technical function of the online service.

It is generally possible to use the online service without any cookies that serve non-technical purposes.

5.1.1 · Technically required cookies

By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies that store data to ensure smooth reproduction of video or audio footage.

Such cookies will be deleted when you leave the website.

5.1.2 · Cookies and tracking mechanisms that are technically not required

We only use such cookies and tracking mechanisms if you have given us your prior consent in each case. With the exception of the cookie that saves the current status of your privacy settings (selection cookie). This cookie is set based on legitimate interest.

We distinguish between two sub-categories with regard to these cookies and tracking mechanisms:

5.2. Comfort cookies

These cookies facilitate operation and thus allow you to browse our online service more comfortably; e.g. your language settings may be included in these cookies.

5.3. Marketing cookies and tracking mechanisms

General

By using marketing cookies and tracking mechanisms we are able to provide you with a better user experience and individual offers.

Statistics:
By using statistical tools, we measure e.g. the number of your page views.
Conversion tracking:
Our conversion tracking partners place a cookie on your computer ("conversion cookie") if you accessed our website via an advertisement of the respective partner. Normally these cookies are no longer valid after 30 days. If you visit certain pages of our website and the cookie has not yet expired, we and the relevant conversion partner can recognize that a certain user clicked on the advertisement and thereby was redirected to our website. This can also be done across multiple devices. The information obtained by means of the conversion cookie serves the purpose of compiling conversion statistics and recording the total number of users who clicked on the respective advertisement and were redirected to a website with a conversion tracking tag.
Social plugins:
Some of the pages of our online service involve content and services of other providers (e.g. Facebook, Twitter) which also may use cookies and active modules. For more details regarding social plugins please refer to the section on social plugins
Retargeting:
These tools create user profiles by means of advertising cookies or third-party advertising cookies so called "web beacons" (invisible graphics that are also called pixels or tracking pixels), or by means of comparable technologies. These are used for interest-based advertising and to control the frequency with which the user looks at certain advertisements. The relevant provider is the controller responsible for the processing of data in connection with the tool. The providers of the tools might disclose information also to third parties for the purposes mentioned above. Please note the data protection notices of the relevant provider in this context.

Please note that using the tools might include transfer of your data to recipients outside of the EEA where there is no adequate level of data protection pursuant to the GDPR (e.g. the USA). For more details in this respect please refer to the following description of the individual marketing tools.

5.3.1. Google Analytics

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Function: Analysis of user behavior (page retrievals, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads

5.3.2. Google Tag Manager

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Function: Administration of website tags via a user interface, integration of program codes on our websites

5.3.3. New Relic Browser

Provider: New Relic, Inc., 188 Spear Street #1200, San Francisco, CA 94105, USA

Function: For the purpose of tracking user experience and troubleshooting customer issues or complaints, the transfer of your personal data to the above controller is required.

5.4. Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings.

Note: The settings you have made refer only to the browser used in each case.

5.4.1 · Deactivation of all cookies

If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.

5.4.2 · Management of your settings with regard to cookies and tracking mechanisms not required technically

When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any marketing cookies or tracking mechanisms, respectively.

In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.

6. Social Plugins

In our Online Offers we use so-called social plugins from various social networks. They are individually described in this section.

When using plugins, your internet browser creates a direct connection to the respective social networks’ server. Hereby the respective provider receives the information that your internet browser accessed from the respective site of our Online Offers - even if you do not have a user account with this provider or are currently not logged into your account. Log files (including the IP address) are, in this case, directly transmitted from your internet browser to a server of the respective provider and might be stored there. The provider or its server may be located outside the EU or the EEA (e.g. in the United States).

The plugins are standalone extensions by social network providers. For this reason, we are unable to influence the scope of data collected and stored by them.

Purpose and scope of the collection, the continued processing and usage of data by the social network as well as your respective rights and setting options to protect your privacy can be found by consulting the respective social network's data protection notices.

In case you do not wish social network providers to receive and, if applicable, store or use data, you should not use the respective plugins.

6.1. Social Plugins with Heise Two Click Solution

By using the so-called two click solution (provided by Heise Medien GmbH & Co. KG) we protect your visit to our web pages from being logged and processed by social network providers by default. When using a page of our internet presence which contains such plugins, these are initially deactivated. Only when you click on the respective button, the plugins are activated.

6.2. Facebook plugins

Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview over Facebook's plugins and their appearance here: https://developers.facebook.com/docs/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.

6.3. Twitter plugins

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview over Twitter's plugins and their appearance here: https://developer.twitter.com/en/docs/twitter-for-websites/overview.html; find information on data protection at Twitter here: https://twitter.com/privacy.

6.4. Instagram plugins

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Find an overview over Instagram's plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; find information on data protection at Instagram here: https://help.instagram.com/155833707900388/.

7. YouTube

Our Online Offers use the YouTube video platform which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube”). YouTube is a platform which allows the playback of audio and video files.

When you access a respective site of our Online Offers that contains an embedded YouTube player, this creates a connection to YouTube so that the video or audio file can be transmitted and played back. In doing so, data is transferred to YouTube as a data controller. We are not responsible for the processing of such data by YouTube.

Additional information on the scope and purpose of collected data, on further processing and usage of data by YouTube, on your rights and the privacy options available to be chosen by you, can be found in YouTube's data protection notice.

8. Communication tools on social media platforms

We use on our social media platform (e.g. twitter) communication tools to process your messages sent via this social media platform and to offer you support.

When sending a message via our social media platform the message is processed to handle your query (and if necessary additional data, which we receive from the social media provider in connection with this message as your name or files).

In addition we can analyze these data in an aggregated and anonymized form in order to better understand how our social media platform is used.

We will forward the personal data you provide to the Bosch legal entity responsible for the processing of your query (for example, in the event your query refers to a product that is distributed by another Bosch legal entity). The legal basis for the processing of your data is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) or, if applicable, an existing contractual relationship (Art. 6 para. 1 s. 1 lit. b GDPR). The processed personal data is deleted 180 days upon receipt of your message the latest.

9. Communities

We offer you the opportunity of becoming a member of one of our Bosch Car Service communities there, you can sign up, create a user profile and communicate with other members. Your data generated therein is only used in the scope of the consent granted by you for the respective marketing, market research and service purposes. You can withdraw your consent for future processing’s at any time by the link which is stated in the respective community. Alternatively, please contact us via the contact details provided in the Contact section.

Through an input mask in the respective community you are able to choose whether you want to show particular statements of your user profile to all members of the community or only to your "community friends" or whether they should remain private.

All other data which is generated by you in the communities, e.g. by creating comments or pictures, are automatically publicly accessible and will be linked to your user profile.

10. External links

Our online offer can contain links to the websites of third parties − to providers who are not affiliated with us. After you click the link, we no longer have any influence on the collection, processing and utilization of any personal data that is transferred to third parties after clicking the link (for example, the IP address or the URL of the site on which the link is located), as our control of the conduct of third parties is then naturally withdrawn. We assume no responsibility for the processing of this kind of personal data by third parties.

11. Security

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

12. Your rights

Please use the information contained in section “Responsible authority and contact” (see no. 2). to assert your rights. Please ensure that an unambiguous identification of your person is possible for us.

12.1 · Right to information and disclosure:

You have the right to obtain information from us concerning the processing of your data. For this purpose, you can enforce a right to information in relation to the personal information that we process from you.

12.2 · Right of rectification and deletion:

You can demand from us the rectification of false data and – insofar as the legal prerequisites are fulfilled – the completion or deletion of your data.

This does not apply to data which are necessary for invoicing or accounting purposes or are subject to the statutory retention obligation. Insofar as the access to such data is not required, the processing thereof will be restricted (see below).

12.3 · Restriction of processing:

You can demand from us the restriction of the processing of your data insofar as the legal prerequisites are fulfilled.

12.4 · Data portability:

You will continue to have the right to obtain data that you have provided to us transmitted in a structured, conventional and machine-readable form or as far as this is technically feasible, to demand that the data are transmitted to a third party.

12.5 Objection to direct marketing

Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organisational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

12.6 Objection to data processing based on the legal basis of “legitimate interest”

In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.

12.7 Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

13. Information to be provided to data subjects in accordance with Art. 13 GDPR – Joint controllers

As the party responsible for SingleKey ID, Bosch.IO GmbH exercises joint responsibility, together with third parties responsible for the application(s) you use, for the processing of your data in accordance with the provisions of the General Data Protection Regulation and national data protection laws. In accordance with Art. 26 of the GDPR (Joint controllers), we have agreed in writing to exercise joint responsibility for data processing. In particular, we have determined and agreed upon the responsibilities and liabilities of the parties involved. For detailed information on individual processing operations, please refer to the data protection notice of Bosch.IO GmbH and the information sheet on data processing available at Data Protection Policy.

14 · Right to appeal to the supervisory authority

If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:

First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

15. Change of the data protection policy

We reserve the right to make modifications to our security and data protection measures, insofar as this is necessary due to the technical development. In these cases, we will also adapt our data protection policy accordingly. Therefore, please note the currently valid version of our data protection policy.

16. Contact

If you have any questions, comments or requests regarding this Privacy Policy, we will be happy to answer them. Please contact

Data Security Officer, UK and Ireland
Email: DSO@uk.bosch.com
Robert Bosch UK Holdings Limited.
Broadwater Park
North Orbital Road
Denham UB9 5HJ

Please address any questions, comments and requests regarding our data processing practices to us in this way in the first instance.

Please remember to include your name, address and postcode along with any correspondence reference you may have.

First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

17. Effective date: 19.05.2021