Data Protection Notice

1.1 Information according to Art. 13 GDPR

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.

1.2 Principles

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity. We collect, process and use personal data only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

2 Controller

Controller for the processing of your personal data is Bosch GmbH Wrong Way Driver Service (CS/XOE-RHS).

Our contact information is:

E-Mail: support.wdw@de.bosch.com

3. Data Protection Officer

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer Information Security and Privacy (C/ISP) Robert Bosch GmbH

post box 30 02 20 70442
Stuttgart
GERMANY

or

E-Mail: DPO@bosch.com

  • Processing purposes and legal basis

  • Processed data categories

  • Communication data (e.g. name, e-mail address, address, IP address) are processed.

Processing principles

Personal data are all the information which relate to an identified or identifiable natural person, for example, names, addresses, telephone numbers or e-mail addresses which are the expression of the identity of a person. We process personal data only when there is a statutory legal basis for doing so or if you have given us your consent, e.g. in the scope of a registration.

We process your personal data for the following processing purposes:

  • Account creation & validation (Name, E-Mail) - Legal basis for the processing is consent.

  • Account notifications (Name, E-Mail) - Legal basis for the processing is consent.

Data transfer to other controllers

Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have/has a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal basis and the recipients or categories of recipients can be found in the Section “Processing purposes and legal basis”.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

This is based on Microsoft Azure API Management. Therefore it is being hosted and maintained by Microsoft. All data protection policies from Microsoft, Microsoft Azure and Microsoft Azure API Management are due to this valid.

Data Transfer

Transfer to recipients outside the EEA We might transfer personal data to recipients located outside the EEA into so-called third countries. In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection or that you have consented to the transfer. You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-provisions securing an appropriate level of data protection. For this purpose, please use the contact information stated above.

Microsoft Azure might transfer data for logo analytics or backups to other datacenters.

Duration of storage, retention periods

Principally, we erase your personal data if a purpose and legal basis for data processing does not exist anymore or we are legally obliged to erase. The only exception from erasure are cases, in which we have to keep your personal data due to legal obligations (eg. retention periods under the tax and commercial codes, which require the availability of certain documents such as contracts and invoices for a certain period of time).

User rights

To assert your rights and to notify data protection incidents please use the following link: https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=18rbds19&language=eng. In doing so, please ensure that an unambiguous identification of your person is possible.

Right to information and access

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

Right to correction and deletion

You have the right to obtain the rectification or completion of inaccurate personal data or deletion of your data as far as statutory requirements are fulfilled.
This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

Restriction of processing

You have the right to demand for – as far as statutory requirements are fulfilled – restriction of the processing of your data.

Data portability

You are entitled to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.

Objection to data processing based on the legal basis of “legitimate interest”

In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on legitimate interest. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.

Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

Right to lodge complaint with supervisory authority

You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. This is:

State Commissioner for Data Protection and Freedom of Information
Königstrasse 10a 
70173 Stuttgart 

Postal address: 
P.O. Box 10 29 32 
70025 Stuttgart, 
GERMANY 
Phone: 0711/615541-0 
Fax: 0711/615541-15 
Email: poststelle@lfdi.bwl.de
Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please, therefore, notice the current version of our data protection notice, as this is subject to changes.

v1.0.0.2019-09-05