Data Protection Notice
Bosch Digital Commerce GmbH, member of Bosch Group, and its partners in the Bosch Group (hereinafter “Bosch” or “We” or “Us”) welcomes you to our internet pages and mobile applications (together also referred to as “Online Offers”). We thank you for your interest in our company and our products.
We describe in this data protection notice, how your personal data is processed in connection with your use of the platform. This also includes the processing of personal data for payment services, Bosch provides you in accordance with the terms of use.
1. Bosch respects your privacy
The protection of your privacy throughout the course of processing personal data as well as the security of all business data are important concerns to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.
2. Controller
Bosch is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.
Our contact data are as follows:
Company Name | Address |
Bosch Digital Commerce GmbH | Ridlerstr. 57, 80339 Munich, Germany |
Robert Bosch AG | Goellnergasse 15-17, 1030 Vienna, Austria |
Robert Bosch d.o.o., Hrvatska | Kneza Branimira 22, 10040 Zagreb-Dubrava, Croatia |
Robert Bosch S.A. | Av. Infante D. Henrique, Lote 2E-3E |
Robert Bosch A/S | Telegrafvej 1, 2750 Ballerup, Denmark |
Robert Bosch AS | Rosenholmveien 25, 1414 Trollåsen, Norway |
Robert Bosch AB | Isafjordsgatan 15, 164 26 Kista, Sweden |
Robert Bosch Oy | Robert Huberin tie 16 A, 01510 Vantaa, Finland |
Robert Bosch S.A. | Rue Henri Joseph Genessestraat 1 |
Robert Bosch (France) SAS | 32 avenue Michelet, 93404 Saint-Ouen, France |
Robert Bosch B.V. | Ringwade 31A, 3439 LM Nieuwegein, Netherlands |
Robert Bosch España, S.L.U. | Avenida de la Institución Libre de Enseñanza 19 |
Robert Bosch GmbH | Auf der Breit 4, 76227 Karlsruhe, Germany |
Robert Bosch Μονοπρόσωπη Α.Ε. | Erchias 37, 194 00 Koropi Attica, Greece |
3. Jointly controlled data
3.1 What is the reason for the joint controllership and for which processing activities does it apply?
The Bosch Group consists of numerous companies and is active, for example, in the fields of automotive workshop supplies or Internet services. These companies are located in Germany and other countries. In order to make the products available to you, services and (online) offers available to you, we rely on the following:
Customer registration
- We want to make it easier for customers to register and to ensure appropriate access and
authorizations as quickly as possible.
- Suitable contracts are thus created in a customer-friendly manner.
- Internally, we thus ensure that the offers are well coordinated.
Payment process
- We want to make the payment process as simple as possible for customers.
- This makes it easier to connect the payment provider.
- Products, services and offers should work well together.
This also applies to the processing of your personal data.
The Parties have jointly determined the means and the purposes of the processing of your personal data within the data processings described below and are therefore considered “Joint Controllers” subsequent to Art. 26 GDPR.
As a data subject within the meaning of the GDPR, you are thus entitled to the following information from the Parties.
3.2 Who are the jointly responsible companies?
Bosch Digital Commerce GmbH is jointly responsible with the respective legal entity in the country:
Country | Legal Entity | Link to Data Protection Notices |
Bosch Digital Commerce GmbH | ||
Austria | Robert Bosch AG | |
Croatia | Robert Bosch d.o.o., Hrvatska | |
Slovenia | Robert Bosch d.o.o., Hrvatska | |
Portugal | Robert Bosch S.A. | |
Denmark | Robert Bosch A/S | |
Iceland | Robert Bosch A/S | |
Norway | Robert Bosch AS | |
Sweden | Robert Bosch AB | |
Finland | Robert Bosch Oy | |
Estonia | Robert Bosch Oy | |
Latvia | Robert Bosch Oy | |
Lithuania | Robert Bosch Oy | |
Belgium | Robert Bosch S.A. | |
France | Robert Bosch (France) SAS | |
Netherlands | Robert Bosch B.V. | |
Spain | Robert Bosch España, S.L.U. | |
Germany | Robert Bosch GmbH | |
Greece | Robert Bosch Μονοπρόσωπη Α.Ε. | |
Cyprus | Robert Bosch Μονοπρόσωπη Α.Ε. | |
Malta | Robert Bosch Μονοπρόσωπη Α.Ε. |
3.3 What did the parties agree upon?
The Parties have agreed which of them will fulfil the respective obligations under the GDPR. This applies in particular to the exercise of the rights of the data subjects (Art. 15 - 21 GDPR) and the fulfilment of the information obligations subsequent to Art. 13 GDPR and Art. 14 GDPR.
Processing activity | Fulfilment of duties by |
Processing user data for registration
| All participating companies |
Processing of payments and invoices as well as establishing the interface to the payment service provider and possible receivables management
| All participating companies |
3.4. What does this mean for you as a data subject?
The Parties fulfil the data protection obligations according to their respective responsibilities for the processing activities as follows:
- To the extend that the participating companies are deemed to be joint controllers, they will make the information on the transparency of the processing available to you in accordance with the legal requirements. In this respect, the companies exchange the necessary information with each other
- The Parties make the information required under Articles 13 and 14 GDPR available to you as a data subject in a precise, transparent, comprehensible and easily accessible form in clear and simple language and free of charge. Where required, each party shall provide the other party with all necessary information from its sphere of activity.
- The Parties shall inform each other immediately of any legal positions asserted by you as a data subject. They shall provide each other with all information necessary to respond to requests for information.
- As a data subject you can assert your rights against any Party directly. Your inquiry will be forwarded internally to the responsible company.
4. Collection, processing and usage of personal data
4.1 Processed categories of data
The following categories of data are processed:
- Registration and contact data: Name, telephone, email, address, company
- Technical data: User ID, password, IP address und browser data, Logs. resp. activity data
- Payment information: Bank account or credit card data, currency, identity verification and authentication data (e.g., identification documents)
4.2 Principles
Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity.
We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.
In general, the provision of personal data is necessary for the conclusion or execution of a contract with Bosch. If you do not wish to provide personal data, no contract can be concluded or the contract cannot be performed.
4.3 Marketing Tools
- Name: Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Analysis of user behavior (page retrievals , number of visitors and visits, downloads), creating pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enriching pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads.
- Name: Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Administration of website tags via an user interface, integration of program codes on our websites.
- Name: New Relic Browser
Provider: New Relic, Inc, 188 Spear Street #1200, San Francisco, CA 94105, USA
Function: For the purpose of tracking the user experience and troubleshooting customer issues or complaints, the transfer of your personal data to the above controller is required.
4.4 Processing purposes and legal basis
We as well as the service providers commissioned by us; process your personal data for the following processing purposes:
Registration and contact data
- Provision of this online offer and the Bosch Application Store
Legal base: Predominant legitimate interest on our part in direct marketing, as long as this is done in accordance with data protection and competition law requirements.
- Purchase in the Bosch Application Store
Legal base: Processing for the purpose of carrying out pre-contractual activities at the request of the data subject or for contractual obligation
- Answering user inquiries from a contact form
Legal base: Carrying out pre-contractual activities / service contract resp. predominant legitimate interest on our part in marketing as well as to the improvement of our products and services, as long as this is done in accordance with data protection and competition law requirements or consent.
- Pre-Sales, Sales and After-Sales
Legal base: Predominant legitimate interest. Legitimate interest for Bosch in shaping the business with product, offers and services in the field of mobility in a demand-oriented and modern way.
Technical data
- Optimization of our services and online offers (including web and usage analysis)
Legal base: Predominant legitimate interest on our part in marketing as well as in improving our services and online offers as long as this is done in accordance with data protection and competition law requirements.
- Resolving service disruptions as well as for security reasons
Legal base: Fulfillment of our legal obligations within the scope of data security and legitimate interest in resolving service disruptions as well as in the protection of our offers.
- Safeguarding and defending our rights
Legal base: Legitimate interest on our part for safeguarding and defending our rights.
Payment information
In order to process payments, Bosch may need to collect payment information from you that is necessary for the proper performance of the contract with you. Without this data, you cannot use the payment services.
Legal base: Fulfillment of contractual obligations
Categories of recipients: Payment service providers, third-party provider of applications
- Data for verification and authentication of identity (e.g. identity documents)
Bosch processes personal data for verification and authentication of identity, which is necessary to comply with applicable law. In several countries, payment service providers, in their capacity as regulated financial service providers, are required by law to collect identity information as part of money laundering compliance. This includes (i) requiring the presentation of government-issued identification documents (e.g., driver's license or passport) or providing date of birth, home address, and other information; (ii) taking steps to confirm email address, specified payment or withdrawal methods; or (iii) matching information against third-party databases. In these cases, the terms of use and privacy notices of the external payment service provider apply, which the customer should take note of separately.
Without this data you are not able to use the payment services.
Legal base: Fulfillment of legal obligations
Categories of recipients: Payment service provider
- Data to identify and prevent fraud, abuse, security-related incidents, and other harmful activities
Legal base Fulfillment of contractual obligations, Predominant legitimate interest on our part in preventing harmful activities.
Categories of recipients: Payment service provider
- Data for the performance of safety investigations and risk assessments
Legal base: Fulfillment of contractual obligations, Predominant legitimate interest on our part in preventing harmful activities.
Categories of recipients: Payment service provider
- Data for performing reconciliations with databases and other information sources within the scope of applicable laws
Legal base: Fulfillment of contractual obligations, Predominant legitimate interest on our part in matching with anti-terror lists.
Categories of recipients: Payment service provider
- Data for compliance of legal obligations
Legal base: Fulfillment of contractual obligations
Categories of recipients: Payment service provider
- Data for filing of payment options („Re use“)
If necessary, it is possible to store payment data by setting a analogous check mark. In doing so, Bosch receives masked financial information (e.g. masked credit card data) from the payment service provider.
Legal base: Fulfillment of contractual obligations resp. consent.
4.5 Addressee of our offer
This online offer is meant for business partners (B2B) and not for consumers (B2C), in particular it is not meant for children under 16 years of age.
4.6 Data transfer
4.6.1 Data transfer to other controllers
Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal basis and the recipients or categories of recipients can be found in the Section – Processing purposes and legal basis.
Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.
We use the external payment service provider Deutsche Bank and computop for payment handling.
The transfer of payment information is based on the legal basis Art. 6 para. 1 lit. b GDPR. Your data will be passed on exclusively for the purpose of payment processing and only insofar as it is necessary for this purpose. If applicable, Deutsche Bank or computop also collects personal data itself as the responsible party. In this respect, the data protection information of Deutsche Bank or computop applies, which must be noted separately.
You find further information in the data protection notice of Deutsche Bank here: https://www.db.com/legal-resources/privacy-notice?language_id=1
You find further information in the data protection notice of Deutsche Bank here: https://computop.com/us/data-protection
In addition, data may be transferred to other controllers if we are required to do so by law or by official or court order.
If you are registered as an administrator for your company account, we will pass on your contact data to employees of your company in the event of further registration attempts. The transfer takes place based on the legal basis Art. 6 Abs. 1 lit. f GDPR.
4.6.2 Service providers
We involve external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, data hosting and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other Bosch group companies.
4.7 Transfer to recipients outside the EEA
We might transfer personal data to recipients located outside the EEA into so-called third countries. In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection or that you have consented to the transfer.
You are entitled to receive an overview of third country recipients and a copy of the specifically agreed provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the Contact section.
4.8 Duration of storage, retention periods
Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a legitimate interest in storing the data (e.g. we might still have a legitimate interest in postal mail marketing after fulfillment of our contractual obligations). In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).
5. Credit assessments
We have a legitimate interest in performing the credit assessments set forth in this section for the purpose to protect ourselves from bad debts or investments. We might commission companies performing mathematical and statistical analysis to assess the risk of payment default and deliver, within the scope of what is allowed under law, information on the probability of payment defaults. For the assessment, address data may be used, but not exclusively.
In case the result of a credit assessment does not satisfy our requirements, we reserve the right to ask for an assured payment method (e.g. credit card) or to refuse to enter into a contract.
A credit assessment is based on automated decision-making. If you disagree with the result, you may submit your point of view in writing to be reviewed by a responsible person. In addition, you are entitled to find out about the essential reasons supporting the decision of the respective service provider.
We have commissioned the following service providers with credit assessments depending on your location:
Service provider | Address | |
Austria | KSV1870 Holding AG | Wagenseilgasse 7, 1120 Wien, Austria |
Belgium | DUN & BRADSTREET B.V. | Otto Reuchlinweg 1094, 3072 MD Rotterdam, Belgium |
Croatia | n.a | n.a |
Cyprus | ICAP CRIF SA | Eleftheriou Venizelou 2, 176 76 Kallithea Athens, Greece |
Denmark | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Estonia | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Finland | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
France | URIOS | 91 Av. Paul Doumer, 75116 Paris, France |
Germany | Dun&Bradstreet | Robert-Bosch-Straße 11, 64293 Darmstadt, Germany |
Greece | ICAP CRIF SA | Eleftheriou Venizelou 2, 176 76 Kallithea Athens, Greece |
Iceland | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Latvia | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Lithuania | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Malta | ICAP CRIF SA | Eleftheriou Venizelou 2, 176 76 Kallithea Athens, Greece |
Netherlands | Dun&Bradstreet B.V. | Otto Reuchlinweg 1094, 3072 MD Rotterdam, Belgium |
Norway | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
Portugal | INFORMA D&B, S. A | Avda. de la Industria, 32 - 28108 Alcobendas, Madrid, Spain |
ATRADIUS Crédito y Caución S.A | Paseo de la Castellana 4, 28046 Madrid, Spain | |
Slovenia | Coface Adriatic d.o.o. | Avenija Dubrovnik 46/III, 10 020 Zagreb, Croatia |
Spain | INFORMA D&B, S.A. | Avda. de la Industria, nº32, 28108 ALCOBENDAS, Madrid, Spain, +34 91 661 71 19 / clientes@informa.es |
ATRADIUS Crédito y Caución | Paseo de la Castellana 4, 28046 Madrid, España, toni.martin@atradius.com | |
Sweden | Dun&Bradstreet | Gyngemose Parkvej 50, 2860 Soeborg, Denmark |
6. Usage of cookies
6.1 General
In the context of our online service, cookies and tracking mechanisms may be used. Cookies and tracking mechanisms are small text files that may be stored on your device when visiting our online service. When you call up this online offer another time, your browser sends the content of the cookies back to the respective provider, thus enabling the end device to be identified again. Reading the cookies enables us to optimize our online offer for you and to make it easier for you to use.
6.2 Deactivation and deletion of cookies
When you visit our website, you will be asked in a cookie layer whether you want to allow the cookies set on our site or whether you want to disable them in the settings.
If you decide to block cookies, an opt-out cookie will be set in your browser. This cookie is used exclusively to assign your objection. Please note that disabling cookies may affect the functionality of the website.
Please note that the settings you make only apply to the browser you are using. If you delete cookies or use a different browser or terminal device, you must make your settings again.
The setting does not apply to cookies set by other providers during your visit to third-party websites.
Your browser allows you to delete all cookies at any time. If you would like to do this, please use the help function of your browser. Please note that this may affect the functionality of the website.
In addition, you have the option to manage and disable the use of third-party cookies on the following website:
http://www.youronlinechoices.com/uk/your-ad-choices
Since this website is not operated by us, we take no responsibility and have no influence on its content and availability.
6.3 Overview of the cookies we use
In this section you will find an overview of the cookies we use.
Technically required cookies:
Certain cookies are necessary so that we can present our online offers securely. This category includes, for example:
- Cookies, which identify or authenticate our users;
- Cookies, which temporarily save certain user inputs (e.g. content of a shopping cart or an online form);
- Cookies, which save certain user settings (e.g. search or language setting);
- Cookies, which store data to ensure error-free playback of video or audio content.
7. External links
Our Online Offers may contain links to internet pages of third parties, in particular providers who are not related to us. Upon clicking on the link, we have no influence on the collecting, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control. We do not assume responsibility for the processing of personal data by third parties.
8. Security
Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.
We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.
9. Data subject rights
To enforce your rights, please use the details provided in the Contact section (see 12.). In doing so, please ensure that an unambiguous identification of your person is possible.
Right to information and access
You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.
Right to correction and deletion
You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.
This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).
Restriction of processing
As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.
Data portability
As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible –that we transfer those data to a third party.
Objection to direct marketing
Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.
Objection to data processing based on the legal basis of “legitimate interest”
In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.
Withdrawal of consent
In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.
Right to lodge complaint with supervisory authority
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. To contact the respective supervisory authority, please verify the information of the respective company ( see “3.2 Who are the jointly responsible companies”)
10. Changes to the Data protection Notice
We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please, therefore, notice the current version of our data protection notice, as this is subject to changes.
11. Automated decision making
Automated decision-making takes place within the framework of the credit assessment. You can find more information on this at the corresponding point of this data protection notice.
12. Contact
If you wish to contact us, please find us at the address stated in the “Controller” section.
To assert your rights please use the following link: https://request.privacy-bosch.com/
To notify data protection incidents please use the following link: https://www.bkms-system.net/bosch-dataprotection
For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:
Data Protection Officer
Information Security and Privacy (C/ISP)
Robert Bosch GmbH
P.O. Box 30 02 20
70442 Stuttgart, GERMANY
or
mail to: DPO@bosch.com
13. Effective date
12.06.2024