Skip to main

Data protection policy

Data protection policy of Robert Bosch GmbH

1. Data Protection Notice (Privacy Policy)

The Robert Bosch GmbH (hereinafter “Bosch eBike Systems” or “We” or “Us”) welcomes you to our "Partner Portal" (hereinafter “online offer”). The online offer consists of services accessible for original equipment manufacturers (hereinafter “OEMs”) and bike shops, repair shops, etc (hereinafter “IBDs”). We thank you for your interest in our company and our products.

2. Bosch eBike Systems respects your privacy

The protection of your privacy throughout the course of processing personal data as well as the security of all business data are important concerns to us. We process personal data that was gathered during your visit of our online offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

3. Controller

Controller for the processing of your data is:

Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe
Germany
contact@bosch.com

Exceptions are outlined in this data privacy notice.

4. Collection, processing and usage of personal data

4.1 Principles

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

4.2 Processed categories of data

When you use our online offer, the following categories of data are processed:

  • Communication data (e.g. name, password, telephone, e-mail, address, IP address)
  • Contractual master data (e.g. contractual relationships, contractual or product interest)
  • Client history (e.g. changes of address, history of service cases, etc.)
  • Device-related data (e.g. Hardware ID, computer name)
  • Service-related data (e.g. Bosch ID, user role, company name, e-mail)
  • Log-files (e.g. IP address)

4.3 Processing purposes and legal basis

We as well as the service providers commissioned by us process your personal data for the following processing purposes:

4.3.1. Provision of these online offers

We operate a B2B online offer for digital services for e-bikes where different partners from Bosch, such as bike manufacturers, bike dealers, bike component suppliers as well as other third party partners from different market segments can after a registration use different digital tools and services provided by us.

Legal basis: Fulfilment of contractual obligations

The following conditions apply: Terms of Use

4.3.2 Registration

To use our services, registration in our Partner Portal is required. You can only register for our online offer by first setting up a central Bosch-ID. The central Bosch-ID was developed by Bosch.IO GmbH for the Bosch Group of Companies in order to enable shared users to use the services of different companies in the Group using uniform login data and to increase data security. Responsible for providing this registration service is Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany ("BIO").

If you wish to register with BIO for a central Bosch-ID, the General Terms of Use for the registration and use of a central Bosch-ID and BIO's Privacy Notice apply.

After successful registration, you can also use the login data used for the central Bosch-ID to register for this online service. For this purpose we provide you with a BIO login mask for the central Bosch-ID. BIO will then confirm your authorization and provide us with the following personal data:

  • Email address

Your password will not be transmitted to us.

Regarding other data transfers within the Bosch Group associated with the central Bosch ID, we refer to the BIO data protection information. You can terminate your user agreement for the central Bosch ID at any time by logging out. Please click on the following link:

https://myaccount.bosch.com/BeaPUssWeb/unregistration

In addition, we collect further user-related data from you when you register for our online offer:

  • Name
  • Password

The above-mentioned personal data are processed for the purpose of identification and contract management (conclusion, implementation and termination of the contract).

Legal basis: Fulfilment of contractual obligations

4.3.3 Creation of a user account

When you set up your personal user account, various data (such as the user’s name, last name, country, language and company’s name, address, phone number, country, and e-mail address) will be requested via the form provided as part of the registration process. Then you are welcome to choose a user name. Your data will be used to manage your user account.

We store your data as long as you do not delete your customer account with us. If you make changes to your information, the old information is deleted and only the updated data is stored. You will find the functions for changing your details or deleting your user account in your profile.

Legal basis: Fulfilment of contractual obligations

4.3.4 Theming Editor

Through our Theming Editor service in the Partner Portal, OEM’s are able to create, manage and edit their brand assets for the mobile app of Bosch eBike Systems of their users. Through a simple interface they can publish a theme to all of their users.

The following data is processed when using the service ("service-related data"):

  • Color in hexadecimal code
  • A logo
  • An image or a video of the brand
  • OEM name
  • OEM brand identifier
  • Role at approval time

Legal basis: Fulfilment of contractual obligations

4.3.5 Dashboard Service

Through the Dashboard Service you will have access to insights and analytics about the e-bike users and the behavior of the users. The Dashboard will empower you to better understand your customers and their bike usage and enable data-driven decision making. The results are displayed in an aggregated and anonymized way in graphs and figures.

Legal basis: Fulfilment of contractual obligations

4.3.6 Targeted Messaging Service (TMS)

The Targeted Messaging service (TMS) can be used to create, edit, delete, review, approve and send messages to a predefined group of recipients that are Bosch eBike users. Those messages can be reviewed via test messages. Target audiences (recipients) are defined choosing different criteria such as country, language, bike category etc.

The following data is processed when using the service ("service-related data"):

  • Message ID
  • Bosch ID
  • Brand
  • E-Mail address of logged in user
  • Language and Country
  • E-Mail address of reviewer
  • Publish Timestamp
  • Prename
  • Family Name
  • Role at approval time

The test messages are sent to reviewers using an e-mail marketing software of the provider Optimizely GmbH, Wallstraße 16, 10179 Berlin (“Optimizely”). The e-mail addresses of the recipients of our messages, as well as their other data described in this notice, are located on Optimizely's servers in data centres in Germany and are subject to the data protection laws applicable there. Optimizely uses this information to send and evaluate the messages on our behalf. Furthermore, Optimizely can use this data to optimize or improve its own services, e.g. to technically optimize the sending and the presentation of the targeted messages. However, Optimizely does not use the data of the recipients of our messages to write to them itself or to pass them on to third parties. The security concept for Optimizely's email marketing cloud Optimizely Campaign is certified according to ISO 27001. For more information, please visit https://www.optimizely.com/de/privacy/.

Legal basis: Fulfilment of contractual obligations

4.3.7 Cloud API

Cloud API is a technical interface provided by us in order to enable OEM to receive specific data and information about certain e-bikes (e.g serial number, part number, part name, total distance, number of charging cycles of battery, time until next recommended service etc.)

When using Cloud API, no personal data of you will be processed.

4.3.8 Provision of the Diagnostic Tool

When using the Diagnostic Tool in connection with Bosch eBike systems, we process your personal data if it is necessary to us, for example, for the operation of the Diagnostic Tool, fullfillment of contractual obligations, license management or creation and processing of a service case or a warranty case.

The following data is processed when using the Diagnostic Tool:

  • Device-related data (e.g. hardware ID, computer name)
  • Logging Data (e.g. IP address, Client ID, Timezone)

Legal basis: Fulfilment of contractual obligations

For each remote access by the OEM user to the dealer's software, the full IP address (Internet Protocol address) of the end device from which the dealer's software is accessed, OEM dongle ID, and date and time are transmitted to us and logged by us.

The logs are stored by us for the purpose of investigating malfunctions and for security reasons (e.g. to clarify attempted attacks, misuse) for a period of 1 year, after which they are deleted. Logs whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases.

Legal basis: Fulfilment of our legal obligations within the scope of data security and legitimate interest in resolving service disruptions, abuse detection as well as in the protection of our offers.

4.3.9 Usage of IBD services

When you are an IBD and use the services only offered to IBDs, additionally the following data procession can occur:

4.3.9.1 Provision of business relevant information

We provide you with business relevant information (e.g. Change of T&Cs, Downtime etc.).

Legal basis: Fulfilment of contractual obligations

4.3.9.2 Storage of training information

We store training information (online training, participation) of the eBike dealers to check the authorization to receive a dongle or a license (Diagnostic Tool (BDP tool)).

Legal basis: Fulfilment of contractual obligations

4.3.9.3 Storage of voluntarily provided information

For the provision of our Bike Dealer Self-Service, including Dealer Locator, we store information voluntarily provided by the dealer (to increase visibility/reachability for end customers, marketing for the dealer).

Legal basis: Legitimate interest in direct marketing, as long as this is performed in compliance with data protection and competition law. Dealer Locator: Consent.

4.3.9.4 Customer survey, market research

We contact you for reasons of product or customer surveys by e-mail and/or telephone, as well as market research activities

Legal basis: Consent

4.3.9.5 Prize draws / Discount campaigns

We are conducting prize draws or discount campaigns in accordance with the respective prize draw or discount campaign conditions

Legal basis: Either consent or our legitimate interest in direct marketing, as long as this is performed in compliance with data protection and competition law.

4.3.9.6 Dealer Locator

We provide our Dealer Locator Service via an interface (API) that uses maps from Google Maps for which Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in relation to data protection. When you click “Start Google Maps” your IP address and the address/coordinates selected by you will be transmitted to Google. Google Maps is used here to provide any necessary location correction. This gives you the opportunity to adjust the location of your shop yourself so that it can be displayed accurately for the end customer during the dealer search. Please note that it is possible that data will be transferred by Google to the USA. More information on how user data is handled can be found in Google’s privacy policy: https://www.google.co.uk/intl/en/policies/privacy.

Legal basis: Consent

4.3.9.7 IBD Newsletter

You can subscribe to a newsletter as part of our online service. Should you decide later that you no longer wish to receive newsletters, you can cancel your subscription at any time by revoking your consent. The revocation takes place via the link printed in the newsletter, or in the administration settings of the respective online offer. Alternatively, please contact us using the information in the “Contact Us” section.

The newsletter is sent to you using an e-mail marketing software of the provider Optimizely GmbH, Wallstraße 16, 10179 Berlin (“Optimizely”). The e-mail addresses of the recipients of our newsletters, as well as their other data described in this notice, are located on Optimizely's servers in data centres in Germany and are subject to the data protection laws applicable there. Optimizely uses this information to send and evaluate the newsletter on our behalf. Furthermore, Optimizely can use this data to optimize or improve its own services, e.g. to technically optimize the sending and the presentation of the targeted messages. However, Optimizely does not use the data of the recipients of our newsletters to write to them itself or to pass them on to third parties. The security concept for Optimizely's email marketing cloud Optimizely Campaign is certified according to ISO 27001. For more information, please visit https://www.optimizely.com/de/privacy/.

Legal basis: Consent

4.3.10 Content Card

As an OEM, you have the option of creating a so-called Content Card that is displayed to selected users of the Flow App. The relevant separate contractual terms and conditions apply.

The following data is processed when using the service ("service-related data"):

  • Contents of Content-Cards created
  • OEM-Name
  • OEM-Identifier
  • Role at approval time

Legal basis: Contractual obligations

4.3.11 Resolving service disruptions as well as for security reasons

Legal basis: Fulfilment of our legal obligations within the scope of data security and legitimate interest in resolving service disruptions as well as in the protection of our offers.

4.3.12 Feedback

You have the option to provide feedback via e-mail. This process is voluntary.

Legal basis: Our legitimate interest in constant improvement of our services.

4.3.13 Support

If you have a concern about the Partner Portal, you can contact us via e-mail.

Legal basis: Fulfilment of contractual obligations

4.3.14 Individual Newsletter

You can subscribe to an individual newsletter as part of our online service. Individual newsletters contain information about offers and services of our online service, practical help and usage instructions for our online service as well as marketing and advertising messages about our products and services. In order to collect the individual information and use it for the content of the newsletter, we evaluate the use of the online service, e.g. processing and delivery status of TMS messages, and your company and their location.

If you want to withdraw the newsletter and stop the evaluation, you can terminate your subscription at any time by revoking your consent. The revocation can be done via the link printed in the newsletter or in the administrative settings of the respective online offer. Alternatively, you may contact us using the details in the "Contact" section.

Legal basis: Consent

4.3.15 Security and protection of rights

We may also process your personal data to investigate service disruptions and for security reasons to comply with our legal obligations in data security, as well as on the basis of our legitimate interest in the elimination of service disruptions and the security of our offers.

We may process your personal data to protect and defend our rights. This purpose also constitutes our legitimate interest.

Legal basis: Our legitimate interest in the protection and defense of our rights

4.3.16 Contacting us

Within the scope of our online offer, we provide you with various contact options (e.g. contact form, e-mail communication). In the case of inquiries from end customers regarding the eBike (e.g. handling of a service case, warranty cases) or in the case of inquiries from dealers, manufacturers or journalists regarding the products and services of Bosch eBike Systems, we process your personal data to answer inquiries, if necessary to solve problems and to maintain and promote your satisfaction as a customer or that of your customers. The personal data thus transmitted to us will be used exclusively for the purpose determined when contacting us. If you contact us outside of a specific contractual relationship or registration, the legal basis of the processing is our legitimate interest in providing you with the best possible service. In the case of a contractual relationship or registration, the legal basis is the requirement to fulfill the contract.

5. Log files

Every time you use the internet, certain information is automatically transmitted by your internet browser and stored in so-called log files.

Log files are stored by us for the purpose of investigating service disruptions and for security reasons (e.g. to clarify attempted attacks) for a period of 90 days. Log files whose further storage is necessary for the purpose of evidence are exempt from deletion until the final clarification of the respective incident and may be passed on to investigative authorities in individual cases.

In log files, the following information is stored:

  • IP address (internet protocol address) of the terminal device used to access the online offer;
  • Internet address of the website from which the online offer is accessed (so-called URL of origin or referrer URL);
  • Name of the service provider which was used to access the online offer;
  • Name of the files or information accessed;
  • Date and time as well as duration of recalling the data;
  • Amount of data transferred; Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player);
  • http status code (e.g., “Request successful” or “File requested not found”);
  • Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player); http status code (e.g., “Request successful” or “File requested not found”).

6. Children

This online offer is not meant for children under 16 years of age.

7. Data transfer to other controllers

In general, your personal data will only be transferred to other controllers if this is necessary for the fulfillment of a contract, if we or the third party have a legitimate interest in the transfer or if you have given your consent.

Particulars on the legal basis and the recipients or categories of recipients can be found in the section – Processing purposes and legal basis.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

8. Service providers

We involve external service providers with tasks such as programming and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other Bosch Group companies.

9. Transfer to recipients outside the EEA

We might transfer personal data to recipients located outside the EEA into so-called third countries. In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection or that you have consented to the transfer.

You are entitled to receive an overview of third country recipients and a copy of the specifically agreed provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the contact section.

10. Duration of storage, retention periods

We generally store your data for as long as is necessary to provide our online offer and the associated services or for as long as we have a legitimate interest in continuing to store your data (e.g., we may still have a legitimate interest in postal marketing even after a contract has been fulfilled). In all other cases we delete your personal data with the exception of such data that we are obliged to store in order to fulfill legal obligations (e.g., we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

11. Usage of Cookies and other technologies

In the course of providing our online offer, cookies and other technologies may be used that either store information on your terminal equipment or gain access to information stored on your terminal equipment.

Cookies are small text files that can be stored on your end device when you visit an online offer.

The use of our online offer is generally possible without cookies that are not technically necessary.

11.1 Technically required cookies

By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies that store data to ensure smooth reproduction of video or audio footage.

Such cookies will be deleted when you leave the website.

11.2 Technically not necessary mechanisms

We only use cookies if you have given us your prior consent in each case. With the exception of the cookie that saves the current status of your privacy settings (selection cookie). This cookie is set based on legitimate interest.

11.3 Marketing cookies

General

By using marketing cookies we and our partners are able to show you offerings based on your interests, resulting from an analysis of your user behavior:

Statistics:
By using statistical tools, we measure e.g. the number of your page views.

Please note that using the tools might include transfer of your data to recipients outside of the EEA where there is no adequate level of data protection pursuant to the GDPR (e.g. the USA). For more details in this respect please refer to the following description of the individual marketing tools.

Name: Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Analysis of user behavior (page retrievals, number of visitors and visits, downloads.

Name: Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Administration of website tags via a user interface, integration of program codes on our websites

11.4 Management of cookies

You can manage your cookie settings in the browser and/or our privacy settings.

Note: The settings you have made refer only to the browser used in each case.

11.4.1 Deactivation of all cookies

If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.

11.5.1 Management of your settings regarding cookies and tracking mechanisms not required technically

When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any comfort cookies, marketing cookies or tracking mechanisms, respectively.

In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.

12. External links

Our online offers may contain links to internet pages of third parties, in particular providers who are not related to us. Upon clicking on the link, we have no influence on the collecting, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control. We do not assume responsibility for the processing of personal data by third parties.

13. Security

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

14. User rights

To enforce your rights, please use the details provided in the contact section. In doing so, please ensure that an unambiguous identification of your person is possible.

14.1 Right to information and access

You have the right to obtain confirmation from us about whether your personal data is being processed, and, if this is the case, access to your personal data.

14.2 Right to correction and deletion

You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.

This does not apply to data which is necessary for billing or accounting purposes, or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

14.3 Restriction of processing

As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.

14.4 Data portability

As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used, and machine-readable format or – if technically feasible –that we transfer those data to a third party.

14.5 Right of objection

14.5.1 Objection to direct marketing

Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please consider that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

14.5.2 Objection to data processing based on the legal basis of “legitimate interest”

In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.

Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

15. Right to lodge complaint with supervisory authority:

You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. This is:

State Commissioner for Data Protection and Freedom of Information

Address:

Lautenschlagerstraße 20
70173 Stuttgart, GERMANY

Postal address:

P.O. Box 10 29 32
70025 Stuttgart, GERMANY

Phone: +49 (711)/615541-0
Fax: +49 (711)/615541-15
E-mail: poststelle@lfdi.bwl.de

16. Contact

If you wish to contact us, please find us at the address stated in the "Controller" section.

To assert your rights please use the following link: https://request.privacy-bosch.com/

To notify data protection incidents please use the following link: https://www.bkms-system.net/bosch-dataprotection

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer

Information Security and Privacy (C/ISP)

Robert Bosch GmbH

P.O. Box 30 02 20

70442 Stuttgart, GERMANY

or

mailto: DPO@bosch.com

17. Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please, therefore, notice the current version of our data protection notice, as this is subject to changes.

Effective date: 29.08.2022

Version: 3.0