3.1. Processed categories of data

The following categories of data are processed:

• Communication data (e.g. name, telephone, e-mail, address, IP address)
• Contractual master data (e.g. contractual relationships, contractual or product interest)
• Client history (e.g. user IDs)

3.2. Principles

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

3.3. Processing purposes and legal basis

We as well as the service providers commissioned by us process your personal data for the following processing purposes:

3.4. Log files

Each time you use the internet, your browser is transmitting certain information, which we store in so-called log files.

We store log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts) for a period of 12 months and delete them afterwards. Log files which need to be maintained for evidence purposes are excluded from deletion until the respective incident is resolved and may, on a case-by-case basis, be passed on to investigating authorities.

Log files (without, or respectively without a full IP address) are also used for analysis purposes under the conditions of the section “Advertising and / or market research (including web analysis, without customer surveys).

In log files, the following information is saved:

• IP address (internet protocol address) of the terminal device used to access the Online Offer;
• Internet address of the website from which the Online Offer is accessed (so-called URL of origin or referrer URL);
• Name of the service provider which was used to access the Online Offer
• Name of the files or information accessed;
• Date and time as well as duration of recalling the data;
• Amount of data transferred;
• Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player);
• http status code (e.g., “Request successful” or “File requested not found”).

3.5. Children

This Online Offer is not meant for children under 16 years of age.

3.6. Data transfer to other controllers

Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal basis and the recipients or categories of recipients can be found in the Section – Processing purposes and legal basis. can be found in the Section 3.3.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

3.7. Service providers (general)

We involve external service providers with tasks such as business process automation, marketing services, contract management, payment processing, programming, support, data hosting and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other Bosch group companies.

3.8. Transfer to recipients outside the EEA

We might transfer personal data to recipients located outside the EEA into so-called third countries. In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection or that you have consented to the transfer.

You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the Contact section.

3.9. Duration of storage, retention periods

Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a legitimate interest in storing the data (e.g. we might still have a legitimate interest in postal mail marketing after fulfillment of our contractual obligations). In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).

6.1. Right to information and access

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

6.2. Right to correction and deletion

You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

6.3. Restriction of processing

As far as statutory requirements are fulfilled, you have the right to demand for restriction of the processing of your data.

6.4. Data portability

As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible –that we transfer those data to a third party.