Data privacy statement for the Bosch Secure Truck Parking Portal

Bosch Service Solutions GmbH (hereinafter “Bosch” or “We” or “Us”) welcomes your visit to our Internet pages and mobile applications (collectively referred to as the “online offering”) and your interest in our company and products.

 

1. Bosch respects your privacy

The protection of your privacy when processing personal data as well as the security of all business data is an important concern for us, which we take into consideration in our business processes. We process personal data collected during your visit to our online offerings in a confidential manner and only in accordance with legal requirements.

Data protection and information security are an integral part of our corporate policy.

 

2.    Responsibility

Responsibility for processing your data lies with Bosch; exceptions are explained in this privacy statement.

Our contact data is as follows: Bosch Service Solutions GmbH, Lahnstraße 34-40, 60326 Frankfurt, Germany, E-mail: info.bso@de.bosch.com, Phone +49 69 800-6000660

 

3.    Collection, processing and use of personal data

3.1.  Principles

Personal data is any information that relates to an identified or identifiable natural person, including, for example, names, addresses, telephone numbers, e-mail addresses, contract data, parking data and billing data.

We only collect, process and use personal data (including IP addresses) provided a legal basis exists for this purpose or if you have given your consent, e.g. in the context of registration.

Processed data categories

The following data categories are processed:

  • Contract data
  • Reservation and parking information, as well as identification media (e.g. license plate)
  • Contract and parking history
  • User and communication data (e.g. name, phone, e-mail, address, contact partner)
  • Billing and payment information
  • Information (from third parties, such as information services or from public
    directories)

 

3.2.  Processing purposes and legal bases

We and the service providers commissioned by us will process your personal data for the following purposes:

  • To answer user inquiries
  • To provide this online offering and to fulfill the contract on the basis of our contract terms and conditions, including billing and, where appropriate, Credit assessments. Billing can also include the sale of receivables.
  • To determine malfunctions and for security reasons
  • Internal and external advertising as well as market research and range measurement within the legally permissible scope or based on approval
  • Product or customer surveys by mail
  • Product or customer surveys by e-mail and/or telephone, insofar as you have expressly approved the processing of data in this context
  • Implementation of competitions and discount campaigns in line with the conditions of the relevant competition or discount campaign
  • Distribution of a newsletter with the consent of the recipient by e-mail
  • Safeguarding and defending our rights

 

3.3.  Registration

If you wish to make use of services that require the conclusion of a contract, we would ask you to register. As part of the registration process, we will collect the personal data required for the establishment and fulfilment of the contract (e.g., first name, last name, address, telephone number, e-mail address) as well as any other data provided on a voluntary basis. Mandatory data is marked with a *.

 

3.4.  Log files for website usage

Every time you use the Internet, your Internet browser automatically transmits certain information, which we then store in so-called log files.

The log files are stored by us for a short period of time for the purpose of identifying malfunctions and for security purposes (for example, to investigate attempted attacks) and are then deleted. Log files that need to be retained for documentation purposes are excluded from the deletion process until the final clarification of the relevant incident and may be shared with investigative bodies on a case-by-case basis.

In particular, the following information is stored in the log files:

  • IP address (Internet protocol address) of the device from which the online offering is accessed;
  • Internet address of the website from which the online offering is accessed (so-called original or referrer URL);
  • Name of the service provider from which the online offering is accessed;
  • Name of the files and information accessed;
  • The date and time and the duration of the access;
  • The volume of data transferred;
  • Operating system and information about the Internet browser used, including installed add-ons (e.g., for the Flash Player);
  • http status code (e.g., “successful inquiry” or “requested file not found”).

 

3.5.  Portal actions log files

Log information is stored in so-called log files whenever the portal and the services and functions are made available.

The log files will be used by us solely to document use (log files, whose further retention is necessary for documentation purposes are exempted from the deletion up to the final clarification of the respective incident and can be passed on to investigating authorities in individual cases).

In particular, the following information is stored in the log files:

  • Time of login
  • Logged user
  • Creation, implementation and alteration of parking processes with date and time
  • Changes to authorizations with date and time
  • Changes to user and customer data with date and time

 

3.6.  Transfer of data

Transfer of data to other responsible parties

Your personal data will only be transferred by us to other contracting partners involved in the provision of the service (third parties), insofar as this is necessary for the fulfillment of the contract, we or the third party have a legitimate interest in the transfer or you have granted your consent. Third parties can also be other companies within the Bosch Group, as well as external companies.

In addition, data can also be transferred to other responsible parties, insofar as we are obliged to do so by law or by enforceable administrative or judicial order.

Service providers (general)

We may commission external service providers with tasks such as sales and marketing services, contract management, payment processing, programming, data hosting and hotline services. We have carefully selected these service providers and regularly monitor them, in particular their careful handling and safeguarding of the data they store. All service providers are bound by us to maintain confidentiality and comply with legal requirements. Service providers can also be other companies within the Bosch Group.

Payment service providers

We employ external payment service providers.

Depending on the method of payment you choose in the registration process, we will pass on the data gathered for the processing of payments (e.g., bank details or credit card data) to the credit institution commissioned with the payment or to the payment service providers commissioned by us. The payment service providers also collect and process some of this data as responsible parties. The data protection declaration by the relevant payment service provider shall apply accordingly.

Claims management

We reserve the right to have the receivables collected by external service providers.

In addition, we have a legitimate interest in selling receivables to third parties and, in this context, to supply the data required for the receivables to the respective purchaser of the receivables. In the case of receivables, purchasers of receivables act on their own behalf and process the transferred data on their own responsibility. The data protection terms and conditions operated by the relevant purchaser of the receivables shall apply accordingly.

 

3.7.  Transfer to recipients outside the EEA

We may also transfer personal data to recipients established outside the EEA in so-called third countries. In this case, before transfer, we shall ensure that the beneficiary is either adequately protected (for example, on the basis of the EU Commission ‘s adequacy decision for the country concerned or the agreement of so-called EU standard contract clauses between the European Union and the recipient) or your consent to the transfer.

Current recipients in third countries:

Robert Bosch Engineering and Business Solutions Private Limited, Bangalore, India

 

3.8.  Duration of storage; retention periods

We shall store your data as long as necessary for the provision of our services or while we have a legitimate interest in continued storage (e.g., we may still have a legitimate interest in postal marketing after a contract has been fulfilled). In all other cases, we will delete your personal data, with the exception of the data that we are required to retain in order to comply with legal obligations (e.g. we are obliged to keep documents such as contracts and invoices for a certain period due to tax and commercial law retention periods).

 

4.   Credit assessments

We shall carry out a credit assessment if your parking transactions exceed a certain monthly volume.

We have a legitimate interest in carrying out the credit assessments described in this section in order to protect ourselves against bad debts. We may commission companies to perform an assessment of the risk of loss of payments on the basis of mathematical-statistical procedures and to provide us with information on the probability of a default in accordance with legal requirements. Address data can also be used for the evaluation, but not on an exclusive basis.

If the result of a credit assessment is not sufficient for our requirements, we reserve the right to demand a secure method of payment (e.g., credit card) or to refuse the conclusion of a contract.

The credit assessment is an automated decision-making process. If you do not agree with the result, you can notify us in writing, so that we can have our decision reviewed by a referee. In addition, you have a right to receive information from the service provider about the main reasons for the decision.

We have commissioned the following service providers to perform credit assessments:

CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany

 

5.   Competitions or discount campaigns

If you participate in one of our competitions or discount campaigns, we shall use your data for the purpose of notifying the winners and advertising our products to the extent permitted by law or insofar as you have granted your consent. Detailed information in relation to competitions and discount campaigns can be found in the respective conditions for participation.

 

6.   Use of cookies

6.1.  General information

Cookies are small text files that are stored on your computer when you visit an online offering. If this online offering is accessed by you a second time, your browser will return the content of the cookies to the respective provider, allowing the terminal to be recognized. Cookies allow us to optimize our online offering to you, making it easier for you to use.

When you visit our Internet pages, you will be asked in a cookie-layer pop-up whether you want to allow the cookies placed by us, and to continue using our online offering.

However, you can delete all cookies via your browser at any time. For this purpose, please refer to the help functions of your browser. However, this can also mean that certain functions will no longer be available to you.

In addition, the following website allows the use of cookies to be administered and disabled by third parties:

http://www.youronlinechoices.com/uk/your-ad-choices

This website is not operated by us, so we are not responsible and have no influence on its content or availability.

 

6.2.  Overview of the cookies used by us

This section provides an overview of the cookies used by us.

Essential cookies

Certain cookies are required so we can securely provide our online offering. This category includes, for example

  • cookies used to identify or authenticate our users;
  • cookies that temporarily store certain user entries (e.g., the content of an online form);
  • cookies that store certain user preferences (e.g., search or language settings);

 

7.    Google Maps

We use Google Maps API from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) to visualize geographical information. When Google Maps is used, information may be processed about your use of the relevant functions. For more information about data processing by Google, please refer to Google’s Privacy Policy at the following link http://www.google.com/privacypolicy.html

 

8.      reCAPTCHA

We use the reCAPTCHA service from Google for selected input fields for security reasons. With reCAPTCHA, we verify these inputs to ensure that they have been made by humans and not automated by so-called bots. Your IP address and any other data required for this review will be transferred to Google’s servers. These servers may be located outside the EU. For the transferred data, Google’s privacy policy applies, which can be viewed under the following link https://www.google.com/intl/en/policies/privacy/

 

9.    Newsletter

You can subscribe to our newsletter as part of our online offering. We shall make this subject to your consent, for example in the context of your registration. If you later decide that you do not wish to receive newsletters, you can terminate the subscription at any time by withdrawing your consent. The e-mail newsletter subscription can be cancelled using the link printed in the newsletter and possibly included in the administrative settings for the respective online offerings. Alternatively, contact us using the details under Contact.

 

10.    External links

Our online offering may contain links to third-party websites with non-affiliate providers. Once you have clicked on the link, we no longer have any influence on the gathering, processing and use of any personal data transferred to the third party by clicking the link (for example the IP address or the URL of the page containing the link) because, naturally, we have no control over the behavior of third parties. We accept no responsibility for the processing of such personal data by third parties.

 

11. Security

Our employees and the service providers appointed by us are obliged to observe confidentiality and to comply with the provisions of the applicable data protection laws.

We shall take all the necessary technical and organizational measures to ensure an appropriate level of protection and to protect the data managed by us, especially from the risks of unintended or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or unauthorized access. Our security measures are continuously improved in line with technological developments.

 

12. User rights

Please use the information in the Contact section to assert your rights. Please ensure that we can clearly identify you.

Information and disclosure rights:

You have the right to receive information from us about the processing of your data. For this purpose, you may claim disclosure rights regarding the personal information belonging to you that we process.

Correction and deletion rights:

You may require us to correct incorrect data and – provided the legal requirements are fulfilled – to complete or delete your data.

This does not apply to data required for billing and accounting purposes or subject to statutory retention. However, if access to such data is not required, processing will be restricted (see below).

Processing restrictions:

You may require us to restrict the processing of your data – provided the legal requirements are fulfilled.

Objections to data processing:

In addition, you have the right to object to data processing by us at any time. We will then terminate the processing of your data, unless we are able to provide verifiable reasons for continued processing that take precedence over your rights – according to the statutory requirements.

 

Objections to direct marketing:

You may also object at any time to the processing of your personal data for advertising purposes (“denial of advertising rights”). Please note that for organizational reasons there may be an overlap between your withdrawal of permission and the use of your data as part of an ongoing campaign.

Withdrawal of permission:

If you have given us your consent to the processing of your data, you can withdraw this consent at any time with effect for the future. The legality of the processing of your data until withdrawal shall remain unaffected.

 

13. Contact

If you wish to contact us, please do so using the address given in Responsibility.

We recommend that you contact our Group Data Protection Officer in order to assert your rights, or to make suggestions and complaints regarding the processing of your personal data, or to withdraw your consent:

Mr.
Matthias Goebel
Group Data Protection Office
Information Security and Data Protection for the Bosch Group (C/ISP)
Robert Bosch GmbH
Kronenstrasse 22
70173 Stuttgart

or

Abteilungsbriefkasten.cisp@de.bosch.com