LEGAL NOTICE

Robert Bosch GmbH (hereinafter "Bosch eBike Systems" or "We" or "Us") welcomes you to our website including all subdomains. Thank you for your interest in our company and our products.

The protection of your privacy when processing personal data and the security of all business data are important concerns for us that we take into account in our business processes. Data protection and information security are embedded in our corporate policy.

The controller for processing your data is:  

Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe

You can reach us at:
e-mail address: privacy.policy@remove.this.us.bosch.com

Principles

Personal data is any information relating to an identified or identifiable natural person, such as names, addresses, telephone numbers, e-mail addresses, contract data, booking data, and billing data, that express the identity of a person. 

We collect, process and use personal data only if there is a legal basis for doing so. 

Categories of data processed

Use of our website

When using our website, you can use various services. The following categories of data can be processed:

• Communication data (e.g. name, telephone, e-mail, address, IP address)
• Planning and control data (e.g. surveys, questionnaires, contact form)
• Device-related data (e.g. serial number of a Bosch eBike battery)
• Location data
• Log files (e.g. IP address)

Shopping on our website

Our website also allows you to visit the Bosch-eBike online shop and use paid services. We process the following categories of data for the purpose of ordering the service in question:

In the case of a customer account:

• Order data (e.g. name, telephone, e-mail, address)
• Contract master data (contractual relationship, interest in a product or contract)
• Customer history
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

In the case of guest orders:

• Order data (e.g. name, telephone, e-mail, address)
• Contract master data (contractual relationship, interest in a product or contract)
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

Service with eBike diagnosis tool

When using the BDP tool in connection with the eBike, the following categories of data can be processed:

Device-related data (e.g. serial numbers, hardware and software versions, configuration data, battery charging processes) 

Processing purposes and legal bases

We and service providers engaged by us process your personal data for the following purposes:

• Provision of this website

If you use our website purely for information purposes, i.e. without registering or otherwise sending us information, we process your personal data to provide and display this website and to ensure its stability and security. The legal basis for the processing is our legitimate interest.

• Use of our online shop

If you use our online shop, we process your personal data to fulfill the contract and to process the order in accordance with our contract terms.

• Contacting us

Our website provides you with various contact options (e.g. contact form, communication via e-mail). In the case of inquiries from end customers regarding eBikes (e.g. handling of a service case, warranty cases) or in the case of inquiries from dealers, manufacturers, or journalists regarding the products and services of Bosch eBike Systems, we process your personal data to answer inquiries, if necessary to solve problems, and to maintain and promote your satisfaction as a customer or that of your customers. The personal data transmitted to us in this way will be used exclusively for the purpose specified when you contacted us. If you contact us outside a specific contractual relationship or registration, the legal basis for the processing is our legitimate interest. In the case of a contractual relationship, the legal basis is the contract.

• Product or customer surveys by e-mail and/or telephone

Our website offers you the opportunity to participate in product or customer surveys for optimizing and developing our products and services. If you wish to take advantage of the opportunity to participate in an electronic (e.g. e-mail) or telephone product or customer survey, we will only use your personal data to contact you with your express consent.

• Competitions

If you take part in one of our competitions, your personal data will be stored and processed by us for the purpose of holding the competition and the associated follow-up in accordance with the relevant competition conditions. The legal basis for this is the existing competition contractual relationship with you.

• Bosch eBike Newsletter by e-mail with the consent of the recipient.

On our website you can subscribe to the Bosch eBike newsletter. In order to constantly improve our newsletter and adapt it to your wishes, we evaluate the subscribers' interaction with our newsletter. We process your personal data collected in this context on the basis of your consent.

• Handling of a service case at the bicycle retailer or service partner/connection of an eBike to a diagnostic tool

If you have a concern regarding your eBike, simply contact your bicycle retailer or service partner. In order to process your request, it is first necessary to identify the technical error. For this purpose, the bicycle retailer connects your eBike to a diagnostic tool. When your eBike is connected to the diagnostic tool, the following information about your eBike is sent to Bosch eBike Systems for processing ("device-related data"): Information about the manufacturer, date of manufacture and model of the eBike, bike ID, information about the eBike components (item number, serial number, hardware and software versions, configuration data, statistical data) and activity data of the eBike (e.g. total riding time, performed and upcoming service intervals, number of charging cycles)". The device-related data can be processed for the following purposes: processing your request, processing a service case, configuring the eBike, performing updates, resetting a detected tamper, unlocking the eBike components, setting the system time, and product improvement.

The legal basis for the processing is an existing contractual relationship or our legitimate interest. The legitimate interest of Bosch eBike Systems is our interest in processing your inquiry in the optimum way, to maintain or enhance your satisfaction and to optimize our own products.

• Provision of the digital service book

We process your personal data (e.g. bike ID, service type, service date, mileage, battery capacity) to provide you with a digital service history of your eBike with information about changes, updates and services on your eBike and to enable eBike dealers to manage the entries in your digital service book. The legal basis for the processing of this data is an existing contractual relationship).

• Digital Starter Guide

You have the possibility to receive an individualized Digital Starter Guide from us. In order to best adapt this to your requirements, we ask you for information about your eBike as well as your riding behavior (e.g. eBike type, Bosch eBike products used, types of eBike use). Based on this information, we can compile individual recommendations and tips. In addition to viewing the Digital Starter Guide in the browser, you have the option of having your individual Digital Starter Guide sent to you by e-mail. The legal basis for the display of the Digital Starter Guide in your browser and the associated data processing is Art. 6 (1) (f) GDPR. The legitimate interest of Bosch eBike Systems results from the interest in processing your request. The Digital Starter Guide will be sent, only once and only with your consent, to the e-mail address you have entered.

• Marketing and market research

On our website we use various marketing and tracking mechanisms if you have allowed us to do so, for example, via the consent you have given us through the cookie manager. Using these marketing and tracking mechanisms, we can display information on our website and third-party websites about our products that may have interested you while using our website.

• Investigation of faults and for security reasons, preservation, and defense of our rights

In order to eliminate faults or to preserve evidence in the event of security incidents, we process your personal data in order to fulfill our legal obligations in the area of data security. In addition, we have a legitimate interest in eliminating faults and ensuring the security of our website. To assert and defend our rights, we process the necessary personal data.

If you wish to use services that require conclusion of a contract, we will ask you to register. Within the scope of registration, we collect the personal data required for the establishment and fulfillment of the contract (e.g. first name, last name, date of birth, e-mail address, and, if applicable, details of the desired method of payment or the account holder) as well as, if applicable, further data on a voluntary basis. Mandatory information is marked with a *.

You must provide the personal data that is required to establish and perform a business relationship and to fulfill the associated contractual obligations, or which we are legally obliged to process. We mark such personal data in the respective forms or functions with a *. Please note that we will not be able to enter into or perform a contract with you if you do not provide this personal data. In this case, the online content or the other services (see “Processing purposes and legal bases”) cannot be used.

On each Internet access your browser sends automatically determined information which is stored by us in so-called log files. We store the log files for the purpose of investigating malfunctions and for security reasons (e.g. to clarify attempted attacks) for a period of 7 days, after which they are deleted. Log files whose further storage is necessary for evidentiary purposes are exempt from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases. Log files are also used (without or without a complete IP address) for analysis purposes under the conditions outlined in the section “Advertising and/or market research (including web analytics, without customer surveys).”
The following information is stored in the log files:

• IP address (Internet Protocol address) of the device from which our website is accessed;
• Internet address of the website from which our website was retrieved (so-called originating or referrer URL);
• Name of the service provider through which our website is accessed;
• Name of the retrieved files or information;
• Date and time as well as duration of the retrieval;
• Transferred data volume;
• Operating system and information about the Internet browser used, including installed add-ons (e.g. for Flash Player);
• http status code (e.g. “request successful” or “requested file not found”).

This website is not intended for children under 16.

Your personal data will only be transmitted to other data controllers if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent. For details on the legal bases and the recipients or categories of recipients, please refer to the section “Processing purposes and legal bases.” In addition, data may be transmitted to other data controllers if we are obliged to do so by law or by an enforceable official or court order.

We may also disclose personal data to recipients located outside the EEA in so-called third countries. In this case, we ensure prior to the disclosure that either an adequate level of data protection exists at the recipient or that your consent for the disclosure has been obtained. You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed regulations for ensuring the appropriate level of data protection. Please use the information in the “Contact us” section for this purpose.

We engage external service providers to perform tasks such as sales and marketing services, contract management, payment processing, programming, data hosting, and hotline services. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them. All service providers are obliged by us to maintain confidentiality and to comply with legal requirements. Service providers can also be other companies in the Bosch Group.

We use external payment service providers. We collect your personal data for payment and, if applicable, disbursement processing in order to fulfill a contract.

Your personal data will also be processed for the purposes of investigating and preventing fraud, abuse, security incidents, and other harmful activities, for example anti-money laundering and law enforcement. The basis for this is compliance with applicable laws (e.g. prevention of money laundering) as well as our legitimate interest in limiting the risk of payment defaults. Likewise, security investigations and risk assessments may take place due to our legitimate interest in preventing fraud and other harmful activities. We also process your personal data to settle the fees we owe to your card-issuing bank based on our legitimate interest in maintaining our business operations. Depending on which payment method you select during the ordering process, we disclose the data collected for the processing of payments (e.g. bank details or credit card data) to the credit institution engaged to make the payment or to payment service providers engaged by us. In some cases, payment service providers also collect and process this data as data controllers. In this respect, the privacy policy of the respective payment service provider applies.

Payment method: Credit card

If you pay with your credit card and enter your bank, card, and/or authorization data, we engage external service providers, so-called “third parties,” to process your credit card-based payment. “Gateway payment providers” and payment service providers. Gateway payment providers act as processors and ensure the technical processing of card-based payments via a technical infrastructure. 

Payment service providers act as their own data controllers for the acceptance and settlement of payment transactions, including the secure routing and settlement of credit card transactions with international credit card companies. Payment service providers process your personal data and also transmit it to other data controllers in order to make the payment or to comply with legal requirements. If you want to use your credit card for payment, the card payment must first be authorized. The authorization takes place automatically using your data. In particular, the following considerations may play a role: payment amount, place of payment, previous payment history, merchant, payment purpose. Card payment is not possible without authorization. This does not affect other payment methods (e.g. other cards).

We use the following payment service provider for credit card payments:

Payone GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany. Payone GmbH acts as both a gateway payment provider and a payment service provider. In this respect, the privacy policy of Payone GmbH applies and must be acknowledged separately.

Payment method: PayPal

If you select PayPal as the payment method, the payment will be processed via:

PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and PayPal Pte. Ltd, 5 Temasek Boulevard #09-01, Suntec Tower Five, Singapore 038985 (hereinafter “PayPal”)

PayPal processes your data as a payment service provider and is its own data controller. The disclosure of your data to PayPal Pte. Ltd., based in Singapore, is guaranteed on the basis of binding corporate rules approved by the regulatory authorities that apply to PayPal’s affiliates.

We generally store your data for as long as is necessary to provide our website and the associated services or for as long as we have a legitimate interest in continuing to store it (e.g. we may still have a legitimate interest in postal marketing even after a contract has been fulfilled). Afterwards, we delete your personal data with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to tax and commercial law retention periods).

Cookies and other technologies may be used in the context of providing our website.
Cookies are small text files that can be stored on your device when you visit a website. It is generally possible to use the website without cookies that are not technically necessary.

Technically necessary cookies

By technically necessary cookies, we mean cookies without which the technical provision of the website cannot be guaranteed. This includes, for example, cookies that store data to ensure the trouble-free playback of video or audio content. These cookies are deleted at the end of your visit.

Cookies which are not technically necessary

We only use cookies which are not technically necessary if you have given us your prior consent. The only exception to this is the cookie that stores the current status of your privacy settings (selection cookie). This is set due to our legitimate interest in the functionality of the website.

We have divided the remaining cookies which are not technically necessary used into three different categories ("convenience", "analysis" and "marketing"). In the privacy settings, you can give or deny consent for each category individually. Below you will find a detailed description of the cookies used in each category:

Comfort

This category of cookies and mechanisms facilitates the operation of our website, and thus enables more comfortable surfing. For example, your language settings can be stored in these cookies.

Analysis

We use analytics tools to measure, for example, the number of pages you view or your behavior on our page. This may also include the analysis of log files.

We use the following tools:

Name: Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Analysis of user behavior (page views, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads.

Marketing

The use of marketing cookies and tracking mechanisms enables us and our partners to show you interest-based content based on an analysis of your usage behavior.

Below we explain which mechanisms and which providers we use on this website.

- Conversion tracking: Our conversion tracking partners place a cookie on your device (conversion cookie) if you have accessed our digital content via an ad of the partner in question. If you visit certain pages of ours, we and the respective conversion tracking provider can tell that a certain user clicked on the ad and was redirected to our page in this way. This can also take place across devices. The information collected using the conversion cookie is used to generate conversion statistics and to track the total number of users who clicked on the ad in question and were redirected to a page with a conversion tracking tag.

- Retargeting: Retargeting tools use advertising cookies or third-party advertising cookies, web beacons (invisible graphics also called pixels or tracking pixels), or similar technologies to generate usage profiles. These are used for interest-based advertising and to control the frequency with which the user sees certain ads.

We use the following tools:

Name: Google Ads

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Google processes your personal data on the basis of your consent via the pixel "Google Ads Remarketing Tag" for the creation of campaign reports, tracking of conversions, click events as well as targeted advertising outside our websites (retargeting) by means of URL, referrer URL, membership of remarketing lists defined by us, etc. The above-mentioned information can also be used to link you to your Google account and to include you in remarketing lists. We do not receive any personal data about you from Google, only anonymized campaign reports about the target group and the ad performance.

Name: Google Optimize

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Cookie can track how a user behaved across pages, UX testing.

Name: Facebook Pixel

Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

We are jointly responsible with Facebook for processing your personal data in the context of processing your personal data on our website via Facebook Pixel. In order to determine the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing, we have entered into a joint responsibility agreement with Facebook. The main contents of the agreement can be accessed at any time at the following link:https://www.facebook.com/legal/controller_addendum In particular, it regulates which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and how data subject rights can be asserted against Facebook.

Function: Facebook processes your personal data based on your consent via the Facebook Pixel to create campaign reports, track conversions, click events, and target advertising outside of our websites (retargeting) using HTTP headers (including IP address, device and browser properties, URL, referrer URL, and your person), pixel-specific data (including pixel ID and Facebook cookie), click behavior, optional values (e.g. conversions, page type), form field names (such as "email," "address," "quantity" for the purchase of a product or service).

We do not receive any personal data about you from Facebook, only anonymized campaign reports about the website target group and ad performance.

You can opt out of receiving interest-based ads from Facebook by changing your advertising preferences on Facebook's website. Alternatively, you can opt out of the use of cookies by third parties by visiting the Digital Advertising Alliance opt-out page at http://optout.aboutads.info/?c=2&lang=EN or the http://www.youronlinechoices.com page.

You will find more information at: https://www.facebook.com/policy

Name: Trade Desk Pixel

Provider:  The Trade Desk Inc, 42 N Chestnut St., Ventura, California, CA – 9300, USA

How it works:   The Trade Desk is an advertising technology platform for managing digital advertising campaigns and processes your personal data on the basis of your consent. For this purpose, the surfing behavior of visitors to our website is analyzed with the help of cookies. The Trade Desk collects and processes personal data about users, devices and ads and where they are displayed. This may include unique cookie identifiers, mobile device advertising identifiers, IP addresses, and other browser and device information such as type, version, and settings.
You can declare your objection or revocation at any time in the cookie settings of the Consent Management Tool used.

For more information, see: https://www.thetradedesk.com/us/privacy

Name: Media Intelligence Network

Provider:  Amnet GmbH, Alsterufer 3, 20354 Hamburg, Germany

How it works:   Media Intelligence Network is a data management platform for the use of retargeting, and processes your personal data based on your consent. Retargeting is an online marketing tracking method that marks your visit to our website and then, when you visit other websites, displays advertisements related to products previously viewed on our website. The cookie set by Media Intelligence Network is used to recognize the device you are using. As a result, interest in certain products can be recorded on the basis of your previous visit to our website and used for targeted advertising on other websites. With the help of the set cookie, Media Intelligence Network can determine the so-called conversion rate. For this purpose, the number of people who decided to buy an offer advertised in an ad after clicking on it is determined.
You can declare your objection or revocation at any time in the cookie settings of the Consent Management Tool used.

For more information: https://www.mediaintelligence.en/privacy-policy.do

Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in your browser and/or in our privacy settings:

NB: The settings you make only apply to the browser you are using.

• Disabling all cookies
  If you wish to disable all cookies, please go to your browser settings and deactivate the setting of cookies. Please note that this may affect the functionality of the website.
• Managing your settings regarding cookies which are not technically necessary and tracking mechanisms
  When you visit our website, you will be asked in a cookie layer whether you give us your consent for the use of comfort, analysis and marketing cookies and/or tracking mechanisms. In our privacy settings, you can revoke any consent you have already given with effect for the future or you can also give us your consent at a later date.

This website uses videos from the YouTube video platform. YouTube is a platform that enables playback of video files. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

As part of our online offer, we have integrated videos from the YouTube video platform. Before you can watch a YouTube video, we ask for your consent for the data processing that accompanies its sharing.

For more information on the scope and purpose of the data collected, on the further processing and use of the data by YouTube, on your rights and the data protection options you can choose, please refer to Google's privacy policy.

This website uses mapping services from Google Maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to increase the protection of your data when visiting our website, Google Maps is integrated into the site using the so-called "2-click solution." If you retrieve a corresponding page of our content, Google Maps will only be embedded if you activate the corresponding button.

In this way, a connection to Google Maps, including a transmission of log data to Google, is only established when you interact with Google Maps. When you interact with Google Maps, data is also transmitted to Google as the data controller and contact is made with the Google DoubleClick advertising network, which may trigger further data processing operations over which we have no control.

For more information on the scope and purpose of the data collected, on the further processing and use of the data by Google, on your rights and the data protection options you can choose, please refer to Google's privacy policy.

You can subscribe to the Bosch eBike newsletter on our website. We send this to you on the basis of your consent.

To confirm your consent we use the double opt-in method, where we only send you a newsletter by e-mail if you have previously expressly confirmed that you wish to enable the newsletter service by clicking on a link in a notification. You can stop receiving the newsletter at any time by revoking your consent. Use the link in the newsletter to cancel your subscription (revocation). Alternatively, please contact us using the information in the Contact Us section.

We analyze the behavior of our newsletter readers on the basis of their consent in order to design our newsletter in line with their needs and to optimize our content. For this analysis, the outgoing newsletters contain so-called web beacons, which are also called pixels. When you read the newsletter, we record which links you click on in the newsletter and use this data to deduce your personal interests. We link this data to technical information about your device (e.g. time of access, browser type, and operating system).

Our website may contain links to websites of third parties not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing, and use of any personal data transmitted to the third party when the link is clicked (such as the IP address or the URL of the page on which the link is located), as the behavior of third parties is of course beyond our control. We do not accept responsibility for the processing of such personal data by third parties.

Please use the information in the “Contact us” section to exercise your rights. Please make sure that we are able to clearly identify you.

You have the right of access to your personal data, the right to rectification, the right to erasure, the right to restriction of processing, and the right to data portability. If you have given us consent to process your personal data, you can revoke it at any time with effect for the future. 

Objection to direct marketing

You can object to the processing of your personal data for advertising purposes at any time (“objection to advertising”). Please bear in mind that for organizational reasons there may be an overlap between your objection and the use of your data in the context of an ongoing campaign.

Objection to data processing on the legal basis of “legitimate interest”

You also have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as this is based on “legitimate interest.” The reasons must be stated.

We will then suspend the processing of your data unless we can prove - in accordance with the legal requirements - that there are compelling and legitimate reasons for further processing which outweigh your rights.

You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us.

If you would like to contact us, you can reach us at the address given in the “Data controller” section.
 

To exercise your rights, use the following link: https://request.privacy-bosch.com/entity/RB/lang/en-US/ .

To report data protection incidents, use the following link:https://www.bkms-system.net/bosch-dataprotection .

For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:

Data Protection Officer
Bosch Group Information Security and Privacy Department (C/ISP)

Postfach 30 02 20, 70442 Stuttgart, GERMANY

Or e-mail to: DPO@remove.this.bosch.com

We reserve the right to change our security and data protection measures. In these cases, we will also adapt our privacy policy accordingly. Therefore, please note the current version of our privacy policy.

Date: 07/27/2023