Legal notice

Robert Bosch GmbH (hereinafter "Bosch eBike Systems" or "We" or "Us") welcomes you to our website including all subdomains. Thank you for your interest in our company and our products.

The protection of your privacy in the processing of personal data and the safety of all business data are important concerns that we take into account in our business processes. Data protection and information security are anchored in our corporate policy.

The person responsible for processing your data is:  

Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe

You can reach us at:
E-mail address: privacy.policy@remove.this.us.bosch.com

Principles

Personal data means any information relating to an identified or identifiable natural person, such as name, address, telephone number, e-mail addresses, contract data, booking data and billing data, that express the identity of a person. 

We collect, process and use personal data only if there is a legal basis for doing so. 

Categories of data processed

Use of our website

You can make use of various services when using our website. The following data categories can be processed:

• Communication data (e.g. name, telephone, e-mail, address, IP address)
• Planning and control data (e.g. surveys, questionnaires, contact form)
• Device-related data (e.g. serial number of a Bosch eBike battery)
• Location data
• Log files (e.g. IP address)

Shopping on our website

Our website also allows you to visit the Bosch eBike online store and to use paid services. We process the following categories of data for the purpose of ordering the relevant service:

In the case of a customer account:

• Order data (e.g. name, telephone, e-mail, address)
• Contract master data (contractual relationship, interest in a product or contract)
• Customer history
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

Orders placed as a guest:

• Order data (e.g. name, telephone, e-mail, address)
• Contract master data (contractual relationship, interest in a product or contract)
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

Service with eBike DiagnosticTool

When the BDP tool is used in connection with the eBike, the following categories of data can be processed:

Device-related data (e.g. serial numbers, hardware and software versions, configuration data, battery charging processes) 

Processing purposes and legal basis

We and the service providers commissioned by us process your personal data for the following purposes:

• Provision of this website

If you use our website purely for information purposes, i.e. without registering or otherwise sending us information, we process your personal data to provide and display this website and to ensure its stability and security. The legal basis for the processing is our legitimate interest.

• Use of our online store

When you use our online store, we process your personal data to fulfil the contract and to process the order in accordance with our contract terms and conditions.

• Contact

Our website offers you a variety of contact options (e.g. contact form, e-mail communication). When we receive enquiries from end customers regarding eBikes (e.g. handling of a service case, warranty cases) or enquiries from retailers, manufacturers or journalists regarding products and services from Bosch eBike Systems, we process your personal data to answer enquiries, if necessary to solve problems and to maintain and secure your satisfaction as a customer and that of your customers. The personal data supplied to us in this way will be used solely for the purpose specified when you contacted us. Should you contact us outside of a specific contractual relationship or registration, the legal basis for data processing is our legitimate interest. In the case of a contractual relationship, the legal basis is the contract.

• Product or customer surveys by e-mail and/or telephone

Our website offers you the opportunity to participate in product or customer surveys aimed at optimising and developing our products and services. If you wish to take the opportunity to participate in an online (e.g. e-mail) or telephone product or customer survey, we will only use your personal data to contact you with your express consent.

• Competitions

If you take part in one of our competitions, your personal data will be stored and processed by us for the purpose of running the competition and the associated follow-up in accordance with the relevant competition conditions. The legal basis for this is the existing competition-contract relationship with you.

• Bosch eBike Newsletter with the consent of the recipient.

You can subscribe to the Bosch eBike newsletter on our website. To continuously improve our newsletter and adapt it to your wishes, we evaluate the subscribers' interaction with our newsletter. We will process your personal data collected in this context on the basis of your consent.

• Handling of a service case at the bicycle retailer or service partner/connecting an eBike to a diagnostic tool

If you have a concern regarding your eBike, simply contact your bicycle retailer or service partner. In order to process your request, it is first necessary to identify the technical error. For this purpose, the bicycle retailer connects your eBike to a DiagnosticTool. When your eBike is connected to the diagnostic tool, the following information about your eBike is transmitted to Bosch eBike Systems for processing ("device-related data"): information about the manufacturer, date of manufacture and model of the eBike, bike ID, information about the eBike components (item number, serial number, hardware and software versions, configuration data, statistical data) as well as activity data of the eBike (e.g. total riding time, performed and upcoming service intervals, number of charging cycles)". The device-specific data can be processed for the following purposes: processing your request, handling a service case, configuring the eBike, performing updates, resetting a detected tampering, enabling the eBike components, setting the system time and for product improvement.

The legal basis for the processing is an existing contractual relationship or our legitimate interest. The legitimate interest of Bosch eBike Systems derives from an interest in processing your request, processing service cases and optimising our own products.

• Provision of the digital service book

We process your personal data (e.g. bike ID, service type, service date, mileage, battery capacities) to provide you with a digital service history of your eBike with information about changes, updates and services relating to your bike and to enable eBike retailers to manage the entries in your digital service book. The legal basis for processing this data is an existing contractual relationship).

• Digital Starter Guide

You have the option of receiving an individualised Digital Starter Guide from us. In order to adapt this to your requirements in the best possible way, we ask you for information about your eBike and your riding behaviour (e.g. eBike type, Bosch eBike products used, types of eBike use). Based on this information, we can put together individual recommendations and tips. In addition to viewing the Digital Starter Guide in the browser, you have the option of having your individual Digital Starter Guide sent to you by e-mail. The legal basis for the display of the Digital Starter Guide in your browser and the associated data processing is Art. 6 Para. 1 letter f, GDPR. The legitimate interest of Bosch eBike Systems results from the interest in processing your request. The digital Starter Guide is sent to the e-mail address you have entered only once and only with your consent.

• Marketing and market research

Our website uses various marketing and tracking mechanisms, provided you have allowed this through the consent you granted via the cookie manager. These marketing and tracking mechanisms allow us to display information on our website, as well as on third-party websites, about our products that may have interested you while using our website.

• Investigation of faults and preservation and defence of our rights for security reasons

In order to eliminate faults or to preserve evidence in the event of security incidents, we will process your personal data in order to fulfil our legal obligations in the area of data security. In addition, we have a legitimate interest in eliminating faults and ensuring the security of our website. We process the necessary personal data to assert and defend our rights.

If you wish to avail of services that require the conclusion of a contract, we will ask you to register. Within the scope of registration, we collect the personal data required for the establishment and fulfillment of the contract (e.g. first name, last name, date of birth, e-mail address, and, if applicable, details of the desired method of payment or the account holder) as well as, if applicable, further data on a voluntary basis. Mandatory information is marked with a *.

You must provide the personal data that is required to establish and perform a business relationship and to fulfill the associated contractual obligations, or which we are legally obliged to process. We mark such personal data in the respective forms or functions with a *. Please note that we will not be able to enter into or perform a contract with you if you do not provide this personal data. In this case, the online content or the other services (see "Processing purposes and legal bases") cannot be availed of.

Whenever you use the Internet, your Internet browser automatically transmits certain information and we store it in so-called log files. The log files are stored by us for a period of 7 days to determine malfunctions and for safety reasons (e.g. to clarify attempted attacks) and then deleted. Log files whose further storage is necessary for evidentiary purposes are excluded from the deletion until the final investigation of the relevant incident and, in individual cases, may be forwarded to the investigating authorities. Log files are also used (without or without a complete IP address) for analysis purposes under the conditions described in the section "Advertising and/or market research (including web analysis, without customer surveys)".
The following information is stored in the log files:

• The IP (Internet Protocol) address of the device from which our website is accessed;
• Internet address of the website from which our website was accessed (known as the originating or referrer URL);
• Name of the service provider through which our website is accessed;
• Name of the retrieved files and/or information;
• Date, time and duration of the retrieval;
• Transferred data volume;
• Operating system and information about the Internet browser used, including installed add-ons (e.g. for Flash Player);
• http status code (e.g. "request successful" or "requested file not found").

This website is not intended for children under the age of 16.

Your personal data will only be transmitted to other data controllers if this is necessary for the fulfillment of the contract, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent. For details on the legal bases and the recipients or categories of recipients, please refer to the section "Processing purposes and legal bases." In addition, data may be transmitted to other data controllers if we are obliged to do so by law or by an enforceable official or court order.

We may also transfer personal data to recipients located outside the EEA in so-called third countries. In this case, we shall ensure before transfer that either an adequate level of data protection exists on the recipient's side or that your consent to the transfer has been obtained. You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure an adequate level of data protection. Please use the information in the contact section for this purpose.

We engage external service providers to perform tasks such as sales and marketing services, contract management, payment processing, programming, data hosting, and hotline services. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them. All service providers are obliged by us to maintain confidentiality and to comply with legal requirements. Service providers can also be other companies in the Bosch Group.

We use external payment service providers. We collect your personal data for payment and, if applicable, disbursement processing in order to fulfill a contract. 

Your personal data will also be processed for the purposes of investigating and preventing fraud, abuse, security incidents, and other harmful activities, for example anti-money laundering and law enforcement. The basis for this is compliance with applicable laws (e.g. prevention of money laundering) as well as our legitimate interest in limiting the risk of payment defaults. Likewise, security investigations and risk assessments may take place due to our legitimate interest in preventing fraud and other harmful activities. We also process your personal data to settle the fees we owe to your card-issuing bank based on our legitimate interest in maintaining our business operations. Depending on which payment method you select during the ordering process, we disclose the data collected for the processing of payments (e.g. bank details or credit card data) to the credit institution engaged to make the payment or to payment service providers engaged by us. In some cases, payment service providers also collect and process this data as data controllers. In this respect, the privacy policy of the respective payment service provider shall apply.

Payment method: Credit card 

If you pay with your credit card and enter your bank, card, and/or authorization data, we engage external service providers, so-called "third parties," to process your credit card-based payment. "Gateway payment providers" and payment service providers. Gateway payment providers act as processors and ensure the technical processing of card-based payments via a technical infrastructure.  

Payment service providers act as their own data controllers for the acceptance and settlement of payment transactions, including the secure routing and settlement of credit card transactions with international credit card companies. Payment service providers process your personal data and also transmit it to other data controllers in order to make the payment or to comply with legal requirements. If you want to use your credit card for payment, the card payment must first be authorized. The authorization takes place automatically using your data. In particular, the following considerations may play a role: payment amount, place of payment, previous payment history, merchant, payment purpose. Card payment is not possible without authorization. This does not affect other payment methods (e.g. other cards). 

We use the following payment service provider for credit card payments:
Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany. Payone GmbH acts both as a gateway payment provider and as a payment service provider. In this respect, the privacy policy of Payone GmbH shall apply and must be acknowledged separately.

Payment method: PayPal 

If you select PayPal as the payment method, the payment will be processed via: 
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and PayPal Pte. Ltd, 5 Temasek Boulevard #09-01, Suntec Tower Five, Singapore 038985 (hereinafter "PayPal"). 
PayPal processes your data as a payment service provider and is its own data controller. The disclosure of your data to PayPal Pte. Ltd., based in Singapore, is guaranteed on the basis of binding corporate rules approved by the regulatory authorities that apply to PayPal's affiliates.

We generally store your data for as long as is necessary to provide our website and the associated services or for as long as we have a legitimate interest in continuing to store it (e.g. we may still have a legitimate interest in postal marketing even after a contract has been fulfilled). Afterwards, we delete your personal data with the exception of such data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to tax and commercial law storage periods).

Cookies and other technologies may be used in the course of providing our website.
Cookies are small text files that can be stored on your device when you visit a website. It is generally possible to use the website without cookies, which are not technically necessary.

Technically necessary cookies

By technically essential cookies we mean cookies without which the technical provision of the website cannot be guaranteed. This includes, for example, cookies that store data in order to ensure smooth playback of video or audio content. These cookies are deleted after the end of your visit.

Technically non-necessary cookies

We only use technically non-necessary cookies with your prior consent. The only exception to this is the cookie that stores the current status of your privacy settings (selection cookie). This is set due to our legitimate interest in the functionality of the website.

We have divided the remaining technically non-necessary cookies used into three different categories ("Comfort", "Analysis" and "Marketing"). In the privacy settings, you can individually grant or refuse your consent for each category. You will find a detailed description of the cookies used in each category below:

Comfort

Cookies and mechanisms assigned to this category, facilitate operations and thus enable more comfortable surfing on our website. For example, your language settings can be stored in these cookies.

Analysis

We use analytics tools to measure, for example, the number of page views or your usage patterns on our site. This may also include an analysis of log files.

We use the following tools:

Name: Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Analysis of user behaviour (page views, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in conjunction with Google Ads.

Marketing

By using marketing cookies and tracking mechanisms we and our partners can display interest-based offers based on an analysis of your usage behaviour.

The mechanisms and providers used on this website are listed below.

- Conversion tracking: Our Conversion Tracking partners place a cookie on your device (‘conversion cookie’) for this analysis service if you have accessed our digital offering via an ad of the relevant partner. If you visit a specific page of ours and the cookie has not expired, we and the Conversion Tracking provider can recognise that a particular user clicked on the ad and was redirected to our site. This is also possible across devices. The information collected using the conversion cookie is used to generate conversion statistics and to record the total number of users who clicked on the ad and were redirected to a page with a Conversion Tracking tag.

- Retargeting: Retargeting tools use advertising cookies, web beacons (invisible graphics also called pixels or tracking pixels), or similar technologies to create usage profiles. These are used for interest-based advertising and to control the frequency with which the user sees certain ads.

We use the following tools:

Name: Google Ads

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: Google processes your personal data on the basis of your consent via the "Google Ads Remarketing Tag" pixel for the creation of campaign reports, tracking of conversions, click events as well as targeted advertising outside our websites (retargeting) based on e.g. URL, referrer URL, membership of re-marketing lists defined by us. The above-mentioned information can also be used to link you to your Google account and to include you in remarketing lists. We do not receive any personal data about you from Google, only anonymised campaign reports about the target group and ad performance.

Name: Google Optimise

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Function: A cookie can track how a user has behaved across a number of sites, UX testing

Name: Facebook Pixel

Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

We are jointly responsible with Facebook for the processing of your personal data as part of the use of Facebook Pixel on our online offering. We have entered into a joint responsibility agreement with Facebook in order to determine our respective responsibilities for fulfilling obligations under the GDPR with regard to joint processing. The main contents of the agreement can be accessed at any time at the following link:https://www.facebook.com/legal/controller_addendum This regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and how data subjects' rights can be asserted against Facebook.

Function: Facebook processes your personal data based on your consent via the Facebook Pixel to create campaign reports, track conversions, click events, and target advertising outside of our websites (retargeting) using HTTP headers (including IP address, device and browser properties, URL, referrer URL and your person), pixel-specific data (including pixel ID and Facebook cookie), click behaviour, optional values (for example, conversions, page type), form field names (such as "email", "address", "quantity" for the purchase of a product or service).

We do not receive any personal data about you from Facebook, only anonymised campaign reports about the website target group and ad performance.

You can opt-out of receiving interest-based ads from Facebook by changing your advertising preferences on Facebook's website. Alternatively, you can opt out of the use of cookies by third parties by visiting the Digital Advertising Alliance opt-out page at http://optout.aboutads.info/?c=2&lang=EN or the http://www.youronlinechoices.com page.

You will find more information at: https://www.facebook.com/policy

Name: Trade Desk Pixel

Provider:  The Trade Desk Inc., 42 N Chestnut St, Ventura, California, CA – 9300, USA

How it works:   The Trade Desk is a technology platform for managing digital advertising campaigns and processes your personal data on the basis of your consent. For this purpose, the surfing behaviour of visitors to our website is analysed with the help of cookies. The Trade Desk collects and processes personal data about users, devices and ads and where these are displayed. This includes unique cookie identifiers, mobile device advertising identifiers, IP addresses and other browser and device information such as type, version and settings.
You can declare your objection or revocation at any time in the cookie settings of the consent management tool used.

Further information at: https://www.thetradedesk.com/en/privacy

Name: Media Intelligence Network

Provider:  Amnet GmbH, Alsterufer 3, 20354 Hamburg, Germany

How it works:   Media Intelligence Network is a data management platform for the use of retargeting and processes your personal data on the basis of your consent. Retargeting is an online marketing tracking method that marks your visit to our website and then, when you visit other websites, displays advertisements related to products previously viewed on our website. The cookie set by Media Intelligence Network is used to recognise the terminal device you are using. This means that your interest in certain products can be recorded on the basis of your previous visit to our website and used for targeted advertising on other websites. With the help of the cookie set, Media Intelligence Network is able to identify the so-called conversion rate. This is done by determining the number of people who, after clicking on an ad, decided to buy an offer advertised in it.
You can declare your objection or revocation at any time in the cookie settings of the consent management tool used.

Further information at: https://www.mediaintelligence.en/privacy-policy.do

Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in your browser and/or in our privacy settings:

Note: The settings you choose only relate to the browser you use.

• Disabling all cookies
  If you wish to disable all cookies, please go to your browser settings and deactivate the setting of cookies. Please note that this may affect the functionality of the website.
• Managing your settings regarding technically non-essential cookies and tracking mechanisms
  When you visit our website, you will be asked in a cookie layer whether you grant your consent for the use of comfort, analysis and marketing cookies and/or tracking mechanisms. In our privacy settings, you can revoke consents already given with future effect or give us your consent at a later date.

This website uses videos from the YouTube video platform. YouTube is a platform that enables the playback of video files. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

As part of our online offer, we have integrated videos from the YouTube video platform. Before you can watch a YouTube video, we ask for your consent for the data processing associated with its playback.

For more information on the scope and purpose of the data collected, on YouTube’s further processing and use of the data, on your rights and the data protection options you can select, please see Google’s privacy policy.

This website uses mapping services from Google Maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to increase the protection of your data when visiting our website, Google Maps is integrated into the site using the so-called "2-click solution." If you retrieve a corresponding page of our content, Google Maps will only be embedded if you activate the corresponding button.

In this way, a connection to Google Maps, including a transmission of log data to Google, is only established when you interact with Google Maps. When you interact with Google Maps, data is also transmitted to Google as the data controller and contact is made with the Google DoubleClick advertising network, which may trigger further data processing operations over which we have no control.

For more information on the scope and purpose of the data collected, on the further processing and use of the data by Google, on your rights and the data protection options you can choose, please refer to Google's privacy policy.

You can subscribe to the Bosch eBike Newsletter on our website. We distribute this on the basis of your consent.

To confirm your consent we use the "double opt-in" procedure, which means we will only send you a newsletter by e-mail, if you have previously expressly confirmed activation of the newsletter service by clicking on a link in a notification. You can stop receiving the newsletter at any time by revoking your consent. The revocation takes place via the link contained in the newsletter. Alternatively, please contact us using the information in the Contact section.

We analyse the behaviour of our newsletter readers on the basis of their consent in order to design our newsletter in line with their needs and to optimise our content. For this analysis, the newsletters sent contain so-called web beacons, also referred to as pixels. When you read the newsletter, we record which links you click on in the newsletter and use this information to deduce your personal interests. We link this data to technical information about your device (e.g. time of access, browser type and operating system).

Our website may contain links to websites of third parties not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing, and use of any personal data transmitted to the third party when the link is clicked on (such as the IP address or the URL of the page on which the link is located), as the behavior of third parties is of course beyond our control. We do not accept responsibility for the processing of such personal data by third parties.

I. Introduction.

Robert Bosch LLC (“Bosch”, “we”, “us” or “our”) is pleased to have you (“you” or “your”) visit our website, bosch-ebike.com (the “Bosch eBike Systems Website”) and welcomes your interest in the services or products provided through the Bosch eBike Systems Website (collectively, the “Services”). This Privacy Policy (this “Notice”) applies to all users of the Bosch eBike Systems Website and the Services, anywhere in the United States, Canada, and their respective territories and possessions. Terms capitalized but not defined in this Notice are as defined in the Bosch eBike Systems Website Terms of Use (the “Terms”).

We process personal information collected during your visit to the Bosch eBike Systems Website and use of Services in compliance with this Notice and all applicable laws and regulations. Data protection and information security are part of Bosch corporate policy.

Notice to Canadian Users: Please note that by using the Website/Application and/or voluntarily providing your personal information to us, as applicable, you are consenting to the collection, use and disclosure of your personal information as described in this Notice. If you do not consent to the processing of your personal information in accordance with this Notice, please do not access or continue to use the Bosch Website/Application or otherwise provide any personal information to us.

II. Scope

This Notice covers our treatment of (1) personally identifiable information, as defined by numerous statutes in the United States ( “PII Laws”), (2) personal information, as defined by the California Consumer Privacy Act (“CCPA”), and (3) personal information, as defined by Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any applicable substantially similar provincial legislation (“Canadian Privacy laws”) (collectively, “Personal information”) which we gather when you are accessing, viewing, completing, or using this Bosch eBike Systems Website or our Services.

III. Collection of Personal Information

The Bosch eBike Systems Website has collected the following personal information from users of the website within the last twelve (12) months:

1) Identifiers:
We collect this information from our users, customers, and business partners. We also generate identifiers internally.

Examples:
Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

How we use it:
To enable use of our sites, services, and products, to communicate with you, to understand how our Users interact with our sites, and to improve our offerings

How we share it:
We share this data with our service providers and with business partners, including those to whom you instruct us to send this information.

2) Personal information under Cal. Civ. Code § 1798.80(e) :
We collect this information from our users, customers, and business partners

Examples:
Name. Some personal information included in this category may overlap with other categories.

How we use it:
To enable use of our sites, services, and products, to communicate with you, to understand how our users interact with our sites, and to improve our offerings

How we share it:
We share this data with our service providers and with business partners, including those to whom you instruct us to send this information

3) Internet or Similar Activity:
We collect this information from our users and customers

Examples:
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

How we use it:
To enable use of our sites, services, and products, to communicate with you, to understand how our users interact with our sites, and to improve our offerings

How we share it:
We share this data with our service providers and with business partners, including those to whom you instruct us to send this information and 3rd party advertising networks

4) Geolocation data:
We collect this information from our users and customers

Examples:
Physical location or IP based location

How we use it:
To enable use of our sites, services, and products, to understand how our users interact with our sites, and to improve our offerings

How we share it:
We share this data with our service providers

5) Inferences drawn from other personal information:
We generate these internally

Examples:
Profile reflecting a person's preferences, characteristics, predispositions, behavior, attitudes, abilities, and aptitudes.

How we use it:
To understand how our users interact with our sites, to develop and offer more relevant and useful services and products, and to improve the products and services we offer

How we share it:
We share this data with our service providers

Bosch will continue to collect the personal information described above. If any additional personal information is collected by Bosch, we will provide any required notice(s), and where applicable obtain any required consent(s), in accordance with applicable laws in the relevant jurisdiction.

IV. Sources of Personal Information.

Bosch collects personal information from the following categories of sources:

1) Directly from you. For example, when given by you or collected from you thorough your access to and/or use of the Bosch eBike Systems Website and/or the Services, , subscribing to our Services, posting materials or when you contact customer support or otherwise interact or communicate with Bosch, its agents, representatives, suppliers, vendors or consultants through the Bosch eBike Systems Website. This information may include, without limitation, your [first and last name, address, phone number, e-mail address, mailing address, occupation, and any other information you choose to provide us.

2) Indirectly from you. For example, from observing your use of the Bosch eBike Systems Website and/or the Services, or services related thereto. The following data may be collected automatically: the website from which you visit Bosch (referrer), pages viewed, files downloaded (downloads), individual links clicked, search words or search phrases (site search), duration of visit, browser used, device data (e.g., unique device identifier, MAC address, IP address, serial number, hardware model, network information and operating system and version), and other relevant details and/or information. If the visit is a result of online advertising such as banners, video ads, search engine advertising, etc., Bosch or its agents, representatives, suppliers, vendors or consultants may record which banner, AdWords, etc. motivated or assisted with the visit to the Bosch eBike Systems Website(s).

3) Log Files. Each time you use the internet, your browser is transmitting certain information which we store in so-called log files. We store log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts) for a period of 7 and delete them afterwards. Log files which need to be maintained for evidence purposes are excluded from deletion until the respective incident is resolved and may, on a case-by-case basis, be passed on to investigating authorities. Log files are also used for analysis purposes (without the IP address or without the complete IP address) see module “Advertisements and/or market research (including web analysis, no customer surveys)”.

In log files, the following information is saved:

• IP address (internet protocol address) of the terminal device used to access the Online Offer;
• Internet address of the website from which the Online Offer is accessed (so-called URL of origin or referrer URL);
• Name of the service provider which was used to access the Online Offer;
• Name of the files or information accessed;
• Date and time as well as duration of recalling the data;
• Amount of data transferred;
• Operating system and information on the internet browser used, including add-ons installed (e.g., Flash Player); 
• http status code (e.g., “Request successful” or “File requested not found”).

Please note that, if you provide to Bosch any personal information regarding any individual other than yourself (including, without limitation, any information regarding your customers as well as photographs of any individual or his/her property), you are solely responsible for providing any notice(s) and obtaining any consent(s) required pursuant to applicable law, in order to allow Bosch to collect, use and disclose such personal information for the purposes described herein. You agree that you shall keep appropriate records of such notice(s) and consents, and shall promptly produce evidence of such notice(s) and consent(s) upon Bosch’s request.

V. Use of Personal Information and purpose specification.

Bosch may use your personal information for the purpose of:

1) Fulfilling or meeting the reason you provided the information. For example, if you share your name and contact information to ask a question about our Services, we will use that personal information to respond to your inquiry.

2) Technical administration of Bosch and Bosch affiliate websites, mobile applications and/or services.

3) Maintaining the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business.

4) Administering, maintaining, personalizing and improving Bosch and Bosch affiliates’ mobile applications, products and services, including, without limitation, provide requested services, provide optional additional services and to develop new features, products and/or services.

5) Providing customer service, responding to submitted inquiries and customer service requests and other questions and/or comments.

6) For the U.S., this data may be used for marketing and analytic purposes.

7) Handling of a service case at the bicycle dealer or service partner/ Connection of an eBike to a diagnosis tool. If you have a concern about your eBike, you are welcome to contact your bicycle dealer or service partner. To be able to process your request, it is first necessary to identify the technical fault. For this purpose, the bicycle dealer connects your eBike to a diagnostic tool. When your eBike is connected to the diagnosis tool, the following information about your eBike is sent to Bosch eBike Systems for processing ("device-related data"): information about the manufacturer, the date of production and the model of the eBike, Bike-ID, information about the eBike components (article number, serial number, hardware and software versions, configuration data, statistical data), as well as activity data of the eBike (e.g. total riding time, service intervals performed and pending)". The device-related data can be processed for the following purposes: Processing your request, handling a service case, configuring the eBike, performing updates, resetting a detected manipulation, unlocking the eBike components, setting the system time and for product improvement.

8) Compliance with legal and/or regulatory requirements.

Bosch will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice (or obtaining your consent, where required by applicable laws in the relevant jurisdiction).

VI. Sharing and Disclosure of Personal Information.

Bosch may use, store, compile, manipulate, share and disclose your personal information with third parties for the purposes stated above. Your personal information is shared with the following third parties:

1) Bosch affiliated entities, including Bosch’s parent company in Germany, Robert Bosch GmbH, to leverage shared services and improve our Services;

2) Bosch third party service providers, vendors, consultants, suppliers, licensors, marketing, partners and other partners and entities performing work on Bosch’s behalf, such as hosting vendors, advertising service providers, data analytics companies, marketing service companies, list managers and delivery companies.

3) Relevant authorities in accordance with, and as Bosch deems required, necessary and/or appropriate by, or in connection with, applicable law, regulation, court order or legal process;

By accessing and/or using the Bosch eBike Systems Website or the Services, you consent to the above uses and sharing of your personal information in accordance with this Notice.

Disclosure or Sale of personal information – Past 12 Months

1) Disclosure of personal information. In the preceding twelve (12) months, Bosch has disclosed the following categories of personal information for a business purpose:

1. Identifiers
2. California Customer Records personal information categories.
3. Internet or other similar network activity.
4. Inferences drawn from other personal information

We disclose your personal information for a business purpose to the following categories of third parties:

    Contracted Service Providers
    Advertising Networks
    Data Analytics Networks
    Social Networks

2) Sales of Personal Information. The use of certain kinds of third party cookies, such as advertising, or social media cookies, on the Bosch eBike Systems Website could be considered a "sale" of your Personal information for purposes of the CCPA. During the last 12 months, we used third party advertising, and social media cookies on the Bosch eBike Systems Website, which allowed the publisher of such third party cookies to obtain the following categories of Personal information:

1. Internet or other similar network activity.

For more information on how Bosch uses cookies on the Bosch eBike Systems Website, see Section XV (Use of Cookies) below.

VIII. Use of the third-party web analytics tools.

Bosch may use web analytics tools, such as Google Analytics web analytics tool, to provide us with an analysis of your use of the Bosch eBike Systems Website, overall use of and traffic on the Bosch eBike Systems Website and other related services. Google Analytics uses cookies that enable an analysis of your use of the Bosch eBike Systems Website. The information generated by the cookie about your use of the Bosch eBike Systems Website (such as when you visited the website, the referrer URL, details on the configuration of your operating system, your geo location, your browser and your access provider) are generally transmitted to, and stored on, a server of Google located in the U.S.A. You are able to opt out of Google Analytics by downloading and utilizing the Google Analytics Opt-out Browser Add-on, which you can obtain by clicking here.

Bosch uses any information gathered by such analytics tools to analyze your use of the Bosch eBike Systems Website, to generate reports on website activities and to perform other Bosch eBike Systems Website related services to you. Only authorized persons have access to this anonymized data.

IX. International Data Transfer.

Bosch may transfer your personal information to Bosch’s parent company in Germany, Robert Bosch GmbH, and/or to any other Bosch affiliates throughout the world, when processing, storing, analyzing and otherwise using data. Bosch may also transfer your data to a third party outside the country of origin. Accordingly, your personal information may be accessible to courts, law enforcement and national authorities in countries other than the country in which you reside. You can obtain information about Bosch’s policies and practices with respect to foreign service providers (including affiliates), or ask questions about the collection, use, disclosure or storage of personal information by such service providers, by contacting our Privacy Policy Administrator as described below.

X. Children’s Privacy.

Bosch does not knowingly collect or use any personal information from online visitors under the age of 16. Bosch does not knowingly allow visitors under the age of 16 to participate in any promotions or contests made available on the Bosch eBike Systems Website from time to time.

XI. California “Shine the Light” Privacy Rights

California’s “Shine The Light” law permits those Bosch customers who are residents of California to annually request a list of their personal information (if any) that Bosch disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. At this time, Bosch currently does not share any personal information with third parties for direct marketing purposes.

XII. Use of links to affiliated sites

The Bosch eBike Systems Website may contain links to other Bosch sites (“Affiliated Sites”). The Bosch eBike Systems Website provides these links only as a convenience. Your use of these Affiliated Sites and any related services are outside the scope of this Notice, and is governed by the Notices and any other terms referred to or located on such Affiliated Sites.

XIII. Use of external links

The Bosch eBike Systems Website may contain links to third-party websites or services operated by providers that are not associated with Bosch. After you click the link, Bosch no longer has any influence over the collection, storage, use or processing of any personal information transmitted by clicking the link (such as the IP address or URL of the page that contains the link), as the behavior of third parties is, by nature, beyond Bosch control. Therefore, Bosch is not responsible for the collection, storage, use, disclosure or other processing of personal information by such third parties. For further clarity, this Privacy Policy does not apply to any such third party websites or services; please refer to the privacy statements or policies for such third party websites or services for information about how they collect, use, disclose and protect personal information.

XIV. Security

Bosch takes commercially reasonable efforts to ensure that your data collected by Bosch through the Bosch eBike Systems Website is protected against tampering, loss, destruction, access by unauthorized persons or unauthorized disclosure. Bosch security measures are being regularly reviewed and updated as necessary in accordance with the state of technological developments, however, absolute protection is not possible.

When you register with Bosch, you are required to create a username and password. You must not share this access information with anyone else as you are personally responsible for any information transmitted while logged in with your username and password. We disclaim any and all liability for any information transmitted due to an unauthorized log in.

XV. Use of cookies

In the context of our online service, cookies and tracking mechanisms may be used. Cookies are small text files that may be stored on your device when visiting our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis.

1) Categories We distinguish between cookies that are mandatorily required for the technical functions of the online service and such cookies and tracking mechanisms that are not mandatorily required for the technical function of the online service. It is generally possible to use the online service without any cookies that serve non-technical purposes.

2) Technically required cookies By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies that store data to ensure smooth reproduction of video or audio footage. Such cookies will be deleted when you leave the website.

3) Cookies and tracking mechanisms that are technically not required We only use cookies and tracking mechanisms if you have given us your prior consent in each case. With the exception of the cookie that saves the current status of your privacy settings (selection cookie). This cookie is set based on legitimate interest.
We distinguish between two sub-categories with regard to these cookies and tracking mechanisms:

1. Comfort cookies These cookies facilitate operation and thus allow you to browse our online service more comfortably; e.g. your language settings may be included in these cookies. Comfort Cookies are currently not used on the website.
2. Marketing cookies and tracking mechanisms By using marketing cookies and tracking mechanisms we and our partners are able to show you offerings based on your interests, resulting from an analysis of your user behavior:
   Statistics: By using statistical tools, we measure e.g. the number of your page views.

4) Management of cookies and tracking mechanisms You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. Note: The settings you have made refer only to the browser used in each case.

1. Deactivation of all cookies
   If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.
2. Management of your settings with regard to cookies and tracking mechanisms not required technically
   When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any Comfort cookies, marketing cookies or tracking mechanisms, respectively. In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.

XVI. International Users.

This is a U.S. website and service that is targeted to users in the U.S. and Canada, and the Bosch eBike Systems Website and Bosch Services comply with relevant U.S. and Canadian laws, as applicable, including, without limitation, those governing the privacy and security of your information. If you use Bosch Services, you are transferring your information to Bosch in the United States. By using the Bosch Services or providing your information to Bosch through the Services you consent to the transfer of your personal information to the United States, and Bosch handling of your information in accordance with applicable U.S. requirements and this Notice. Accordingly, your personal information may be accessible to courts, law enforcement and national authorities in the United States. You can obtain information about Bosch’s policies and practices with respect to service providers (including affiliates) outside the country where you reside, or ask questions about the collection, use, disclosure or storage of personal information by such service providers, by contacting our Privacy Policy Administrator as described below.

XVII. Your rights relating to Personal Information collected by Bosch.

Effective January 1, 2020, you have the following rights relating to your Personal information collected by Bosch.

1) Right to access specific information and data portability rights.

Effective January 1, 2020, you have the right to request that Bosch discloses certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see below, How to Exercise Your Rights), we will disclose to you:

1. The categories of personal information we collected about you.
2. The categories of sources for the personal information we collected about you.
3. Our business or commercial purpose for collecting or selling that personal information.
4. The categories of third parties with whom we share that personal information.
5. The specific pieces of personal information we collected about you.
6. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: i. For “sales”, the personal information categories that each category of recipient purchased; and ii. for disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. 

2) Deletion Request Rights.

Effective January 1, 2020, you have the right to request that Bosch delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

XIII. Your Rights – Canadians

Individuals located in Canada have certain rights pursuant to Canadian privacy laws. Subject to certain exceptions and limitations, and depending upon the jurisdiction where you reside, such rights may include:

1. The right to withdraw your consent to the collection, use or disclosure of your personal information.
2. The right to be informed of the existence, use, and disclosure of your personal information, and to be provided with an account of the use that has been made or is being made of this information as well as the third parties to which it has been disclosed (including a list of organizations to which your information may have disclosed).
3. The right to challenge the accuracy and completeness of your personal information, and have it amended, updated or rectified as appropriate.
4. The right to acquire information about Bosch’s policies and practices with respect to personal information, including: a description of the type of personal information held by Bosch and a general account of its use; a copy of any brochures or other information that explain our policies, standards, or codes; and information about what personal information is shared with or accessible to our affiliates.
5. The right to challenge Bosch’s compliance with the applicable Canadian Privacy Laws. 

XIV. How to exercise your rights

To exercise your rights, please submit a verifiable consumer request or access request, as applicable, to us by:

Calling us at 1-248-876-1000

Emailing us at privacy.policy@remove.this.us.bosch.com

Submitting a form here

Only you (or in case of a California resident, an authorized agent authorized by you to act on your behalf – see Section XXIII, Authorized Agent below for more information) may make a verifiable consumer request or access request, as applicable related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Your verifiable consumer request or access request, as applicable, must:

1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request or access request does not require you to create an account with us, but if you already have an account with us, you may be required to make your request through that account.

We will only use personal information provided in a verifiable consumer request or access request, as applicable, to verify the requestor’s identity or authority to make the request.

XX. Response timing and Format

We endeavor to respond to a verifiable consumer request or access request, as applicable, within forty five (45) days of its receipt, or sooner where required by applicable law (including Canadian Privacy Laws). If we require more time (up 90 days), where permitted by applicable law, we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide in response to a verifiable consumer request will only cover the 12-month period preceding the verifiable consumer request's receipt, unless otherwise required by applicable law. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For data portability requests, where applicable, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request or access request, as applicable, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

XXI. Personal Information Sales Opt-Out and Opt-In Rights

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). Furthermore, where required by applicable law in the relevant jurisdiction, we will obtain your consent prior to selling your personal information. We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you may submit a request to us by emailing us at contact@remove.this.bosch-ebike.us or contact@remove.this.bosch-ebike.ca. As noted above, certain kinds of third party cookies, such as ad network or analytics cookies, on the Bosch Website could be considered a "sale" of your personal information for purposes of the CCPA. In order to opt out of the “sale” of your information via such cookies, turn off the Analytics, Advertising, and Social Media cookies in our cookie settings manager available here.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by changing your cookie preferences on Bosch eBike Systems Website.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

XXII. Authorized Agent.

As a California resident you may also exercise your request to know or request to delete through an authorized agent. When you submit your request through an authorized agent we require that you:

1. Provide us a copy of your written permission for the authorized agent to submit the applicable request; and
2. Verify your own identity directly with us. 

The foregoing does not apply when you have provided your authorized agent with a power of attorney pursuant to California Probate Code sections 4000 to 4465; provided, that we may require a copy of such power of attorney before fulfilling any request.

XXIII. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

XXIV. Filing a Complaint

Regulatory authorities that oversee the privacy laws and regulations, including the Office of the Privacy Commissioner of Canada, advise individuals to file an objection or challenge with the relevant company before lodging a formal complaint with a regulatory authority. If you are dissatisfied with Bosch’s response to an objection or challenge filed under Article XX above, or you if wish to file a complaint with a regulatory authority first, you may do so as follows:

Under PIPEDA: You may file a complaint with the Office of the Privacy Commissioner of Canada. Depending upon the province where you live, you may also (or instead) have the right to file a complaint with the applicable provincial privacy commissioner/regulator.

Under PII Laws: You may file a complaint with the relevant state’s Attorney General’s office.

Under the CCPA: You may file a complaint with the California Attorney General’s Office. For additional information regarding consumer complaints against a business/company under the CCPA and to initiate the complaint process, please click on the link.

XXVII. Changes to Notice

Due to the constantly changing nature of Bosch business, Bosch reserves the right to change, update, revise and/or modify this Notice at any time at Bosch’s sole discretion, and Bosch will post any new or revised Notice here. Any such change, update, revision and/or modification will be effective immediately upon posting on this website, unless we are required to provide direct notice or obtain your consent pursuant to applicable laws. Use of information that Bosch gathers now will be subject to the Notice and any applicable consents in effect at the time of use. By using or navigating around the Bosch eBike Systems Website or utilizing any of the Services, you acknowledge that you have read and understood and agree to be bound by this Notice and the applicable Terms of Use. If you do not agree to be so bound, do not remain on the Bosch Website/Application. You are responsible for checking the Bosch eBike Systems Website frequently to keep apprised of recent changes.

The effective date of this Notice is: 01/01/2020

Last modified: 02/01/2020

XXVIII. Contact

To obtain more information or to submit suggestions or complaints regarding the processing of your Personal information, you can contact the Bosch Privacy Policy Administrator.

If incorrect information has been stored despite Bosch efforts to maintain correct and up-to-date data, Bosch will correct this upon your written request, sent to:

Email: privacy.policy@remove.this.us.bosch.com

Postal Address:
Robert Bosch LLC Privacy 
Policy Administrator 
38000 Hills Tech Drive 
Farmington Hills, MI 48331

You may also contact as follows:

Phone: 1-248-876-1000

Website: https://www.bosch-ebike.com/us/service/contact/

© Copyright 2020 Robert Bosch LLC. All rights reserved.

Please use the information in the Contact Us section to exercise your rights. Please make sure to provide enough information so we can clearly identify you.

You have the right of access to your personal data, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability. If you have given us permission to process your personal data, you can revoke it at any time with effect for the future.  

Objection to direct marketing

You can object to the processing of your personal data for advertising purposes at any time ("objection to advertising"). Please remember that for organisational reasons there may be an overlap between your objection and the use of your data in an already ongoing campaign.

Objection to data processing in the event of legal basis of "legitimate interest"

You also have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as this is based on the legal basis of "legitimate interest". Reasons must be provided. 

We will then suspend the processing of your data unless we can prove - in accordance with the statutory provisions - that there are compelling and legitimate grounds for further processing which outweigh your rights.

You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us.

If you would like to contact us, you can reach us at the address given in the “Data Controller” section.
 

To exercise your rights, use the following link: https://request.privacy-bosch.com/entity/RB/lang/en-CA/ .

To report data protection incidents, use the following link:https://www.bkms-system.net/bosch-dataprotection .

For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:

Data Protection Officer
Bosch Group Information Security and Privacy Department (C/ISP)

Postfach 30 02 20, 70442 Stuttgart, GERMANY

Or e-mail to: DPO@remove.this.bosch.com

We reserve the right to change our security and data protection measures. In these cases, we will also adapt our notice on data protection accordingly. Please therefore note the current version of our privacy policy.

Date: 27/7/2023