Legal notice

The protection of your privacy in the processing of personal data and the safety of all business data are important concerns that we take into account in our business processes. Data protection and information security are part of our corporate policy.

The Data Controller responsible for processing your data is Bosch eBike Systems. 
Our contact details are as follows:
Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe, Germany

You can reach us at:
Email address: kontakt@bosch.de
Tel.: +49 711 400 40990.

Principles

Personal data means any information relating to an identified or identifiable natural person, such as name, address, telephone number, e-mail addresses, contract data, booking data and billing data, that express the identity of a person. We gather, process and use personal data (including IP addresses) only if there is a legal basis for doing so, or if you have given us your consent, e.g. during the course of registration.

Categories of data processed

Use of our website

You can make use of various services when using our website. The categories of data processed are as follows:

• Communication data (e.g. name, telephone, e-mail, address, IP address)
• Planning and control data (e.g. surveys, questionnaires, contact form)
• Location data
• Log files

Shopping on our website

Our website also allows you to visit the Bosch-eBike online store and to use paid services. We process the following categories of data for the purpose of ordering the relevant service:

In the case of a customer account:

• Order data (e.g. name, telephone, e-mail, address, IP address)
• Contract master data (contractual relationship, interest in a product or contract)
• Customer history
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

Orders placed as a guest:

• Order data (e.g. name, telephone, e-mail, address, IP address)
• Contract master data (contractual relationship, interest in a product or contract)
• Contract billing, payment and disbursement information, including data related to repayments
• Communication data

Use of the BDP tool

When the BDP tool is used in connection with the eBike, the following categories of data are processed:

• Device-related data (e.g. hardware ID, computer name)

Processing purposes and legal basis

We and the service providers commissioned by us process your personal data for the following purposes:

• Provision of this website

If you use our website purely for information purposes, i.e. without registering or otherwise sending us information, we process your personal data to provide and display this website and to ensure its stability and security. The legal basis for processing log files is the legitimate interest pursuant to Art. 6 (1) (f) GDPR.

• Use of our online store

When you use our online store, we process your personal data to fulfil the contract and to process the order in accordance with our contract terms and conditions. The legal basis for this processing is Art. 6 (1) (b) GDPR.

• Contact

Our website offers you a variety of contact options (e.g. contact form, e-mail communication). When we receive enquiries from end customers regarding eBikes (e.g. handling of a service case, warranty cases) or enquiries from retailers, manufacturers or journalists regarding products and services from Bosch eBike Systems, we process your personal data to answer enquiries, if necessary to solve problems and to maintain and secure your satisfaction as a customer and that of your customers. The personal data supplied to us in this way will be used solely for the purpose specified when you contacted us. Should you contact us outside of a specific contractual relationship or registration, the legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The legal basis in the case of a contractual relationship or registration is Art. 6 (1) (b) GDPR.

• Product or customer surveys by e-mail and/or telephone

Our website offers you the opportunity to participate in product or customer surveys aimed at optimising and developing our products and services. If you wish to take the opportunity to participate in an online (e.g. e-mail) or telephone product or customer survey, we will only use your personal data to contact you with your express consent. The legal basis for this processing is Art. 6 (1) (a) GDPR

• Competitions

If you take part in one of our competitions, your personal data will be stored and used by us for the purpose of running the competition and the associated follow-up in accordance with the relevant competition conditions. The legal basis for this processing is Art. 6 (1) (b) GDPR.

• Bosch eBike Newsletter with the consent of the recipient.

You can subscribe to the Bosch eBike newsletter on our website. We will process your personal data collected in this context on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

• Handling of a service case at the bicycle retailer or service partner/connecting an eBike to a diagnostic tool

If you have a concern regarding your eBike, simply contact your bicycle retailer or service partner. In order to process your request, it is first necessary to identify the technical error. For this purpose, the bicycle retailer connects your eBike to a diagnostic tool. When your eBike is connected to the diagnostic tool, the following information about your eBike is sent to Bosch eBike Systems for processing ("device-related data"): Information about the manufacturer, the production date and the model of the eBike, bike ID, information about the eBike components (article number, serial number, hardware and software versions, configuration data, statistical data), as well as activity data of the eBike (e.g. total trip time, completed and upcoming service intervals)". The device-related data may be processed for the following purposes: Processing your request, handling a service case, configuring the eBike, performing updates, resetting a detected tampering, enabling the eBike components, setting the system time and for product improvement.

The legal basis for this processing is Art. Art. 6 (1) (b) GDPR (contract) or Art. 6 (1) (f) GDPR (legitimate interest). The legitimate interest of Bosch eBike Systems derives from an interest in processing your request, processing service cases, maintaining or promoting your satisfaction and optimising our own products.

• Provision of the digital service book

We process your personal data (e.g. bike ID, service type, service date, mileage) to provide you with a digital service history of your eBike with information about changes, updates and services relating to your bike and to enable eBike retailers to manage the entries in your digital service book. The legal basis for the processing of this data is Art. 6 1 (a) GDPR (consent).

• Marketing and market research

Our website uses various marketing and tracking mechanisms, provided you have allowed this, for example through the consent you granted through the cookie manager. These marketing and tracking mechanisms allow us to display information on our website, as well as on third-party websites, about our products that may have interested you while using our website. The legal basis for this processing is Art. 6 (1) (a) GDPR.  

• Investigation of faults and preservation and defence of our rights for security reasons

In order to eliminate faults or to preserve evidence in the event of security incidents, we will process your personal data in order to fulfil our legal obligations in the area of data security, Art. 6 (1) (c) DSGVO. In addition, we have a legitimate interest in eliminating faults and ensuring the security of our website, Art. 6 (1) (f) GDPR. When we have a legitimate interest in asserting and defending our rights, we will process the necessary personal data in accordance with Art. 6 (1) (f) GDPR.

If you wish to use services that require a contract, we will ask you to register. Within the scope of registration, we collect the personal data required for the establishment and fulfilment of the contract (e.g. first name, surname, date of birth, e-mail address, and, if applicable, details of the desired method of payment or the account holder) as well as further data on a voluntary basis, as applicable. Mandatory details are marked *.

You must provide the personal data required in order to establish and implement a business relationship and for the fulfilment of the associated contractual obligations, or which we are legally obliged to process. We mark such personal data in the respective forms or functions with a *. Please note that unless you provide such personal data we will not be able to enter into or implement a contract with you. In this case, the online offers or other services (see "Processing purposes and legal bases") cannot be used.

Every time you use the Internet, certain information is automatically transmitted by your Internet browser and stored by us in so-called log files. These log files are stored by us for a period of 7 days in order to determine faults and for security reasons (e.g. to investigate attempted attacks) and are then deleted. Log files whose further storage is necessary for evidentiary purposes are excluded from the deletion until the final investigation of the relevant incident and, in individual cases, may be forwarded to the investigating authorities. Log files are also used (without or without a complete IP address) for analysis purposes under the conditions described in the section "Advertising and/or market research (including web analysis, without customer surveys)".
The following information is stored in the log files:

• The IP (Internet Protocol) address of the device from which our website is accessed;
• Internet address of the website from which our website was accessed (known as the originating or referrer URL);
• Name of the service provider through which our website is accessed;
• Name of the retrieved files and/or information;
• Date, time and duration of the retrieval;
• Transferred data volume;
• Operating system and information about the Internet browser used, including installed add-ons (e.g. for Flash Player);
• http status code (e.g. "request successful" or "requested file not found").

This website is not intended for children under the age of 16.

Your personal data will only be transmitted to other data controllers if this is necessary for the fulfilment of the contract, if we or the third party have a legitimate interest in transferring the data and/or you have granted your consent. For details on the legal bases and the recipients or categories of recipients, please refer to the section on processing purposes and legal bases. In addition, data may also be transmitted to other data controllers if we are obliged to do so by law or by enforceable administrative or court order.

We may also transfer personal data to recipients located outside the EEA in so-called third countries. In this case, we shall ensure before transfer that either an adequate level of data protection exists on the recipient's side or that your consent to the transfer has been obtained. You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure an adequate level of data protection. Please use the information in the contact section for this purpose.

We commission external service providers with tasks such as sales and marketing services, contract management, payment processing, programming, data hosting and hotline services. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and protection of the data stored with them. All service providers are obliged by us to maintain confidentiality and to comply with legal requirements. Other companies in the Bosch Group may also be service providers.

We use external payment service providers. We collect your personal data for payment and, if applicable, disbursement processing in order to fulfil a contract.

Your personal data will also be processed for the purposes of investigating and preventing fraud, abuse, security incidents and other harmful activities, e.g. anti-money laundering measures and law enforcement. The basis for this is compliance with applicable laws (e.g. prevention of money laundering) as well as our legitimate interest in limiting the risk of payment defaults. Likewise, security investigations and risk assessments may take place because of our legitimate interest in preventing fraud and other harmful activities. We also process your personal data to calculate the fees we owe to your card-issuing bank based on our legitimate interest in maintaining our business operations. Depending on which payment method you choose as part of the ordering process, we will pass on the data collected for the processing of payments (e.g. bank details or credit card data) to the credit institution commissioned to make the payment or to payment service providers commissioned by us. In some cases, payment service providers also collect and process this data as data controllers. In this respect, the data protection information of the respective payment service provider shall apply.

Payment method: Credit card

If you pay with your credit card and provide your bank, card and/or authorisation details we will use external service providers, known as "third parties", to process your credit card-based payment. "Gateway payment providers" and payment service providers. Gateway payment providers act as processors and ensure the technical processing of card-based payments via a technical infrastructure. 

Payment service providers act as independent data controllers for the acceptance and settlement of payment transactions, including the secure routing and settlement of credit card transactions with international credit card companies. Payment service providers process your personal data and also transmit this data to other data controllers in order to implement the payment or to comply with legal requirements. If you wish to use your credit card for payment, the card payment must first be authorised. This authorisation takes place automatically using your data. In particular, the following considerations may play a role: Payment amount, place of payment, previous payment history, merchant, purpose of payment. Card payment is not possible without authorisation. This does not affect other payment methods (e.g. other cards).

We use the following payment service provider for credit card payments:

Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany. Payone GmbH acts both as a gateway payment provider and as a payment service provider. In this respect, the data protection information for Payone GmbH shall apply and must be acknowledged separately.

Payment method: "PayPal"

If you select "PayPal" as the payment method, the payment will be processed via:

PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and PayPal Pte. Ltd, 5 Temasek Boulevard #09-01, Suntec Tower Five, Singapore 038985 (hereinafter "PayPal")

PayPal processes your data as a payment service provider and is its own data controller. The transfer of your data to PayPal Pte. Ltd. in Singapore, is provided on the basis of binding, regulatory-approved corporate rules that apply to PayPal's affiliates.

In principle, we store your data for as long as is necessary to provide our website and the associated services or we have a justified interest in continued storage (e.g. we may still have a justified interest in marketing by post even after fulfilment of a contract). We will thereafter delete your personal data with the exception of data that we are required to retain to comply with legal obligations (e.g. we are required by tax and commercial law to retain documents such as contracts and invoices for a certain period of time).

Cookies and other technologies may be used in the course of providing our website.
Cookies are small text files that can be stored on your device when you visit a website. It is generally possible to use the website is generally possible without cookies, which are not technically necessary. 

Technically necessary cookies

By technically essential cookies we mean cookies without which the technical provision of the website cannot be guaranteed. This includes, for example, cookies that store data in order to ensure smooth playback of video or audio content. These cookies are deleted after the end of your visit.

Technically non-essential mechanisms

We only use technically non-essential mechanisms with your prior consent. The only exception to this is the cookie that stores the current status of your privacy settings (selection cookie). This is set due to our legitimate interest in the functionality of the website. 

We use third-party tools to integrate cookies and mechanisms that are technically non-essential. These ensure that technically non-essential cookies and mechanisms are only set with your consent. 

We use the following tools:

Name: Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Function:  Management of website tags via an interface, integration of program codes on our websites.

Comfort cookies and mechanisms

Cookies and mechanisms assigned to this category, facilitate operations and thus enable more comfortable surfing on our website. For example, your language settings can be stored in these cookies. 

Marketing

By using marketing cookies and tracking mechanisms we and our partners can display interest-based offers based on an analysis of your usage behaviour.

The mechanisms and providers used on this website are listed below.

- Analysis: We use analytics tools to measure, for example, the number of page views or your usage patterns on our site. This may also include an analysis of log files.

- Conversion tracking: Our Conversion Tracking partners place a cookie on your computer (‘conversion cookie’) for this analysis service if you have accessed our digital offering via an ad of the relevant partner. If you visit a specific page of ours and the cookie has not expired, we and the Conversion Tracking provider can recognise that a particular user clicked on the ad and was redirected to our site. This is also possible across devices. The information collected using the conversion cookie is used to generate conversion statistics and to record the total number of users who clicked on the ad and were redirected to a page with a Conversion Tracking tag.

- Retargeting: Retargeting tools use advertising cookies or third-party advertising cookies, web beacons (invisible graphics also called pixels or tracking pixels), or similar technologies to create usage profiles. These are used for interest-based advertising and to control the frequency with which the user sees certain ads.

We use the following tools:

Name: Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Function: Analyse user behaviour (page views, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information from logged in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking and retargeting in connection with Google Ads.

Name: Google Ads

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Function: Google processes your personal data on the basis of your consent via the "Google Ads Remarketing Tag" pixel for the creation of campaign reports, tracking of conversions, click events as well as targeted advertising outside our websites (retargeting) by means of e.g. URL, referrer URL, membership of re-marketing lists defined by us. The aforementioned information can also be used to link you to your Google account and to include you in remarketing lists. We do not receive any personal data about you from Google, only anonymised campaign reports about the target group and ad performance.

Name: Google Optimise

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Function: A cookie can track how a user has behaved across a number of sites, UX testing
 

Name: Facebook-Pixel

Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

We are jointly responsible with Facebook for processing your personal data as part of the processing of your personal data on our online offering via Facebook Pixel. We have entered into a joint responsibility agreement with Facebook in order to determine our respective responsibilities for fulfilling obligations under the GDPR with regard to joint processing. The essential content of the agreement can be accessed at any time via the following link: https://www.facebook.com/legal/controller_addendum This regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and how data subject rights can be asserted against Facebook.

Function: Facebook processes your personal data based on your consent via the Facebook Pixel to create campaign reports, track conversions, click events, and target advertising outside of our websites (retargeting) using HTTP headers (including IP address, device and browser properties, URL, referrer URL and your person), pixel-specific data (including pixel ID and Facebook cookie), click behaviour, optional values (for example, conversions, page type), form field names (such as "email", "address", "quantity" for the purchase of a product or service).

We do not receive any personal data about you from Facebook, only anonymised campaign reports about the website target group and ad performance.
You can opt-out of receiving interest-based ads from Facebook by changing your advertising preferences on Facebook's website. Alternatively, you can opt out of the use of cookies by third parties by visiting Digital Advertising Alliance's opt-out page at  http://optout.aboutads.info/?c=2&lang=EN or page http://www.youronlinechoices.com besuchen.

You will find more information at: https://www.facebook.com/policy

Name: Trade Desk Pixel

Provider: The Trade Desk Inc., 42 N Chestnut St, Ventura, California, CA – 9300, USA

Function: The Trade Desk is an advertising technology platform for managing digital marketing campaigns, and processes your personal data on the basis of your consent. To do this, the browsing behaviour of users of our website is analysed using cookies. The Trade Desk collects and processes personal data about users, devices and advertisements, and where these are displayed. This includes, for example, clear cookie identifiers, advertisement identifiers for mobile devices, IP addresses and other information about browsers and devices, such as type, version and settings.
You can object or withdraw your consent at any time in the cookie settings of the Consent Management Tool used.

Find more information at: https://www.thetradedesk.com/de/privacy

Name: Media Intelligence Network

Provider: Amnet GmbH, Alsterufer 3, 20354 Hamburg, Germany

Function: Media Intelligence Network is a data management platform for the use of retargeting, and processes your personal data on the basis of your consent. Retargeting is a tracking process used in online marketing where your visit to our website is flagged and then, when you visit other websites, advertisements for the products you previously viewed on our website are inserted. The cookie placed by Media Intelligence Network serves to recognise the end device you used. Based on your prior visit to our website, this records your interest in specific products and is used for targeted advertising on other websites. Using the cookie, Media Intelligence Network can establish the so-called conversion rate. This determines the number of persons who have decided to make a purchase after clicking on an advertisement for a promoted offer.
You can object or withdraw your consent at any time in the cookie settings of the Consent Management Tool used.

Find more information at: https://www.mediaintelligence.de/privacy-policy.do

Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in your browser and/or in our privacy settings:
Note: The settings you choose only relate to the browser you use.

• Disabling all cookies
  If you wish to disable all cookies, please go to your browser settings and deactivate the setting of cookies. Please note that this may affect the functionality of the website.
• Managing your settings regarding technically non-essential cookies and tracking mechanisms
  When you visit our website, you will be asked in a cookie layer whether you grant your consent for the use of comfort cookies and marketing cookies and/or tracking mechanisms. In our privacy settings, you can revoke consents already given with future effector give us your consent at a later date.

This website uses videos from the YouTube video platform. YouTube is a platform that enables the playback of video files. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For more information on the scope and purpose of the data collected, on YouTube’s further processing and use of the data, on your rights and the data protection options you can select, please see Google's data protection notice.

This website uses mapping services from Google Maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To increase the protection of your data when visiting our website, Google Maps is incorporated into the site using the so-called "2-click solution". When you retrieve a corresponding page in our offering, Google Maps will only be embedded if you activate the corresponding button. In this way, a connection to Google Maps, including the transmission of log data to Google, is only established when you interact with Google Maps. When you interact with Google Maps, data is also transmitted to Google as the Data Controller and contact is made with the Google DoubleClick advertising network, which may trigger further data processing operations over which we have no control. For more information on the scope and purpose of the data collected, on Google’s further processing and use of the data, on your rights and the data protection options you can select, please see Google’s data protection notices.

You can subscribe to the Bosch eBike Newsletter on our website. We distribute this on the basis of your consent.

To confirm your consent we use the "double opt-in" procedure, which means we will only send you a newsletter by e-mail, if you have previously expressly confirmed activation of the newsletter service by clicking on a link in a notification. You can stop receiving the newsletter at any time by revoking your consent. To cancel the e-mail newsletter subscription follow the link included in the newsletter. Alternatively, please contact us using the information in the Contact section.
We analyse the behaviour of our newsletter readers on the basis of their consent in order to design our newsletter in line with their needs and to optimise our content. For this analysis, the e-mails sent contain so-called web beacons, also referred to as pixels. When you read the newsletter, we record which links you click on in the newsletter and use this information to deduce your personal interests. We link this data to technical information about your device (e.g. time of access, browser type and operating system).

This analysis does not take place if you withdraw your consent or if you have deactivated the display of images by default in your e-mail program. In this case the newsletter will not be displayed in full and you may not be able to use all functions. As soon as you display the images, the evaluation described above will be activated.

Our website may contain links to web pages of third parties not affiliated with us. After clicking on the link, we no longer have any influence on the collection, processing and use of any personal data transferred to the third party by clicking on the link (such as the IP address or the URL of the page on which the link is located), since the conduct of third parties is of course beyond our control. We accept no responsibility for the processing of such personal data by third parties.

Please use the information in the Contact Us section to exercise your rights. Please make sure to provide enough information so we can clearly identify you.

You have the right of access to your personal data, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability. If you have given us permission to process your personal data, you can revoke it at any time with effect for the future. 

Objection to direct marketing

You can object to the processing of your personal data for advertising purposes at any time ("objection to advertising"). Please remember that for organisational reasons there may be an overlap between your objection and the use of your data in an already ongoing campaign.

Objection to data processing in the event of legal basis of "legitimate interest"

You also have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as this is based on the legal basis of "legitimate interest". Reasons must be provided.

We will then suspend the processing of your data unless we can prove – in accordance with the statutory provisions – that there are compelling and legitimate grounds for further processing which outweigh your rights.

You have the right to file a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state or the data protection authority responsible for us.

If you would like to contact us, you can reach us at the address given in the “Data Controller” section.

To exercise your rights, please use the following link: https://request.privacy-bosch.com/entity/RB/lang/en-EN/ .

To report data protection incidents, please use the following link: https://www.bkms-system.net/bosch-dataprotection.
For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our data protection officer:

Data Protection Officer
Department for Information Security and Data Protection Bosch Group (C/ISP)
Postfach 30 02 20, 70442 Stuttgart, GERMANY
or mailto: DPO@bosch.com

We reserve the right to change our safety and data protection measures. In these cases, we will also adapt our notice on data protection accordingly. Please therefore note the current version of our privacy policy.

Date: 13/7/2021