Data protection policy
Privacy statement
1. ABOUT THIS PRIVACY POLICY
Robert Bosch (South East Asia) Pte. Ltd. and its subsidiaries and related companies in ASEAN (‘Robert Bosch Singapore’, ‘we’, ‘us’, ‘our’, etc.) take the protection of your personal data very seriously. Consequently, data protection and information security are an integral part of our corporate policy for ASEAN.
‘Personal data’ means all the information that relates to an identified or identifiable natural person (that is, an individual) – for example, your name, telephone number, email address and street / mailing address.
In this Privacy Policy, we set out information about how we process personal data if and when we collect personal data about you in connection with providing you with our products and/or services or otherwise do business with you and when you use our online service. (Our website may include links to third party websites. They are not covered by this Privacy Policy. Please check the third party website for information about how they may process personal data.)
This Privacy Policy does not include how we process personal data in connection with recruitment, human resources management and ex-employees. If you would like information about how we process personal data for these categories of individuals, please email asean.dpo@sg.bosch.com and we will be happy to send you a copy of it.
2. HOW TO USE THIS PRIVACY POLICY
We have written this Privacy Policy in a way that is straightforward and easy for you to understand. You are welcome to read it from end-to-end. Otherwise, you may like to click on a link below to take you directly to the parts of it that are most relevant to you.
For general information about how we process personal data, how we keep it secure, when we dispose of personal data and when we transfer it overseas click (general information), (security), (disposal) and (overseas transfer).
To find information relevant to your relationship with us:
To find information about your rights:
3. GENERAL INFORMATION ABOUT HOW WE PROCESS PERSONAL DATA
3.1 Standard of data protection laws
Some countries in ASEAN do not yet have data protection laws. If you live in such a country we generally aim to protect your personal data as if there were data protection laws that apply to you.
The data protection laws in some countries in ASEAN are different from the data protection laws in other countries in ASEAN. We generally aim to protect your personal data as if the strictest standard of data protection law applies to you.
3.2 General principles that we apply when we process personal data
We collect personal data about you only for specific and legitimate purposes. We notify you about those purposes and we process such personal data only in ways that are compatible with the specific and legitimate purposes that we tell you about. We process personal data about you lawfully and fairly.
We only collect personal data about you that is adequate and not excessive in relation to the purpose(s) for which we process it. We take care to make sure such personal data is accurate and relevant and, where necessary for the purposes for which we process it, we keep it up-to-date.
We retain personal data about you only for so long as we need to do so for legal and business purposes. For so long as we retain such personal data we make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
3.3 Lawful bases of processing
We want to treat all of the individuals with whom we interact equally, but sometimes we cannot do so because of the way we must apply the laws.
In Singapore, the data protection law requires us to obtain your consent before we collect, use, disclosure and store (collectively, ‘Process’) personal data about you, except where there is an exception to the requirement for consent. For example, we do not need consent to process personal data to respond to an emergency threatens someone’s life, health or safety.
Elsewhere in ASEAN, the data protection laws lay out the lawful bases on which we may process personal data about you. Broadly, these are:
4. CUSTOMERS
4.1 How we collect personal data about or relating to our customers
The personal data we collect about or relating to you depends on the circumstances in which we interact with you. We only collect personal data for purposes that are directly related to our business activities and when it is necessary for such purposes. We set out more specific information below, but generally:
4.3 Why we collect personal data and how we use it
Product offering, sales and support
In connection with our product offerings, sales and support we collect personal data that is about you or relates to you when:
Warranty registration and technical support
In connection with warranty registration and technical support we collect and use personal data that is about you or relates to you when you register a product with us for warranty purposes and if you contact us for technical support and (in each case) we use that personal data only for the purpose for which we collected it
4.4 When we disclose personal data
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
5. BUSINESS PARTNERS, SUPPLIERS AND OTHER BUSINESS CONTACTS
5.1 How we collect personal data about or relating to our business partners
We generally collect personal data directly from you. We will ask you for it (including contact information and relationship information) when you interact with us, including when we are responding to your enquiries about our services and pricing or when we are working with you in the course of establishing a business relationship with you and/or company and when we are providing our services to you and/or your company.
Sometimes we collect personal data about you from a third party, such as another individual working at your company – for example, when they add you to a project team.
Sometimes an entity providing services to us collects it from you on our behalf (for example, where you take an item (such as a motor vehicle) to a service workshop (whether or not it is a Bosch-branded workshop) and the service workshop interacts with us directly or indirectly in the course of providing its services to you. In any such case, we have arrangements in place so that the service provider is under a contractual obligation to ensure that your personal data is protected and not used by the service provider for any purpose other than providing the specific contracted service to you.
5.2 The types of personal data that we collect
If you are an individual who does business with us, including if you work for a company that does business with us, we or our service provider (for example, where a service provider operates a website on our behalf, such as an e Commerce portal) may collect the following types of personal data about or relating to you:
5.3 How we use personal data about or relating to you
We use personal data about or relating to you:
5.4 When we disclose personal data about or relating to you
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
6. USERS OF OUR ONLINE SERVICES
6.1 Using cookies and other tracking mechanisms
In the context of our online service, we may use cookies and other tracking mechanisms. Cookies are small text files that may be stored on your device when you visit our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis. We distinguish between:
6.2 Technically required cookies
‘Technically required cookies’ means those cookies that are necessary for ensuring the technical provision of the online service. They include, for example, cookies that store data to ensure smooth reproduction of video or audio footage. Technically required cookies will be deleted when you leave the website.
6.3 Cookies and tracking mechanisms that are not technically required
We only use cookies and tracking mechanisms that are not technically required if you have given us your prior consent in each case. With regard to these cookies and tracking mechanisms, we distinguish:
You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. (Note: the settings you have made refer only to the browser used in each case.)
If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of convenience cookies, marketing cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Analysis of user behavior (page retrievals, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, UX testing, conversion tracking, and retargeting in conjunction with Google Ads
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Administration of website tags via a user interface, integration of program codes on our websites
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Placement of advertisements, remarketing, conversion tracking Further information is available at: https://adssettings.google.com/authenticated
Provider: New Relic, Inc., 188 Spear Street #1200, San Francisco, CA 94105, USA
Function: For the purpose of tracking user experience and troubleshooting customer issues or complaints, the transfer of your personal data to the above controller is required.
6.4 Content Delivery Network of Microsoft Azure
In order to optimize the loading times of this website, we use a so-called “Content Delivery Network” (CDN) Services, offered by public cloud from Microsoft, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
The use of the CDN Services represents a predominant legitimate interest within the meaning of article 6 section 1 lit. f GDPR.
In context of this processing, personal data is transmitted to the USA. The Transmission is based on European Standard Contractual Clauses in which Microsoft guarantees to comply with the European data protection law for its provided services.
Further information about the privacy policy of Microsoft is available here: https://privacy.microsoft.com/en-us/privacystatement.6.5 Social plugins
In our Online Offers we may use so-called social plugins from various social networks, such as ‘Like’, ‘Share’ and ‘comment’ buttons made available by Facebook, Twitter, Google+, Pinterest, Instagram, TMall and WeChat.
When you use a social plugin – for example, when you decide to ‘Like’ or ‘Share’ something –your internet browser creates a direct connection to the relevant social network’s server. The result is that the relevant social network provider receives the information that your internet browser accessed from the site on which we make our Online Offers available to you. This happens even if you do not have a user account with the relevant social network provider or are currently not logged into your account. Log files (including the IP address) are, in this case, directly transmitted from your internet browser to a server of the relevant social network provider and might be stored there. The relevant social network provider or its server may be located outside the European Union or the European Economic Area (for example, they may be in the United States).
Social plugins are standalone extensions by social network providers. For this reason, we are unable to influence the scope of data collected and stored by them.
The purpose and scope of the collection of data by a social network, the continued processing and usage of that data by the social network as well as your respective rights and setting options to protect your privacy can be found by consulting the relevant social network's data protection notice.
In case you do not wish social network providers to receive and, if applicable, store or use data, you should not use the respective plugins – that is, you should not use a ‘Like’, ‘Share’, ‘comment’ or similar button on our website.
By using the so-called two click solution (provided by Heise Medien GmbH & Co. KG) we protect your visit to our web pages from being logged and processed by social network providers by default. When using a page of our internet presence which contains such plugins, these are initially deactivated. The plug ins are activated only when you click on the respective button.
7. Mobile applications
7.1 Usage of our mobile applications
In addition to our Online Offers, we offer mobile applications ("Apps"), which you can download to your mobile device. We also collect personal data through our apps when you use a mobile device, if you consent.
Some of our apps include location based services, through which we provide you offers tailored to your specific location. Your movement is not tracked. You can de-activate this function in the app settings, or in your mobile device operating system.
In order to provide you with a more user friendly platform, and also to perform range measurements and market research, we may use app analysis tools on some of our apps.
8. YOUR RIGHTS
8.1 Limiting the information you provide to us
If we ask you for personal data that you do not want to provide, please tell us and we will try to continue without it. However, it might not be possible for us to provide the product or service that you are seeking or lack of personal data may result in inconvenience to you when we are providing such product or service.
8.2 Withdrawing consent and opting out of receiving marketing messages
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time. You can do this by notifying us in writing (which includes email) – click here for our contact details.
If you have registered for a MyBosch Account you may login to it and edit your contact permissions in the My Profile section of it. Alternatively, you can opt out of commercial emails by clicking the ‘unsubscribe’ line at the bottom of any such email that we send to you. Please note that if you opt-out of commercial emails we may still need to contact you with important transactional information about you and/or your company’s account and/or about a product and/or service that you have purchased from us.
8.3 Data accuracy
We take steps to ensure that the personal data we collect is accurate, up-to-date and complete. This includes updating it if and when you let us know that it has changed. If you have registered for a MyBosch Account you may login to it and amend the details in the My Profile section of it. Alternatively, please let us know about any changes by notifying us in writing (which includes email) – click here for our contact details.
8.4 Access to personal data
You can request us to provide you with a copy of personal data about you or that refers to you that is in our possession or under our control. We will also give you information about the ways in which we have, or may have, used or disclosed it within the previous 12 months.
If yyou have registered for a MyBosch Account you may login to it and navigate to the My Products and My Orders sections of it to find out when we have used your personal data for the purpose of products purchased from us and product orders with us. Alternatively, please ask us in writing (which includes email) – click here for our contact details. We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as reasonably possible. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request.
We reserve the right to charge a fee for access to your personal data, which will be limited to the incremental costs incurred by us in meeting your request. We will notify you of the amount (or, if that cannot be determined, the estimated amount) of the fee before fulfilling your request.
8.5 Correction of personal data
You can request us to correct on error or omission in personal data about you or that refers to you that is in our possession or under our control. If you have registered for a MyBosch Account you may login to it and amend the details in the My Profile section of it in order to correct any error or simply to update your personal data. Alternatively, notify us about your correction request in writing (which includes email) – click here for our contact details. We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as practicable. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request. We may also send the corrected personal data to other organisations to which we have disclosed your personal data.
9. SECURITY OF YOUR PERSONAL DATA
As a leading global supplier of technology and services we take the security of personal data about or referring to you seriously
We have appropriate security measures in place to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will process your personal data only on our instructions.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of an actual or suspected personal data breach where we are required by contract or law to do so.
10. DISPOSAL OF PERSONAL DATA
We will cease to retain documents that contain personal data about you or that refers to you as soon as it is reasonable to assume that the purpose for which we collected it is no longer being served by us retaining it and we no longer need it for a business or legal purpose. Alternatively, we may anonymise the personal data so that it can no longer be associated with you.
11. TRANSFER OF PERSONAL DATA OVERSEAS
We may from time to time, depending on the circumstances under which you provided personal data to us, have a business need to transfer it (or a copy of it) out of the country in which you gave it to us and to one of our subsidiaries or related companies a different country. For example, if you gave it to us outside of Singapore we might need to transfer it to our regional headquarters in Singapore.
We have entered into contracts to ensure that personal data about or relating to you is treated by the receiving entity with the same degree of care as is required by this Privacy Policy. This includes us adopting uniform practices / standard operating procedures (SOPs) in all of our subsidiaries and related companies in ASEAN (and in the location of our global headquarters, in the European Economic Area).
12. MAKING A COMPLAINT
If you have any complaint about the way in which we have processed personal data about you or that refers to you – that is, if you feel we have not complied with this Privacy Policy and/or with the applicable data protection / privacy law please let us know. You may do this in writing (which includes email) – click here for our contact details. Please include the following:
We will acknowledge receipt of your complain as soon as practicable. Then we will investigate it. We may need to obtain further information from you, speak to relevant staff members, review relevant documents and/or obtain legal or technical advice to do our investigation. Once we have completed our investigation, we will write to you to let you know the outcome of the investigation.
13. CONTACTING US
You can contact us to get further information in relation to this Privacy Policy, to provide comments or to make any complaint by contacting our data protection officer as follows:
By letter:
Data Protection Officer, ASEAN Region
Robert Bosch (S.E.A.) Pte. Ltd.
11 Bishan Street 21
Singapore 573943
By email:
asean.dpo@sg.bosch.com
By phone:
+65 6258 5511
14. POLICY CHANGES
We reserve the right to change and update this Privacy Policy from time to time. We will notify changes by posting them on our website. The amended Privacy Policy will come into effect from the time that it is posted on our website.