Robert Bosch Single Member SA and the Robert Bosch GmbH (in the following referred to as Bosch, "we" or "us") thank you for using the "Bosch Charging Services" via the Charging App "Maserati Public Charge" (MPC app) and for your interest in our company and our products.
In this Data Protection Notice we describe how we process your personal data in connection with your use of our Service.
1 Bosch respects your privacy
1.1 Protecting your privacy when handling your personal data and ensuring the security of all business data is something we take very seriously, and this concern is built into our business processes. We will process personal data collected in the course of using the "Bosch Charging Services" in confidence, and only in accordance with the law.
1.2 Data protection and information security are enshrined in our corporate policy.
2 Responsible parties
The companies responsible for processing your data are part of the Bosch Group. Specifically, these are the following responsible parties within the meaning of data protection:
Robert Bosch Single Member SA
Erchias 37
19400 Koropi
GREECE
www.bosch.gr
Phone number: +30 210 5701200
e-mail: contact.RBGR@gr.bosch.com
Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe, Germany
www.bosch.de
Phone number: +49 711 400 40990
E-mail address: kontakt@bosch.de
3 Data processed by Bosch under Joint Controllership
The personal data used in the context of our offer are processed by the parties named in section 2 under joint responsibility within the meaning of Art. 26 (1) sentence 1 GDPR.
What is the reason for the joint controllership?
In connection with the provision of "Bosch Charging Services" via the Charging App "Maserati Public Charge" (MPC app) the Parties have jointly determined the means and the purposes of the processing of your personal data within the data processing described below and are therefore considered “Joint Controllers” subsequent to Art. 26 GDPR. The parties have jointly determined the order in which this data is processed in individual process steps. Particular attention has been paid to ensuring adequate protection of your personal data and how we can provide you with full transparency on this processing.
What does this mean for you as a data subject?
The Parties fulfil the data protection obligations according to their respective responsibilities for the processing activities as follows:
In the joint data processings, the Parties are responsible as follows
Robert Bosch Single Member SA will be your contractual partner for the provision of the "Bosch Charging Services" by accepting its terms and conditions, Robert Bosch Single Member SA is responsible for the management of the contract and the contract master data.
Depending on the country availability of the "Maserati Connect" app, SSO is enabled in the charging app "Maserati Public Charge" (MPC app) either via the Maserati identity provider (Gigya) or via the Bosch identity provider (SingleKey ID). In case of a usage via the Maserati Connect app, we receive your personal information from Maserati (Gigya), in case of a usage via Bosch SingleKey ID from Bosch.IO GmbH. Further information can be found under 5.1 and 5.2. When registering, we require additional information from you to complete your user account. (Legal grounds: Contract fulfillment)
In order to enable the charging process at a specific charging station, the exchange of (pseudonymous) data between us and the respective Charge Point Operator (CPO) is necessary. To provide a comprehensive service, it is necessary to cooperate with a large number of CPOs and perform the associated data processing. (Legal grounds: Contract fulfillment)
The Parties make the information required under Articles 13 and 14 GDPR available to you as a data subject in a precise, transparent, comprehensible and easily accessible form in clear and simple language and free of charge. Where required, each party shall provide the other party with all necessary information from its sphere of activity.
The Parties shall inform each other immediately of any legal positions asserted by you as a data subject. They shall provide each other with all information necessary to respond to requests for information.
As a data subject, you will always receive information from the parties mentioned in section 2. Irrespective of this internal regulation, you can assert your rights as described in section 11.
4 Collection, processing and use of personal data
4.1 Categories of data processed
The following categories of data will be processed:
· Personal information (e.g. name, telephone number, e-mail address, postal address)
· Contract master data (e.g. contract relationship, product or contract interests)
· Customer history
· Contract billing and payment data (fiscal code required by Italian Revenue Agency in Italy only)
· Location data
· Other: Charging process data (e.g. amount of energy, charging duration, charging station used), charging identification data (user, vehicle)
4.3 Duration of storage; retention periods:
As a rule, we will store your data for as long as necessary to deliver our services linked to your use of the MPC app and related ancillary services, and for as long as we have a justified interest in storing the said data further (for example, we may have a justified interest in carrying out postal marketing campaigns after having fulfilled a contract). In all other cases, we will delete your personal data, with the exception of data which we are required to continue holding in order to comply with legal obligations (for example, retention periods stipulated under tax and commercial law require us to keep documents such as contracts and invoices for a certain period of time).
5 Forwarding of data
5.1 Forwarding of data to other responsible parties
We will only forward your personal data to other responsible parties to the extent necessary in fulfillment of the contract, to the extent that we or the said third party have a justified interest in forwarding it, or to the extent that you have given your consent for us to do so. Details of the legal grounds for such forwarding are set out in the section headed "Purposes of processing data and legal grounds". Third parties may also be other companies of the Bosch Group. The cases in which data is forwarded to third parties on the basis of a justified interest are explained in this data protection notice.
Other responsible Party:
Maserati
Via Ciro Menotti 322
41121 Modena
For further Information regarding data privacy please contact Maserati
Charge Point Operators (CPOs):
See 4.1 (Performing of charging process).
In general, further information and contact details of the CPO can be found on the respective charging station used.
Additionally, data may be forwarded to other responsible parties where we are obligated to do so in compliance with the law or pursuant to enforceable orders of a public agency or judgments of a court.
5.2 Information on joint responsibility with regard to data subjects for specific data processing, according to Art. 26(2)(2) GDPR. In case the “Maserati Connect” app is not available in your country, SingleKey ID from Bosch.IO GmbH will be used as identity provider.
Party 1:
Bosch.IO GmbH
Ullsteinstrasse 128, 12109 Berlin, Germany
Party 2:
Robert Bosch GmbH
What is the basis for joint responsibility?
In connection with the provision of SingleKey ID as an exclusive single sign-on solution of the Bosch Group, the aforementioned parties will work closely together. This also concerns the processing of your personal data. The parties have jointly determined the order in which this data is processed in individual process steps. As such, they are jointly responsible for the protection of your personal data during the process stages described below (Art. 26 GDPR).
As a data subject according to GDPR, you have a right to the following information from the aforementioned parties.
For which process stages is there joint responsibility?
Processing step: Registration and login with SingleKey ID
Responsibility lies with: Bosch.IO GmbH
Processing step: Overview and administration of master data and applications with SingleKey ID
Responsibility lies with: Bosch.IO GmbH
What have the parties agreed?
In line with their joint responsibility for data protection, the aforementioned parties have agreed which of them is responsible for meeting specific obligations under GDPR. In particular, this concerns the exercise of the rights of data subjects (Art. 15–21 GDPR) and the fulfillment of the obligations regarding provision of information (Art. 13–14 GDPR).
This agreement is required because during the provision and operation of SingleKey ID and its functions, personal data is processed in various process steps and by various systems operated either by Bosch.IO GmbH or by all parties named in the list of parties.
What does this mean for you as data subject?
Although a joint responsibility exists, the parties shall fulfill the obligations under data protection law in accordance with their respective responsibilities for the individual processing activities as follows:
In accordance with their joint responsibility, the parties shall provide the data subject with any information required under Art. 13 and 14 GDPR in a precise, transparent, intelligible, and easily accessible form, using clear and plain language. This information shall be provided free of charge. For this purpose, each party shall provide the other party with all the necessary information from its area of operation.
The parties shall inform each other without delay of any legal positions asserted by you as data subject. They shall provide each other with all the information required to respond to requests for information.
As data subject, you will, in principle, receive the information from Bosch.IO GmbH. Regardless of this internal agreement, you may also assert your rights, as data subject, directly against any party.
Data deletion
Please be aware that if you request Bosch Charging Services to delete your account or your personal data, this does not automatically result in the deletion of your SingleKey ID account. For this, please contact Bosch.IO GmbH directly.
Further information can be found in the privacy notice of Bosch.IO GmbH.
5.3 Service providers (general): We engage external service providers to perform services including sales and marketing, contract management, payment processing, programming, data hosting, and hotline operations. We have selected the said service providers carefully, and monitor them on a regular basis, particularly with regard to their due diligence in handling and protecting your stored data. We obligate all our service providers to maintain confidentiality and to comply with all legal requirements. Service providers may also be other companies of the Bosch Group.
5.4 Payment service providers: We use external payment service providers. Depending on which payment method you choose during the ordering process, we will forward the data connected to the processing of payments (e.g. bank details or credit card data) to the bank contracted to make the payment or to payment service providers engaged by us. In some cases, the payment service providers will also collect and process the said data as responsible parties. In such cases, the data protection notices issued by the payment service providers in question shall apply.
6 Data transfer by operators of app stores
The transfer of data such as a user name, e-mail address or individual device ID to the app store when downloading the MPC app shall not be classed as data collection by us, and is beyond our control. We have no influence on that data collection, or on the further processing of data by the app store as the responsible party.
7 Use of external links
The MPC app may contain links to websites of third-party vendors who are not connected to us.
After you click on such a link, we have no further influence on the collection, processing or use of any personal data transmitted to the third party in question by clicking on the said link (such as your IP address or the URL of the page containing the link), as the actions of third parties are inevitably beyond our control. Bosch accepts no responsibility for the processing of such personal data by third parties.
8 Security
8.1 Our employees and the employees of service companies engaged by us are bound to secrecy and to adhere to the provisions of the application data protection laws.
8.2 We will implement all necessary technical and organizational measures to ensure appropriate levels of security, and to protect the data you entrust to us, in particular against the risk of unintentional or illegal destruction, manipulation, loss, modification, unauthorized disclosure or unauthorized access. Our security measures are constantly being improved to keep pace with technological developments.
9 User rights
9.1 Your rights as a user are detailed in this section. Please use any of the methods in the Contact section when asserting your rights. When doing so, please ensure that we are able to identify you uniquely.
9.2 Rights of notification and disclosure of information: You have the right to receive information from us concerning the processing of your data. To do so, you can assert your right to disclosure of information in relation to your personal data which we process.
9.3 Rights of correction and deletion: You can demand that we correct incorrect data and - provided that legal requirements are met - add to or delete your data as appropriate.
This does not apply to data required for billing and accounting purposes, or to data subject to statutory retention periods. To the extent that access to such data is not required, however, the processing of it will be restricted (see below).
We offer you the possibility to delete your user account irrevocably directly in the app. To do so, select the "Delete account" function in your profile. With your confirmation, your personal data will be permanently deleted within one month.
9.4 Restrictions on processing: You can demand that we restrict the processing of your data, provided that legal requirements are met.
9.5 Objections to processing of data: You also have the right to object to the processing of your data by us at any time. We will then cease processing your data, unless we are able to prove the existence of pressing reasons for further processing of it which are deemed worthy of protection and which outweigh your own rights according to the law.
9.6 Objections to direct marketing: You can also object to the processing of your personal data by us for promotional and advertising purposes at any time. Please note that, for organizational reasons, there may be overlaps between your objection and the use of your data as part of an ongoing campaign.
9.7 Objections to processing of data where "justified interest" is cited as legal grounds: You also have the right to object to the processing of your data by us at any time where the said processing is based on the legal grounds of justified interest. We will then cease processing your data, unless we are able to prove the existence of pressing reasons for further processing of it which are deemed worthy of protection and which outweigh your own rights according to the law.
9.8 Revoking of consent: Where you have given us your consent to process your data, you can revoke it at any time, effective for the future. The legality of the processing of your data shall remain unaffected up to the point of revocation.
9.9 Data portability: You further have the right to receive data which you have made available to us returned to you in a structured, commonly used and machine-readable format and to demand - where technically feasible - that the data be transmitted to a third party.
9.10 Right of complaint to the regulatory authority: You have the right to submit a complaint to a data protection authority. You can submit complaints to the data protection authority whose jurisdiction covers your place of residence or federal state, or to the data protection supervisory authority to which we answer. The data protection supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
10 Changes to this data protection notice
We reserve the right to change our security and data protection procedures to the extent necessary in line with technical developments. In such cases, we will also update the content of our data protection notice accordingly. Please therefore be sure always to refer to the latest version of this data protection notice.
11 Travel to different country (with another controller)
This privacy notice applies to the use of our service and the charging station network in Greece.
We would like to point out that if you travel to another country and charge your electric vehicle there, different data protection notices will apply, as another Bosch legal entity will become your service provider and controller in terms of data protection.
Below you will find the data protection notice applicable for EU-countries where our service is provided by Robert Bosch GmbH: https://www.bosch-emobility.com/static/privacypolicy/maserati-public-charge/EU/en
12 Contact
You can contact us at the address given in the "Responsible party" section.
For the assertion of your rights as well as reporting of data protection incidents use the following link: https://request.privacy-bosch.com.
For suggestions and complaints with regard to the processing of your personal data we suggest to contact our Officer for data protection:
Officer for Data Protection
Information security and data protection Bosch Group
Postfach 30 02 20
70442 Stuttgart
GERMANY
or
Mail to: DPO@bosch.com
Date: September 2023
Robert Bosch Single Member SA
Erchias 37
19400 Koropi
GREECE
www.bosch.gr
Phone number: +30 210 5701200
e-mail: contact.RBGR@gr.bosch.com
Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe, Germany
www.bosch.de
Phone number: +49 711 400 40990
E-mail address: kontakt@bosch.de