Data protection notice "Bosch Charging Services"
Robert Bosch GmbH
Robert Bosch GmbH (in the following referred to as Bosch, "we" or "us") thanks you for using the "Bosch Charging Services" via the Charging App "Maserati Public Charge" (MPC app) and for your interest in our company and our products.
1.1 Protecting your privacy when handling your personal data and ensuring the security of all business data is something we take very seriously, and this concern is built into our business processes. We will process personal data collected in the course of using the "Bosch Charging Services" in confidence, and only in accordance with the law.
1.2 Data protection and information security are enshrined in our corporate policy.
The entity responsible for processing your data is Robert Bosch GmbH; exceptions are explained in this data protection notice. Our contact details are as follows:
Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe, Germany
www.bosch.de
Phone number: +49 711 400 40990
E-mail address: kontakt@bosch.de
3.1 Categories of data processed
The following categories of data will be processed:
· Personal information (e.g. name, telephone number, e-mail address, postal address)
· Contract master data (e.g. contract relationship, product or contract interests)
· Customer history
· Contract billing and payment data (fiscal code required by Italian Revenue Agency in Italy only)
· Location data
· Other: Charging process data (e.g. amount of energy, charging duration, charging station used), charging identification data (user, vehicle)
3.2 Personal data means any information relating to an identified or identifiable natural person, such as their name, postal address, telephone number, e-mail address, contract, ordering and billing data which identifies a specific person. We will collect, process and use personal data (including IP addresses) only when we have legal grounds for doing so, or when you have given us your consent to do so, such as by registering with us.
- User account: In order to be able to use the "Bosch Charging Services" and to invoice accordingly, a user account is required. Bosch supports single sign-on (SSO) where the centrally stored login data of identity providers such as SingleKey ID and others (e.g. Gigya, Cognito) are used to log in to the Bosch Charging Services and so that an additional login with your own login data is not required in the Charging App.
Depending on the country availability of the "Maserati Connect" app, SSO is enabled in the charging app "Maserati Public Charge" (MPC app) either via the Maserati identity provider (Gigya) or via the Bosch identity provider (SingleKey ID). In case of a usage via the Maserati Connect app, we receive your personal information from Maserati (Gigya), in case of a usage via Bosch SingleKey ID from Bosch.IO GmbH. Further information can be found under 5.1 and 5.2. When registering, we require additional information from you to complete your user account. (Legal grounds: Contract fulfillment)
- Location of and navigation to charging points: In order to indicate charging points in your vicinity and enable you to navigate to them, we need your location data (GPS). You can specify in your cell phone's system settings whether to allow the MPC app to use location data. If you do not allow the MPC app to use location data in your cell phone's system settings, we will indicate charging points to you, but they might not be in your immediate vicinity. We will then also not be able help you navigate to charging points. There is no live tracking of your position happening. We only receive your current position at the moment of your query to show you charge points nearby. We do not store this location information. (Legal grounds: Contract fulfillment)
- Performance of charging process: It is necessary to process data in order to perform a charging process. This applies in particular for the authentication at the charging station. You can use various access media (such as Charging App, RFID card or vehicle for Plug and Charge) to start and stop charging. (Legal grounds: Contract fulfillment)
In order to enable the charging process at a specific charging station, the exchange of (pseudonymous) data between us and the respective Charge Point Operator (CPO) is necessary. To provide a comprehensive service, it is necessary to cooperate with a large number of CPOs and perform the associated data processing. (Legal grounds: Contract fulfillment)
- Monitoring of charging facilities: To safeguard our charging service, we will also monitor your charging operations. (Legal grounds: Contract fulfillment)
- Eligibility and Subscription Check: While you use the MPC app, a check is performed based on your vehicle identification number (VIN) to determine whether you are authorized to use the Bosch Charging Services via MPC app and whether a corresponding subscription exists. (Legal grounds: Contract fulfillment).
- Order and Shipment of RFID cards: If you decide to order an RFID card for access to charging stations, the RFID card will be shipped to the address you provide us. For this purpose, your personal information will be processed. (Legal grounds: Fulfillment of the contract)
- Log: Running and completed charging operations will be recorded in the log of the MPC app. (Legal grounds: Contract fulfillment)
- Payment processing: You can select a payment service provider to pay for charging facilities which you use through the MPC app. In case of time-limited promotions, partial amounts may be deducted from the invoice amount. (Legal grounds: Contract fulfillment)
In the context of promotions by Maserati, it is necessary to transfer your charging process data and charging identification data to Maserati. (Legal basis: Justified interest on our part to enable the implementation of promotions of our partner Maserati).
For the usage of our Bosch Charging Services in Italy, we process your fiscal code for the payment processing as required by the Italian tax authority („Agenzia delle Entrate“). (Legal grounds: Compliance with legal obligation)
- Create favorites: In order to quickly and easily find your preferred charging points again, you can add them to a list of favorites. In this context, we save the corresponding charging point information in your user profile. You can remove favorite charging points at any time. (Legal grounds: Contract fulfillment)
- Support: As part of our user support services, we will collect your data in order to help resolve any problems you may have. This also includes logging your activities within the Bosch Charging Services application. In some cases, it might be necessary to transfer personal information to Maserati in order to solve the support issue. (Legal grounds: Contract fulfillment)
- Rating of charging points: Within the MPC app, you can rate individual charging points by criteria including functionality, accessibility and price, and submit your feedback to us. (Legal grounds: Justified interest in improving our service quality)
As a rule, we will store your data for as long as necessary to deliver our services linked to your use of the MPC app and related ancillary services, and for as long as we have a justified interest in storing the said data further (for example, we may have a justified interest in carrying out postal marketing campaigns after having fulfilled a contract). In all other cases, we will delete your personal data, with the exception of data which we are required to continue holding in order to comply with legal obligations (for example, retention periods stipulated under tax and commercial law require us to keep documents such as contracts and invoices for a certain period of time).
We will only forward your personal data to other responsible parties to the extent necessary in fulfillment of the contract, to the extent that we or the said third party have a justified interest in forwarding it, or to the extent that you have given your consent for us to do so. Details of the legal grounds for such forwarding are set out in the section headed "Purposes of processing data and legal grounds". Third parties may also be other companies of the Bosch Group. The cases in which data is forwarded to third parties on the basis of a justified interest are explained in this data protection notice.
Other responsible Party:
Maserati
Via Ciro Menotti 322
41121 Modena
For further Information regarding data privacy please contact Maserati
Charge Point Operators (CPOs):
See 4.1 (Performing of charging process).
In general, further information and contact details of the CPO can be found on the respective charging station used.
Additionally, data may be forwarded to other responsible parties where we are obligated to do so in compliance with the law or pursuant to enforceable orders of a public agency or judgments of a court.
In case the “Maserati Connect” app is not available in your country, SingleKey ID from Bosch.IO GmbH will be used as identity provider.
Party 1:
Bosch.IO GmbH
Ullsteinstrasse 128, 12109 Berlin, Germany
Party 2:
Robert Bosch GmbH
What is the basis for joint responsibility?
In connection with the provision of SingleKey ID as an exclusive single sign-on solution of the Bosch Group, the aforementioned parties will work closely together. This also concerns the processing of your personal data. The parties have jointly determined the order in which this data is processed in individual process steps. As such, they are jointly responsible for the protection of your personal data during the process stages described below (Art. 26 GDPR).
As a data subject according to GDPR, you have a right to the following information from the aforementioned parties.
For which process stages is there joint responsibility?
Processing step: Registration and login with SingleKey ID
Responsibility lies with: Bosch.IO GmbH
Processing step: Overview and administration of master data and applications with SingleKey ID
Responsibility lies with: Bosch.IO GmbH
What have the parties agreed?
In line with their joint responsibility for data protection, the aforementioned parties have agreed which of them is responsible for meeting specific obligations under GDPR. In particular, this concerns the exercise of the rights of data subjects (Art. 15–21 GDPR) and the fulfillment of the obligations regarding provision of information (Art. 13–14 GDPR).
This agreement is required because during the provision and operation of SingleKey ID and its functions, personal data is processed in various process steps and by various systems operated either by Bosch.IO GmbH or by all parties named in the list of parties.
What does this mean for you as data subject?
Although a joint responsibility exists, the parties shall fulfill the obligations under data protection law in accordance with their respective responsibilities for the individual processing activities as follows:
In accordance with their joint responsibility, the parties shall provide the data subject with any information required under Art. 13 and 14 GDPR in a precise, transparent, intelligible, and easily accessible form, using clear and plain language. This information shall be provided free of charge. For this purpose, each party shall provide the other party with all the necessary information from its area of operation.
The parties shall inform each other without delay of any legal positions asserted by you as data subject. They shall provide each other with all the information required to respond to requests for information.
As data subject, you will, in principle, receive the information from Bosch.IO GmbH. Regardless of this internal agreement, you may also assert your rights, as data subject, directly against any party.
Data deletion
Please be aware that if you request Bosch Charging Services to delete your account or your personal data, this does not automatically result in the deletion of your SingleKey ID account. For this, please contact Bosch.IO GmbH directly.
Further information can be found in the privacy notice of Bosch.IO GmbH.
We engage external service providers to perform services including sales and marketing, contract management, payment processing, programming, data hosting, and hotline operations. We have selected the said service providers carefully, and monitor them on a regular basis, particularly with regard to their due diligence in handling and protecting your stored data. We obligate all our service providers to maintain confidentiality and to comply with all legal requirements. Service providers may also be other companies of the Bosch Group.
We use external payment service providers. Depending on which payment method you choose during the ordering process, we will forward the data connected to the processing of payments (e.g. bank details or credit card data) to the bank contracted to make the payment or to payment service providers engaged by us. In some cases, the payment service providers will also collect and process the said data as responsible parties. In such cases, the data protection notices issued by the payment service providers in question shall apply.
The transfer of data such as a user name, e-mail address or individual device ID to the app store when downloading the MPC app shall not be classed as data collection by us, and is beyond our control. We have no influence on that data collection, or on the further processing of data by the app store as the responsible party.
The MPC app may contain links to websites of third-party vendors who are not connected to us. After you click on such a link, we have no further influence on the collection, processing or use of any personal data transmitted to the third party in question by clicking on the said link (such as your IP address or the URL of the page containing the link), as the actions of third parties are inevitably beyond our control. Bosch accepts no responsibility for the processing of such personal data by third parties.
8.1 Our employees and the employees of service companies engaged by us are bound to secrecy and to adhere to the provisions of the application data protection laws.
8.2 We will implement all necessary technical and organizational measures to ensure appropriate levels of security, and to protect the data you entrust to us, in particular against the risk of unintentional or illegal destruction, manipulation, loss, modification, unauthorized disclosure or unauthorized access. Our security measures are constantly being improved to keep pace with technological developments.
9.1 Your rights as a user are detailed in this section. Please use any of the methods in the Contact section when asserting your rights. When doing so, please ensure that we are able to identify you uniquely.
9.2 Rights of notification and disclosure of information: You have the right to receive information from us concerning the processing of your data. To do so, you can assert your right to disclosure of information in relation to your personal data which we process.
9.3 Rights of correction and deletion: You can demand that we correct incorrect data and - provided that legal requirements are met - add to or delete your data as appropriate.
This does not apply to data required for billing and accounting purposes, or to data subject to statutory retention periods. To the extent that access to such data is not required, however, the processing of it will be restricted (see below).
We offer you the possibility to delete your user account irrevocably directly in the app. To do so, select the "Delete account" function in your profile. With your confirmation, your personal data will be permanently deleted within one month
9.4 Restrictions on processing: You can demand that we restrict the processing of your data, provided that legal requirements are met.
9.5 Objections to processing of data: You also have the right to object to the processing of your data by us at any time. We will then cease processing your data, unless we are able to prove the existence of pressing reasons for further processing of it which are deemed worthy of protection and which outweigh your own rights according to the law.
9.6 Objections to direct marketing: You can also object to the processing of your personal data by us for promotional and advertising purposes at any time. Please note that, for organizational reasons, there may be overlaps between your objection and the use of your data as part of an ongoing campaign.
9.7 Objections to processing of data where "justified interest" is cited as legal grounds: You also have the right to object to the processing of your data by us at any time where the said processing is based on the legal grounds of justified interest. We will then cease processing your data, unless we are able to prove the existence of pressing reasons for further processing of it which are deemed worthy of protection and which outweigh your own rights according to the law.
9.8 Revoking of consent: Where you have given us your consent to process your data, you can revoke it at any time, effective for the future. The legality of the processing of your data shall remain unaffected up to the point of revocation.
9.9 Data portability: You further have the right to receive data which you have made available to us returned to you in a structured, commonly used and machine-readable format and to demand - where technically feasible - that the data be transmitted to a third party.
9.10 Right of complaint to the regulatory authority: You have the right to submit a complaint to a data protection authority. You can submit complaints to the data protection authority whose jurisdiction covers your place of residence or federal state, or to the data protection supervisory authority to which we answer. The data protection supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
We reserve the right to change our security and data protection procedures to the extent necessary in line with technical developments. In such cases, we will also update the content of our data protection notice accordingly. Please therefore be sure always to refer to the latest version of this data protection notice.
We would like to point out that if you travel to countries listed below and charge your electric vehicle there, a different data protection notice will apply, as another Bosch legal entity will become your service provider and controller in terms of data protection.
List of affected countries including the respective data protection notices:
Greece: < Link to oneDPN(GR) in "en" language >, service is provided by Robert Bosch Single Member SA
If you need any further help, please do not hesitate to contact our support team via support@bosch-emobility.com.
You can contact us at the address given in the "Responsible party" section.
For the assertion of your rights as well as reporting of data protection incidents use the following link: https://request.privacy-bosch.com.
For suggestions and complaints with regard to the processing of your personal data we suggest to contact our Officer for data protection:
Officer for Data Protection
Information security and data protection Bosch Group
Postfach 30 02 20
70442 Stuttgart
GERMANY
or
Mail to: DPO@bosch.com
Date: June 2023
Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe, Germany
www.bosch.de
Phone number: +49 711 400 40990
E-mail address: kontakt@bosch.de