Data Protection Notice

In the following data protection notice we would like to inform you about the categories of personal data (hereinafter referred to as ‘data’) we process, for which purposes and to what extent. The data protection notice applies to all processing of personal data carried out by us, both in the context of the provision of our services and on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offers’).

1. Keenfinity respects your privacy

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data that was gathered during your visit of our online offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

2. Controller

As a controller Keenfinity is responsible for the processing of your data; exceptions are outlined in this data protection notice.

Our contact details are as follows:

Keenfinity GmbH
Fritz-Schäffer-Straße 9
81737 München
GERMANY

Email: Dataprotection.Keenfinity@de.bosch.com
Phone: +49 (0) 89 6290-0

3. Collection, processing and usage of personal data

3.1. Processed categories of data

The following categories of data are processed:

Communication data (e.g. name, telephone, e-mail, address, , company)
Technical data (e.g. IP address, log files, user profile data)
Contractual master data (e.g. contractual relationships, contractual or product interest)
Client history
Contract accounting and payment data
Geolocation

3.2. Principles

Personal data consists of all information related to an identified or identifiable natural person; this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so, or you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

3.3. Processing purposes and legal bases

We; as well as the service providers commissioned by us; process your personal data for the following processing purposes:

Provision of online offers including a contact form regarding the products and services offered by us for the purpose of the performance of a contract between us and the data subjects.
(Legal basis: Legitimate interest in direct marketing (Art. 6 (1) (b) GDPR); performance of a contract between us and the data subjects, Art. 6 (1) (b) GDPR).
Provision of the online offers and fulfillment of contractual obligations under our contractual terms including invoicing and prior credit assessment. Invoicing may include the sale of claims.
(Legal bases: Performance of a contract between us and the data subjects (Art. 6 (1) (b) GDPR) respectively our legitimate interest in the implementation of an efficient claims management and in avoiding claim defaults as regards the sale of claims and the credit assessment, Art. 6 (1) (f) GDPR).
Resolving service disruptions as well as for security reasons.
(Legal bases: Compliance with legal obligations within the scope of data security and legitimate interest in resolving disruptions/disturbances and in the security of our offers, Art. 6 (1) (c) GDPR).
Self-promotion and promotion by others, as well as market research and reach analysis within the scope statutorily permitted or based on consent.
(Legal bases: Consent, Art. 6 (1) (a) GDPR / legitimate interest in direct marketing for direct marketing purposes, Art. 6 (1) (f) GDPR).
Sending an email or SMS/MMS newsletter with the recipient’s consent.
(Legal basis: Consent, Art. 6 (1) (a) GDPR).
Safeguarding and defending our rights.
(Legal basis: Legitimate interest in safeguarding and defending our rights, Art. 6 (1) (f) GDPR).
Geolocation: In this process, IP addresses are shortened to the last octet before being used in any analysis of user behavior. Your IP address is only used in its shortened form when establishing an approximate geolocation, too. Here, the country of origin is determined, and this data is then stored. (Provided legal basis: legitimate interest in the provision of our offers, Art. 6 (1) (f) GDPR)

3.4. Registration

If you wish to use our offers or get access to the benefits of our offers, we might request your registration. With your registration we collect personal data necessary for the performance of the contract (e.g. first name, last name, email address, if applicable, details on the preferred payment method or on the account holder) as well as, if applicable, further data on a voluntary basis. Mandatory information is marked with an *.

3.5. Log files

Each time you use the internet, your browser is transmitting certain information which we store in so-called log files.

We save log files for 7 days to determine service disruption and for security reasons (e.g., to investigate attack attempts) and delete them afterwards. Log files which need to be maintained for evidence purposes are excluded from deletion until the respective incident is resolved and may, on a case-by-case basis, be passed on to investigating authorities.

Log files are also used for analysis purposes (without the IP address or without the complete IP ad-dress). Also see module web analysis.

In log files, in particular the following information is saved:

IP address (internet proto-col address) of the terminal device which is being used to access the Online Offer;
Internet address of the website from which the Online Offer is accessed (so-called URL of origin or referrer URL);
Name of the service provider which was used to access the Online Offer;
Name of the files or information accessed;
Date and time as well as duration of recalling the data;
Amount of data transferred;
Operating system and in-formation on the internet browser used, including add-ons installed (e.g., Flash Player);
http status code (e.g., “Request successful” or “File requested not found”).

3.6. Children

This online offer is not meant for children under 16 years of age.

3.7. Data transfer

3.7.1. Data transfer to other controllers

Principally, your personal data is forwarded to other controllers only if required for the performance of a contract between us and you, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal bases can be found in the Section 3.3 purposes and legal bases as well as the Bosch grouplegitimate interest, this is explained in.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

3.7.2. Service providers (general)

As part of our processing of personal data, it may be transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks, providers of services and content that are integrated into a website, sales and marketing services, contract management, payment handling, programming, data hosting and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. In these cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests or takes place if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or a legal permission exists.

3.7.3. Payment service providers

We involve external payment service providers.

Depending on the type of payment method you choose during the ordering process, we transfer data used for the processing of payments (e.g., bank account or credit card data) to the financial institution charged with the payment or to payment service providers commissioned by us. Sometimes, payment service providers also collect and process such data as controllers. In this case (payment service providers are data controllers), the data protection notice or privacy policy of the respective payment service provider applies.

3.7.4. Claims management

We reserve the right to have claims collected by external service providers.

Additionally, we have a legitimate interest in selling claims to third parties and in transferring data necessary for the collection of the claim to the respective buyer of the claim. During claim collection, claim buyers act in their own names and are themselves responsible for processing the data. In this respect, the data protection notices of the respective claim buyer apply.

3.8. Transfer to recipients outside the EEA

We might transfer personal data to recipients located outside the EEA into so-called third countries.

In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies (which can be recognised by the postal address of the respective provider or if the data protection declaration expressly refers to the transfer of data to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission on 10 July 2023. Where possible, we have also concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and stipulate contractual obligations to protect your data.

This dual protection guarantees comprehensive protection of your data: The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should there be any changes to the DPF, the standard contractual clauses act as a reliable fallback option. In this way, we ensure that your data always remains adequately protected, even in the event of any political or legal changes.

For the individual service providers, we will inform you whether they are certified in accordance with the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/.

For data transfers to other third countries, appropriate security measures apply, in particular standard contractual clauses, explicit consent or legally required transfers. Information on third country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=en.

3.9. Duration of storage; retention periods

Principally, we store your data for as long as it is necessary to render our Online offers and the services connected to them, or for as long as we have a legitimate interest in storing the data (e.g., we might still have a legitimate interest in postal mail marketing upon performance of a contract between us and you). In all other cases, we delete your personal data except for data we must store to comply with legal or contractual obligations (e.g., we are obliged due to retention periods under the German tax and commercial codes to have documents such as contracts and invoices available for 10 years).

4. Credit assessments

As part of our business relationships, we conduct credit assessments to mitigate economic risks and protect our corporate interest. For this purpose, we collect and process company data from business partners, particularly publicly available information such as commercial register extracts, annual reports, Creditreform reports, and information from credit reference agencies. Data processing is based on Art. 6 (1) (f) GDPR to safeguard our legitimate interest. The collected data is used exclusively for assessing economic performance and creditworthiness and will not be disclosed for other purposes.

If the result of a credit assessment does not satisfy our requirements, we reserve the right to ask for an assured payment method (e.g. credit card) or to refuse to enter into a contract.

The credit assessment includes an automated decision-making process in accordance with Art. 22 GDPR. This automated assessment evaluates your company`s creditworthiness using predefined algorithmic criteria. You have the right to object to this automated decision, request human intervention of a case handler, express your point of view and contest the decision. In such cases, please contact our Data Protection Officer.

Storage occurs for the duration of the business relationship plus the statutory retention periods.

5. Reports made to credit agencies

We report due claims to credit agencies when, despite maturity, no payment has occurred, when the transfer is necessary to preserve our legitimate interests or legitimate interests of third parties and when the additional statutory requirements are present. These are

enforceability of the claim or if the claim is undisputed; or
the issuance of at least two written overdue notices upon maturity of the claim, whereas the first overdue notice must have occurred at least four weeks prior and the debtor has been informed of the possibility of submitting the claim to a credit agency (in this first notice or at least before actual submittal to the credit agency) and the claim has not been disputed; or
the possibility of the termination of the contractual relationship without previous notice due to arrears and the debtor has been informed about the possibility of submitting the claim to a credit agency.

In addition, we may report behavior contravening the contract (e.g., fraudulent behavior, misuse) to credit agencies as far as this is necessary to preserve our legitimate interests or the legitimate interests of third parties and there is no reason to assume that the data subject’s interests worthy of protection outweigh or prevail over these legitimate interests.

6. Usage of Cookies

In the context of our online service, cookies and tracking mechanisms may be used. Cookies are small text files that may be stored on your device when visiting our online service. Tracking is possible using different technologies. In particular, we process information using pixel technology and/or during log file analysis.

6.1. Categories

We distinguish between cookies that are mandatorily required for the technical functions of the online service and such cookies and tracking mechanisms that are not mandatorily required for the technical function of the online service. It is generally possible to use the online service without any cookies that serve non-technical purposes.

Technically required cookies
By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies that store data to ensure smooth reproduction of video or audio footage. Such cookies will be deleted when you leave the website.

Cookies and tracking mechanisms that are technically not required
We only use such cookies and tracking mechanisms if you have given us your prior consent in each case. Excluded is the cookie that saves the status of your privacy settings (selection cookie). The use of this cookie is based on our overriding legitimate interest in accordance with Art. 6 (1) (f) GDPR. Comfort cookies are currently not used.

Marketing cookies and tracking mechanisms:
By using marketing cookies and tracking mechanisms we and our partners are able to show you offerings based on your interests, resulting from an analysis of your user behavior:

Statistics: By using statistical tools, we measure e.g. the number of your page views.

Conversion tracking: Our conversion tracking partners place a cookie on your computer ("conversion cookie") if you accessed our website via an advertisement of the respective partner. Normally these cookies are no longer valid after 30 days. If you visit certain pages of our website and the cookie has not yet expired, we and the relevant conversion partner can recognize that a certain user clicked on the advertisement and thereby was redirected to our website. This can also be done across multiple devices. The information obtained by means of the conversion cookie serves the purpose of compiling conversion statistics and recording the total number of users who clicked on the respective advertisement and were redirected to a website with a conversion tracking tag.

Retargeting: These tools create user profiles by means of advertising cookies or third-party advertising cookies so called "web beacons" (invisible graphics that are also called pixels or tracking pixels), or by means of comparable technologies. These are used for interest-based advertising and to control the frequency with which the user looks at certain advertisements. The relevant provider is the controller responsible for the processing of data in connection with the tool. The providers of the tools might disclose information also to third parties for the purposes mentioned above. Please note the data protection notices of the relevant provider in this context.

We use the following tools:

Name: Meta-Pixel
Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
We are jointly responsible with Meta Platforms Ireland Ltd. for processing your personal data as part of the processing of your personal data on our online offering via MetaPixel. We have entered into a joint controller agreement with Meta Platforms Ireland Ltd. in order to determine our respective responsibilities for fulfilling obligations under the GDPR with regard to joint processing. The essential content of the agreement can be accessed at any time via the following link: https://www.facebook.com/legal/controller_addendum This regulates in particular which security measures Meta Platforms Ireland Ltd. must observe (https://www.facebook.com/legal/terms/data_security_terms) and how data subject rights can be asserted against Meta Platforms Ireland Ltd..
Function: Meta Platforms Ireland Ltd. processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR via the Meta Pixel to create campaign reports, track conversions, click events, and target advertising outside of our websites (retargeting) using HTTP headers (including IP address, device and browser properties, URL, referrer URL and your person), pixel-specific data (including pixel ID and Meta cookie), click behaviour, optional values (for example, conversions, page type), form field names (such as "email", "address", "quantity" for the purchase of a product or service). We do not receive any personal data about you from Meta Platforms Ireland Ltd., only anonymized campaign reports about the website target group and ad performance. You can opt-out of receiving interest-based ads from Meta Platforms Ireland Ltd. by changing your advertising preferences on Meta’s website. Alternatively, you can opt out of the use of cookies by third parties by visiting Digital Advertising Alliance's opt-out page at http://optout.aboutads.info/?c=2&lang=EN or page http://www.youronlinechoices.com. You will find more information at: https://www.facebook.com/privacy/policy/version/9620322271328999.
Name: LinkedIn Insight Tag
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Function: LinkedIn processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR via the pixel "LinkedIn Insight Tag" for the creation of campaign reports, tracking of conversions, click events as well as targeted advertising outside our websites (retargeting) based on URL, referrer URL, shortened or hashed IP address (for cross-device retargeting), devices and browser properties (user agent) and time stamp. We do not receive any personal data from you from LinkedIn, only anonymized campaign reports on website audience and ad performance. LinkedIn storage period: pseudonymization after 7 days, final deletion after 180 days.
For more information, please visit: https://www.linkedin.com/legal/privacy-policy
Name: Google Ads Remarketing Tag
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Google processes your personal data on the basis of your consent through “Google Ads Remarketing Tag” Pixel for the generation of campaign reports, conversion tracking, click events and targeted advertising outside our website (retargeting) on the basis of URL, referrer URL or inclusion on remarketing lists defined through us, for example. Using the above information, it is also possible for you to be associated with your Google account and included in remarketing lists. We do not receive any personal data concerning you from Google, but rather receive anonymised campaign reports about the target audience and ad performance. You can stop getting interest-based ads from Google by changing your advertising preferences on the Google website at https://www.google.com/settings/ads/onweb#display_optout. Alternatively, you can deactivate the use of third-party cookies by visiting the Network Advertising Initiative opt-out page at http://www.networkadvertising.org/managing/opt_out.asp or managing the use of device identification in the device settings. You can find instructions at https://support.google.com/ads/ans-wer/1660762#mob and more information at https://policies.google.com/privacy
Name: X Advertising (Retargeting or Conversion Tracking)
Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Function: Twitter International Unlimited Company in accordance with Art. 6 (1) (a) GDPR processes your personal data on the basis of your consent For the analysis of user behaviour data, such as websites visited, content accessed, time of visit, etc., as well as device-related data, such as applications and operating systems used. X Ads uses cookies and code to connect the website to another third-party platform such as X. A non-reversible and non-personal hash value is generated from your usage data and transmitted to X for analysis and marketing purposes. In addition, a so-called “X pixel” can be used to track the actions of users after they have seen or clicked on a X ad.
With “cross-device personalization”, X may also link all devices of a user. Since the data is stored and processed by X, a connection to the respective user profile on x.com may also be possible.
In the course of processing, the data may be transmitted to a X Corp. server in the USA. X Corp. is certified under the Data Privacy Framework (DPF)and thus ensures an adequate level of protection of your data in accordance with European data protection law. You can download the certificate here: https://www.dataprivacyframework.gov/participant/2710.
Anonymized data will be deleted within 6 months. Data that can possibly identify a specific user on X will be deleted within 90 days. Further information on the duration of the storage can be obtained from the provider or at https://legal.x.com/ads-terms/international.html.
You can object to X’s data collection by adjusting the settings in your X account or at https://x.com/settings/account/personalization. If you would like to opt out of interest-based advertising from certain third-party advertisers, you can do so at https://optout.aboutads.info and https://optout.networkadvertising.org.
For more information about the purpose and scope of the data collection and the further processing and use of the data, as well as the privacy settings, please refer to X’s privacy policy: https://x.com/en/privacy.

Please note that using the tools might include transfer of your data to recipients outside of the EEA where there is no adequate level of data protection pursuant to the GDPR.For more details in this respect please refer to the following description of the individual marketing tools.

6.2. Overview of the marketing tools and cookies we use

You will find an overview of the marketing tools and cookies we use in this section.

We use the following cookies:

Name: do-consent
Storage period: This cookie will be stored for a maximum of 12 months or until you revoke your consent to the use of cookies
Function: The do-consent cookie processes your consent to the use of cookies for this website.

We use the following marketing tools:

Tool name: Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Google Ireland Limited processes your personal data (IP address, device and browser properties (user agent)) based on your consent in accordance with Art. 6 (1) (a) GDPR for the analysis of user behavior (page retrievals, number of visitors and visits, downloads), creation of pseudonymous user profiles based on cross-device information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information provided by Google, retargeting, User Experience (UX) testing, conversion tracking and retargeting in conjunction with Google Ads.
Name: Google Optimize
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function:Google Ireland Limited processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR via cookie for the analysis of the cross-site user behaviour and testing of the User Experience (UX)
Name: Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Google Ireland Limited processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR for the administration of website tags via a user interface, integration of program codes on our online offerings.
Name: Google Ads
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Function: Google Ireland Limited processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR via the "Google Ads Remarketing Tag" pixel for the placement of advertisements, remarketing, conversion tracking,,the creation of campaign reports, tracking of conversions, click events as well as targeted advertising outside our websites (retargeting) by means of e.g. URL, referrer URL, membership of re-marketing lists defined by us. The aforementioned information can also be used to link you to your Google account and to include you in remarketing lists. We do not receive any personal data about you from Google, only anonymised campaign reports about the target group and ad performance.

6.3. Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings.

Note: The settings you have made refer only to the browser used in each case.

Deactivation of all cookies
If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.

Management of your settings with regard to cookies and tracking mechanisms not required technically
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any technically not required cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.

6.4. Use of a consent management platform

We use the consent management application of a consent manager provider on our website to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. The provider of this technology is consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg, Germany - a company of consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden. (hereinafter referred to as “Consent Manager Provider”).

When you enter our website, a connection to the consent manager provider's servers is established in order to obtain your consent and other declarations regarding the use of cookies. The consent manager provider then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the consent manager provider cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. We use the services of the consent manager provider to obtain the legally required consent in accordance with Art. 6 (1) (a) GDPR for the use of cookies. The legal basis for the use of the consent management application is our legitimate interest in accordance with Art. 6 (1) 1 ( c) GDPR. For moreinformation with regard to data protection at Consent Manager, please refer to consentmanager’s privacy policy: https://www.consentmanager.net/de/datenschutz/.

7. Usage of our mobile applications

In addition to our Online offers, we offer mobile applications ("Apps") for IOS and Android devices that enable enhanced use of our service. When using our apps, we collect certain personal data, particularly device information, usage statistics, and technical data for functionality optimization. Data processing based on Art. 6 (1) (b)(f) GDPR for contract performance and legitimate interest. We implement technical and organizational measures inn accordance with Art. 32 GDPR to protect your data from unauthorized access. The permissions used in the apps are limited to the absolute minimum required for functionality. Data transfer to third parties occurs only within the framework of legal provisions and only to the necessary extent for service provision.

7.1. Data processing by App Store operators

Please note that app store operators (Apple App Store, Google Play Store) process personal data independently and in their own responsibility. This includes data collected during app download, purchase, installation and app store account management. The data processing by app store operators is subject to their respective privacy policies and terms of service. We have no influence on the data collection and processing methods of these platforms. We recommend reviewing the privacy policies of Apple Inc. and Google LLC to understand how these providers handle your personal data. The app store operators are independently responsible for compliance with data protection regulations in their respective data processing activities.

8. Social Media Presences

We maintain social media presences and process user data in this context to communicate with users or to offer information about us.

We would like to point out that user data may be processed outside the European Union (EU) or the European Economic Area (EEA). This may result in risks for users such as an increased difficulty to enforce their rights.

Furthermore, user data within social media networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The latter may in turn be used, for example, to place ads within and outside the social media networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on users' computers, in which the user behaviour and interests of the users are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection notices and information provided by the operators of the respective social media networks.

In the case of requests for information and the exercise of data subject rights, we would also like to point out that these can be exercised most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

Processed data types: Contact data (e.g. postal and email addresses or telephone numbers); Content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Communication; Feedback (e.g. collecting feedback via online form); Public Relations.
Storage and erasure: Erasure in accordance with the information in the section ‘General information on data storage and deletion’.
Legal basis: Legitimate interests (Art. 6 (1)(f) GDPR).

LinkedIn

Social media network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitors' data used to create the “page insights” (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with and the actions they take. Details are also collected about the devices used, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from the user profiles, such as job function, country, industry, hierarchy level, company size and employment status. Further Information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

We have concluded a special agreement with LinkedIn Ireland (‘Page Insights Joint Controller Addendum’, https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfil the rights of the data subjects (i.e. users can, for example, send requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Legal basis for third country transfers: Data Privacy Framework (DPF); Standard Contractual Clauses (https://legal.linkedin.com/dpa); Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plug-ins, embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but may also be linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved); location data (information on the geographical position of a device or person).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Provision of our online services and usability; Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Custom Audiences; Marketing; Profiles with user-related information (Creating user profiles).
Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’; storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
Legal basis: Consent (Art. 6 (1)(a) GDPR); Legitimate interests (Art. 6 (1)(f) GDPR).

Further information about the processing, procedures and services:

Google Maps:
Our online offers use Google Maps map services. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Loading the map requires you to activate the corresponding plugin. If you activate the plugin, data will be transmitted to Google and the Google DoubleClick advertising network contacted. This may trigger further data processing operations over which we have no control. If the map is loaded, cookies are also used.
To find out more about the scope and purpose of Google Maps’ activities to collect, further process, and use data, about possible transfers of personal data to third countries such as the United States, about your rights and the data protection options available to you, please consult Google’s privacy policy.Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent in accordance with Art. 6 (1) (a) GDPR; Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy; Legal basis for third country transfers: Data Privacy Framework (DPF).

X-Plugins and content:
Plugins and buttons of the platform ‘X’ - This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within X.
Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests in accordance with Art. 6 (1) (f) GDPR; Website: https://x.com/de; Privacy Policy: https://x.com/de/privacy, (Settings: https://x.com/personalization); Data processing agreement: https://privacy.x.com/en/for-our-partners/global-dpa; Legal basis for third country transfers: Standard Contractual Clauses (https://privacy.x.com/en/for-our-partners/global-dpa).

YouTube videos: This website uses videos from the video platform YouTube. YouTube is a platform that enables you to play video files. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To increase the protection of your data when visiting our online offers, YouTube content is deactivated by default and integrated into the page in "privacy enhanced mode".
This way, a connection to YouTube, including a transmission of log data to YouTube, is only established when you perform an interaction with the player. This constitutes your consent. When you interact with the active YouTube player, data is also transmitted to Google as controller and contact is made with the Google DoubleClick advertising network, which may trigger further data processing operations over which we have no control.
You can revoke your consent at any time with effect for the future by reloading the website.
Further information on the scope and purpose of the data collected, the further processing and use of the data by Google, your rights and the data protection option you can select can be found in YouTube's privacy policy.
Videos stored on YouTube are embedded within our online offers. These YouTube videos are integrated via a special domain using the ‘youtube-nocookie’ component in the so-called ‘extended data protection mode’. In ‘extended data protection mode’, until the video is started, only information including your IP address and details of the browser and your end device can be stored on your end device in cookies or by means of comparable procedures, which YouTube requires for the output, control and optimisation of the video display. As soon as you play the videos, additional information may be processed by YouTube to analyse usage behaviour and to store it in the user profile and to personalise content and ads. The storage period for cookies can be up to two years;)
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Legal basis for third country transfers: Data Privacy Framework (DPF), Further information: https://support.google.com/youtube/answer/171780?hl=en-GB&sjid=14528114815653255983-EU#zippy=%2Cturn-on-privacy-enhanced-mode

9. Communication tools on social media presences

On our social media presences (e.g. LinkedIn, Facebook) communication tools to process your messages sent via this social media platform and to offer you support.

When sending a message via our social media presences the message is processed to handle your request (and if necessary additional data, which we receive from the social media provider in connection with this message as your name or files).

In addition, we can analyse the data in an aggregated and anonymized form to better understand how our social media platform is used.

We will forward the personal data you provide (e.g. name, surname, title, if applicable also email address) to the Keenfinity legal entity responsible for the processing of your request (for example, in case your request refers to a product that is distributed by another Keenfinity legal entity). The legal basis for the processing of your data is our legitimate interest (Art. 6 (1) (f) GDPR) or, if applicable, an existing contractual relationship (Art. 6 (1) (b) GDPR). The processed personal data is deleted 180 days upon receipt of your message the latest.

10. Newsletter

Within the scope of our Online offers, you can sign up for newsletters. We provide the so-called double opt-in option which means that we will only send you a newsletter via email after you have explicitly confirmed the activation of the newsletter service to us by clicking on the link in a notification. In case you wish to no longer receive newsletters, you can terminate the subscription at any time by withdrawing your consent. You can withdraw your consent to email newsletters by clicking on the link which is sent in the respective newsletter mail. Alternatively, please contact us via the contact details provided in the Contact section. Please note that signing up for newsletters might include transfer of your data to recipients outside of the EEA where there is no adequate level of data protection pursuant to the GDPR as stated above in 3.8.

We use the following tools:

Name: Optimizely Campaign
Provider: Optimizely North America, Inc., 119 5th Ave 7th floor, New York, NY 10003, USA
Function: If you sign up for our newsletters from Keenfinity Group affiliates Optimizely North America, Inc. processes your personal data (email address, name and surname) based on your consent in accordance with Art. (6) (1)(a) GDPR. For more information regarding the processing of your personal data, please visit: https://www.optimizely.com/legal/privacy-notice/. Legal basis for third country transfers: Data Privacy Framework (DPF).

Name: Constant Contact email marketing
Provider: Constant Contract, Inc., 1601 Trapelo Road, Waltham, MA 02451, U.S.A.
Function: If you sign for our newsletter from Keenfinity Group affiliates based in the USA Constant Contract, Inc. processes your personal data (email address, name and surname) based on your consent in accordance with Art. (6) (1)(a) GDPR. For more information regarding the processing of your personal data, please visit: https://www.constantcontact.com/legal/privacy-notice. GDPR Addendum: https://www.constantcontact.com/legal/gdpr-addendum. Legal basis for third country transfers: Data Privacy Framework (DPF).

11. Widgets

We include widgets from external providers into our online services to increase the user experience of our online services. Please note that using the widgets might include transfer of your data to recipients outside of the EEA where there is no adequate level of data protection pursuant to the GDPR as stated above in 3.8.

We use the following tools:

Name: Smart Recruiters Job Widget
Provider: Smart Recruiters, Inc., 166 Geary St, San Francisco, CA 94108
Function: Smart Recruiters, Inc. processes your personal data based on your consent in accordance with Art. 6 (1) (a) GDPR via the Job Widget embedded into our online services to display our current job opportunities. The Job Widget records your IP address when requesting data for the job widget and the logs that capture device and browser properties (user agent), time stamp and a list of your search query parameters when loading the “Job widget” data. Website: https://www.smartrecruiters.com/. For more information regarding the processing of your personal data, please visit: https://www.smartrecruiters.com/legal/general-privacy-policy/. Legal basis for third country transfers: Data Privacy Framework (DPF).

12. Contact forms

Personal data is collected when you contact us (e.g. via contact form or email).

We offer various forms on our website, such as forms for contacting specialist departments, registration forms, forms for requesting product and information material, forms for booking a meeting with an expert. The data collected differs and can be seen in the respective form. Mandatory fields such as name, surname and email address are marked with an asterisk (*). If you have consented to the use of your personal data in accordance with Art. 6 (1) (a) GDPR, you can submit the contact form. You can revoke your consent at any time. The storage and use of the data transmitted by you serves exclusively to process your contact request or to establish contact and the associated administration.

The legal basis for the processing of this data is our legitimate interest in responding to inquiries in accordance with Art. 6 (1) (f)GDPR. In the case of contract-related contact, Art. 6 (1) lit. (b) GDPR also applies as the legal basis. Collected data will be deleted once the request has been fully processed. Processing is deemed to have been completed when the matter in question has been clarified. Statutory retention obligations may prevent immediate erasure.

13. External links

Our Online offers may contain links to third party internet pages – by providers who are not related to us. Upon clicking the link, we have no influence on collecting, processing and using personal data possibly transmitted by clicking the link to the third party (such as the IP address or the URL of the site on which the link is located) as the behavior of third parties is naturally outside our supervision. We do not assume responsibility for the processing of such personal data by third parties.

14. Security

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures in accordance with Art. 32 GDPR to ensure an appropriate level of security and to protect your data that is administrated by us, especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

15. User rights

To enforce your rights, please use the details provided in the Contact section. In doing so, please ensure that an unambiguous identification of your person is possible.

Right to information and access (Art. 15 GDPR):
You have the right to obtain confirmation from us about whether your personal data is being processed, and, if this is the case, access to your personal data.

Right to rectification and (Art. 16 GDPR):
You have the right to obtain the rectification of inaccurate personal data.

Right to erasure (‘right to be forgotten’) (Art. 17 GDPR):
As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data. This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

Right to restriction of processing (Art. 18 GDPR):
As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.

Right to data portability (Art. 20 GDPR):
You are entitled to receive data that you have provided us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.

Right to object (Art. 21 GDPR):
Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

Objection to data processing based on the legal basis of “legitimate interest”:
In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.

Withdrawal of consent (Art. 7 (3) GDPR):
In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

Right to lodge complaint with supervisory authority (Art. 57 (1) (f) GDPR):
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us. This is:

State Commissioner for Data Protection and Freedom of Information

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach

Postanschrift

Postfach 1349
91504 Ansbach
Deutschland

Telefon

Telefon: +49 (0) 981 180093-0
Montag bis Freitag: 08:00 Uhr – 12:00 Uhr

Telefax

Telefax: +49 (0) 981 180093-800

poststelle@lda.bayern.de

16. Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. Please therefore observe the current version of our data protection notice, as this is subject to changes.

17. Contact

If you wish to contact us, please find us at the address stated in the section Controller.

To assert your rights please use the following link: https://request.privacy-bosch.com/entity/st/lang/en-GB/

To notify data protection incidents please use the following link: https://www.bkms-system.net/bosch-dataprotection

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer
Information Security and Privacy (C/ISP)
Robert Bosch GmbH
Postfach 30 02 20
70442 Stuttgart
GERMANY

mailto: DPO@bosch.com

Effective date: 2025
Last modified: 02.05.2025