Bosch Smart Home

Bosch Smart Camera solution privacy statement

1. Bosch respects your privacy

The Robert Bosch Smart Home GmbH (hereinafter "Robert Bosch Smart Home GmbH" or "We" or "Us") welcomes you to our internet pages and mobile applications (together also referred to as "Online Offers"). We thank you for your interest in our company and our products.

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

2. Controller

The Robert Bosch Smart Home GmbH is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.

Our contact details are as follows:

Robert Bosch Smart Home GmbH

Schockenriedstr. 17

70565 Stuttgart-Vaihingen

E-Mail: service@bosch-smarthome.com

3. Collection, processing and usage of personal data

3.1 Principles

The Bosch Smart Camera App, the video cameras connected to it and the online storage accessible via the app, serve with their functionalities to make your home safer. For the execution of the contract, i.e. for the provision of related services (e.g. functionalities of the app, storage of image data in the online storage), it is necessary that we collect data that can be related to you or another natural person.

Personal data is all information that refers to an identified or identifiable natural person, such as names, addresses, telephone numbers, e-mail addresses, contract, booking and billing data that are an expression of a person's identity. Some of the data we process is not personal data. With regard to this information, we have neither an interest in identifying a natural person, nor do we have the necessary knowledge or the legally permissible means to establish a personal reference. For example we may use such non-personal data to improve our products.

We only collect, process and use personal data if we have a legal basis for this or if you have given us your consent in this regard, e.g. as part of a registration. Several legal bases can be applicable in parallel and allow the processing of personal data.

Processed data includes:

Contract details

This is personal data that is required to establish, execute and terminate the contractual relationship with you. This includes in particular name and registration information.

Usage-related and technical information

This is information that can be personal. These are required to enable the operation and use of the Bosch Smart Camera App and the storage of data in the online memory. In concrete terms, these are:

Characteristics for identification as user (user ID, identification, IP address)

Information on the beginning, end, and scope of use of the Bosch Smart Camera App

Device IDs

Location information

Contact data (e.g. for event notification)

Settings of the app regarding our offered services

Technical information for the adjustment and the provision of current time and updates of your system by our servers

System data e.g. connected cameras and accessories, serial number, software versions of the individual components

Circumstances of image generation (e.g. light conditions, date, time)

System status data, e.g. system time, error messages

Event history of the video system

Type of terminal used, e.g. smartphone or tablet PC, manufacturer, OS version of the terminal device

Application usage data e.g. frequency of use, registered crashes, application errors

Content data

This is data that relates to natural persons and that you generate with the Bosch Smart Camera App and the connected cameras. Only with this data is a sensible operation of the security solution possible from your point of view. Content data includes:

Live image data with audio

Stored video sequences with audio

Device IDs

Registration via the central Bosch-ID

You may register for our online offers exclusively using the central Bosch-ID. The centralised Bosch-ID was devised by Bosch.IO GmbH for the Bosch Group in order to allow for the joint users to benefit from offers of different group companies using centralised application data and increase data safety.

Bosch.IO GmbH, Ullsteinstraße 128 12109 Berlin, Germany is responsible for the provision of this single sign-on service.

If you want to apply for a centralised Bosch-ID, the General Terms of Use for the Registration and Use (https://myaccount.bosch.com/BeaPUssWeb/termsAndConditions-v2.0) of a centralised Bosch-ID and the Data Protection Notice (https://myaccount.bosch.com/BeaPUssWeb/privacyPolicy-v2.0) of the Bosch.IO GmbH shall apply.

After successful registration you may utilise the registration data used for the centralised Bosch ID also for registering for this online offer. To this end, we shall provide an Robert Bosch GmbH registration template for the centralised Bosch-ID. The Bosch.IO GmbH then shall confirm your authorisation and provide us with the master data required for using our offers (e.g. surname, first name, date of birth, company name, email address, telephone numbers, mail address). Your password shall not be communicated to us.

Concerning further data transfers within the Bosch Group associated with the centralised Bosch-ID, please refer to the Data Protection Notice (https://myaccount.bosch.com/BeaPUssWeb/privacyPolicy-v2.0).

3.2 Processing purposes and legal bases

We; as well as the service providers commissioned by us; process your personal data for the following processing purposes:

Provision of these Online Offers and fulfillment of contractual obligations under our contractual terms

(Legal basis: Fulfillment of contractual obligations).

Resolving service disruptions as well as for security reasons.

(Legal bases: Fulfillment of contractual obligations or fulfillment of our legal obligations within the scope of data security, and justified interest in resolving service disruptions as well as in ensuring the protection of our offers).

Safeguarding and vindication of our rights

(Legal basis: Justified interest on our part for the safeguarding and vindication of our rights).

Other purposes

Ensuring that the app and associated devices (e.g. cameras) are up-to-date and secure (e.g. by providing updates).

3.3 Log files

Each time you use the internet, your browser is transmitting certain information which we store in so-called log files.

We save log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts).

3.4 Data transfer

Data transfer to other controllers

Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation or the implementation of pre-contractual measures, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal bases can be found in the Section Purposes of Processing and Legal Bases. Third parties may also be other companies of the Bosch group. When data is transferred to third parties based on a justified interest, this is explained in this data protection notice.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

Use of service providers

We involve external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, data hosting and hotline services. We have chosen those service providers carefully and ensure that they carefully handle the data that they store. All service providers are obliged to maintain confidentiality and to comply to the statutory provisions. Service providers may also be other Bosch group companies. When involving external service providers, we might transfer personal data to recipients located outside the EEA into so-called third countries.

3.5 Integration of components provided by other providers

3.5.1 Connection to systems, apps and services of other providers ("Smart Home Cloud")

With Bosch Smart Home you have control over your data. If you wish, you can share your device data with partner companies (hereinafter referred to as partners) and control your Bosch Smart Home products via their systems, apps or services.

This requires that you grant access to your Bosch Smart Home cameras and the generated data to the respective partner. This data may be personal.

If you want to allow the partner to access and control the cameras, activate the function "Mirror system in cloud" in the Bosch app. The data generated by your system or products will then be mirrored in the Bosch Smart Home Cloud. You can then allow specific partners to access and control your cameras. This is done in the following way: You open the partner's app and agree to link and control your smart home cameras and transfer data. If you control your smart home camera through partner apps, we may need to transmit data that may be personally identifiable (e.g., room or device names).

If you have given your consent, the option to access and control will remain active until you deactivate it. If you wish to terminate a partner's access, you can revoke the data authorization via "Change Authorizations" on the Bosch Smart Home Cloud website (authz.smarthome.bosch.com/Applications). If you generally no longer want to mirror your data in the Bosch Smart Home Cloud, you can deactivate it in the Bosch Smart Home App. This will delete your mirrored data. If you want to share your cameras with a partner again, you can reactivate the "Bosch Smart Home Cloud" function in the Bosch Smart Camera App.

Please note:

If you want to withdraw the authorisation from a certain partner, proceed as follows: You revoke the authorisation of the partner via this app and thus break the link of the partner account to the Bosch ID, so that the partner is no longer allowed to control your Bosch products and services.

Additionally, you should withdraw the authorisation from the partner on the Bosch Smart Home Cloud Website ("App Settings” > "Partners” > "Manage Authorisations”). Not only does this ensure that the account link is removed but also that the authorisation is revoked.

If you remove the data of the cameras from the cloud in the Bosch Smart Home Camera App, your mirrored data will be deleted. However, the authorisations you have granted to partners will remain so that you can continue to use them in the future. If you do not wish to do so, you can withdraw the authorisation from the partner separately beforehand.

Insofar as you grant authorizations to a partner, you instruct us to make your data available to this partner. By activating the cloud and granting consent in the partner app, you make it clear that you agree to the transfer or exchange of your data with the partner and, if applicable, to control your Bosch Smart Home cameras. You or the partner are responsible for the associated data processing by the partner. The data processing carried out by the partner is subject to its terms of use and data protection regulations. Bosch has no influence on these. You will find more detailed information on data processing in the partner's terms of use and data protection regulations.

3.5.2 Use of Amazon Alexa

You have the option of controlling your Smart Home products via Amazon Alexa voice commands. To do so, you have to connect your Smart Home products to Amazon Alexa. If you control your Smart Home product via Alexa, you may have to transmit personal data via Amazon to your Smart Home product and vice-versa.

If you give voice commands to Amazon Alexa in order to control Smart Home products or retrieve information from your Smart Home product, voice data are transmitted to Amazon and used by Amazon to perform the service. These data may be personal data. By connecting your Amazon Alexa and Bosch accounts and by activating skills, you make it plain that the Smart Home product installed on your system is to be controlled via Amazon Alexa and that information is to be output via Amazon Alexa and you instruct us to exchange data with Amazon Alexa in this context. You and Amazon are responsible for the data processing that is entailed. The data processing performed by Amazon is subject to Amazon's usage and privacy protection terms. Bosch has no influence on them. Please refer to Amazon's usage and privacy protection terms with regard to Alexa for more information on data processing by Amazon.

3.6 Duration of storage; retention periods

Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a justified interest in storing the data. In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).

In certain cases, we will offer you the option to arrange for the deletion of data yourself. For instance, if you use the delete function in the Bosch Smart Camera app, the images recorded in the data storage facilities in the video camera, Bosch Smart Camera App and online data storage will be deleted. Personal data and configuration information will also be deleted and will no longer exist.

4. Security

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access.

5. User rights

To enforce your rights, please use the details provided in the Contact section. In doing so, please ensure that an unambiguous identification of your person is possible.

5.1 Right to information and access

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

5.2 Right to correction and deletion

You have the right to obtain the rectification of inaccurate personal data concerning yourself without undue delay from us. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

5.3 Restriction of processing

You have the right to demand for – as far as statutory requirements are fulfilled – restriction of the processing of your data.

5.4 Objection to data processing

You have the right to object to data processing by us at any time. We will no longer process the personal data unless we demonstrate compliance with legal requirements to provide provable reasons for the further processing which are beyond your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

5.5 Objection to data processing based on the legal basis of "justified interest "

In addition, you have the right to object to the processing of your personal data any time, insofar as this is based on the legal basis of justified interest. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements for the processing, which override your rights.

5.6 Withdrawal of consent

In case you consented to the processing of your data, you have the right to object this consent with immediate effect. The legality of data processing prior to your revocation remains unchanged. In addition, processing may continue to be permitted on the basis of another legal bases.

5.7 Data portability

You are entitled to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.

This does not apply if a transfer affects the rights and freedoms of another person.

5.8 Right of complaint with supervisory authority

You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us. This is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Address: Königstrasse 10a, 70173 Stuttgart

Postal address: P.O. Box 10 29 32

Phone: 0711/615541-0

Fax: 0711/615541-15

E-Mail: poststelle@lfdi.bwl.de

6. User responsibility

You are responsible for ensuring use of the Bosch Smart Camera solution in compliance with the law. In this context, you are obliged to comply with the statutory provisions which are applicable to you or the place of use, particularly those relating to data protection.

Applicable statutory provisions may, in particular, restrict the purposes of use, installation locations, selection of image details and storage period of the video sequences. If required, inform persons, employees or third parties who live in the monitored premises or who are present there for a significant period of time of the use and specific circumstances of the Bosch Smart Camera solution as is appropriate.

7. Changes to the Data Protection Notice

As far as the circumstances of the data processing change, we can adjust the privacy policy. Furthermore, we reserve the right to change our security and data protection measures if this is required due to technical development. In such cases, we will amend our data protection notice accordingly. Please therefore, notice the current version of our data protection notice, as this is subject to change.

8. Contact

If you wish to contact us, for example in connection with the processing of personal data or for the exercise of your user rights, please find us at the address stated in the "Controller" section.

If you want to unsubscribe from a newsletter, you can click on the corresponding unsubscribe link in the newsletter or tell us your request via the contact options mentioned in the "Controller” section.

To exercise your rights and report data protection incidents, please use the following link:

https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=18rbds19&c=-1&language=eng

To assert your rights, as well as for suggestions and complaints regarding the processing of your personal data, we recommend that you contact our group commissioner for data protection:

Group Commissioner for Data Protection

Information Security and Privacy Bosch Group (C/ISP)

Robert Bosch GmbH

Kronenstrasse 22

70173 Stuttgart

Germany

or

Email: Abteilungsbriefkasten.cisp@de.bosch.com

9. Effective Date

25-01-2021