Bosch Smart Home GmbH
Privacy Policy
Bosch Smart Camera App
Effective date: 22-02-2023
The Robert Bosch Smart Home GmbH (hereinafter „Robert Bosch Smart Home GmbH“ or "We“ or "Us") welcomes you to our internet pages and mobile applications (together also referred to as "Online Offers"). We thank you for your interest in our company and our products.
The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.
Children
Our services and offers (in particular website, store, newsletter, apps) are not aimed at children under the age of 16.
The Robert Bosch Smart Home GmbH is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.
Our contact details are as follows:
Robert Bosch Smart Home GmbH
Schockenriedstr. 17
70565 Stuttgart-Vaihingen
GERMANY
service@bosch-smarthome.com
The Bosch Smart Camera App, the video cameras connected to it and the online storage accessible via the app, serve with their functionalities to make your home safer. For the execution of the contract, i.e. for the provision of related services (e.g. functionalities of the app, storage of image data in the online storage), it is necessary that we collect data that can be related to you or another natural person.
Personal data is all information that refers to an identified or identifiable natural person, such as names, addresses, telephone numbers, e-mail addresses, contract, booking and billing data that are an expression of a person's identity. Some of the data we process is not personal data. With regard to this information, we have neither an interest in identifying a natural person, nor do we have the necessary knowledge or the legally permissible means to establish a personal reference. For example we may use such non-personal data to improve our products.
We only collect, process and use personal data if we have a legal basis for this or if you have given us your consent in this regard, e.g. as part of a registration. Several legal bases can be applicable in parallel and allow the processing of personal data.
Processed data includes:
Contract details
This is personal data that is required to establish, execute and terminate the contractual relationship with you. This includes in particular name and registration information.
Usage-related and technical information
This is information that can be personal. These are required to enable the operation and use of the Bosch Smart Camera App and the storage of data in the online memory. In concrete terms, these are:
Characteristics for identification as user (user ID, identification, IP address)
Information on the beginning, end, and scope of use of the Bosch Smart Camera App
Device IDs
Location information
Contact data (e.g. for event notification)
Settings of the app regarding our offered services
Technical information for the adjustment and the provision of current time and updates of your system by our servers
System data e.g. connected cameras and accessories, serial number, software versions of the individual components
Circumstances of image generation (e.g. light conditions, date, time)
System status data, e.g. system time, error messages
Event history of the video system
Type of terminal used, e.g. smartphone or tablet PC, manufacturer, OS version of the terminal device
Application usage data e.g. frequency of use, registered crashes, application errors
Content data
This is data that relates to natural persons and that you generate with the Bosch Smart Camera App and the connected cameras. Only with this data is a sensible operation of the security solution possible from your point of view. Content data includes:
Live image data with audio
Stored video sequences with audio
Device IDs
Registration via the central SingleKey ID
You may register for our online offers exclusively using the central SingleKey ID. The centralised SingleKey ID was devised by Bosch.IO GmbH for the Bosch Group in order to allow for the joint users to benefit from offers of different group companies using centralised application data and increase data safety.
Bosch.IO GmbH, Ullsteinstraße 128 12109 Berlin, Germany is responsible for the provision of this single sign-on service.
If you want to apply for a centralised SingleKey ID, the General Terms of Use for the Registration and Use of a centralised SingleKey ID and the Data Protection Notice of the Bosch.IO GmbH shall apply.
After successful registration you may utilise the registration data used for the centralised SingleKey ID also for registering for this online offer. To this end, we shall provide an Robert Bosch GmbH registration template for the centralised SingleKey ID. The Bosch.IO GmbH then shall confirm your authorisation and provide us with the master data required for using our offers (e.g. surname, first name, date of birth, company name, email address, telephone numbers, mail address). Your password shall not be communicated to us.
Concerning further data transfers within the Bosch Group associated with the centralised SingleKey ID, please refer to the Data Protection Notice.
We; as well as the service providers commissioned by us; process your personal data for the following processing purposes:
Provision of these Online Offers and fulfillment of contractual obligations under our contractual terms
(Legal basis: Fulfillment of contractual obligations).
Resolving service disruptions as well as for security reasons.
(Legal bases: Fulfillment of contractual obligations or fulfillment of our legal obligations within the scope of data security, and justified interest in resolving service disruptions as well as in ensuring the protection of our offers).
Safeguarding and vindication of our rights
(Legal basis: Justified interest on our part for the safeguarding and vindication of our rights).
Other purposes
Ensuring that the app and associated devices (e.g. cameras) are up-to-date and secure (e.g. by providing updates).
Each time you use the internet, your browser is transmitting certain information which we store in so-called log files.
We save log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts).
Data transfer to other controllers
Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation or the implementation of pre-contractual measures, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal bases can be found in the Section – “Processing purposes and legal bases”. Third parties may also be other companies of the Bosch group. When data is transferred to third parties based on a justified interest, this is explained in this data protection notice.
Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.
Use of service providers
We involve external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, data hosting and hotline services. We have chosen those service providers carefully and ensure that they carefully handle the data that they store. All service providers are obliged to maintain confidentiality and to comply to the statutory provisions. Service providers may also be other Bosch group companies. When involving external service providers, we might transfer personal data to recipients located outside the EEA into so-called third countries.
Handling of payments for paid features (or Premium service)
When you book paid features (or Premium service), payment processing data is collected and processed exclusively and directly via the provider of the app stores for devices with Android and iOS operating systems.
With Bosch Smart Home you have control over your data. If you wish, you can share your device data with partner companies (hereinafter referred to as partners) and control your Bosch Smart Home products via their systems, apps or services.
This requires that you grant access to your Bosch Smart Home cameras and the generated data to the respective partner. This data may be personal.
If you want to allow the partner to access and control the cameras, activate the function "Mirror system in cloud" in the Bosch app. The data generated by your system or products will then be mirrored in the Bosch Smart Home Cloud. You can then allow specific partners to access and control your cameras. This is done in the following way: You open the partner's app and agree to link and control your smart home cameras and transfer data. If you control your smart home camera through partner apps, we may need to transmit data that may be personally identifiable (e.g., room or device names).
If you have given your consent, the option to access and control will remain active until you deactivate it. If you wish to terminate a partner's access, you can revoke the data authorization via "Change Authorizations" on the Bosch Smart Home Cloud website (authz.smarthome.bosch.com/Applications). If you generally no longer want to mirror your data in the Bosch Smart Home Cloud, you can deactivate it in the Bosch Smart Home App. This will delete your mirrored data. If you want to share your cameras with a partner again, you can reactivate the "Bosch Smart Home Cloud" function in the Bosch Smart Camera App.
Please note:
If you want to withdraw the authorisation from a certain partner, proceed as follows: You revoke the authorisation of the partner via this app and thus break the link of the partner account to the SingleKey ID, so that the partner is no longer allowed to control your Bosch products and services.
Additionally, you should withdraw the authorisation from the partner on the Bosch Smart Home Cloud Website (“App Settings” > “Partners” > “Manage Authorisations”). Not only does this ensure that the account link is removed but also that the authorisation is revoked.
If you remove the data of the cameras from the cloud in the Bosch Smart Home Camera App, your mirrored data will be deleted. However, the authorisations you have granted to partners will remain so that you can continue to use them in the future. If you do not wish to do so, you can withdraw the authorisation from the partner separately beforehand.
Insofar as you grant authorizations to a partner, you instruct us to make your data available to this partner. By activating the cloud and granting consent in the partner app, you make it clear that you agree to the transfer or exchange of your data with the partner and, if applicable, to control your Bosch Smart Home cameras. You or the partner are responsible for the associated data processing by the partner. The data processing carried out by the partner is subject to its terms of use and data protection regulations. Bosch has no influence on these. You will find more detailed information on data processing in the partner's terms of use and data protection regulations.
You have the option of controlling your Smart Home products via Amazon Alexa voice commands. To do so, you have to connect your Smart Home products to Amazon Alexa. If you control your Smart Home product via Alexa, you may have to transmit personal data via Amazon to your Smart Home product and vice-versa.
If you give voice commands to Amazon Alexa in order to control Smart Home products or retrieve information from your Smart Home product, voice data are transmitted to Amazon and used by Amazon to perform the service. These data may be personal data. By connecting your Amazon Alexa and Bosch accounts and by activating skills, you make it plain that the Smart Home product installed on your system is to be controlled via Amazon Alexa and that information is to be output via Amazon Alexa and you instruct us to exchange data with Amazon Alexa in this context. You and Amazon are responsible for the data processing that is entailed. The data processing performed by Amazon is subject to Amazon's usage and privacy protection terms. Bosch has no influence on them. Please refer to Amazon's usage and privacy protection terms with regard to Alexa for more information on data processing by Amazon.
Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a justified interest in storing the data. In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).
In certain cases, we will offer you the option to arrange for the deletion of data yourself. For instance, if you use the delete function in the Bosch Smart Camera app, the images recorded in the data storage facilities in the video camera, Bosch Smart Camera App and online data storage will be deleted. Personal data and configuration information will also be deleted and will no longer exist.
Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.
We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access.
To enforce your rights, please use the details provided in the “Contact” section. In doing so, please ensure that an unambiguous identification of your person is possible.
You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.
You have the right to obtain the rectification of inaccurate personal data concerning yourself without undue delay from us. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).
You have the right to demand for – as far as statutory requirements are fulfilled – restriction of the processing of your data.
You have the right to object to data processing by us at any time. We will no longer process the personal data unless we demonstrate compliance with legal requirements to provide provable reasons for the further processing which are beyond your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In addition, you have the right to object to the processing of your personal data any time, insofar as this is based on the legal basis of justified interest. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements for the processing, which override your rights.
In case you consented to the processing of your data, you have the right to object this consent with immediate effect (“Contact”). The legality of data processing prior to your revocation remains unchanged. In addition, processing may continue to be permitted on the basis of another legal bases.
You are entitled to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.
This does not apply if a transfer affects the rights and freedoms of another person.
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us. This is:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Address: Lautenschlagerstrasse 20, 70173 Stuttgart, GERMANY
Postal address: P.O. Box 10 29 32, GERMANY
Phone: +49 711/615541-0
Fax: +49 711/615541-15
E-Mail: poststelle@lfdi.bwl.de
The Smart Home system and Smart Home devices are intended for use in a private domestic environment. They are intended for private use only.
You bear responsibility for the lawful use of the devices and services and for compliance with the applicable legal provisions in the place of use. Laws in your country may stipulate permitted purposes, installation locations, selection of image sections and storage duration of the video sequences in particular. At the same time, you can contribute to the privacy-friendly use of the product as follows:
Limit it to your private area. Avoid recording your neighbours’ property or public areas outside your property and/or your home. Do not expose others to monitoring pressure which is perceived personally.
Where necessary, inform other people (e.g. people living or staying in the monitored areas) about the use of your product in an appropriate manner, for example with a notice or a camera symbol which is recognisable in good time. Obtain any consent which may be required.
Only activate voice transmission and/or voice recording if this is permitted in your place of use and if this is required for your legitimate purpose.
Delete clips if you no longer need them for the intended purpose.
Regularly check the monitored areas for changes and make any changes which may be necessary.
As far as the circumstances of the data processing change, we can adjust the privacy policy. Furthermore, we reserve the right to change our security and data protection measures if this is required due to technical development. In such cases, we will amend our data protection notice accordingly. Please therefore, notice the current version of our data protection notice, as this is subject to change.
If you wish to contact us, for example in connection with the processing of personal data or for the exercise of your user rights, please find us at the address stated in the "Controller" section.
If you want to unsubscribe from a newsletter, you can click on the corresponding unsubscribe link in the newsletter or tell us your request via the contact options mentioned in the “Controller” section.
To exercise your rights and to report data protection incidents, please use the following link: https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=18rbds19&c=-1&language=eng
You can also contact our group data protection officer to exercise your rights as well as for suggestions and complaints regarding the processing of your personal data:
Datenschutzbeauftragter
Abteilung Informationssicherheit und Datenschutz (C/ISP)
Robert Bosch GmbH
Postfach 30 02 20
70442 Stuttgart
DEUTSCHLAND
Or
E-Mail: DPO@bosch.com