Bosch (China) Investment Ltd. (“Bosch’ or “we”) would like to welcome you on our website, and we are delighted that you have decided to use the Bosch ID.

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us and this is reflected in our business processes. We process personal data that was gathered during your visit of our Online Offer (registration and use of a centralised Bosch-ID) confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

Principles

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis or you have given your consent to the processing or use of personal data concerning this matter e.g. by means of registration.

Processing purposes and legal bases

We and service providers commissioned by us process your personal data for the following processing purposes:

We point out that within the scope of processing pursuant to the statutory basis “justified interest” you are entitled to a special right of objection (see section “user rights”):

- Provision of this Online Offer (registration and use of a centralised Bosch-ID) in accordance with our contractual provisions (General Terms of Use- for the Registration and Use of a Centralised Bosch-ID) (Legal basis: Fulfilment of contract)

- Updating your master data (regarding the details, see section on the exchange of data with other Bosch group companies in connection with the centralised Bosch-ID) (Legal bases: Fulfilment of contract and our justified interest and of other Bosch companies you maintain active contractual relationships with in uniform master data management and facilitation of ensuring accuracy of stored personal data)

- Self-promotion and promotion by others as well as market research and reach analysis done within the scope statutorily permitted or based on consent (Legal basis: Consent or predominantly, legitimate interest on our part in direct marketing if in accordance with data protection and competition law)

- To determine disruptions/disturbances and for security reasons (Legal bases: Fulfilment of our legal obligations within the scope of data security and justified interest in resolving disruptions/disturbances and in the security of our offers)

- Safeguarding and defence of our rights (Legal basis: Justified interest on our part in the safeguarding and defence of our rights)

Registration; Personal Data

The use of a centralised Bosch-ID require the formation of a contract. We therefore request that you register. Within the scope of the registration, we collect and record personal data necessary for the formation and the fulfilment of the contract (email address, mobile phone numbers).

We shall mark your consent to our contractual provisions and your acknowledgement of this data protection notice. Data collected within the scope of registration and that you may amend in the user profile of this website at any time is also referred as master data.

De-registration

You may cancel your user agreement concerning the Bosch ID at any time by unregistering. To this end, please contact: Mailbox.CIAM-CN@cn.bosch.com. In the alternative, contact us via the contact section. Please note that de-registration will result in deletion only of any data that is not subject to a statutory retention period.

Every time you use the internet, your browser automatically transmits certain information which we store in log files.

We save log files only for a short time and solely to determine disruptions or for security reasons (e.g., to investigate attempted attacks), afterwards they will be deleted. Log files that need to be maintained for evidence purposes are excluded from deletion until the respective incident has been completely resolved or, on a case-by-case basis, has been passed on to investigating authorities.

In log files, the following information in particular is saved:

- IP address (internet protocol address) of the terminal device that is used to access the Online Offer;

- Internet address of the website from which the Online Offer was accessed (so-called URL of origin or referrer URL);

- Name of the service provider that is used to access the Online Offer;

- Name of the files or information accessed;

- Date and time as well as duration of retrieval;

- Amount of data transferred;

- Operating system and information on the internet browser used including add-ons installed (e.g., Flash Player);

- http status code (e.g., “Request successful” or “File requested not found”).

This Online Offer is not available to children under 16 years of age.

Data transfers to other controllers (general)

Your personal data is generally forwarded to other controllers only when required for the fulfilment of a contract, in case we or the third party have a legitimate interest in the transfer, or when you have given consent. Additionally, data may be forwarded to other controllers when we are required to do so due to statutory regulations or enforceable official or court orders.

Exchange of data with other Bosch group companies in connection with the centralised Bosch-ID

If you wish to register for services of other Bosch group companies (“service providers”) using the centralised Bosch-ID please follow up the registration guidance provided by us in Terms of Use. If you are indeed registered for the Bosch ID, we shall confirm your authorisation vis-à-vis the respective service provider and transfer the personal data and master data the service provider requires to enable you to make use of that particular service. Your password shall not be transferred.

Any changes to your master data (e.g. address) in the central database system of the Bosch will automatically be included in your Bosch ID. Changes can be viewed in your profile.

In turn, also any changes you make to the master data of your Bosch ID in your user profile (see above under Registration) will be included in the central database system of the Bosch, too. That way you can personally ensure that the Bosch companies that you have contractual relationships with always have access to up-to-date master data.

Service providers (general)

For the service providers commissioned by us process your personal data, we chose these service providers carefully and review them regularly, especially regarding their diligent handling of and protection of the data that they save. All service providers are obliged to maintain confidentiality and to abide by the statutory provisions. Service providers may also be other Bosch group companies.

Generally, we store your data for as long as it is necessary to render our Online Offer and the services connected to them or for as long as we have a justified interest in storing the data. In all other cases – in particular when you de-register your Bosch-ID – we will delete your personal data with the exception of data we must store to fulfil legal obligations (e.g., we are obliged due to retention periods under the tax and commercial codes to keep available documents such as contracts and invoices for a certain period of time).

General

Cookies are small text files that are saved on your computer when an Online Offer is visited. In case you access this Online Offer again, your browser sends the cookies' content back to the respective offer or thus enabling re-identification of the terminal device. Reading the cookies allows us to design our Online Offer optimally for you and makes it easier for you to use them.

Deactivation and deletion of cookies

Your browser allows you to deactivate or delete all cookies at any time. To do so, please consult your browser's help functions. This might, however, lead to individual functions no longer being available.

In addition, you may manage and deactivate the use of third party cookies on the following web page:

http://www.youronlinechoices.com/uk/your-ad-choices.

As we do not operate this website, we are not responsible and we are unable to influence content and availability.

Overview of cookies used by us

In this section, please find an overview of cookies we use.

Strictly necessary cookies

Certain cookies are necessary so we can securely render our Online Offer. This category includes, e.g.:

- Cookies that identify or authenticate our users;

- Cookies that temporarily save certain user input (e.g., content of a shopping cart or of an online form);

- Cookies that store certain user preferences (e.g., search or language settings);

- Cookies that store data to ensure uncompromised playback of video or audio content.

Our Online Offer may contain links to third party internet pages – by providers who are not related to us. When you click on such the links, we have no influence on the collection, processing and use of personal data possibly transmitted by clicking on that link to third parties (such as the IP address or the URL of the site on which the link is located) as the behaviour of third parties is obviously beyond our control. We do not assume responsibility for the processing of such personal data by third parties.

Our employees and the companies providing services on our behalf are obliged to observe confidentiality and to abide by the applicable data protection laws.

We take all necessary technical and organisational measures to ensure an appropriate level of security and to protect your data that is administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, in accordance with technological progress, constantly being improved.

To enforce your rights, please use the details provided in the Contact section. When you do so, please ensure that unambiguous identification of your person is possible.

Right to information and access:

You have the right to obtain information about the processing of your data. You may assert your right to rendering of information concerning any processing of your personal data.

Right to correction and deletion:

You may require us to correct inaccurate data and – provided the legal requirements are fulfilled – request completion or deletion of your data.

Under following circumstances, you may require us to delete your personal data:

1. If our processing of your personal data is illegal.

2. If our processing of your personal data does not get your consent or violate the contract with you.

3. If you deregistered Bosch ID.

Withdrawal of consent:

In case you gave consent to the processing of your personal data, you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing based on your consent before its withdrawal.

We reserve the right to change our security and data protection measures. In such cases, we will amend our data protection notice accordingly. We will promptly release any major change to this Notice.

To assert your rights and for suggestions and complaints regarding the processing of your personal data as well as for the revocation of your consent we recommend that you contact our Data Security Management Department as below contact information:

Email: rbcn.dso@cn.bosch.com