Data protection policy
Data protection policy of PT Robert Bosch
Robert Bosch (South East Asia) Pte. Ltd. and its subsidiaries and related companies in ASEAN (‘Robert Bosch Singapore’, ‘we’, ‘us’ ‘our’, etc.) take the protection of your personal data very seriously. Consequently, data protection and information security are an integral part of our corporate policy for ASEAN.
‘Personal data’ means all the information that relates to an identified or identifiable natural person (that is, an individual) – for example, your name, telephone number, email address and street / mailing address.
For general information about how we process personal data, how we keep it secure, when we dispose of personal data and when we transfer it overseas see no. 3, no. 8 (security), no. 9 (disposal) and no. 10 (overseas transfer).
To find information relevant to your relationship with us:
- business partners, suppliers and other business contacts
- users of our online service
To find information about your rights:
- limiting the information you provide to us
- withdrawing consent; opting out of marketing messages
- data accuracy
- access to personal data
- correction of personal data
- making a complaint
3. GENERAL INFORMATION ABOUT HOW WE PROCESS PERSONAL DATA
3.1 Standard of data protection laws
Some countries in ASEAN do not yet have data protection laws. If you live in such a country we generally aim to protect your personal data as if there were data protection laws that apply to you.
The data protection laws in some countries in ASEAN are different from the data protection laws in other countries in ASEAN. We generally aim to protect your personal data as if the strictest standard of data protection law applies to you.
3.2 General principles that we apply when we process personal data
We collect personal data about you only for specific and legitimate purposes. We notify you about those purposes and we process such personal data only in ways that are compatible with the specific and legitimate purposes that we tell you about. We process personal data about you lawfully and fairly.
We only collect personal data about you that is adequate and not excessive in relation to the purpose(s) for which we process it. We take care to make sure such personal data is accurate and relevant and, where necessary for the purposes for which we process it, we keep it up-to-date.
We retain personal data about you only for so long as we need to do so for legal and business purposes. For so long as we retain such personal data we make reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
3.3 Lawful bases of processing
We want to treat all of the individuals with whom we interact equally, but sometimes we cannot do so because of the way we must apply the laws.
In Singapore, the data protection law requires us to obtain your consent before we collect, use, disclosure and store (collectively, ‘Process’) personal data about you, except where there is an exception to the requirement for consent. For example, we do not need consent to process personal data to respond to an emergency threatens someone’s life, health or safety.
Elsewhere in ASEAN, the data protection laws lay out the lawful bases on which we may process personal data about you. Broadly, these are:
- where processing personal data is necessary for us to fulfil a contract we have with you – for example, where we have provided you with a product warranty – or in order to take steps at your request prior to entering into a contract
- where the processing is necessary for us to comply with a legal obligation to which we are subject
- where the processing is necessary to protect your vitally important interests, including your life and health
- where the processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such legitimate interests are over ridden by your fundamental rights and freedoms and/or
- where we have your consent to process personal data about you
4.1 How we collect personal data about or relating to our customers
We generally collect personal data directly from you. We will ask you for it (including contact information) when you interact with us, including when we are responding to your enquiries about our products or services. Sometimes we collect it from a third party, but only after checking that the third party has the right to provide the personal data to us – for example, where they do so at your request to enable us to provide information to you or to provide you with our products and/or services.
4.2 The types of personal data that we collect
The personal data we collect about or relating to you depends on the circumstances in which we interact with you. We only collect personal data for purposes that are directly related to our business activities and when it is necessary for such purposes. We set out more specific information below, but generally:
- when you initiate contact with us, we collect contact information from you that enables us to respond to you and that generally enables us to communicate with you, and send messages to you, for the purpose or purposes for which you contacted us – for example, your name, username, email address, phone number, mailing address, physical / street address and your IP address – if at any time we ask for information that you prefer not to provide, please let us know (see no. 12 for our contact details)
- we collect information about our relationship with you, such as the types of products and/or services that we provide that may be of interest to you and information that helps us tailor our services to you
- we collect transaction information about how you interact with us, including enquiries, account information, transaction information when you purchase our products and/or use or services and information about how you use our products and/or our services – transaction information may include your payment card (or other payment) details when you purchase products through our website or otherwise pay us for providing you with products and/or services and
- for information about how you use our online services see no.6.
4.3 Why we collect personal data and how we use it
Product offering, sales and support
In connection with our product offerings, sales and support we collect personal data that is about you or relates to you when:
- you request information from us about products or services and/or you seek support, such as warranty and/or other aftermarket support (for example, in relation to power tools), from us and/or you join one of our workshops or training activities and/or
- you participate in a sales promotion, competition, redemption or cash rebate programme and/or you subscribe to our email or newsletter list(s)
and we use that personal data only for the purpose for which we collected it
Warranty registration and technical support
In connection with warranty registration and technical support we collect and use personal data that is about you or relates to you when you register a product with us for warranty purposes and if you contact us for technical support and (in each case) we use that personal data only for the purpose for which we collected it
4.4 When we disclose personal data
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
- to our subsidiaries and related companies where reasonably necessary for the various purposes for which we use such personal data – see ‘Howe we use personal data about or relating to you’
- we engage a third party service provider to assist us with conducting the activities for which we collect and use the personal data, such as service dealers, retailers, training providers and agents – in this case, the third party service provider is under contractual arrangements with us to ensure that your personal data is protected
- you consent
- you would reasonably expect, or you have been told, that personal data of that kind is usually passed to those individuals, bodies or agencies
- we are required or authorised by law to disclose it
5. BUSINESS PARTNERS, SUPPLIERS AND OTHER BUSINESS CONTACTS
5.1 How we collect personal data about or relating to our business partners
We generally collect personal data directly from you. We will ask you for it (including contact information and relationship information) when you interact with us, including when we are responding to your enquiries about our services and pricing or when we are working with you in the course of establishing a business relationship with you and/or company and when we are providing our services to you and/or your company.
Sometimes we collect personal data about you from a third party, such as another individual working at your company – for example, when they add you to a project team.
5.2 The types of personal data that we collect
If you are an individual who does business with us, including if you work for a company that does business with us, we may collect the following types of personal data about or relating to you:
- contact information that enables us to communicate with, and send messages to, you – such as your name, username, work email address, work phone number and mobile phone number
- information about our business relationship with you and that helps us to do business with you and/or with the your company, such as the types of products and/or services that we provide that may be of interest to you and/or your company and information that helps us tailor our services for you and/or your company and
- transaction information about how you interact with us, including enquiries, account information, transaction information when you and/or your company purchase our products and/or use our services and information about how you and/or your company use our products and/or our services
- for information about how you use our online services see no. 6.
5.3 How we use personal data about or relating to you
We use personal data about or relating to you:
- to fulfil your and/or your company’s requests for products and/or services and for related activities, such as products and/or service delivery, customer service, account / relationship management, support and training and to provide other services related to your and/or your company’s business relationship with us
- to send you marketing communications, including offers that may be targeted based on your and/or your company’s apparent interests, business characteristics and location
- to administer surveys and to carry out promotional events and to determine if you and/or your company are eligible for certain services or offers
- to provide you and/or your company with additional information that we think may be of interest to you and/or your company, such as news about us, announcements made by us and technical information such as technical service bulletins
- to manage our everyday business needs and interactions with you and/or your company, including delivering our products and/or services to you and/or your company, processing payments, managing our financial accounting, carrying out product research and development, administering our website, analysing your and/or your company’s use of our services, preventing fraud and maintaining the security of our systems and processes, reporting and legal compliance and managing our business continuity
5.4 When we disclose personal data about or relating to you
We do not sell personal data about or relating to you. We do, however, disclose it as follows:
- to our subsidiaries and related companies where reasonably necessary for the various purposes for which we use such personal data – see ‘How we use personal data about or relating to you’
- when we engage a third party service provider to assist us with conducting the activities for which we collect and use personal data, such as persons that provide services to us (such as physical product delivery, audit services and other internal management purposes) – in these cases, the third party service provider is under contractual arrangements with us that require the service provider to ensure that your personal data is protected and not used by the service provider for any purpose other than providing the specific contracted service
- we are required or authorised by law to disclose it
6. USERS OF OUR ONLINE SERVICES
6.1 Using cookies and other tracking mechanisms
- cookies that are mandatorily required for the technical functions of the online service
- cookies and tracking mechanisms that are not mandatorily required for the technical functions of the online service – it is generally possible to use the online service with these cookies and tracking mechanisms
6.2 Technically required cookies
‘Technically required cookies’ means those cookies that are necessary for ensuring the technical provision of the online service. They include, for example, cookies that store data to ensure smooth reproduction of video or audio footage. Technically required cookies will be deleted when you leave the website.
6.3 Cookies and tracking mechanisms that are not technically required
- convenience cookies – they facilitate operation of the online service and thus allow you to browse it more comfortably (for example, your language settings may be included in these cookies)
- marketing cookies and tracking mechanisms:
- marketing cookies and tracking mechanisms enable us and our partners to show you offerings based on your interests, resulting from an analysis of your user behavior
- statistical tools enable us to measure, for example, the number of pages in our online service you that you view
- conversion tracking tools are placed on your device by our marketing partners if you accessed our website via an advertisement of such marketing partner (and are normally are no longer valid after 30 days) – if you visit certain pages of our website and the cookie has not yet expired, we and the relevant marketing partner can recognise that you clicked on the advertisement and were redirected to our website, which enables us to compile conversion statistics and to record the total number of users who clicked on the relevant advertisement and were redirected to our website
You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. (Note: the settings you have made refer only to the browser used in each case.)
If you wish to deactivate all cookies, please deactivate cookies in your browser settings. Please note that this may affect the functionality of the website.
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of convenience cookies, marketing cookies or tracking mechanisms, respectively.
In our privacy settings, you may withdraw the consent with effect for the future or grant your consent at a later point in time.
6.4 Social plugins
In our Online Offers we may use so-called social plugins from various social networks, such as ‘Like’, ‘Share’ and ‘comment’ buttons made available by Facebook, Twitter, Google+, Pinterest, Instagram, TMall and WeChat.
When you use a social plugin – for example, when you decide to ‘Like’ or ‘Share’ something –your internet browser creates a direct connection to the relevant social network’s server. The result is that the relevant social network provider receives the information that your internet browser accessed from the site on which we make our Online Offers available to you. This happens even if you do not have a user account with the relevant social network provider or are currently not logged into your account. Log files (including the IP address) are, in this case, directly transmitted from your internet browser to a server of the relevant social network provider and might be stored there. The relevant social network provider or its server may be located outside the European Union or the European Economic Area (for example, they may be in the United States).
Social plugins are standalone extensions by social network providers. For this reason, we are unable to influence the scope of data collected and stored by them.
The purpose and scope of the collection of data by a social network, the continued processing and usage of that data by the social network as well as your respective rights and setting options to protect your privacy can be found by consulting the relevant social network's data protection notice.
In case you do not wish social network providers to receive and, if applicable, store or use data, you should not use the respective plugins – that is, you should not use a ‘Like’, ‘Share’, ‘comment’ or similar button on our website.
By using the so-called two click solution (provided by Heise Medien GmbH & Co. KG) we protect your visit to our web pages from being logged and processed by social network providers by default. When using a page of our internet presence which contains such plugins, these are initially deactivated. The plug ins are activated only when you click on the respective button.
7. YOUR RIGHTS
7.1 Limiting the information you provide to us
If we ask you for personal data that you do not want to provide, please tell us and we will try to continue without it. However, it might not be possible for us to provide the product or service that you are seeking or lack of personal data may result in inconvenience to you when we are providing such product or service.
7.2 Withdrawing consent and opting out of receiving marketing messages
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time. You can do this by notifying us in writing (which includes email) – see no. 12 for our contact details.
If you have registered for a MyBosch Account you may login to it and edit your contact permissions in the My Profile section of it. Alternatively, you can opt out of commercial emails by clicking the ‘unsubscribe’ line at the bottom of any such email that we send to you. Please note that if you opt-out of commercial emails we may still need to contact you with important transactional information about you and/or your company’s account and/or about a product and/or service that you have purchased from us.
7.3 Data accuracy
We take steps to ensure that the personal data we collect is accurate, up-to-date and complete. This includes updating it if and when you let us know that it has changed. If you have registered for a MyBosch Account you may login to it and amend the details in the My Profile section of it. Alternatively, please let us know about any changes by notifying us in writing (which includes email) – see no. 12 for our contact details.
7.4 Access to personal data
You can request us to provide you with a copy of personal data about you or that refers to you that is in our possession or under our control. We will also give you information about the ways in which we have, or may have, used or disclosed it within the previous 12 months.
If you have registered for a MyBosch Account you may login to it and navigate to the My Products and My Orders sections of it to find out when we have used your personal data for the purpose of products purchased from us and product orders with us. Alternatively, please ask us in writing (which includes email) – see no. 12 for our contact details. We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as reasonably possible. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request.
We reserve the right to charge a fee for access to your personal data, which will be limited to the incremental costs incurred by us in meeting your request. We will notify you of the amount (or, if that cannot be determined, the estimated amount) of the fee before fulfilling your request.
7.5 Correction of personal data
You can request us to correct on error or omission in personal data about you or that refers to you that is in our possession or under our control.
If you have registered for a MyBosch Account you may login to it and amend the details in the My Profile section of it in order to correct any error or simply to update your personal data. Alternatively, notify us about your correction request in writing (which includes email) – see no. 12 for our contact details. We may request information from you that enables us to verify your identity before meeting your request. Subject to you verifying your identity, we will respond to your request as soon as practicable. If we are unable to respond to your request within 30 days we will let you know within that period when we expect to be able to respond to your request. We may also send the corrected personal data to other organisations to which we have disclosed your personal data.
8. SECURITY OF YOUR PERSONAL DATA
As a leading global supplier of technology and services we take the security of personal data about or referring to you seriously
We have appropriate security measures in place to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will process your personal data only on our instructions.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of an actual or suspected personal data breach where we are required by contract or law to do so.
9. DISPOSAL OF PERSONAL DATA
We will cease to retain documents that contain personal data about you or that refers to you as soon as it is reasonable to assume that the purpose for which we collected it is no longer being served by us retaining it and we no longer need it for a business or legal purpose. Alternatively, we may anonymise the personal data so that it can no longer be associated with you.
10. TRANSFER OF PERSONAL DATA OVERSEAS
We may from time to time, depending on the circumstances under which you provided personal data to us, have a business need to transfer it (or a copy of it) out of the country in which you gave it to us and to one of our subsidiaries or related companies a different country. For example, if you gave it to us outside of Singapore we might need to transfer it to our regional headquarters in Singapore.
11. MAKING A COMPLAINT
- sufficient contact details to enable us to identify you
- clear and succinct details about the nature of the complaint – for example, what happened, when you became aware of it and who was involved
- an outline of the impact the event that happened has had on you and
- details of what you would like to see happen to resolve your complaint
We will acknowledge receipt of your complain as soon as practicable. Then we will investigate it. We may need to obtain further information from you, speak to relevant staff members, review relevant documents and/or obtain legal or technical advice to do our investigation. Once we have completed our investigation, we will write to you to let you know the outcome of the investigation.
12. CONTACTING US
Data Protection Officer, ASEAN Region
Robert Bosch (S.E.A.) Pte. Ltd.
11 Bishan Street 21
+65 6258 5511
13. POLICY CHANGES