Privacy Statement

Bosch Health Campusrespects your privacy

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.

Controller

Bosch Health Campus is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice. Our contact details are as follows:
Bosch Health Campus GmbH
Auerbachstraße 110
70376 Stuttgart
datenschutz@bosch-health-campus.com

Collection, processing, and usage of personal data

Categories of data processed
The following categories of data are processed when you use our website:

• Communication data (e.g. name, phone number, email, address, IP address)
• Tracking data on usage behavior
• Contents of communication processes (e.g. in the contact form)

Principles
Personal data consists of all information related to an identified or identifiable individual – including e.g. names, addresses, phone numbers, email addresses, contract, accounting and payment details – which is an expression of a person’s identity. We collect, process, and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or when you have given us your consent in this regard, e.g. in the process of registration. 

Processing purposes and legal bases 
We and our authorized service providers process your personal data for the following purposes:

• Providing these Online Services (Legal basis: Our legitimate interest in direct marketing, as long as this is done in accordance with data protection and competition law as per Art. 6 Section 1(f) GDPR)
• Evaluating usage behavior and measuring the reach of the website (Legal basis: Consent as per Art. 6 Section 1(a) GDPR) 
• Enabling communication with us by email/phone/contact form/mail (Legal basis: Our legitimate interest in answering your inquiry as per Art. 6 Section 1(f) GDPR)
• Sending out letters and information by mail and/or email to alert you to calls for applications, for press communications, issuing invitations, networking of project partners, sending greetings (Legal basis: Our legitimate interest in communication as per Art. 6 Section 1(f) GDPR or any consent given as per Art. 6 Section 1(a) GDPR)
• Conducting business relations (Legal basis: Legitimate interest in the use of e.g. contact details as per Art. 6 Section 1(f) GDPR)
• Provision of video files by third-party providers (YouTube) (Legal basis: Consent as per Art. 6 Section 1(a) GDPR)
• Providing map services via third-party providers (Google Maps) (Legal basis: Consent as per Art. 6 Section 1(a) GDPR)
• Investigating any disruption and for security reasons (Legal bases: Fulfillment of our legal obligations within the scope of data security and legitimate interest in resolving disruption and in the security of our services as per Art. 6 Section 1(c) and (f) GDPR). Fulfilling license agreements (Legal basis: Fulfillment of contract as per Art. 6 Section 1(b) GDPR)
• Protecting and defending our rights (Legal basis: Our legitimate interest in enforcing and defending our rights as per Art. 6 Section 1(f) GDPR).

Children

This Online Offer is not for children under 16 years of age.

Log files

Every time you use the Internet, your browser automatically transmits certain information, which we store in so-called log files. We save the log files for seven days so that we can investigate any disruption and for security reasons (e.g. to resolve attempted cyberattacks), after which we delete them. Log files that still need to be retained for evidence purposes are excluded from deletion until the respective incident has been fully resolved and may, on a case-by-case basis, be passed on to investigating authorities. Log files are also used for analysis purposes (without or without complete IP address); see the Web analytics section below. The following information in particular is stored in the log files:

• IP address (Internet protocol address) of the device used to access our Online Services;
• Internet address of the website from which the Online Service was accessed (so-called URL of origin or referrer URL);
• Name of the service provider through which the Online Service is accessed;
• Name of the files or information accessed;
• Date, time, and duration of access;
• Amount of data transferred;
• Operating system and information on the browser used, including add-ons installed (e.g. for Flash Player);
• HTTP status code (e.g. “Request successful” or “Requested file not found”).

Data processing of contacts

We process the contact details of contacts at suppliers, interested parties, and other business partners so that we can communicate with them by email, phone, fax, and mail. Our legitimate interest here lies in conducting or initiating a business relationship with the supplier, interested party, or other business partner and, in the process, maintaining personal contact with contacts. Personal data will be kept for the purpose of conducting business relations for as long as there is a legitimate interest in doing so.

Communication via email/phone/contact form

We treat any personal details you give us by email, phone, mail, or through the contact form as confidential. We only use your details for the specific purpose of answering your inquiry. 

In principle, we do not pass on your details to third parties, unless this is necessary to answer your inquiry.

All personal information that you provide to us in connection with enquiries will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Data transfer

Data transfer to other controllers
Your personal data is principally forwarded to other controllers only when required for the fulfillment of a contract, in the case where we or the third party have a legitimate interest in the transfer, or when your consent has been given. Par-ticulars on the legal bases can be found in the Section - Purposes of Processing and Legal Bases. Third parties may also be other companies of the Bosch group. When data is transferred to third parties based on a justified interest, this is explained in this data protection notice. Additionally, data may be transferred to other controllers when we are obliged to do so due to statuto-ry regulations or enforceable ad-ministrative or judicial orders.

Service providers (general)
We have commissioned external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, and data hosting. We have chosen these service providers carefully and review them regularly, especially regarding their diligent handling of and protection of the data that they have saved. All service providers are obliged to maintain confidentiality and to abide by the statutory provisions. Service providers may also be other Bosch group companies.

Transfer to recipients outside the EEA

We can also transfer personal data to recipients located outside the EEA in socalled third countries. In such cases, we ensure prior to the transfer either that the data recipient provides an appropriate level of data protection (e.g., due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.

You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-to provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the Contact section.

Duration of storage; retention periods

Principally, we store your data for as long as it is necessary to render our Online Offers and the services connected to them or for as long as we have a justified interest in storing the data (e.g., we might still have a justified interest in postal mail marketing upon fulfillment of a contract). In all other cases we delete your personal data with the exception of data we must store to fulfill legal obligations (e.g., we are obliged due to retention periods under the tax and commercial codes to have documents such as contracts and invoices available for a certain period of time).

Use of cookies

On our website, we employ cookies that are necessary for its use.

Cookies are small text files that can be saved and read on your device. There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. 

You can set your browser to notify you about the placement of cookies so that their use is transparent. Moreover, you can delete cookies at any time via the corresponding browser setting and prevent new ones from being set. However, this may prevent our website from being displayed correctly, and some functions may no longer be available.

Overview of the cookies we use
This section provides an overview of the cookies we use.

a) Strictly necessary cookies

Cookies that are strictly necessary include, for example:

• Cookies that identify or authenticate our users;
• Cookies that store certain user preferences (e.g. search or language settings).

We do not use these necessary cookies for analytics, tracking, or advertising purposes.

Some of these cookies only contain information on certain settings and cannot be linked to a specific person. They may also be necessary to navigate around the website, for security, or to display content correctly.

The following cookies that are set by this website are necessary cookies:

Name: fc_cookieconsent_status
Purpose: saves the current consent status of the cookies allowed by the user in the cookie banner
Expiry: one year

Name: fc_cookieconsent_history
Purpose: saves the changes to user consent via the cookie banner
Epiry: one year

b) Analytical cookies

We use analytical cookies to record the usage behavior (e.g. subpages visited, search queries entered) of our users and to evaluate it anonymously and statistically. For more on this, see the Web analytics section below.

Web analytics

We need statistical information about the use of our website to make it more user-friendly, to measure its reach, and to carry out market research. For this purpose, we use the web analytics tools described in this section. The usage profiles created by these tools using analytical cookies are not linked to personal data. The tools either do not use user IP addresses at all or shorten them immediately after collection. The tool providers process data only as processors according to our instructions and not for their own purposes.

How does the tracking work?
When you visit our website, it is possible that the tracking providers mentioned below retrieve recognition features for your browser or your device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read out recognition features on your device (e.g. cookies) or receive access to individual tracking pixels.

etracker
etracker is provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. 

Data is processed on the basis of your consent, provided you have consented via our banner. You can withdraw your consent at any time and choosing the corresponding settings via our banner.

Within the scope of etracker, etracker GmbH supports us as a processor as per Art. 28 GDPR.

The following cookies, which are set by this website, are related to etracker:

Name: et_oi_v2
Purpose: opt-in cookie, saves the visitor's decision when the tracking opt-in is played on the customer's side. Is also used for a possible opt-out.
Expiry: the period of validity is 50 years for no tracking (“no”) and 480 days for tracking (“yes”).

Social Plugins

In our Online Offers we use so-called social plugins from various social networks; these are individually described in this section. During the usage of the plugins, your internet browser establishes a direct connection to the respective social networks’ servers. This way, the respective provider receives information that your internet browser has accessed from the respective site of our Online Offers, even if you do not have a user account with this provider or are currently not logged into this account. Log files (including the IP address) are, in this case, directly transmitted from your internet browser to a server of the respective provider and might be stored there. The provider or its server may be located outside the EU or the EEA (e.g., in the United States).

The plugins are standalone extensions by social network providers. For this reason, we are unable to influence the scope of data collected and stored by them.

Purpose and scope of the collection, the continued processing and usage of data by the social network as well as your respective rights and setting options to pro-tect your privacy can be found by consulting the respective social network's data protection notices.

In case you do not wish social network providers to receive and, if applicable, store or use data, you should not use the respective plugins.

Facebook plugins
Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an over-view over Facebook's plugins and their appearance here: http://developers.facebook.com/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.

Twitter plugins
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview over Twitter's plugins and their appearance here: https://twitter.com/about/resources/buttons; find information on data protection at Twitter here: https://twitter.com/privacy

Google+ plugins
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Find an overview over Google's plugins and their appearance here: https://developers.google.com/+/plugins; find information on data protection at Google+ here: http://www.google.com/intl/de/+/policy/+1button.html.

Instagram plugins
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Find an overview over Instagram's plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; find information on data protection at Instagram here: https://help.instagram.com/155833707900388/

Soundcloud plugins
Soundcloud is operated by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany ("Soundcloud"). Find information on data protection at Soundclouds here: https://soundcloud.com/pages/privacy

YouTube

On our website we embed videos that are not stored on our servers. To ensure that viewing our website with embedded videos from a third-party provider does not automatically cause their content to be loaded, initially we only show locally stored preview images from the videos. These do not provide any information to the third-party provider.

Only after you have clicked on the preview image will content from the third-party provider be loaded. Through this action, they receive the information that you have accessed our web page as well as the usage data that is technically necessary for this purpose. Furthermore, the third-party provider is then able to implement tracking technologies. We have no influence over the further processing of the data by the third-party provider. By clicking on the preview image, you consent to their content being loaded. 

Videos are embedded on the basis of your consent as per Art. 6 Section 1(a) GDPR, provided you have consented by clicking on the preview image. Please be aware that the embedding of some videos leads to your data being processed outside of the EU or EEA. In some countries this incurs the risk that authorities can access the data for security and monitoring purposes without your being informed or able to appeal. 
If we use providers in third countries that are unsafe and you give your consent, the data transfer to an unsafe third country is based on Art. 49 Section 1(a) GDPR.

• Provider: YouTube / Google (USA)
• Adequate level of data protection: No adequate level of data protection. Transfer is based on Art. 49 Section 1(a) GDPR.
• Withdrawal of consent: When you click on a preview image, the content of the third-party provider is loaded immediately. If you do not want this to occur on other pages, please do not click on any further preview images.

Google Maps

On our website we embed map services that are not stored on our servers. To ensure that viewing our website with embedded map services from a third-party provider does not automatically cause their content to be loaded, initially we only show locally stored preview images of the maps. These do not provide any information to the third-party provider

Only after you have clicked on the preview image will content from the third-party provider be loaded. Through this action, they receive the information that you have accessed our web page as well as the usage data that is technically necessary for this purpose. We have no influence over the further processing of the data by the third-party provider. By clicking on the preview image, you consent to their content being loaded. 

Map services are embedded on the basis of your consent as per Art. 6 Section 1(a) GDPR or § 15 Section 3 Clause 1 TMG [German Telemedia Act], provided you have previously consented by clicking on the preview image. 

Please be aware that the embedding of some map services leads to your data being processed outside of the EU or EEA. In some countries this incurs the risk that authorities can access the data for security and monitoring purposes without your being informed or able to appeal.

If we use providers in third countries that are unsafe and you give your consent, the data transfer to an unsafe third country is based on Art. 49 Section 1(a) GDPR.

• Provider: Google LLC (USA)
• Adequate level of data protection: No adequate level of data protection. Transfer is based on Art. 49 Section 1(a) GDPR.
• Withdrawal of consent: When you click on a preview image, the content of the third-party provider is loaded immediately. If you do not want this to occur on other pages, please do not click on any further preview images

External links

Our Online Offers may contain links to third party internet pages – by providers who are not related to us. Upon clicking the link, we have no influence on collecting, processing and using personal data possibly transmitted by clicking the link to the third party (such as the IP address or the URL of the site on which the link is located) as the behavior of third parties is naturally outside our supervision. We do not assume responsibility for the processing of such personal data by third parties.

Security

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

User rights

To enforce your rights, please use the details provided in the Contact section. In doing so, please ensure that an unambiguous identification of your person is possible.

Right to information and access:
You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

Right to correction and deletion:
You have the right to obtain the rectification of inaccurate personal data concerning yourself without undue delay from us. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

Restriction of processing:
You have the right to demand for – as far as statutory requirements are fulfilled – restriction of the processing of your data.

Objection to data processing:
You have the right to object to data processing by us at any time. We will no longer process the personal data unless we demonstrate compliance with legal requirements to provide provable reasons for the further processing which are beyond your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Objection to direct marketing:
Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that, due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

Objection to data processing based on the legal basis of “justified interest”:
In addition, you have the right to object to the processing of your personal data any time, insofar as this is based on the legal basis of justified interest. We will then ter-minate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements for the processing, which override your rights

Withdrawal of consent:
In case you consented to the processing of your data, you have the right to object this consent with immediate effect. The legality of data processing prior to your revocation remains unchanged.

Data portability:
You are entitled to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.

Transparency:
As a rule – unless we advise of this separately when collecting data – you are not obliged to provide us with your personal details. However, it may be necessary to collect this data for the purpose of concluding and executing a contract (e.g. arranging a funded project, running an event). If you do not provide us with the necessary personal data in this case, we cannot execute the contract with you. Your personal data is not used for automated decision-making.

Right of complaint with super-visory authority:
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us. This is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit

Address:
Königstrasse 10a
70173 Stuttgart
Germany

Postal adress:
P.O. Box 10 29 32
70025 Stuttgart
Germany
Phone: 0711/615541-0
Fax: 0711/615541-15
E-Mail: poststelle@lfdi.bwl.de

Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures if this is required due to technical development. In such cases, we will amend our data protection notice accordingly. Please therefore observe the current version of our data protection notice, as this is subject to change.

Status update on June 01, 2022