Data Protection Statements
Robert Bosch Stiftung GmbH (in the following "Robert Bosch Stiftung" or "we" or "us") appreciates your interest in our organization and our work. The protection of your privacy throughout the course of processing personal data and the security of all business data is a very important concern for us that we take into consideration in all of our business processes. We process personal data confidentially and only in accordance with statutory regulations. Data protection and information security are an integral part of our corporate policy.
1. Scope of application and controller
These data protection statements apply to the processing of personal data by Robert Bosch Stiftung. Personal data are all data that refer to an identified or identifiable natural person, such as names, addresses, telephone numbers, email addresses.
Robert Bosch Stiftung is the controller responsible for the processing of your personal data. Our contact details are as follows:
Robert Bosch Stiftung GmbH
You can reach our data protection officer using these contact details as well.
2. Collecting, storing and using personal data
We collect your data if and when you provide them to us within the scope of a project application respectively realisation of a project or for the purpose of adding them to one of our mailing lists. Furthermore, we may collect your data when you attend one of our events or when we receive your data from a third party. For more details, please refer to section 3., "Transparency".
We store the personal data and data categories listed below in our project and contact database:
- Master data (e.g. name of the contact person, gender, organization),
- Address and contact data (e.g. postal address, email address, telephone number),
- Type of group (e.g. applicant, expert, jury member, award winner, project member),
- Payment data (information for handling of payment, e.g. bank account details).
The data is stored in Germany. We use the data stored in our project and contact database to send letters and information to you by post and/or email as well as within the scope of a project application or the realisation of a project. Robert Bosch Stiftung pursues exclusively non-profit objectives. We do not promote or offer any products of the Bosch Group or other companies in our letters and information.
In detail, we may use the data for the following purposes:
- Tenders (e.g. information about new tenders),
- Handling of project applications and realisation of projects,
- Communication in the context of projects,
- Communication with the press (e.g. press invitations, press releases),
- Sending invitations (e.g. New Year's reception and other events) and documents to attendees,
- Networking with project partners,
- Sending newsletters (e.g. Impulse newsletter),
- Sending season's greetings,
- Processing for archiving and historiographical purposes.
3. Data processing principles
We inform you if we process your personal data.
This is done by collecting personal data when you provide us with the data (e.g. when you register for one of our events). As a rule, you are not obligated to provide us with your personal data, except where we make a separate statement to this effect when we collect your data. It may, however, be necessary to collect data when entering into and executing a contract (e.g. a subsidized project, organizing an event). If you do not provide us with your personal data in such a case, we cannot implement the contract.
When processing your personal data, we will not use automated decision-making procedures.
We only collect, process and use personal data if there is either a statutory legal basis to do so or if you have given your consent to process personal data.
The legal basis for processing the personal data as specified in section 2. is our legitimate interest (article 6 (1) (f) GDPR) to provide information on our non-profit activities and to communicate with interested parties in order to promote our activities. Furthermore, we can store personal data for archiving and historiographical purposes provided the archiving is in the public interest (article 6 (1) (f) GDPR). In addition, it may be necessary to process data in order to be able to implement subsidized projects, events or other contracts (article 6 (1) (b) GDPR). Furthermore, we can also process your data if you have given us your consent (Art. 6 (1) (a) GDPR).
As a rule, we only store your personal data as long as it is required for the processing purpose mentioned above. This means that we will generally delete your personal data stored for communication purposes from our project and contact database if we have not contacted you for more than one year. Personal data that we process within the scope of project applications or the realisation of projects will generally be stored until the respective project has been finalised. Personal data stored for archiving purposes will be deleted if the data no longer has any further archiving value. In addition, we may continue to store your personal data if required to comply with legal obligations (e.g. statutory retention duties).
Disclosure to Third Parties
As a rule, we only transmit your personal data to other controllers if this is required for the performance of the contract, if we or the third party has a legitimate interest in the transmission or if you have consented to the transmission. For further details on the legal bases and the recipients and categories of recipients, respectively, please refer to section 2. (see e.g. communication in the context of projects, networking with project partners, software maintenance) and section 3., subsection "Lawfulness". In addition, data may be transferred to other controllers if we are required to do so due to statutory regulations or enforceable orders issued by authorities or courts.
We may instruct external providers who act on our behalf and provide certain services (e.g. sending newsletters, organizing events, archiving, software maintenance). We have chosen these service providers with care and monitor them on a regular basis, particularly their careful handling and securing of the data they store. We will impose an obligation on the service providers to keep the data confidential and to comply with the statutory regulations.
Our employees and the service providers instructed by us have an obligation to maintain confidentiality and to comply with the applicable data protection laws. We implement all necessary technical and organizational measures to warrant an appropriate level of security and to protect your data administered by us especially against the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are improved continuously in accordance with technological developments.
4. Your rights
Below, we would like to inform you of your rights. You can contact us at any time in order to execute your rights. We will then verify whether the statutory requirements (including possible exceptions) for the relevant right of the data subject are met and will inform you of our further steps. If you contact us to exercise your rights, please ensure that it is possible to identify you clearly. You will find our contact data in the "Contact" section.
Right of access
You have the right to demand information on the personal data stored about you. For more information concerning this right please refer to article 15 GDPR.
Right to rectification
You have the right to demand rectification of any inaccurate personal data. For more information concerning this right please refer to article 16 GDPR.
Right to erasure
In addition, you have the right to demand erasure of your personal data. For more information concerning this right please refer to article 17 GDPR.
Restriction of processing
You also have the right to demand that we restrict the processing of your data. For more information concerning this right please refer to article 18 GDPR.
In addition, you have the right to receive your personal data that you provided to us in a structured, commonly-used and machine-readable format. For more information concerning this right please refer to article 20 GDPR.
Objection to data processing
In addition, you have the right to object, at any time, to the data being processed by us. For more information concerning this right please refer to article 21 (1) GDPR.
Objection to direct marketing
You can object to the processing of your personal data for advertising purposes at any time. For more information concerning this right please refer to article 21 (2) GDPR.
Withdrawal of consent
If you have given us consent to the processing of your data, you may withdraw this consent at any time with effect for the future. This does not affect the lawfulness of the processing of your data prior to the date of withdrawal.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority. In this context, you may approach e.g. the data protection authority competent for your place of residence or your German state or the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (Baden-Württemberg Commissioner for Data Protection and Freedom of Information) who is responsible for us.
5. Changes to the Data Protection Statement
We reserve the right to change our Data Protection Statement at any time. Therefore, please take note of the latest version of our data protection notice. This version of our Data Protection Statement is current as of November 2018.
You can contact us at the address provided in section 1., "Scope of application and controller". If you want to assert your rights or have any suggestions or complaints regarding the processing of your personal data or would like to withdraw your consent, we recommend that you contact our data protection officer. You will find the contact data in the aforementioned section as well.