Protection of person related data is a top priority for Robert Bosch GmbH and is taken into account in all of our business processes. The following data protection information provides an overview of the processing of person related data by Robert Bosch GmbH as data controller by law. Person related data means all information that relates to an identified or identifiable natural person.
With this data protection notice, we provide information on type, scope and purpose of the acquisition of person related data at Robert Bosch GmbH in the context of research and development on driver assistance systems, automated and autonomous driving, driving functions and other services, as well as the handling of these data. In addition, the web site clarifies what rights exist in relation to the processing of person related data and what essential content is established in the processes of Robert Bosch GmbH in relation to the acquisition and processing of person related data.
Within the framework of the above-mentioned research and development purpose, marked test vehicles move in public traffic areas and - as far as permitted by other laws - on private plants, test sites and other sites. The vehicles are equipped with camera systems with different detection angles, focal lengths and sensor technologies, and some of them are equipped with outside microphones and other sensor systems. These systems record, process and store video, image and audio data from the vehicle environment for the purposes described in section 4 of this data protection policy.
Depending on the individual case, these data may also contain the following personal information:
This data processing potentially affects all traffic participants who are in the vicinity of one of the (marked) test vehicles during the test operation.
Robert Bosch GmbH is data controller in accordance with Art. 26 GDPR for the processing of person related data described below, unless someone else is explicitly named as the responsible body.
Business Divisions in charge:
Robert Bosch GmbH, Chassis Systems Control
Bosch Engineering GmbH
Robert-Bosch-Allee 1
74232 Abstatt
Robert Bosch GmbH, Cross-Domain Computing Solutions
Burgenlandstr. 33
70469 Stuttgart-Feuerbach
Data Protection Officer of the Bosch-Group:
Robert Bosch GmbH, Information Security and Privacy Bosch-Group (C/ISP)
Postfach 300220
70442 Stuttgart
Germany
https://www.bosch.com/data-protection-notice
Email: DPO@bosch.com
The purposes of this data processing are research, development and testing in the areas of driver assistance systems, automated driving, driving functions and other services, including the documentation of these processes and the fulfillment of other downstream obligations.
Driver assistance systems and driving functions are already used in today's vehicles in particular to increase traffic safety, but also to increase comfort. In future automated and autonomous vehicles, technical systems for perceiving and coping with traffic and environmental situations will enable such vehicles to participate in public transport safely and in accordance with the rules. Other services make it possible to make means of transport, traffic and traffic systems safer, more efficient and more comfortable.
Research, development and testing of such systems require their use in test vehicles under real environmental and traffic conditions - including in public traffic - including the acquisition, processing and storage of video, image and audio recordings during and after these operations.
Based on these materials, technical systems for the perception and classification of traffic participants, vehicles, infrastructure and other objects in the context of traffic and environmental situations are researched, developed and tested.
People, vehicles, other objects as well as audio information are only analyzed, classified and further processed as "objects" in the context of traffic and environmental situations in the context of data processing, for example as "pedestrians on the right-hand side of the lane", "cars on an intersection", "emergency siren behind the vehicle ”.
It is usually not possible to identify registered persons by name or other personal identification or to assign registered vehicles or objects to persons identified in this way from the video, image and audio material, and the registration often takes place only very briefly in passing. However, identifiability and identification of persons cannot be completely excluded in special situations (e.g. traffic lights, traffic jams, pedestrian crossings, ...), so that the data have to be considered as person related according to Art. 4 (1).
The primary legal basis for processing is Art. 6 Para. 1 Litera F, GDPR "Protection of legitimate interests". The controller's legitimate interest is to carry out research, development and testing on driver assistance systems, automated driving, driving functions and other services.
The conflicting interests, fundamental rights and freedoms of the data subjects do not prevail, since the identification of individual data subjects by name or otherwise is neither necessary nor intended. In addition, technical and organizational measures are taken to ensure that the data collected is processed in accordance with data protection regulations.
The data will only be shared with group companies, cooperation partners, processors or third parties within the above mentioned data protection purpose limitations. Data will only be disclosed if it is permitted by law and/or by official or court order or if the third party has a legitimate interest.
Categories of recipients to whom data may be transmitted within the scope of the purposes described above are in particular:
If a transfer to recipients in third countries takes place within the framework of the research, development and testing processes or the downstream processing, this will only take place in the presence of an adequacy decision pursuant to Art. 45 DSGVO, on the basis of suitable guarantees within the meaning of Art. 46 DSGVO or if permitted under other law.
An automated decision in an individual case or 'profiling' in the sense of Art. 22 DSGVO does not take place and would be almost impossible due to the short and one-off recording times.
The video, image and audio data are stored for the duration of the aforementioned research, development and testing purpose.
In some cases, additional legal provisions (e.g. product liability) or a further justified interest may lead to correspondingly longer storage periods.
The DSGVO stipulates the following rights of data subjects, which can be asserted against Robert Bosch GmbH as data controller:
Enforcement of rights:
According to Art. 11 DSGVO, the recorded video, image and audio data are a "processing for which it is not necessary to identify the data subject". Additional identification features are neither recorded nor processed.
Therefore, information about LOCATION and TIME are always required in order to determine whether someone has actually been in the vicinity of one of the test vehicles and is affected by the processing. Only then can the aforementioned rights such as 'information', 'deletion' etc. be fulfilled. With a deletion, the rights to 'restriction of processing' and 'objection' are automatically covered. The right of rectification and data transferability, on the other hand, is not relevant due to the type of data.
Special notes on the limitation of data subject rights:
We would also like to point out that in the context of the present processing your rights under Art. 15 DSGVO (right to access), Art. 16 DSGVO (right to rectification), Art. 17 DSGVO (right to deletion), Art. 18 DSGVO (right to limitation of processing) and Art. 21 DSGVO (right to object) may be subject to special additional restrictions. These special restrictions apply if the exercise and fulfilment of these rights in a specific case would probably make the realization of research purposes impossible or seriously impair them and the restriction is therefore necessary for the fulfilment of these research purposes.
This special limitability and its conditions result in particular from Art. 89 DSGVO in conjunction with § 27 BDSG and Art. 17 DSGVO.
Contact persons are listed in section 3.
Last revised: October 25, 2022