Data Privacy Statement

  • Residential IoT Services GmbH
    Data Privacy Statement
    Last revised: 11.02.2022

    Residential IoT Services GmbH (hereinafter referred to as "we" or "us") appreciates your visit to our website (also referred to as "Online Service") and your interest in our company and products.

    1. Residential IoT Services GmbH respects your privacy
    For us, the protection of your privacy during the processing of personal data and the security of all business data are important matters which we take into account in our business processes. We process the personal data that is collected when you visit our Online Services confidentially and only in accordance with statutory regulations.
    Data protection and information security form an integral part of our company policy.

    2. Controller
    The controller responsible for processing your data is Residential IoT Services GmbH; any exceptions are clearly indicated in this Data Privacy Statement.
    Our contact details are as follows:

    Residential IoT Services GmbH
    Borsigstrasse 4
    70469 Stuttgart


    3. Collection, processing and use of personal data

    3.1 Categories of processed data
    • Communication data (name, e-mail address, IP address) is processed.

    3.2. Basic principles
    Personal data refers to all information relating to an identified or identifiable natural person, e.g. names or e-mail addresses, which reveal a person's identity.
    We collect, process and use personal data (including IP addresses) only if there is a legal basis to do so or if you have given us your consent to do so, e.g. during registration.

    3.3 Processing purposes and legal bases
    We, and the service providers we engage, process your personal data for the following purposes:

    3.3.1 · Provision of an online community for registered users for exchanging information relating to existing or new products between customers and us.
    (Legal basis: Fulfilment of the agreement. The following conditions apply for this []).

    • We are required to pass on personal data to our commissioned service providers for the purposes of registration, user administration and provision of the Community.
      (Legal basis: Legitimate interest in the functionality of our Community)

    3.3.2 · Provision of an online platform for non-registered users for exchanging information relating to existing or new products.

    (Legal basis: Our legitimate interest in direct marketing provided it complies with data protection and competition regulations)

    • We need to pass on personal data to our commissioned service providers for the purposes of registration, user administration and provision of the Community.
      (Legal basis for passing on data: Legitimate interest in the functionality of our Community)

    3.3.3 Identification of defects and for security reasons
    (Legal bases: To fulfil our legal obligations regarding data security and our legitimate interest with respect to the elimination of defects and the security of our services)

    • We are required to pass on personal data to our commissioned service providers for the purpose of determining the cause of defects
      (Legal basis: To fulfil our legal obligations regarding data security and our legitimate interest with respect to the elimination of defects and the security of our services)

    3.3.4 Safeguarding and defending our rights
    (Legal basis: Our legitimate interest in asserting and defending our rights)

    3.3.5 Sending of newsletters via e-mail with the recipient's consent
    (Legal basis: Consent)

    3.4. Registration
    If you wish to use our services which require entering into a contract, you will need to register. During registration, we collect the personal data necessary for entering into and fulfilment of the agreement (e.g. first name, surname, e-mail address, if applicable, details on the preferred payment method or on the account holder) as well as further data on a voluntary basis, if applicable.

    3.5 Log files
    Generally speaking, only specific information is transferred by our website and saved by us in log files when technical problems arise from the use of the website.
    The log files are saved by us in order to determine the defects and are deleted after eliminating the technical problems. Log files that need to be stored for a longer period for evidence purposes are not deleted until the incident in question has been fully clarified and may be passed on to investigation authorities in individual cases.

    The following information in particular is stored in log files:

    • IP address (Internet protocol address) of the device from which the Online Service is accessed;
    • Internet address of the website used to access the Online Services (URL of origin or referrer URL);
    • Http status code (e.g. "Request successful" or "Requested file not found").

    3.6 Special data categories
    This Online Service processes special categories of data about you (e.g. details on health, religion or sexual orientation) in accordance with statutory provisions, provided you have expressly consented to this or have obviously made these details public yourself.

    3.7 Children
    This Online Service is not suitable for children under the age of 16.

    3.8 Forwarding data

    3.8.1 Forwarding data to other controllers
    We will only ever pass on your personal data to other controllers if this is necessary in order to perform the agreement, if we or the third party have/has a legitimate interest in passing on the data, or if you have granted your consent to this. Particulars on the legal bases and the recipients or categories of recipients can be found in the section "Processing purposes and legal bases" (see no. 3.3). In addition, data can be passed on to other controllers if we are obliged to do so on the basis of legal provisions or enforceable official or judicial orders.

    3.8.2 Service providers (general)
    We commission external service providers to perform tasks such as programming and data hosting. We have selected these service providers with care and monitor them on a regular basis, particularly with regard to the careful handling and safeguarding of the data they store. All the service providers are required by us to maintain confidentiality and comply with statutory requirements. Service providers may also be other companies in the Bosch Group.

    3.8.3 Forwarding data to recipients outside the EEA
    We may also pass on personal data to recipients that are located outside the EEA, in third countries. In this case, we shall ensure before transmission that an appropriate level of data protection exists at the recipient or that you consent to the transmission of this data.
    You are entitled to receive an overview of third country recipients and a copy of the specifically agreed provisions securing an appropriate level of data protection. For this purpose, please use the details in the "Contact" section (see no. 12).

    4. Storage period; retention periods
    We store your data for as long as necessary to provide our Online Service and the services associated with it, or for as long as we have a legitimate interest in storing it further (e.g. we may still have a legitimate interest in postal marketing even after the agreement has been performed). After this time, we will erase your personal data, with the exception of the data that we must continue storing in order to comply with legal obligations (e.g. due to retention periods under tax and commercial law, we are obliged to retain, for example, contracts and invoices for a certain period).

    5. Use of cookies
    Cookies and tracking mechanisms may be used in the context of providing our Online Service. Cookies are small text files that may be stored on your end device when you visit an Online Service. Web analysis is made possible by various different technologies.

    5.1 Categories
    We distinguish between cookies that are essential in order to enable use of an Online Service and its features, and cookies and tracking mechanisms that are not strictly necessary for the functioning of an Online Service.

    Online Services can still generally be used without cookies that are not strictly necessary.

    5.1.1 Strictly necessary cookies
    Strictly necessary cookies are cookies without which the functions and features of the Online Service cannot be provided. These include, for example, cookies that store information in order to guarantee flawless playback of video or audio content. These cookies are deleted when you leave the Online Service.

    5.3 Disabling all cookies
    If you would like to disable all cookies, you can do so in your browser settings. Please be aware that doing this may affect the functionality of the website.

    6. Newsletters with sign-up; right of cancellation
    As part of our Online Service, you can subscribe to newsletters. We use the "double opt-in" procedure to do this; this means that we will only send you a newsletter via e-mail, mobile messenging services (e.g. WhatsApp), SMS or Push notifications if you have expressly confirmed activation of the newsletter service beforehand, by clicking on a link in a notification. In case you wish to no longer receive newsletters, you can terminate the subscription at any time by withdrawing your consent. Consent to e-mail newsletters can be withdrawn via the link contained in the newsletter, where necessary in the administration settings for the relevant Online Service. Alternatively, please contact us using one of the methods indicated in the "Contact" section.

    7. Communities
    We give you the option of becoming a member of our Community. In these Communities, you can register, create a user profile and communicate with other members. We will only use the data you have generated there for the relevant marketing, market research and customer service purposes that you agree to in your declaration of consent. You may withdraw this consent with effect for the future at any time by using the link in the Communities. Alternatively, please contact us using one of the methods indicated in the "Contact" section.

    In the input screen for the Community in question, you have the option to select whether individual details of your user profile are to be published to all members of the Community or only to your "Community friends", or whether they are to be kept private.
    All other data that you generate in the Communities, e.g. by posting comments or images, will automatically become publicly accessible and will be linked to your user profile.

    8. External links
    Our Online Service may contain links to third-party websites, i.e. providers not affiliated with us. Upon clicking on the link, we have no influence on the collecting, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control. We do not assume responsibility for the processing of personal data by third parties.

    9. Security
    Our employees and the service providers we engage are committed to maintaining confidentiality and complying with the provisions of the applicable data protection laws.
    We take all necessary technical and organisational measures to guarantee an adequate level of protection and to protect your data that is managed by us, particularly against risks from unintentional or unlawful destruction, manipulation, loss, alteration or unauthorised disclosure or access. Our security measures are constantly being improved in line with technological developments.

    10. User rights
    To exercise your rights, please use the details in the "Contact" section (see no. 10). When doing so, please ensure that we can clearly identify you.

    10.1 Right to information and access
    You have the right to receive information from us about the processing of your data. In this respect, you can exercise your right to obtain information about the personal data concerning you that we process.

    10.2 Right to rectification and erasure
    You can demand that we rectify incorrect data. Provided the statutory provisions are met, you can demand the completion or erasure of your data.
    This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, any processing of it will, however, be restricted (see below).

    10.3 Restriction of processing
    Provided the legal requirements are met, you can demand that we restrict the processing of your data.

    10.4 Data portability
    Provided the statutory provisions are met, you also have the right to receive data, which you have provided to us, in a structured, commonly used and machine-readable format and, where technically possible, have the right to transmit that data to a third party.

    10.5 Right to object

    10.5.1 Objection to data processing where the legal basis is a legitimate interest
    You also have the right to object at any time to data processing by us if the data processing is based on a legitimate interest. We will then stop processing your data unless we can demonstrate – in accordance with legal requirements – compelling legitimate grounds for the processing that override your rights.

    10.6 Withdrawal of consent
    If you have given us your consent to process your data, you can withdraw it at any time with effect for the future. This shall also apply to the withdrawal of declarations of consent which we received before the GDPR entered into force, i.e. prior to 25th May 2018. The lawfulness of data processing prior to your withdrawal remains unchanged.

    10.7 Right to lodge a complaint with the supervisory authority
    You have the right to lodge a complaint with a data protection supervisory authority. To this end, you can contact the data protection supervisory authority responsible for your place of residence or federal state or the data protection supervisory authority responsible for us.

    This is:
    The Landesbeauftragte für den Datenschutz und die Informationsfreiheit [German State Commissioner for Data Protection and Freedom of Information] for Baden-Württemberg

    Lautenschlagerstraße 20
    70173 Stuttgart

    Postal address:
    Postfach 10 29 32
    70025 Stuttgart

    Tel.: +49 711 6155 41-0
    Fax: +49 711 6155 41-15
    E-mail to:

    11. Changes to the Data Privacy Statement
    We reserve the right to change our security and data protection measures. In such cases, we will also amend our Data Privacy Statement accordingly. Therefore please observe the latest version of our Data Privacy Statement.

    12. Contact
    If you wish to contact us, you can use the address given in the "Controller" section (see no. 2).
    Please use the following link to exercise your rights and report data protection incidents:
    For suggestions and complaints with regard to how your personal data is processed, we recommend that you contact our Data Protection Officer:
    Data Protection Officer
    Information Security and Data Protection department for the Bosch Group (C/ISP)
    Postfach 30 02 20
    70442 Stuttgart
    E-mail to:
    As at: 11.02.2022