Privacy Notice

Robert Bosch GmbH (hereinafter "Bosch“ or "We“ or "Us") is delighted about your visit to our internet pages and mobile applications (together also referred to as "Online Offers") and about your interest in our company and our products.

The protection of your privacy throughout the course of processing personal data as well as the security of all business data is an important concern to us. We process personal data that was gathered during your visit of our Online Offers confidentially and only in accordance with statutory regulations.

Data protection and information security are included in our corporate policy.

Bosch is the controller responsible for the processing of your data; exceptions are outlined in this data protection notice.

Our contact details are as follows: Robert Bosch GmbH, Robert-Bosch-Platz 1, 70839 Gerlingen-Schillerhöhe, Germany, kon-takt@bosch.de; +49 711 400 40990; Corporate Headquarter: +49 711 811-0.

In case of questions, please contact: Bosch.EventsApp@bosch.com

The following categories of data are processed:

• Communication data (e.g. name, e-mail, IP address)

• User profile details (e.g. company, job title)

• Requests for security reasons (e.g. Date/time of the request, App page requested)

• Collection/processing of other data during use of the features of the Bosch Event App (e.g. images, videos, messages, marked agenda sessions, bookmarks, results from surveys and polls, leaderboard)

If an event (or workspace or campaign) uses an Activity challenge advanced module that includes step count data, and participants allow the use of step count on their devices, this data is collected solely to foster engagement. The data is used only within the scope of the challenge for this specific event, reported in aggregate form, and is not retained or processed as health-related data or personal activity profiles.

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

We and service providers commissioned by us process your personal data for the following processing purposes:

– Provision of these Online Offers (Legal basis: Consent).

– Operation of a community for signed-in members for the purpose of communication and information (Legal basis: Consent)

– Usage analysis to the extent permitted by law (legal basis: legitimate interest on our part in the analysis of app usage)

If you wish to use/access benefits that require the formation of a contract, we request that you register. Within the scope of the registration we collect personal data necessary for the formation and the fulfillment of the contract (e.g., first name, last name, email address, name of the event for which you would like to use the app and which you are registering for) as well as, if applicable, additional data on a voluntary basis. Mandatory statements are marked with a *.

Every time you use the app certain information will be transmitted which we store in so-called log files.

We save log files for a short time solely to determine disturbances and for security reasons (e.g., to clarify attack attempts) and then we delete them afterwards. Log files which need to be maintained for evidence purposes are excluded from deletion until the respective incident has been completely resolved and may, on a case-by-case basis, be passed on to investigating authorities.

Log files are also used for analysis purposes (without or without complete IP address).

In log files, the following information in particular is being saved:

– Date/time of the request

– App page requested

This Online Offer is not for children under 16 years of age.

Your personal data is principally forwarded to other controllers only when required for the fulfillment of a contract, in the case where we or the third party have a legitimate interest in the transfer, or when your consent has been given. This is e.g. the case, when you register for an event offered by another Bosch Group Company. Particulars on the legal bases can be found in the Section - Purposes of Processing and Legal Bases. Third parties may also be other companies of the Bosch group. When data is transferred to third parties based on a justified interest, this is explained in this data protection notice.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

We have commissioned external service providers with tasks such as programming, data hosting and hotline services. We have chosen these service providers carefully and review them regularly, especially regarding their diligent handling of and protection of the data that they have saved. All service providers are obliged to maintain confidentiality and to abide by the statutory provisions. Service providers may also be other Bosch group companies.

We can also transfer personal data to recipients located outside the EEA in so-called third countries. In such cases, we ensure prior to the transfer either that the data recipient provides an appropriate level of data protection (e.g., due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.

You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-to provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the Contact section.

Duration of storage, retention periods

Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a legitimate interest in storing the data. In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. we may be required by applicable national law to store Your data for a certain period of time). This is usually the case within three months from the end of the event.

Our offers also include so-called location based services through which we provide you with special offers that are tailored to your respective location. To offer this app function, we collect the last three GPS locations delivered by the mobile device and your IP address when you consent. We do not create a movement profile. You can deactivate this function in the respective app's settings or in the settings of the operating system of your mobile device or pause it temporarily without affecting the basic functionality of the app.

We need statistical information on the usage of our Online Offers to perform range measurements and to analyze the usability of the app. For this purpose, we analyze the usage of the app anonymized and accumulated.

Our Online Offers may contain links to third party internet pages – by providers who are not related to us. Upon clicking the link, we have no influence on collecting, processing and using personal data possibly transmitted by clicking the link to the third party (such as the IP address or the URL of the site on which the link is located) as the behavior of third parties is naturally outside our supervision. We do not assume responsibility for the processing of such personal data by third parties.

Our employees and the companies providing services on our behalf, are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

To enforce your rights, please use the details provided in the Contact section. In doing so, please ensure that an unambiguous identification of your person is possible.

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

You have the right to obtain the rectification of inaccurate personal data concerning yourself without undue delay from us. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

You have the right to demand for – as far as statutory requirements are fulfilled – restriction of the processing of your data.

You have the right to object to data processing by us at any time. We will no longer process the personal data unless we demonstrate compliance with legal requirements to provide provable reasons for the further processing which are beyond your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. In this case come app functionalities might be limited.

In case you consented to the processing of your data, you have the right to object this consent with immediate effect. The legality of data processing prior to your revocation remains unchanged. In case of a withdrawal of consent app functionalities might be limited.

You are entitled to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – to demand that we transfer those data to a third party.

You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us. This is:

Lautenschlagerstraße 20

70173 Stuttgart, GERMANY

Postal address:

P.O. Box 10 29 32

70025 Stuttgart, GERMANY

Tel.: 0711/615541-0

FAX: 0711/615541-15

E-Mail: poststelle@lfdi.bwl.de

This CCPA Disclosure supplements the information contained in Robert Bosch GmbH's (“Bosch” or “we”) Privacy Policy and applies solely to all visitors, users, and others of the Bosch Event App who reside in the State of California (“you”). We adopt this CCPA Disclosure to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this CCPA Disclosure.

The Bosch Event App has collected the following personal information from users of the Bosch Event App within the last twelve (12) months:

Category and Sources of Information Examples How we use it How we share it Identifiers We collect this information from our users, customers, and business partners. We also generate identifiers internally. Real name, email address, IP address. To enable use of our sites, services, and to communicate with you. We share this data with our service providers and with business partners, including those whom you instruct us to send this information Personal Information under Cal. Civ. Code § 1798.80(e) We collect this information from our users, customers, and business partners. Some personal information included in this category may overlap with other categories, images, videos, messages, marked agenda sessions, bookmarks, results from surveys or polls, leaderboard. To enable use of our sites, services, and to communicate with you. We share this data with our service providers and with business partners, including those to whom you instruct us to send this information Internet or other similar network activity We collect this information from our users and customers. Browsing history, search history, information on a consumer's interaction with a website, application. To enable use of our sites, services, and to communicate with you, to understand how our users interact with our sites, and to improve our offerings. We share this data with our service providers and with business partners, including those to whom you instruct us to send this information Professional or employment-related information We collect this information from our users, customers, and business partners. Company or job title. To provide services you’ve requested. We share this data with our service providers and with business partners, including those to whom you instruct us to send this information We share this data with our service providers and with business partners, including those to whom you instruct us to send this information

We disclose your personal information for a business purpose to the following categories of third parties: – Service providers.

As a California resident you have the right to request that Bosch discloses certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

As a California Resident you also have the right to request that Bosch deletes any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: 1) Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. 2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. 3) Debug products to identify and repair errors that impair existing intended functionality. 4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. 5) Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). 6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. 7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. 8) Comply with a legal obligation. 9) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise your CCPA rights, please submit a verifiable consumer request or access request, as applicable, to us by either: Calling us at +1 877-414-7535. Visiting One Trust

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). Furthermore, where required by applicable law in the relevant jurisdiction, we will obtain your consent prior to selling your personal information. We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you may submit a request to us by visiting the following Internet Web page link: Do Not Sell My Personal Information Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by: One Trust You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

You may file a complaint with the California Attorney General’s Office. For additional information regarding consumer complaints against a business/company under the CCPA and to initiate the complaint process, please click on the link.

We reserve the right to change our security and data protection measures if this is required due to technical development. In such cases, we will amend our data protection notice accordingly. Please therefore observe the current version of our data protection notice, as this is subject to change.

If you want to contact us, please find us at the address stated in the "Controller" section.

To assert your rights and to notify data protection incidents please use the following link:

https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=18rbds19&language=eng .

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer

Information Security and Privacy (C/ISP)

Robert Bosch GmbH

Postfach 30 02 20

70442 Stuttgart

GERMANY

or

mail to: DPO@bosch.com

Effective date: 15.02.2022