Skip to main

Data protection policy

Data protection policy of Bosch PSIRT

Bosch PSIRT welcomes you to our internet site. We thank you for your interest in knowing about us.

1. Bosch PSIRT respects your privacy

The protection of your privacy throughout the course of processing personal data as well as the security of all business data are important concerns to us. We process personal data that gathered during your visit of our website confidentially and only in accordance with statutory regulations. Data protection and information security are included in our corporate policy.

2. Controller

We, Robert Bosch GmbH, are responsible for processing your personal data on this website.

Our contact details are as follows:

Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe
GERMANY

E-mail: psirt@bosch.com

3. Collection, processing and usage of personal data

3.1. Processed categories of data

We process the following categories of personal data:

  • Communication data (e.g., name, e-mail, link to Social Media Profile)
  • Log files

3.2. Data Processing Principles

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person's identity.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

3.3. Processing purposes and legal basis

We as well as the service providers commissioned by us process your personal data for the following processing purposes:

3.3.1. Provision of this website

If you use our website solely for information purposes, that is, without registering or otherwise sending us information, we process your personal data to provide this website based on our legitimate interest to present us and to ensure stability and security.

3.3.2. Security and protection of rights

We may also process your personal data to investigate service disruptions and for security reasons to comply with our legal obligations in the area of data security, as well as on the basis of our legitimate interest in the elimination of service disruptions and the security of our offers.

3.3.3. Log files

Every time you use the internet, certain information is automatically transmitted by your internet browser and stored in log files.

Log files are stored by us for the purpose of investigating service disruptions and for security reasons (e.g., to clarify attempted attacks) for a period of 90 days. Log files whose further storage is necessary for the purpose of evidence are exempt from deletion until the final clarification of the respective incident and may be passed on to investigative authorities in individual cases.

The following information is stored in the log files:

  • IP address (internet protocol address) of the end device from which our website is accessed;
  • Internet address of the website from which our website was accessed (origin or referrer URL);
  • Name of the service provider used to access the website;
  • Name of the files or information retrieved;
  • Date and time as well as duration of the retrieval;
  • amount of data transferred;
  • Operating system and information on the Internet browser used, including installed add-ons (e.g., for Flash Player);
  • http status code (e.g., "request successful" or "requested file not found").

3.3.4. Hall of Fame

We may also process your personal data based on your consent in order to publish your name or alias in our PSIRT Hall of Fame, provided you have chosen to be acknowledged for your reported vulnerability. The legal basis for this processing is your consent, which you may withdraw at any time with effect for the future.

3.3.5. Transfer of Data

3.3.5.1. Data transfer to other controllers

In general, your personal data will only be transferred to other controllers if this is necessary for the fulfillment of a contract, if we or the third party have a legitimate interest in the transfer, or if you have given your consent.

Additionally, data may be transferred to other controllers if we are obliged to do so by law or by enforceable official or court order.

3.3.5.2. Transfer to recipients outside the EEA

We may transfer personal data to recipients located outside the EEA into third countries. In such cases, we ensure before the transfer that either the data recipient provides an adequate level of data protection or that your consent to the transfer has been obtained.

You can obtain a copy of the appropriate or suitable safeguards. Please use the information mentioned in the Contact section for this purpose.

3.3.5.3. Data transfer to service providers

We involve external service providers with tasks such as programming, data hosting and hotline services. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other companies from the Bosch Group.

3.3.6. Duration of storage, retention periods

We store your data for as long as is necessary to gather information related to vulnerability management and incident handling cases and the associated services or for as long as we have a legitimate interest in continuing to store your data.

In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g., we are obliged to retain documents such as contracts and invoices for a certain period due to retention periods under tax and commercial law). Other exception is when reporters consent to have their personal details such as name, and email address and social media profiles published in our Hall of Fame. A reporter can withdraw their consent at any time by sending us an e-mail to psirt@bosch.com.

4. Usage of cookies and other technologies

In the course of providing our website, cookies and other technologies may be used that either store information on your terminal equipment or gain access to information stored on your terminal equipment.

Cookies are small text files that can be stored on your end device when you visit a website.

4.1. Categories

We distinguish between cookies that are mandatorily required for the technical functions of the online service and such cookies and tracking mechanisms that are not mandatorily required for the technical function of the online service. It is generally possible to use the online service without any cookies that serve non-technical purposes.

4.1.1. Technically necessary cookies

By technically necessary cookies, we mean cookies without which the technical provision of the website cannot be guaranteed. This includes, for example, cookies that store data in order to ensure the interference-free playback of video or audio content.

These cookies are deleted at the end of your visit.

4.2. Management of cookies and tracking mechanisms

You can manage your cookie and tracking mechanism settings in the browser and/or our privacy settings. Note: The settings you have made refer only to the browser used in each case.

4.2.1. Switch off all cookies

If you would like to disable all cookies, please go to your browser settings and disable the setting of cookies. Please note that this may affect the functionality of this website.

5. External links

Our websites may contain links to internet pages of third parties, in particular providers who are not related to us. Upon clicking on the link, we have no influence on the collecting, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is beyond our control. We do not assume responsibility for the processing of personal data by third parties.

6. Security and protection of rights

We may also process your personal data to investigate service disruptions and for security reasons to comply with our legal obligations in the area of data security, as well as on the basis of our legitimate interest in the elimination of service disruptions and the security of our offers.

We may process your personal data to protect and defend our rights. This purpose also constitutes our legitimate interest.

7. Data subject rights

Please use the information in the Contact section to assert your rights. When doing so, please ensure that we can clearly identify you.

You have the right to request access to the personal data concerning you, as well as the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability. Insofar as you have given us consent to process your personal data, you may revoke this consent at any time with future effect.

7.1. Objection to data processing based on "legitimate interest"

If the processing of your personal data is based on “legitimate interest”, you also have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. The reasons shall be stated.

We will then terminate processing your data unless we can prove - in accordance with the legal requirements - compelling legitimate grounds for the processing which override your rights.

7.2. Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

7.3. Right to lodge complaint with supervisory authority

You have the right to lodge a complaint with a supervisory authority.

8. Changes to the Data Protection Notice

We reserve the right to change our security and data protection measures. In such cases, we will amend our Data Protection Notice accordingly. Therefore, please note the current version of our Data Protection Notice, as it is subject to change.

9. Contact

If you wish to contact us, please find us at the address stated in the "Controller" section.

To assert your rights and to notify data protection incidents please use the following link: https://request.privacy-bosch.com/

For suggestions and complaints regarding the processing of your personal data we recommend that you contact our data protection officer:

Data Protection Officer
Information Security and Privacy (C/ISP)
Robert Bosch GmbH
Postfach 30 02 20
70442 Stuttgart
GERMANY

or

mailto:DPO@bosch.com.

Published: Mai 2026