Privacy Policy

The Automated Driving Alliance of Robert Bosch GmbH and CARIAD SE (hereinafter referred to as “cooperation partners” or “we” or “us”) is pleased that you are visiting our website (“online offer”) and that you are interested in our company and our products.

We respect your privacy

The protection of your privacy when processing personal data and the security of all business data are important concerns that we take into account in our business processes. We process personal data that is collected when you visit our online offer confidentially and only in accordance with the applicable statutory provisions.

Data protection and information security are part of our corporate policy.

Please review our “California and U.S. State Privacy Addendum” (available at the end of this page) for disclosures related to the above data as well as data collected in the context of research and development on driving assistance systems

Responsible Parties:

The cooperation partners are jointly responsible for the operation of this website in accordance with Art. 26 Para. 1 GDPR. For these specific data processing activities, the legally required agreement on joint controllership was concluded between the cooperation partners.

Further information can be found on this page under "Information on joint controllership according to Art. 26 GDPR".

Our contact details are as follows:

Robert Bosch GmbH
Robert-Bosch-Platz 1
70839 Gerlingen-Schillerhöhe
Germany

and

CARIAD SE
Major-Hirst-Straße 7
38442 Wolfsburg
Germany

Collection, processing and use of personal data

Data Categories

The following categories of data are processed:

Communication data (e.g. name, telephone, e-mail, address, IP address)

Log files

Every time you use the Internet, certain information is automatically transmitted by your Internet browser and stored by us in so-called log files.

We store the log files for a maximum of 7 days to identify disruptions and security reasons (e.g. to investigate attempted attacks) and then delete them. Log files, which must be kept for evidence purposes, are excluded from deletion until the respective incident has been finally clarified and can be passed on to investigative authorities in individual cases.

The following information is stored in the log files:

IP address (Internet Protocol address) of the end device from which the online offer is accessed;
Internet address of the website from which the online offer was accessed (so-called source or referrer URL);
Name of the retrieved files or information;
Date, time and duration of retrieval;
Amount of data transferred;
Operating system and information on the Internet browser used, including installed add-ons (e.g. for Flash Player);
http status code (e.g. "request successful" or "requested file not found").

Principles

Personal data is all information that relates to an identified or identifiable natural person, such as names, addresses, telephone numbers, email addresses, contract, booking and billing data that express the identity of a person.

We collect, process and use personal data (including IP addresses) only if there is a legal basis for this or if you have given us permission to do so, e.g. B. as part of a registration, have given your consent.

Processing purposes and legal bases

The cooperation partners and service providers commissioned by them, process your personal data for the following purposes:

Provision of this online offer (legal basis: legitimate interest on our part)
To determine disruptions and for security reasons (legal basis: fulfillment of our legal obligations in the area of data security and legitimate interest in eliminating disruptions and the security of our offers).
Protection and defense of our rights (legal basis: legitimate interest on our part in asserting and defending our rights).

Transfer of data to other responsible parties

We only transfer your personal data to other responsible parties if this is necessary to fulfill the contract, if we or the third party have a legitimate interest in the transfer or if the data subject has freely consented to such a transfer. Details on the legal bases and the recipients or categories of recipients can be found in the "Processing purposes and legal bases" section. In addition, data can be transmitted to other responsible parties if we are obliged to do so by law or by an enforceable official or court order.

Service providers (general)

We commission external service providers with tasks such as data hosting. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and protection of the data stored with them. We oblige all service providers to maintain confidentiality and to comply with legal requirements. Service providers can also be other companies in the Bosch Group and the Volkswagen Group.

Disclosure to recipients outside the EEA

We may also pass on personal data to recipients who are based outside the EEA in so-called third countries. In this case, before passing it on, we ensure that the recipient either has an appropriate level of data protection or that you have freely consented into the transfer.

You can get an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure an appropriate level of data protection from us. Please use the information in the Contact section.

Duration of storage; Retention periods

In principle, we store your data for as long as this is necessary to provide our online offer and the associated services or we have a legitimate interest in further storage (e.g. after the fulfillment of a contract, we can still have a legitimate interest in postal marketing). We then delete your personal data, with the exception of data that we must continue to store to fulfill legal obligations (e.g. due to tax and commercial law retention periods, we are obliged to keep documents such as contracts and invoices for a certain period of time).

Security

Our employees and the service companies commissioned by us are obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of protection and to protect your data managed by us, in particular against the risks of unintentional or unlawful destruction, manipulation, loss, modification or unauthorized disclosure or unauthorized access. Our security measures are constantly being improved in line with technological developments.

Children

This online offer is not aimed at children under the age of 16.

User rights

Please use the information in the Contact section to assert your rights. Please make sure that we can clearly identify you personally.

Right to information and access

You have the right to receive information from us about the processing of your data. To this end, you can assert a right to information in relation to the personal data that we process from you.

Right to rectification and erasure

You can ask us to correct inaccurate data. If the legal requirements are met, you can request the completion or deletion of your data.

This does not apply to data that is required for billing and accounting purposes or is subject to statutory retention requirements. However, if access to such data is not required, its processing will be restricted (see below).

Restriction of processing

You can demand that we restrict the processing of your data - insofar as the legal requirements are met.

Data Portability

Insofar as the legal requirements are met, you can request that the data you have made available to us be transmitted in a structured, common and machine-readable format or - if technically feasible - that the data be transmitted to a third party.

Objection to data processing with the legal basis "legitimate interest"

You also have the right to object to data processing by us at any time, insofar as this is based on the legal basis of "legitimate interest". We will then stop processing your data unless we can - in accordance with the legal requirements - prove compelling legitimate reasons for further processing which outweigh your rights.

Revocation of consent

If you have given us your consent to the processing of your data, you can revoke this at any time with effect for the future. This does not affect the legality of the processing of your data until you withdraw your consent.

Right of appeal to the supervisory authority

You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or your federal state or the data protection authority responsible for the cooperation partners. Those are:

For Robert Bosch GmbH:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Address:
Lautenschlagerstraße 20
70173 Stuttgart
GERMANY

Postal address:
Postfach 10 29 32
70025 Stuttgart
GERMANY

Tel.: +49 (711)/615541-0
FAX: +49 (711)/615541-15
Email: poststelle@lfdi.bwl.de

For CARIAD SE:

Die Landesbeauftragte für den Datenschutz Niedersachsen

Address:
Prinzenstraße 5
30159 Hannover
GERMANY

Postal address:
Postfach 221
30002 Hannover
GERMANY

Tel.: +49 (511)/120 4500
FAX: +49 (511)/120 4599
Email: poststelle@lfd.niedersachsen.de

Change of data protection notice

We reserve the right to change our security and privacy practices. In these cases, we will also adapt our information on data protection accordingly. Therefore, please note the current version of our data protection notice.

Contact

If you would like to get in touch with us, please use the following contact options:

privacy@automated-driving-alliance.com

To assert your data subject rights or to report data protection incidents, please contact our data protection officers:

For Robert Bosch GmbH:

Datenschutzbeauftragter
Abteilung Informationssicherheit und Datenschutz (C/ISP)
Robert Bosch GmbH
Postfach 30 02 20
70442 Stuttgart
GERMANY

Email: DPO@bosch.com

For CARIAD SE:

Datenschutzbeauftragter
CARIAD SE
Major-Hirst-Straße 7
38442 Wolfsburg
GERMANY

Email: privacy@cariad.technology

Information on joint controllership according to Article 26 GDPR

What is the reason for shared responsibility?

Robert Bosch GmbH and CARIAD SE (hereinafter "Cooperation Partners") work closely together in the development of functions and vehicles as part of the Automated Driving Alliance project. This also applies to the processing of your personal data on this website. The cooperation partners have jointly defined the processing phases of this data in the individual process stages. They are therefore jointly responsible for the protection of your personal data within the process steps described below (Article 26 GDPR).

For which process stages is there joint responsibility?

The joint responsibility of the cooperation partners includes the collection, storage and further processing of your personal data on this website.

Outside the project, the cooperation partners can process data with separate responsibility, provided this is legally permissible.

What did the parties agree on?

As part of their joint responsibility under data protection law, the cooperation partners have also agreed that the collection of data also fulfills the information obligations under Art. 13 and 14 GDPR with regard to the parties joint responsibility.

What does this mean for the data subjects?

Data protection rights can be asserted both at Robert Bosch GmbH and at CARIAD SE. The cooperation partners inform each other immediately about inquiries from data subjects. They will provide each other with all information necessary to respond to requests for information.

Stand: [15.11.2022]

Addendum of Privacy Rights For Residents of California and Other U.S. States (“California and U.S. State Privacy Addendum”).

Last Updated: December 11 ^th 2024

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together the “CCPA”) provides California residents with specific rights regarding their personal information. A number of additional U.S. states have passed similar (state-specific) privacy laws that grant residents of their respective states particular privacy rights. These states include (in addition to California) Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia, and other states as their own states’ laws become effective over time (each an “Applicable U.S. State”). We refer to residents of California along with residents of such Applicable U.S. States collectively as “Applicable Consumers.” A useful privacy “tracker” as to what these U.S. states are, and when each privacy law becomes effective, is provided by the “IAPP,” an industry association devoted to privacy issues, at https://iapp.org/resources/article/us-state-privacy-legislation-tracker/ . If you live in one of these Applicable U.S. States, you may have all or some the rights discussed below with respect to your “personal information” or “personal data” (as such terms are defined under applicable l aw, and collectively referred to herein as “Personal Information”).

We provide this Addendum to supplement the information contained in our Privacy Polic(ies). It sets forth our privacy practices as required by the California Consumer Privacy Act and California Privacy Rights Act and related regulations (together the "CCPA").

The CCPA Privacy Notice applies only to individuals residing in the State of California who are considered "Consumers" under the CCPA and from whom we may collect "Personal Information" as described in the CCPA ("California Consumers").

In the below tables and sections, we describe the following (as required by the CCPA and certain other Applicable U.S. States):

Our Collection and Use of Personal Information – the types of Personal Information (which the CCPA defines broadly) that we collect or may at times collect, the types of sources we may collect it from, and generally how we may use it.
Our Business Purposes – our business purposes for (a) collecting and (b) sharing Personal Information, which are generally the same.
Our Sharing or Sale of Personal Information – the types of recipients to whom we may share or sell Personal Information.
Your Privacy Rights and Choices – what rights California and other Applicable U.S. States’ Consumers have under the CCPA and other privacy laws with respect to their Personal Information.

The following sets forth the categories of information we collect and purposes for which we may use the Personal Information of residents of California and other Applicable U.S. States.

1. Information We Collect and Associated Purposes

More specifically, the cooperation partners Robert Bosch GmbH and CARIAD SE (“we” “us” “our”) may collect the following categories of Personal Information from and about consumers, which will depend on the particular Business Purpose for which we collect it. Please note that we do not necessarily create all identifiers or types of information listed below: rather, the descriptions of information are stated for purposes of statutory definitions and compliance.

Categories of information	Purpose of use	Categories of other parties to whom we disclose the information for business and operational purposes
Identifiers such as certain information we collect, which may include (at various times) name, address, and email address, and telephone number, and information about your browser or device such as IP address and device or browser IDs	Make available our website(s) Personalize your experience Protect our users, Services and properties Legal Compliance	Affiliates and subsidiaries Vendors and service providers Entities for legal and security purposes
Internet network and device activity data such as information about your device hardware (e.g., device type) and software (e.g., operating system and browser type) and browsing and usage information (e.g., how often you visit our Services, the pages you visit, referring pages, and the version of the Services you’re using)	All the same purposes for which we may use Identifiers (see above)	Affiliates and subsidiaries Entities for legal and security purposes
Other information any other information you provide to us that directly or indirectly identifies you, such as information you include in emails or other communications to us	Purposes of use will depend on the additional information you provide	Disclosure will depend on the additional information you provide

Personal Information does not include deidentified or aggregated consumer information.

The cooperation partners Robert Bosch GmbH and CARIAD SE obtain the categories of Personal Information listed above from the following categories of sources:

Directly from you. for example, from account sign-ups, forms you complete, or products and Services you purchase.
Indirectly from you. For example, from observing your actions on our website or from information your devices transmit when interacting with our mobile applications, among other things.
When you are in or near or associated with a vehicle from which we collect audio, visual or location information.
From third parties such as business partners and, if you choose to connect or sign in through a Third Party Account, certain Third Party Account providers (e.g., Instagram, Twitter, and/or Facebook).

2. How We Use Personal Information/Business Purposes

We use the Personal Information we collect for the purposes set out in the above table. Please also note that we may provide any Personal Information we collect to vendors or service providers for any purposes we have described. We may also provide any such Personal Information in response to valid law enforcement requests or as required by applicable law, court order, civil process or governmental regulations. Likewise, we may provide any such Personal Information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

3. How We Disclose, Sell or Share Personal Information

We disclose, sell or share your Personal Information with the categories of third parties set forth in the above table. We do not generally “sell” Personal Information that we collect (except, potentially, in the limited manner described in this policy, related to behavioral advertising). We may or may in the future “share” Personal Information for purposes of behavioral advertising, namely, should we ever engage in delivering targeted ads to consumer or prospective consumers, such as those that have visited our website(s).

4. Your Consumer Rights and Choices

Without being discriminated against for exercising these rights, the CCPA (and certain other states’ laws) provide residents of Applicable Consumers with specific rights regarding their Personal Information.

This section describes your rights under the CCPA and other applicable state laws, and explains how to exercise those rights. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

a. Right to Opt-out of the sale or sharing of your personal information

Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across distinct online services, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We may or may in the future “share” information with our advertising partners to provide more relevant and tailored advertising to you regarding our Services. Our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” under the CCPA (or certain other privacy laws). Should we engage in these activities, we will provide a cookie management tool readily accessible on our website, to enable such opt-outs.

b. Right to correct your personal information

Applicable Consumers have the right to request that we correct inaccuracies about your Personal Information that we collect, use, or sell. As set forth below, you may also request the correction of specific pieces of personal information that we have collected from you. However, we may withhold the correction of some Personal Information where the risk to you or our business is too great to correct the Personal Information.

c. Access to Specific Information and Data Portability Rights

Applicable Consumers have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of Personal Information we collected about you.
The categories of sources for the Personal Information we collected about you.
Our business or commercial purpose for collecting that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about you.
If we disclosed your Personal Information for a business purpose, a list disclosing our disclosures for a business purpose that identifies the Personal Information categories that each category of recipient obtained.

d. Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see the above sections) we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request under certain circumstances, and will inform you of the basis for the denial, which may include, but is not limited to, if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
In addition, certain information may be retained in an unstructured manner that makes it practically impossible or burdensome to identify or associate with any individual, and thus to delete; we may thus be unable to delete such information.

e. Information About Persons Under 16 Years of Age

We do not knowingly collect Personal Information from minors under 16 years of age unless we have received legal consent to do so. If we learn that Personal Information from such Applicable Consumers has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).

f. Exercising Your Rights

To exercise these rights, you may use the tools that we make available through our website (also described in this Policy) or you may submit your request by sending an email to privacy@automated-driving-alliance.com (as to requests related to data collected for automated driving research and products) or DPO@bosch.com or privacy@cariad.technology (as to requests related to data collected related to our website(s), in which case we may request additional information and/or provide further instructions).

You may make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

g. Authorized Agents

You may designate an agent to make requests to exercise your rights (where permitted by law) and certain other state laws, as described above. As appropriate, we will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or (if required by law) a copy of a power of attorney.

h. Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

5. Retention of Personal Information

We will keep Personal Information for as long as it is necessary to fulfill the purposes described above, unless a longer retention is required or permitted by law. For purposes of our services, we retain Personal Information so long as it is potentially useful to effectuate features, functions, intelligence, inferences or analysis within our database – for instance, to establish whether an email address is current or no longer in use, or whether other information is outdated or incorrect. We will delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law.

6. Changes to Our CCPA Privacy Notice

The cooperation partners Robert Bosch GmbH and CARIAD SE reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the “Last Updated" (or similarly designated) date above.

7. Contact Information

If you have any questions or comments about this Privacy Addendum, please email us at privacy@automated-driving-alliance.com .