Data protection notice for Bosch Training Solutions
We ask that you read this privacy statement carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us in the event you have a complaint.
We reserve the right to change our security and data protection measures if this is required due to technical development. In such cases, we will amend our privacy statement accordingly. Therefore, as this privacy statement may change, please check this web page for any updates to the statement in order to be aware of the current version.
This statement applies to all those who visit our website.
Who we are
Robert Bosch Ltd, PO Box 98, Broadwater Park, North Orbital Road, Denham, Uxbridge UB9 5HJ (“We” in this notification) as the operator of this website (“Bosch Training Solutions”) collect, use and are responsible for, certain personal information about you ("personal data"). We are a data controller under data protection law, which includes the Data Protection Act 1998 and the General Data Protection Regulation 2016 as appropriate.
The Bosch Training Solutions website operates in conjunction with the Cornerstone Learning Management System (LMS) to allow you the personal management of your own training requirements. The personal data that we collect from you is stored on secure information technology systems located in the EEA, operated on our behalf by our third party provider Cornerstone OnDemand Ltd.
Bosch respects your privacy
The protection of your privacy in the processing of your personal data is an important concern that we pay special attention to during our business operations. We use ("process") your personal data collected during your visit to our website and when you provide your personal data to us in other ways, in a confidential manner and solely in accordance with the law including the General Data Protection Regulation ("GDPR").
The personal data we collect and process
Personal data consists of all information related to an identified or identifiable living individual. This may include for example, names, addresses, phone numbers, email addresses and payment data, which are an expression of a person's identity.
We collect, process and use personal data only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of your personal data. In regard to Bosch Training Solutions, personal data is only stored when voluntarily given by you for a determined purpose e.g. in context of a registration.
We may collect your personal data when you provide it to us through our website, if you write to us or telephone our offices, or if you provide your details to us through a third party (including through a Bosch wholesaler you have nominated or your employer).
Information collected by us and when it is obtained:
Bosch Training Solutions captures certain information on each user as part of the registration process. This data enables the creation of an accurate user profile, which is necessary to offer users web tools and learning solutions that are relevant to their employment position and training needs. This is also necessary to ensure the storage of personal training records.
The personal data collected during the registration process will include your name, email address, place of work and your account password.
We will also require your credit or debit card details when you purchase training courses. Your credit card details will only be stored for the purpose of the transaction and deleted afterwards. Our secure payment gateway provider is CyberSource Ltd.
Bosch Training Solutions securely stores a record of the learning activity of all users to provide registered users personal access to, and management of their training history. This will include all training booking and attendance records. This data may also be used for internal reporting purposes e.g. to track the number of candidates who have attended a particular course.
We may also collect and process records of any correspondence when you contact us by phone, email or post.
In some cases, for example through a training booking, we may obtain your personal data from third parties such as your employer, stockists of our products, or resellers of our training. We may also receive personal information about you from other sources such as our own trainers. This information may be in the form of test results or data concerning assessments that you have voluntarily participated in. This data may be stored within Bosch Training Solutions for the maintenance of your training record.
How your personal information is used
Information collected by Bosch Training Solutions is processed to facilitate the customer booking of training courses, the management of customer accounts and training records, the enablement of online customer tools for access to their personalised training area and training records, for the access and delivery of training, and to store and report on users’ learning activity. The processing of your personal data is necessary for the purpose of the services that we provide to you.
We use, or may use this information:
- To carry out our obligations arising from any agreements entered into between you and us.
- To provide you with the information, products and services that you request from us.
- To give registered users access to their own learning area and training history.
- For maintenance of your training records to enable the personal management of your professional development and certifications.
- To make users’ learning records visible to their workplace manager or administrator, in order to allow managers/administrators to manage and approve their employees’ training activities.
- To allow the management of your course bookings by a nominated Bosch wholesaler where you have provided consent.
- To identify any prior learning that may be a prerequisite to us confirming the booking of a training course.
- To facilitate training assessments and certifications.
- To provide you with training recommendations when you visit the site based on your training attendance or search history and enhance our website experience to ensure you receive a personalised service.
- To customise the training offered and/or our website to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our website, when you choose to do so.
- For gathering customer feedback on the training offer, service, content or layout of Bosch Training Solutions.
- To send you a welcome email to when you register with Bosch Training Solutions and other emails for the purposes of confirming training bookings or supporting other system functions that provide you with services. You may also receive emails in relation to account management or system updates.
- To provide you with marketing newsletters about related services or products when you have provided specific consent.
- To respond to your queries.
- To comply with contractual obligations to third parties e.g. Institute of the Motor Industry
- As part of our efforts to keep our website safe and secure.
- For billing purposes, such as carrying out transactions and fulfil orders that we receive.
Please note we will not use any financial or credit card information for any purpose other than to process payments paid by you for our products and services or due to you by agreement (e.g. refunds).
Using your information in accordance with data protection laws
Data protection laws require that we meet certain conditions before we are allowed to use your data in the manner described in this privacy statement. We take our responsibilities under data protection laws extremely seriously, including meeting these conditions.
To collect and process your personal data, we will rely on the following conditions, depending on the activities we are carrying out:
Compliance with legal obligations:
As an entity established under the laws of England and Wales, Robert Bosch Ltd is obliged to comply with UK laws and guidance provided by UK regulatory bodies. We may need to process your personal data to verify your identity, establish your age, verify your source of funds for anti-money laundering and fraud purposes, or to establish whether you have been prohibited from entering any of our training centres or from using our website due to objectionable behaviour. We may also be legally obliged to process your personal data in accordance with any training and certifications that are necessary for regulatory requirements e.g. F-Gas regulations. You will not be able to object to processing or ask for the deletion of your personal information if the data is necessary for compliance with legal obligations.
Necessary for the entry into or performance of a contract:
When you enter into a transaction with us, a contract between you and us will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to purchase training from us), we will need to collect and process your personal data. Failure to provide the requisite personal information on sign-up and financial information on entering into the transaction or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our services to you.
Some Bosch appointed garages are party to a contract with Robert Bosch Ltd where there is a specific training and/or qualification requirement for their employees. We have an obligation to maintain the training records of these individuals due to contract.
If you have provided us with consent to use your details for marketing purposes we may send you information by email, about our products and services. You have the right to withdraw your consent at any time by contacting us at the following email: SAA.Training@uk.bosch.com
If you have consented, a nominated Bosch wholesaler will be able to view the personal data associated with your Bosch Training Solutions account. The information visible to them will be restricted to your name, email address, place of work and training records, including any provisional training bookings. You have the right to withdraw your consent at any time; however, this will result in your wholesaler being unable to book training courses on your behalf.
To use your personal data for any other purpose described in this privacy statement, we rely on a condition known as "legitimate interests". It is in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you.
This category applies in respect to the provision of the following services: The facilitation of customer training bookings and attendance, the management of personalised customer accounts and learning activity, the provision of online customer tools for access to a personalised training area, the delivery of training and assessments, the management of certifications, and the storage of users’ training history.
We have checked that the processing of your personal data is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
We have also carried out a balancing test of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws, and are confident that your interests do not override those legitimate interests.
We only use individuals’ data in ways they would reasonably expect and we do not use people’s data in ways they would find intrusive or which could cause them harm. Of legitimate interest to you as an individual, is that our use of your personal data to support your personal learning and development is of benefit to you.
How long we keep your information for
We retain your personal data for no longer than is necessary for the purpose(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:
- Legal obligation(s) under applicable law to retain data for a certain time period.
- Statute of limitations under applicable law.
- Potential or actual disputes.
- Guidelines issued by relevant data protection authorities.
In addition to this, part of our service to you in the provision of an online Learning Management System for the personal management of your professional development, is the storage of your training history in your personal account. Records of training attended, along with the qualifications and certifications attained are often relevant throughout an individual’s entire career. As a service to you, for training records alone, we apply the data retention periods below unless you request otherwise:
- Any user, who has had no activity on the system for 5 years, will have their account deactivated and their training records archived.
- Any user, who due to inactivity has had their account deactivated for 15 years, will have both their account and training records deleted.
The basis for these data retention periods being that training and education records have long-term evidential value.
All other personal data (for example workflow data or data contained in email correspondence) is securely erased from our systems when it is no longer needed. You can also exercise the right to request that your personal data is erased where it is no longer necessary for Robert Bosch Ltd to retain such data.
We use personal data in order to provide you with information, products or services that you request from us, or to provide information on products and services that we feel may interest you, where you have consented to be contacted for such purposes. We would like to keep you informed about our training programmes, promotions and news; however you will only be sent information for marketing purposes should you consent to receive it. If having given consent you later change your mind, you are free to remove your consent.
If you wish to change your preferences and remove your consent, you can do so at any time by contacting us at the following email: SAA.Training@uk.bosch.com
Disclosure of your information
Bosch Training Solutions administrators and other approved people working within Bosch Training Solutions have access to users’ training records and user profiles. This may include our Learning Management System provider Cornerstone OnDemand Ltd, but only for the purpose of resolving technical issues. Access to data by this provider is subject to a strict data privacy agreement and Data Protection law to ensure both the security of the data storage and non-disclosure to third parties.
Your employer (where applicable) may have access to your account for the purpose of booking training courses and approving training course bookings for you. Your training records and any assessment or test results will be visible to them and they will be able to monitor your training progress.
We may disclose your personal data to other members of the BOSCH Group (being our subsidiaries, or our ultimate holding company and its subsidiaries), but only to support the originally intended purpose for the data collection. For support of the training services that we offer to you, and for the quality assurances of our training services, these BOSCH Group subsidiaries may be:
- Bosch Automotive Service Solutions Ltd.
- LAGTA Group Training Ltd.
We will only share your personal information with other members of our Group for marketing purposes where you have expressly consented to the disclosure of your personal data for these purposes.
Under the following circumstances, we may disclose your information to:
- Members of our Group; for necessary purposes in the support and delivery of training services to you.
- Your nominated Wholesaler(s); when you have given us your consent to do so. Your training records and any assessment or test results will be visible to them under these circumstances.
- The Institute of the Motor Industry (IMI); for the purposes of registering you for certain qualifications or accreditations.
- Business partners, suppliers and sub-contractors; for the performance of any contract we enter into with them or you, when it is necessary for the processing of the data, or the provision of the services that we provide to you. These may include businesses who provide technology support as cloud hosting services, for example our LMS provider. Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of data protection law.
- Third party suppliers and service providers; to the extent they assist our Group with its legal / regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc.
- Your employer, educational institution (e.g. college or university), or parents (if you are under the age of 18) or other appropriate third parties; where we consider your behaviour to be offensive, inappropriate or objectionable in one of our training facilities.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- In the event of any insolvency situation (e.g. the administration or liquidation) of Robert Bosch Ltd or any of its Group.
- If Robert Bosch Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- To protect the rights, property or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation, other third parties, your employer, educational institution, email or internet provider, your parents (if you are under the age of 18) and law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements or in order to enforce or apply any provisions of our terms and conditions or the terms of any other agreement, or otherwise for the prevention or detection of fraud or crime.
In assessing your request for goods or services, we may use your personal data for the purposes of the prevention and detection of fraud. One of the purposes for which we may disclose your address and postcode details is to check against the IMRG Security Alert or any other Fraud Prevention Scheme. At all times where we disclose your personal data it will remain secure.
Where we store your personal data
Due to the inherent nature of the Internet as an open global communications vehicle, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting your information
In conjunction with our Learning Management System provider Cornerstone OnDemand Ltd, our website employs up-to-date industry-standard physical, managerial and technical safeguards to preserve the integrity and security of your personal information. The security of your data during transmission is also protected using Secure Sockets Layer (SSL) encryption software.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you via our site. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Third party services
Bosch websites may contain links to third-party websites operated by providers that are not associated with us. After you click the link, we no longer have any influence over the collection, storage, or processing of any personal data transmitted by clicking the link (such as IP address or URL of the page that contains the link), as the behaviour of third parties is, by nature, beyond our control.
Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Privacy of minors
This website is not directed at persons under the age of sixteen. We do not knowingly collect personal information from minors under the age of sixteen on our website. If we become aware that we have inadvertently received Personal Information from a visitor under the age of sixteen on our website, we will delete the information from our records.
The Bosch Training Solutions website incorporates services from our third-party provider Cornerstone, who provides “cookies” on or in connection with our website to support the sites intended functionality and help maintain information about you when you visit Bosch Training Solutions.
Cookies are small text files stored on your computer when you visit our website. You can delete the cookies at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function.
Most web browsers can also be adjusted to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Refusing a cookie may, in some cases, preclude you from using, or negatively impact, the display or function of our website, or certain areas or features of our website.
For detailed information on the cookies used in conjunction with this website, please refer to our Cookies Policy
Each time you use the internet, your browser is transmitting certain information that we store in so-called log files.
Log files are stored for a short period of time for user authentication purposes, to protect the integrity of personal information, roles and permissions, and for security analytics (e.g. to investigate attack attempts). These records are either anonymized or deleted afterwards. Log files related to security incidents may need to be maintained for evidence purposes and retained until the respective incident is resolved. On a case-by-case basis, some log files related to security incidents may be passed on to investigating authorities.
In log files, the following information may be collected:
- IP address (internet protocol address) of the terminal device which is being used to access the site
- Authenticated user data, records created/changed, date and time, time zone of the user
You have a number of rights under data protection law in relation to the way we process your personal data, although some of these are not absolute and in some instances, we may be unable to accept your request. If this is the case, we will respond to you to explain why, as set out below. You may contact our Data Security Officer at email@example.com to exercise any of these rights and we will respond to any request received from you within one month from the date of the request.
DESCRIPTION OF RIGHT
The right to be informed
The right to be informed with clear, transparent and easily understandable information about how we use your personal data.
The right of access:
A right to access personal data held by us about you.
The right to rectification:
A right to require us to rectify any inaccurate personal data held by us about you.
The right to erasure:
A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to why we process your data (in accordance to right to object below).
The right to restrict processing:
In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that processing is restricted instead; or where we no longer need the personal data, but you need us to retain the data for the purposes of dealing with a legal claim.
The right to data portability;
In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. This right will only apply where the processing is based on your consent or for the performance of a contract, and the processing is carried out by automated means. Upon request, you also have the right to require us to transfer this personal data to another organisation, if it is technically feasible.
The right to object:
A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims.
Rights in relation to automated decision making and profiling:
A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.
The right to withdraw your consent
A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products).
If you believe your details are incorrect and you wish us to amend them, or you wish to notify us about a change in your preferences, please contact us at the email: SAA.Training@uk.bosch.com
We recommend that you get in touch with our Group Officer for Data Protection for the assertion of your rights, reporting of data protection incidents, and for any questions, comments and requests with regard to the processing of your personal data:
Mr. Matthias Goebel
Group Officer for Data Protection
Information security and data protection Bosch Group (C/ISP)
Robert Bosch GmbH
Or use the following link: https://www.bkms-system.net/bosch-datenschutz.
Please remember to include your name, address and postcode along with any correspondence reference you may have.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office.
Their address is:
First Contact Team
Information Commissioner's Office