Privacy
Purpose of Bosch IoT Insights
Bosch IoT Insights - a cloud service of Bosch IoT Suite - is a fully managed cloud service that collects, processes, and stores your IoT data for further analysis. IoT data management provides the basis for optimizing devices and functions and developing new services and solutions.
Type of processed personal data
The following types of personal data are processed:
User ID: The user ID is an identifier which uniquely identifies a person and is provided by an identity provider.
Subscriber information: The subscriber user ID and the email address of a subscriber of the Bosch IoT Insights service.
Notification receivers: Email addresses and phone numbers where to send notifications about specified data patterns.
Invitation receivers: User can invite other persons by sending invitation emails to their email address.
IP address: The internet IP address of IT equipment.
For all data that is provided by your IoT solution to the Bosch IoT Insights service (e.g. personal data within device information) your solution is responsible for data protection and data privacy.
Purpose of personal data processing
Personal data is processed for the following purposes:
Access control
The user ID is used to apply access control on entities managed by the Bosch IoT Insights service. Therefore the user IDs are included by the IoT solution into the access control definitions during the creation and the management of entities. The user ID is submitted to the Bosch IoT Insights service during the authentication of API requests by the IoT solution or by the identity provider.
Service subscription
The subscriber's user ID is captured and stored during the subscription process. It is used later for the following purposes:
It is used for authenticating this user as someone who is allowed to manage the Bosch IoT Insights service subscription.
It can be retrieved via authorized API calls at the solution store.
The subscriber's email address is captured and stored during the subscription process.
It can be used for the following purposes:
Notifications about maintenance, interruption or general information related to the Bosch IoT Insights service.
Invitation to Bosch IoT Insights service related surveys.
Email or text notifications
Users can configure email addresses and phone numbers to receive data notification messages (email or text messages).
These email addresses and phone numbers are used for the single purpose of notification messages when data patterns configured by the users have been identified during data processing.
The configuration is stored until a user is removing the notification rule.
Email invitations
Existing users can invite third persons to join Bosch IoT Insights solutions by proving their email addresses. Invitations emails are later sent to these addresses.
Bosch IoT Insights' access protection stores these email addresses together with an access code, until the invitation is accepted, but never longer than 14 days since submitting the invitation email.
It is the responsibility of your IoT solution to align with privacy regulations using this functionality. Bosch IoT Insights supports by full transparency and comprehensive management functionality for invitations in-flight in the user management view for IoT solution managers.
Logging
To support service improvement, prevention of misuse, and management of incidents and problems, all listed personal data (see Type of processed personal data) is collected in logging information.
Personal data processing details and considerations
Logging information is deleted automatically after a maximum of 180 days, if not sooner. Access to the logs is restricted to the operators of the Bosch IoT Insights service.
To fulfill its tasks, the Bosch IoT Insights service engages service providers to perform functions and process data. The following service provider is used: Robert Bosch GmbH, Robert-Bosch-Platz 1, 70839 Gerlingen-Schillerhöhe, Germany
The Bosch IoT Insights services stores data in the following location: Data centers of Robert Bosch GmbH in Stuttgart, Germany
The IoT solution has access to all data ever transmitted to or collected by Bosch IoT Insights. The IoT solution can request deletion or modification of data stored inside the Bosch IoT Insights service at any time.
The IoT solution can use sophisticated functionality of the Bosch IoT Insights service to define fine-grained access control on all entities managed in the Bosch IoT Insights service. The Bosch IoT Insights service does only allow access to any of these entities according to these access control definitions.
The IoT solution should consider implementing an audit logging for its changes to access control definitions which potentially affect personal or sensitive data.