Valid from: 9.3.2018

Version: DPI_1.0.1_1.0

The company Home Connect GmbH, with its registered office at Carl-Wery-Strasse 34, 81739 Munich, Germany (hereinafter "Home Connect" or "we") is responsible for the collection, processing and use of your personal data associated with the Home Connect app (hereinafter "App").

The purpose of this data protection and privacy information (“data protection information”) is to inform you on how we collect and process your data in connection with the App. It is important that you read this information carefully.

We collect, process, store, use, and transfer your personal data, which is either entered by you or otherwise created and processed in the course of using the App and/or the associated household appliances and/or services offered by Home Connect, in accordance with the data privacy laws.

The following information explains how we treat such data based on the Terms of Use or other legal basis.

Types of personal data

In terms of App usage, and/or usage of the associated household appliances or services and functions offered by Home Connect (hereinafter collectively "Services") Home Connect collects, processes, stores, and uses the following categories of personal data:

User master data and usage data

We collect and use the following personal data when setting up a user account (i.e. registration) as well as when setting up the App:

When registering with the Bosch-ID:

Access data, i.e. identification data that serves to control access to the Bosch-ID user account and consists of the user ID (e.g. email address or mobile phone number of the user). Responsible for providing this registration service is Bosch.IO GmbH, Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany ("BIO").

Additional details that you provide during the registration process including the setting up of the App or registration of a central BSH user account, (as long as they are not transmitted via the Bosch-ID), such as:

• first and last name,

• email address (will also be used as the user ID),

• the country in which you operate your household appliance(s),

• password as access protection for the App/the central BSH user account.

The details requested as part of the registration process may differ from country to country and are managed (if available) via a central BSH user account, which can also be used as the Home Connect account.

Information which we collect and store during the registration process and while using the App:

• language setting of your mobile device,

• consent to and recognition of the terms of use

• acknowledgement of the data protection information,

• marketing consent and its scope,

• status of the user account (activated/deactivated),

• default app tracking setting (depending on the selection of country, see item 6 below for more information),

Service history (e.g. service technician assignment) of the connected household appliances as well as related orders of the user (e.g. consumables).

Appliance master data

The data we collect, process, store and use concerning the connection between your household appliance and the user account are as follows:

• brand of the household appliance (e.g. Bosch or Siemens),

• serial number and, if applicable, manufacture date of the appliance (so-called E number (full model) and FD (production) number – you can also find these details on the device label),

• the unique identifier of the network adapter installed in the household appliance (so-called MAC address).

These data are allocated to your user account for each connected household appliance under the "Home Connect" function.

Appliance usage data

The data we collect, process, store, and use in relation to the usage of the household appliance are as follows:

• selected basic settings, program selection and preferred program settings on the household appliance or via the App,

• appliance status data such as ambient conditions, condition of parts, changes of appliance status (e.g. different mode of operation, open or closed doors/front panel, temperature changes, fill levels) and appliance status messages (e.g. appliance is overheated, water tank is empty, etc.) as well as error messages (including the respective error report of the affected household appliance).

• individual settings/contents of the household appliance (e.g. internal digital map for vacuum cleaner robots, beverage name for coffee machines, downloaded or self-designed recipes)

• video and image data (e.g. vacuum cleaner robots, stoves and ovens as well as refrigerators with built-in cameras)

App usage data

App usage data are data generated by your interaction with the App, such as the features you use, click behaviour relevant to App controls, drop-down menu selections, on/off switch settings and error reports of the App. See item 6 for more information.

Purpose of use

We use the above-mentioned categories of data

• to provide App features as well as the services offered via the App (1.a.-c.),

• for notification purposes in case of safety instructions and/or recall information in the context of product monitoring (1.a. to c.),

• for proactive maintenance purposes, including the provision of related in-app/email messages (e.g., recommendations on the use of settings and/or maintenance programs) and reactive troubleshooting (e.g., in the context of remote diagnosis, during on-site repair or at the repair center) of the connected household appliances (1.a. to c.),

• to improve the App's user friendliness and for specific or general troubleshooting of the App and the digital services offered through it (1. c. and d.),

• to improve our range of products and services (including those of affiliated companies), especially with regard to programs which are not used and/or which are frequently used, as well as other features of the App and household appliance (including algorithmic learning) (1.c. and d.),

• for billing purposes, insofar as the household appliances are connected to the App or the services offered in the App provide for usage-based billing (1.a. to c.), and

• for marketing and market research purposes including in-app/email messages (1.a. to c.) as far as a corresponding consent is given.

The legal basis for the purposes of processing within the scope of the GDPR (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016) are described in section 13 of this information.

Regarding other data transfers and processing within the Bosch Group of companies (“Bosch Group”) associated with the central Bosch ID, we refer to the BIO data protection information at https://identity-myprofile.bosch.com/.

General retention periods

Provided there are no statutory provisions to the contrary, the following general retention periods shall apply:

Bosch ID: Deletion with deletion of the Bosch ID user account.

User master data: Deletion as soon as the local user account or the central BSH account is deleted.

Appliance master data: Removal of link to the user account upon removing the household appliance from the user account.

Appliance usage data: User-specific storage for a period of thirty (30) days. Afterwards storage in pseudonymized form and provision in personalized form for services and/or repair services provided via the App or by on-site / repair service (e.g. proactive or reactive maintenance/troubleshooting, if available) for the duration of the validity of the contract or (if the function can be disabled) for the duration of the activation of the function. Furthermore, in pseudonymized form based on our legitimate interest, as long as our legitimate interest prevails.

App usage data: Storage in pseudonymised form and provision in personalized form for services/messages provided via the App to the extent that the "Enable usage-data tracking" function is activated. Deactivating the function resets the individual ID used for tracking, so that App usage data already collected can no longer be connected to you.

Data processing management

Connectivity of your household appliance

You can use the App to manage the connectivity of your household appliance:

If required and if your household appliance provides for this function, you can set up the connection to the Home Connect server in such a way that each household appliance is connected separately (menu item Appliances → Settings). After doing this:

• the appliance usage data (1.c.) will no longer be transmitted to the Home Connect server; if your home appliance is equipped with buffer memory, the appliance usage data will be transmitted to the Home Connect Server in the event that the Wi-Fi connection of your household appliance to the Home Connect Server is restored;

• certain App features will no longer be available; in particular the household appliance can then not be operated, even if an internet data link is set up.

If required, you can switch off the Wi-Fi connection for an individual household appliance (menu item Appliances → Settings). After doing this:

• the appliance usage data (1.c.) will no longer be transmitted to the Home Connect server; if your household appliance is equipped with a buffer memory, the appliance usage data will be transmitted to the Home Connect Server, in the event that the Wi-Fi connection of your household appliance is restored.

• the household appliance may only be operated from the appliance itself, not via the App.

User accounts and local App data

You can manage your user accounts via the App and delete App data.

You can delete your user account ("Profile" → "Personal Data" → "Delete account"). After doing this:

• the connection between your household appliance and your user account will be deleted,

• your household appliance will no longer send any appliance usage data to the Home Connect server provided no other user accounts are linked to the household appliance (see item 1.a. above).

By deleting the App or using the “Full reset”-function, all locally stored user-related data will be removed, but not the accounts which were created separately.

If you use the Bosch ID, the Bosch ID account will be deleted via the Bosch ID functions, whereby in addition to the Bosch ID itself, individual linked applications can also be deleted. If the Bosch ID is the only access mechanism to the App and/or to the central BSH user account, the deletion of the Bosch ID may make access to the linked services impossible. Therefore, before deleting the Bosch ID, please check if you still have linked applications/user accounts.

To delete the central BSH user account (if applicable), please use the function provided in the account.

Some features of the App do not store user-related data locally. You can have such data deleted by reaching out to the Home Connect Service Hotline or (possibly at a later date) by using the corresponding function in the App.

The household appliance's factory settings

You can reset your household appliance to its factory settings. After doing this:

the household appliance will lose its connection to the Home Connect server due to the network settings being reset,

the household appliance will no longer be linked to any previously associated user account (requires the household appliance to be connected to the Internet) and it will not be displayed in the App

and all contents stored on the household appliance will be deleted.

Please read your household appliance's user manual before restoring the factory settings.

Transmission or disclosure of your data e.g. to third parties

We work together with various service providers to create and run the App and provide the respective services. To the extent that we have bound these service providers to process data in line with strict instructions in their capacity as data processors on our behalf, any data processing activities undertaken by such providers shall not require your separate consent.

The service providers we have commissioned to create and run the App:

Service providers for hosting services,

Service providers for programming services, and

Service providers for hotline services and other App services.

We only transmit your data to other recipients where necessary to fulfil a contract with you or between you and the third party, where we or the recipient has a legitimate interest in the disclosure of your data, or where you have given your consent to that transmission. These recipients include service providers and other companies within the Bosch Group. Furthermore, data may be transmitted to other recipients in the event that we are obliged to do so due to legal provisions or enforceable administrative or court orders.

Other recipients of your data are such service providers whose offers and services (third-party services) can be used in connection with the App or where the App enables access to such services (see item 9).

Content, especially recipes, which you have created yourself, may also be transmitted to other Bosch Group companies (also internationally) within the scope of technical processing and provision of the content/services. We base such transmission/processing on data protection agreements between the Bosch Group companies involved, which also include the application of standard contractual clauses, insofar as the transmission includes a country outside the scope of the GDPR and if it is not a case of Art. 45 GDPR.

Recording of App usage

Data on App usage can be recorded by the App (see item 1.d. above). In this context, the following analytics services are used, which is offered by the following third party analytics providers:

Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland (hereinafter "Adobe")

Adjust Tools by Adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin (hereinafter “Adjust”).

Thunderhead Analytics by Thunderhead Ltd., 5th Floor, Ingeni Building, 17 Broadwick Street, Soho, London W1F 0DJ (hereinafter “Thunderhead”)..

If the "Enable usage-data tracking" function is activated, App usage data will be sent to and stored on servers of such providers located in the European Union. The App usage data enables you to analyse how you use the App and provide messages (inApp or email) to you for services provided via the App (see item 1.d. above). IP anonymisation is activated for this App, which means that the IP address you use is truncated before being sent to the server. The analytics providers will use this information on behalf of Home Connect to evaluate how you use the App, generate error reports and to prepare reports on App activity for Home Connect. IP addresses transmitted from your mobile device and other personal data within the context of the aforementioned analytics activities will not be merged with other data held by analytics providers or Home Connect without your consent given separately.

You can control whether or not App usage data (incl. your IP address) is recorded and processed by one of the abovementioned providers by activating or deactivating the function "Enable usage-data tracking". Depending on the legal situation in your country, the "Enable usage-data tracking" function may be activated by default.

In addition, error reports from the App can - if you agree individually - be sent to us so that we can take concrete measures to eliminate such errors.

Error reports

We use Visual Studio App Center (https://appcenter.ms) to collect and send anonymous error reports if the App behaves in an unexpected way, especially if the App crashes. Our service providers and Home Connect shall receive error reports only with your explicit consent. We shall ask for your consent each time we wish to transmit such information.

Data security

We deploy technical and organisational measures to protect your data, for example, from manipulation, loss and unauthorised third-party access. These measures include the use of encoding technologies, certificates, firewalls on the Home Connect servers and password protection in the Home Connect App. The data security level of the Home Connect App has been tested and certified by TÜV Trust IT. We are constantly reviewing and improving our security measures in accordance with technological advancement.

Please note that you are responsible for maintaining the secrecy of your unique password and account information at all times.

Scope of application of the data protection information

This data protection information shall apply to the functions and services offered by Home Connect via the App and in connection with the Services. Insofar as additional functions or services are offered within the App by Home Connect or a Bosch Group company and insofar as their use is subject to special data protection regulations or information, further information on data protection will be provided accordingly,.

However this data protection information shall not apply to third-party services, even if Home Connect facilitates the use of and/or access to such third-party services in the App (please also see the terms of use with regard to third-party services). We do not control these third party providers and are not responsible for the security or privacy policy of such providers. The use of such third-party services is governed by the applicable data protection provisions put in place by the respective third-party service provider and, if applicable, additional data protection information on our part which outlines the distinctive features of these third-party services and shall only be relevant in this regard. If you are referred to another service provider, Home Connect shall make reasonable and appropriate efforts to elucidate such referral (e.g. by embedding the service provider's content within the App using inline frames) if such referral is not clear. If you click on a link in the Home Connect App which calls up an app or website of another service provider, this is considered to be a clear referral.

If you, the user, are located within the scope of application of the GDPR, please note that the use of third-party services may result in your personal data being processed in countries outside the scope of application of the GDPR. Please then refer to the data protection information of the respective third-party service providers.

Changes to the data protection information

As the App and the Services continues to undergo development – among other things, through the implementation of new technologies or the introduction of new services – this data protection information may need to be adjusted accordingly. Home Connect reserves the right to amend or supplement this information as required. Home Connect will always update the data protection information in the App; we recommend that you check this information regularly to familiarise yourself with the latest version available.

Rights and contact information

If, despite our efforts to only store data which is correct and up-to-date, your personal details are stored incorrectly, we shall correct such information upon your request. After giving us your consent for the collection, processing and use of your personal data, you may withdraw such consent at any time with effect for the future. Consent may generally be withdrawn using the respective App setting or otherwise through the contact information referred to in the App.

Your personal data will be deleted if you withdraw your consent to your data being stored, if your personal data is no longer needed to serve the purpose pursued by such storage or if such storage is inadmissible for other legal reasons. Please bear in mind that, for technical or organisational reasons, there may be an overlap between you withdrawing your consent and your data being used, e.g. in the case of a newsletter which has already been sent out. Data required for billing and accountancy purposes or which are subject to the legal duty to preserve records are not affected by this.

If you withdraw your consent to your data being stored, we may not be able to perform certain services or functions within the App.

Should you have any questions on the topic of data protection or should you wish to exercise your rights to withdraw consent or to information, rectification, deletion or suspension, please contact us using the contact information provided in the App.

International transfers

The data collected in connection with the App you may be transferred to, and stored at, a destination outside your country of residence and across international borders. Please see section 13(c) below for more information in respect of international transfers.

Additional information pursuant to the GDPR

Legal bases for intended data uses

We base the following data uses on

• the performance of a contract according article 6(1b) GDPR:

Provision of App features as well as the services offered via the App by processing the data categories listed in the items 1.a.-c.

Transfer of data categories listed in the items 1.a.-c. to service providers of third-party services which can be used in connection with the App (see item 9).

Bug fixing by processing the data categories listed in the items 1.b.-d..

• legitimate interests according article 6(1f) GDPR:

The improvement of App's user friendliness by processing the data categories listed in the item 1.d. (Applies to jurisdictions that allow the collection of App usage data based on legitimate interests. In this case, the "Allow tracking of user data" function is active in the default setting.)

The Improvement of our range of products and services, especially with regard to programs that are not used and/or that are frequently used, besides other App and household appliance features by processing the data categories listed in the items 1.c. and d.

• your consent according article 6(1a) GDPR:

Direct marketing purposes by processing the data categories listed in the items 1.a.-c.

Improving the user friendliness of the App by processing the data categories listed in the item 1.d. (Applies to jurisdictions that only allow the collection of App usage data based on consent. In this case, the "Allow tracking of user data" function is only activated with the user's consent.)

• a legal permission according to Art. 6 para. 1 lit. c and d GDPR:

Notification in case of safety instructions and/or recall information in the context of product monitoring by processing data categories 1.a.-c.

Your rights

Your additional rights to item 11 are outlined below. To exercise your rights, please use the contact information provided at the end of this data protection information.

Your right to information about your data: We will provide you with information about the data we hold about you on request.

Your right to correct and complete your data: We will correct inaccurate information about you if you notify us accordingly. We will complete incomplete data if you notify us accordingly, provided this data is necessary for the intended purpose of processing your data.

Your right to delete your data: We will delete the information we hold about you on request. However, some data will only be deleted subject to a defined period of retention, for example because we are required to retain the data by law in some cases, or because we require the data to fulfil our contractual obligations to you.

Please see also item 11.

Your right to have your data blocked: In certain legally determined cases, we will block your data if you would like us to do so. Blocked data is only further processed to a very limited extent.

Your right to withdraw consent: You can withdraw consent given for your data to be processed with effect for the future at any time. The legality of processing your data remains unaffected by this up to the point at which your consent is withdrawn.

Please see also item 11.

Your right to object to the processing of your data: You can object to the processing of your data with effect for the future at any time, if we are processing your data on the basis of one of the legal justifications set out in article 6(1e or 1f) GDPR. In the event that you object we will cease processing your data, provided that there are no compelling and legitimate grounds for further processing. The processing of your data for the purposes of direct marketing never constitutes compelling and legitimate grounds for us.

Your right to data portability: At your request, we can make certain information available to you in a structured, commonly used and machine-readable format.

Your right to appeal to a regulatory authority: You can lodge an appeal pertaining to data protection with a data protection authority. To do so, contact the data protection authority responsible for your place of residence or the data protection authority under whose jurisdiction we fall (named below).

Bavarian Data Protection Authority (BayLDA), www.baylda.de.

Transmission to recipients outside the EEA

If necessary, for the provision of App features as well as the services offered via the App, we also transmit personal data to recipients based outside of the European Economic Area (“EEA”) (subject also to any relevant local data protection legislation), in so-called third countries. In this case, we ensure ‒ before any data is shared ‒ that either an appropriate level of data protection is maintained by the recipient (e.g. on the basis of an adequacy decision made by the EU Commission for the respective country or the agreement of standard EU contractual clauses between the European Union and the recipient) or that you have given your consent to said sharing.

We are happy to provide you with an overview of the recipients in third countries and a copy of the specific provisions agreed to ensure an appropriate level of data protection. To request this, please use the contact information provided at the end of this data protection information.

Please see item 9 for transmission of personal data by usage of third-party services.

Contact details of the data protection officer

If you have any questions relating to data protection or exercising your rights, you can use the following contact information to get in touch with our data protection officer directly:

BSH Hausgeräte GmbH

Data Protection Officer

Carl-Wery-Str. 34

81739 Munich, Germany

Data-Protection-de@bshg.com

Date of issue: August 2021