Privacy Guide

About this document

This document covers data protection and privacy topics related to Bosch IoT Analytics. It discusses how Bosch IoT Analytics acquires, processes, shares, and deletes user-related data within the service, as well as in interaction with your custom IoT application in case of REST API consumption. 

Privacy by Design and Privacy by Default

Bosch IoT Analytics

Privacy by Design and Privacy by Default are provided by Bosch IoT Analytics:

 It is ensured that only the required amount of data sets is stored. The service does not save or create any extra data.

 Personal data can be deleted after elimination of the purpose.

 Log files are deleted after their purpose has been removed. Access and integrity of log files are protected. Technical logs are deleted automatically after 60 days. Access to the logs is limited to the operators of the service (Bosch Software Innovations GmbH, Robert Bosch GmbH).

Consumer is responsible

Consumer can be a user of Bosch IoT Analytics web application or an application, which consumes API service of Bosch IoT Analytics

 Consumer needs to ensure that no personal data is uploaded to Bosch IoT Analytics for analysis (hence processing), accidentally.

 Alternatively, if consumer's raw data includes personal data, consumer needs to make sure that the personal data is pseudonymized or anonymized BEFORE they upload it to and process it with Bosch IoT Analytics.

 If application uses API service of Bosch IoT Analytics, then it needs to make sure that it implements Privacy by Design and Privacy by Default together with Bosch IoT Analytics.

Service measures

This is a list of privacy and security measures, which are implemented in the Bosch IoT Analytics service. The measures are classified into these categories:

  • Privacy
  • Integrity
  • Availability
  • Reliability

Privacy

  • Communication with service is encrypted with TLS/SSL.
  • Authentication is needed to access any data.
  • Role-based access control 

Integrity

  • The last change of an entity is logged (date and user).
  • Encrypted service communication
  • Uniqueness of data entity identifiers is ensured.

Availability

  • Multiple instances of the service run in 2 different operation centers redundantly.
  • Continuous monitoring
  • Automatic alerting of service engineers in case of an incident.
  • Data backups are available.

Reliability

  • Service is regularly checked for security vulnerabilities by external penetration testers.
  • Request rate for each client is limited to ensure reliability of the service for all customers.
  • Software is continuously scanned for security vulnerabilities in development.
  • Running in a Bosch Data Center (BIC DE1 Stuttgart)

Privacy considerations - use cases

This section lists common use cases supported within the Bosch IoT Analytics service. Each use case description discusses which type of user-related data is processed by the service and gives a hint on what would need to be considered concerning data protection and privacy.

Subscription process

Bosch IoT Analytics supports a subscription process, where a user of Bosch IoT Suite portal can subscribe to the Bosch IoT Analytics service using the Bosch ID, registered through CIAM server (server for Bosch ID serving purposes of Central Identity and Access Management).


Data Description Usage
CIAM ID

The unique ID of the consumer

Unique ID to ensure integrity of data between multiple users of the service


Privacy considerations

Bosch IoT Suite portal may offer additional user information during subscription process, but it is not required by the Bosch IoT Analytics service.

Subscription deletion process  

Bosch IoT Analytics supports an unsubscribing process, where a user of Bosch IoT Suite portal can unsubscribe from the Bosch IoT Analytics service using the Bosch ID. The corresponding personal data of the consumer stored as a part of subscription process is permanently deleted as a part of this subscription deletion process.


Data

Description Usage
CIAM ID

The unique ID of the consumer

Unique ID to ensure integrity of data between multiple users of the service


Privacy considerations

Bosch IoT Suite portal may offer additional user information during the unsubscribe process, but it is not required by the Bosch IoT Analytics service.

Authentication - manual login

Bosch IoT Analytics supports login using the Bosch ID, registered through the CIAM server.


Data Description Usage
CIAM ID

The unique ID of the consumer

Unique ID to ensure integrity of data between multiple users of the service
Email

The email of the consumer. If the identity provider CIAM provides an "email" claim within the token,

the value is stored in the linked profile and in the "email" property of the user entity under Bosch IoT Permissions.

The email is needed for user management and user identification in case of support.

Bosch IoT Permissions acts as authorization server for Bosch IoT Analytics.

Privacy considerations

  • Login page should communicate over HTTPS to keep the user credentials confidential. Sending credentials over HTTP should not be possible.
  • Identity provider CIAM (server for Bosch ID serving purposes of Central Identity and Access Management) may offer additional user information, but it is not required by the Bosch IoT Analytics service.

Authentication - login via REST API

Bosch IoT Analytics supports login via REST API through API key credentials available to the consumer.


Data Description Usage
CIAM ID

The unique ID of the consumer

Unique ID to ensure integrity of data between multiple users of the service
Email

The email of the consumer. If the identity provider CIAM provides an "email" claim within the token,

the value is stored in the linked profile and in the "email" property of the user entity under Bosch IoT Permissions.

The email is needed for user management and user identification in case of support.

Bosch IoT Permissions acts as authorization server for Bosch IoT Analytics.


Privacy considerations

For data security and privacy reasons, API credentials issued by Bosch IoT Analytics need to be encrypted and stored by consumer applications.

Data processing and storage locations

The data provided by a client application, is processed and stored according to the following data flow diagram.

Data flow

Storage locations

The location of the data (A, C, and D) depends on the location of Bosch IoT Analytics.

Bosch IoT Analytics at Bosch IoT Cloud

Data is stored in Germany at Bosch IoT Cloud data center Stuttgart.

Bosch IoT Analytics at AWS

Data is stored in Germany at AWS region EU-Frankfurt.

Bosch IoT Permissions

Permissions Store (B) data is stored under Permissions instance and the privacy guide for the same is available at:
https://permissions.s-apps.de1.bosch-iot-cloud.com/docs/privacy-guide/index.html

Legal Advice Disclaimer

The document has been assembled with every attempt to ensure its accuracy and reliability of the information, however, the information is provided "as is" without warranty of any kind.

This document is not intended to provide and should not be relied on for legal advice.