Joint controllers
Information on joint responsibility with regard to data subjects, according to Art. 26(2)(2) GDPR
Party 1: Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany
and
Party 2: All parties named in the list of parties
What is the basis for joint responsibility?
In connection with the provision of SingleKey ID as an exclusive single sign-on solution of the Bosch Group, the aforementioned parties will work closely together. This also concerns the processing of your personal data. The parties have jointly determined the order in which this data is processed in individual process steps. As such, they are jointly responsible for the protection of your personal data during the process stages described below (Art. 26 GDPR).
As a data subject according to GDPR, you have a right to the following information from the aforementioned parties.
For which process stages is there joint responsibility?
- Processing step: Registration and login with SingleKey ID
- Responsibility lies with: Bosch.IO GmbH
- Processing step: Overview and administration of master data and applications with SingleKey ID
- Responsibility lies with: Bosch.IO GmbH
What have the parties agreed?
In line with their joint responsibility for data protection, the aforementioned parties have agreed which of them is responsible for meeting specific obligations under GDPR. In particular, this concerns the exercise of the rights of data subjects (Art. 15–21 GDPR) and the fulfillment of the obligations regarding provision of information (Art. 13–14 GDPR).
This agreement is required because during the provision and operation of SingleKey ID and its functions, personal data is processed in various process steps and by various systems operated either by Bosch.IO GmbH or by all parties named in the list of parties.
What does this mean for you as data subject?
Although a joint responsibility exists, the parties shall fulfill the obligations under data protection law in accordance with their respective responsibilities for the individual processing activities as follows:
- In accordance with their joint responsibility, the parties shall provide the data subject with any information required under Art. 13 and 14 GDPR in a precise, transparent, intelligible, and easily accessible form, using clear and plain language. This information shall be provided free of charge. For this purpose, each party shall provide the other party with all the necessary information from its area of operation.
- The parties shall inform each other without delay of any legal positions asserted by you as data subject. They shall provide each other with all the information required to respond to requests for information.
- As data subject, you will, in principle, receive the information from Bosch.IO GmbH. Regardless of this internal agreement, you may also assert your rights, as data subject, directly against any party.
Who are the contracting parties?
All Bosch entities that have signed the Adherence Letter to the Joint Controller Agreement are referred to as contracting parties.
The current list of parties is published on the SingleKey ID website under https://singlekey-id.com/en/data-protection-notice/.
Every iteration of the list of parties and the date of potential changes can be requested directly from Bosch IO GmbH.