DATA PRIVACY.

BMW DIGITAL CHARGING SERVICE PRIVACY POLICY.

 

BMW Group UK understands that its use of your information requires your trust. BMW Group UK is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights.

This policy contains details of the data processing that will take place for each BMW ConnectedDrive service.

General information and data controllers

BMW (UK) Ltd, Summit ONE, Summit Avenue, Farnborough, Hampshire, GU14 0FB (hereinafter referred to as “BMW”).

Data processing takes place together with the national sales company BMW and Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, Germany, headquarters and court of registration: Munich HRB 42243 (hereinafter "BMW AG").

BMW provides the customer with certain charging-related information and services (hereinafter referred to as “services”) under the designation “BMW Digital Charging Service” (hereinafter referred to as “DCS contract”) and is the contractual and operational point of contact for the customer.

BMW AG is responsible for technical provision of the services. Data is transmitted to BMW AG from BMW to provide the services and support for the customer.

How we collect and use your personal information

Data collected in the course of concluding an agreement or rendering services is processed for the purposes listed below:

A. Conclusion of agreement (GDPR 6(1) (b))

As part of concluding the agreement, the categories of data listed below are processed:

  • Contact data (e.g. last name, first name, address, e-mail address, etc.)

  • Account data (e.g. ConnectedDrive or myBMW login account, etc.)

The agreement data is deleted automatically 1 year after the agreement expires; financial transactions are deleted after 10 years as stipulated by law.

B. Fulfilment of the contractual obligation for performance of the ConnectedDrive Agreement (GDPR 6(1) (b))

For the purposes of fulfilling the Digital Charging Service Agreement concluded between you and BMW, BMW AG renders the charging related services.

For performance of these services, the following—potentially personally identifiable—information from the vehicle is processed by BMW AG and commissioned service providers for such performance:

  • Street, house number, postal code, city, country, geo-coordinate of the provided charging points

  • Wallbox information such as serial number, settings, data on the RFID authentication

  • Information on the charging location as well as assigned vehicles and load limit of the household

  • Electricity rate (e.g. rate/tariff ID, type of tariff and prices)

  • Solar system (e.g. location, generator fields, kW-Peak, feed-in tariff)

  • Vehicle status data (mileage, battery voltage, door and tailgate status, etc.)

  • Vehicle charging mode, time of departure, charging setting, demand for energy

  • Charging curve and measured values for the indication in the charging portal

  • Position and movement data of vehicle (time, position, speed, etc.)

  • Environmental information of vehicle and charging location (temperature, rain, etc.)

Although the provision of this data is not required to enter into the DCS contract, BMW AG is unable to provide you with the respective service if this data is not provided by you and is not processed.

The processed personal data is deleted automatically after 1 year after the DCS contract has ended.

BMW Group login

In order to use the Digital Charging Service in its entirety, you also have to register on the ConnectedDrive portal. Upon registering, you will receive an online customer account that allows you to access additional portals of BMW Group.

Through the online customer account from the BMW Group login, you will receive a universal ID that is recognised by all applications. Applications use this ID to gain access to the data you have entered in the customer account in order to use it for some services, such as being able to greet you by name.

In order to offer this service with the BMW Group login, BMW AG passes your data on to each BMW Group company that acts as a provider of the applications in use by you. Storage of the data from your customer account is handled by BMW AG and is separate from any other (even potentially identical) data about your person that may be available to BMW Group.

C. Securing product quality and developing new products (GDPR 6(1) (f))

Beyond mere performance of service, the data collected under B. is also processed for quality assurance in products and services offered by BMW Group and for developing new products and services by BMW. This processing is used for the legitimate interests of BMW AG to meet the high customer standard placed on existing products and services and to allow the company to fulfil the future requests of its customers through new products and services that have not yet been developed. In order to protect the privacy of our customers, data is processed solely in a manner that cannot be traced back to the customer/vehicle directly.

D. Fulfilment of the sales, service and administrative processes of BMW AG, BMW and authorised retailers (GDPR 6(1) (f))

In order to optimise the customer experience and collaboration with BMW AG distributors continuously, we create evaluations and reports based on information from agreements and we share these evaluations and reports with the applicable BMW AG distributors. These evaluations are predominantly used for introducing appropriate measures (e.g. training courses for sales personnel) to improve the request and sales process. We will create the aforementioned reports only in an aggregated and anonymised form; this means that the recipients of the reports will be unable to draw any conclusions about you personally.

Portions of the vehicle-specific data collected under B. are used for performance of the service processes (e.g. repair, warranty, goodwill) of BMW AG, the national sales companies and authorised dealers. This processing is within the legitimate interests of BMW to provide our customers with the best possible service process. Processing sometimes also takes place in connection with legal requirements (e.g. repair and maintenance information due to the provisions of anti-trust regulations). Technical data is always processed in relation to the vehicle and without direct connection to the customer in order to protect the privacy of our customers.

The following data categories are used for this:

  • Vehicle master data (e.g. vehicle type, colour, equipment, etc.)

  • Vehicle service data (e.g. due date of next service visit, oil level, brake wear, etc.)

  • Vehicle status information (e.g. mileage, battery voltage, door and hatch status, etc.)

The technical vehicle data is deleted at the end of the vehicle life cycle.

BMW is a company within BMW Group. In part, we process your data in order to make the administration of the various companies within BMW Group as efficient and successful as possible. One of the areas this affects is common group accounting in accordance with international accounting regulations for companies (such as the International Financial Reporting Standards (IFRS)).

E. Customer support (GDPR 6 (1) (b), (g), (f))

BMW and BMW AG partners use your personal data for communication as part of concluding contracts, see above (e.g. booking BMW ConnectedDrive services) or for the transaction of a request formulated by you (e.g. enquiries and complaints to BMW Customer Support). We contact you regarding all aspects of concluding a contract or processing a request without special permission e.g. in writing, by phone, by messenger services, by e-mail, depending on which contact data you have specified.

F. Marketing communications and market research due to consent (GDPR 6 (1) (a))

If you have given your consent to any further use of your personal data, your personal data may be used and, if necessary, passed on to third parties in accordance with the scope outlined in the consent form, such as for promotional purposes and/or market research. The details in this regard can be found on the respective consent form, which may be withdrawn at any time.

G. Fulfilment of legal obligations of BMW or BMW AG (GDPR 13(1) (c) and 6(1) (c))

BMW will also process personal data if there is a legal obligation to do so. This could be the case if we needed to contact you because your vehicle is subject to a recall or repair request.

Collected data is also processed as part of safeguarding the operation of IT systems. Safeguarding in this context includes, but is not limited to, the following actions:

  • Backup and restoration of data processed in IT systems

  • Logging and monitoring transactions to check the specific functionality of IT systems

  • Detecting and defending against unauthorised access to personal data

  • Incident and problem management for resolving problems in IT systems.

Collected data is also processed as part of internal compliance management, wherein we review aspects such as whether you have received sufficient advising as part of concluding an agreement and whether dealers have complied with all legal requirements.

BMW is subject to a number of additional legal obligations. In order to comply with these obligations, we process your data to the extent needed and pass on this data to the responsible authorities if necessary as part of legal reporting requirements.

H. Data transfer to selected third parties

At your request, the data collected under B. can be transferred in electronic form to third parties. This serves other purposes in the relationship between the third party and you, such as a specific energy tariff for the charging optimisation of your electric vehicle.

BMW provides data collected under B. to commissioned service providers in order to provide certain services in context of the services:

  • For the translation of the address data to geo-coordinates and the indication/determination of the locations in a Google-Maps™ map, we exclusively transfer the street, house number, postal code, city, country to Google Inc. This translation of the address into a geo-coordinate is required for the identification of the controllable charging processes at home.

  • For the inclusion of weather forecasts for the solar-pv output, the customers locations geo-coordinates are transferred to BMW cooperation partners and/or to any third party commissioned by the BMW AG

  • For the display of available energy tariffs at the customer’s location, the location data (street, house number, postal code and city) are transferred to BMW cooperation partners and/or to any third party commissioned by the BMW AG. – This service is only available in selected countries.

Additional information will not be transferred.

How long do we store your data?        

We save your personal data only for as long as the specific purpose requires. If the data is processed for several purposes, the data is deleted automatically or saved in a form that cannot be traced directly back to you once the last specified purpose has been met.

How is your data stored?

We store your data in accordance with the state of the art of technology.  The following security measures serve as an example of the measures applied to protect your personal data from misuse or other unjustified processing:

  • Availability of access to personal data is restricted to just a limited number of authorised persons for the specified purposes.

  • Collected data is transferred only in encrypted form.

  • Sensitive data is also saved only in encrypted form.

  • IT systems for processing the data are compartmentalised from other systems, e.g. to prevent hacking.

  • Access to these IT systems is monitored continuously in order to ward off and detect misuse early.

To whom is the data passed and how do we protect it along the way?

BMW AG is a global company. Personal data is processed by BMW employees, authorised retailers and by service providers we have commissioned, with preference given to those within the EU.

If data is processed in countries outside the EU, BMW AG uses EU standard agreements, including suitable technical and organisational measures, to ensure that your personal data is processed in accordance with the European level of data privacy. If you want to access the actual protections for data transfer to other countries, please contact us using the communications channels specified below.

The EU has already established a comparable data privacy level for some countries outside the EU, e.g. Canada and Switzerland. Due to the comparable data privacy level, data transfer to these countries does not require any special approval or agreement.

How to change your privacy preferences

You can change your preferences, or withdraw your consent in relation to how BMW uses your personal information in one of the following ways:

  • You can make individual changes directly in your ConnectedDrive account or the Connected App, where applicable.
  • You are also able to request information about your data stored at BMW as well as request the correction, deletion or restriction of your personal data for analytics and/or marketing use.
  • By contacting the BMW Customer Information Centre on 0800 561 0666 *
  • Or by sending an email to customer.information@bmw.co.uk
  • Or by writing to us at:

BMW Customer Information Centre

Phoenix One

59 - 63 Farnham Road

Slough

Berkshire

SL1 3TN

* Calls are free of charge plus your phone company's access charge.

 

In addition you may contact the responsible data privacy officer listed below:

BMW (UK) Ltd

Data Privacy Officer

DataPrivacyOfficer@bmw.co.uk

Tel: 0800 561 0666

 

Under certain conditions you have the right to require us to:

  • Provide you with further detail on the use we make of your information
  • Provide you with a copy of your information
  • Update any inaccuracies in the information we hold about you
  • Delete any information about you that we no longer have a lawful ground to use
  • Remove you from any direct marketing lists when you object or withdraw your consent
  • Provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability)
  • Restrict our use of your personal information
  • Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights (click Legal Grounds for more information).

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third parties. 

 

If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office (click ICO for more information).