Show an overview of the topics on this page for selection.Do not show
Show an overview of the topics on this page for selection.
Legal information on data protection.
The high standards you expect from our products and services are our guideline for handling your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospects. The confidentiality and integrity of your personal data is top priority for us.
Which entity is responsible for data processing?
Which data provided by you do we process and what do we use it for?
A. Ordering publications; use of contact form (Art 6 (1) lit. b) GDPR)
Some of the pages on our website allow you to contact us or order certain publications. These pages indicate which data we are collecting to satisfy your request. We generally only collect the data required for the specified purpose. If you would like to receive our Annual Report by mail, for example, we ask you to provide your first and last name, as well as your title and mailing address. Without this information, we are unable to send you the publication you requested and address it to you personally.
B. Newsletter subscription with prior consent (Art. 6 (1) lit. a) GDPR)
If you subscribe to one of our newsletters, such as the BMW Group Sustainability Newsletter, we will use the information you provide to send you the newsletter you are interested in. You may withdraw your consent to receive our newsletter at any time. Further details on data processing and contact information for withdrawing consent can be found in the declaration of consent for the respective newsletter.
D. Compliance with legal obligations to which BMW is subject (Art. 6 (1) lit. c) GDPR)
In addition, we also process personal data wherever there is a legal obligation to do so – for example, where necessary to enable operation of IT systems, including the following activities:
- backup and recovery of data processed in IT systems,
- logging and monitoring of transactions to verify proper functioning of IT systems,
- detection and prevention of unauthorised access to personal data,
- incident and problem management for troubleshooting IT systems.
BMW is subject to a wide range of additional legal obligations. To comply with these obligations, we process your data to the required extent and, if necessary, submit it to the responsible authorities in accordance with legal reporting requirements.
How long do we store your data?
How do we store your data?
We utilise state-of-the-art technology to store your data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorised processing:
- Access to personal data is restricted to a limited number of authorised persons for the stated purposes.
- The data collected is only transmitted in encrypted form.
- Sensitive data is also only stored in encrypted form.
- The IT systems used for processing data are technically isolated from other systems to prevent unauthorised access and hacking.
- Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
Whom do we share data with and how do we protect you?
BMW is a global company. If necessary to process your request, your information will be forwarded to the national sales company in your home country, for example. We also use contracted service providers who prefer to process data within the European Union.
If data is processed in countries outside the European Union, BMW uses EU Standard Contracts, with appropriate technical and organisational measures, to ensure that your personal data is processed in accordance with European data protection standards. If you wish to view the specific safeguards for the transfer of data to other countries, please contact us through one of the communication channels listed below.
The European Union has already established a comparable level of data protection for certain countries outside the EU, such as Canada and Switzerland. Since the level of data protection is comparable, data transmission to these countries does not require special approval or agreement.
Contact details, rights of the data subject and your right to complain to a supervisory authority.
If you have any questions relating to our use of your personal data, we recommend that you contact BMW Customer Service – either by sending an email to email@example.com or calling +49 89 1250-16000 (available daily from 8:00 to 8:00 pm).
You may also contact the company’s Data Protection Officer:
Rights of the data subject.
Right of access by the data subject (Art. 15 GDPR):
You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your data from us free of charge. If you require additional copies, we reserve the right to charge you for these copies.
Right to rectification (Art. 16 GDPR):
You have the right to request that we rectify inaccurate data relating to you. We will take appropriate steps to keep the data we store and process on an ongoing basis accurate, complete and current, based on the most up-to-date information available.
Right to erasure (Art. 17 GDPR):
You have the right to request that we erase your data, as long as the legal requirements for this are satisfied. This may be the case under Art. 17 GDPR if
- the data is no longer required for the purposes for which it was collected or otherwise processed;
- you withdraw the consent on which data processing is based, and there is no other legal basis for processing;
- you lodge an objection to the processing of your data and there are no legitimate reasons for processing, or you object to data processing for direct marketing purposes;
- the data was processed unlawfully,
and provided that processing is not required
- to ensure compliance with a legal obligation that requires us to process your data
- especially with regard to statutory retention periods;
- to establish, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR):
You have the right to request that we restrict processing of your data if
- you dispute the accuracy of the data – in which case processing may be restricted during the time it takes to verify the accuracy of the data;
- processing is unlawful, and you reject erasure of your data, requesting that its usage be restricted instead;
- we no longer need your data, but you need it to establish, exercise or defend your rights;
- you have lodged an objection to its processing, as long as it is not certain that our legitimate reasons outweigh yours.
Right to data portability (Art. 20 GDPR):
You have the right to request that we transfer your data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your data, you may also ask us to submit the data directly to another responsible party specified by you.
Right to object (Art. 21 GDPR):
You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, as long as data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will cease to process your data. This does not apply if we can show that there are compelling legitimate grounds for processing that outweigh your interests, or if we need your data for the establishment, exercise or defence of legal claims.