Data Protection

 

Legal information on data protection

The high standards you expect from our products and services are our guideline for handling your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospects. The confidentiality and integrity of your personal data is top priority for us.

Which entity is responsible for data processing?
Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, domicile and court of registry: Munich HRB 42243 (hereinafter "BMW"), is the provider of the website www.bmw-werk-berlin.de and responsible for data processing in connection with the use of the website.

Cookies
We use cookies to personalise your user experience and continuously improve our website. Details on the use of cookies on our website, as well as options for changing your cookie settings can be found by following "Read more".
Read more.


Compliance with legal obligations to which BMW is subject (Art. 6 (1) lit. c) GDPR)
In addition, we also process personal data wherever there is a legal obligation to do so – for example, where necessary to enable operation of IT systems, including the following activities:

  • backup and recovery of data processed in IT systems,
  • logging and monitoring of transactions to verify proper functioning of IT systems,
  • detection and prevention of unauthorised access to personal data,
  • incident and problem management for troubleshooting IT systems.

BMW is subject to a wide range of additional legal obligations. To comply with these obligations, we process your data to the required extent and, if necessary, submit it to the responsible authorities in accordance with legal reporting requirements.

How long do we store your data?
We store your personal data only as long as required for the intended purpose. If data is processed for multiple purposes, it will be deleted, or only stored in a form that cannot be directly traced back to you, as soon as no longer needed for the final specified purpose.

How do we store your data?
We utilise state-of-the-art technology to store your data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorised processing:
  • Access to personal data is restricted to a limited number of authorised persons for the stated purposes.
  • The data collected is only transmitted in encrypted form.
  • Sensitive data is also only stored in encrypted form.
  • The IT systems used for processing data are technically isolated from other systems to prevent unauthorised access and hacking.
  • Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.


Whom do we share data with and how do we protect you?
BMW is a global company. If necessary to process your request, your information will be forwarded to the national sales company in your home country, for example. We also use contracted service providers who prefer to process data within the European Union.

If data is processed in countries outside the European Union, BMW uses EU Standard Contracts, with appropriate technical and organisational measures, to ensure that your personal data is processed in accordance with European data protection standards. If you wish to view the specific safeguards for the transfer of data to other countries, please contact us through one of the communication channels listed below.

The European Union has already established a comparable level of data protection for certain countries outside the EU, such as Canada and Switzerland. Since the level of data protection is comparable, data transmission to these countries does not require special approval or agreement.

Contact details, rights of the data subject and your right to complain to a supervisory authority
If you have any questions relating to our use of your personal data, we recommend that you contact BMW Customer Service – either by sending an email to kundenbetreuung@bmw.de
or the telephone hotline: 089 1250 160 00 (Mon-Sun from 08:00 am to 8:00 pm).

You may also contact the company’s Data Protection Officer:
Stefan Winkler
BMW AG
Petuelring 130
80788 München
datenschutz@bmw.de

Rights of the data subject
As the party affected by the processing of your data, you may claim certain rights under the GDPR and other relevant data protection regulations. Under the GDPR, you are entitled to claim the following specific rights vis-à-vis BMW as the data subject:

Right of access by the data subject (Art. 15 GDPR): You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your data from us free of charge. If you require additional copies, we reserve the right to charge you for these copies.

Right to rectification (Art. 16 GDPR): You have the right to request that we rectify inaccurate data relating to you. We will take appropriate steps to keep the data we store and process on an ongoing basis accurate, complete and current, based on the most up-to-date information available.

Right to erasure (Art. 17 GDPR): You have the right to request that we erase your data, as long as the legal requirements for this are satisfied. This may be the case under Art. 17 GDPR if

  • the data is no longer required for the purposes for which it was collected or otherwise processed;
  • you withdraw the consent on which data processing is based, and there is no other legal basis for processing;
  • you lodge an objection to the processing of your data and there are no legitimate reasons for processing, or you object to data processing for direct marketing purposes;
  • the data was processed unlawfully,

and provided that processing is not required
  • to ensure compliance with a legal obligation that requires us to process your data
  • especially with regard to statutory retention periods;
  • to establish, exercise or defend legal claims.


Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict processing of your data if
  • you dispute the accuracy of the data – in which case processing may be restricted during the time it takes to verify the accuracy of the data;
  • processing is unlawful, and you reject erasure of your data, requesting that its usage be restricted instead;
  • we no longer need your data, but you need it to establish, exercise or defend your rights;
  • you have lodged an objection to its processing, as long as it is not certain that our legitimate reasons outweigh yours.


Right to data portability (Art. 20 GDPR): You have the right to request that we transfer your data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your data, you may also ask us to submit the data directly to another responsible party specified by you.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, as long as data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will cease to process your data. This does not apply if we can show that there are compelling legitimate grounds for processing that outweigh your interests, or if we need your data for the establishment, exercise or defence of legal claims.

Time limits for compliance with the rights of the data subject
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.

Restriction of information for compliance with the rights of the data subject
In certain situations, we may be unable to provide you with information about all your data, due to legal requirements. If we are unable to fulfil your request for information in such a case, we will notify you of the reasons.

Complaint to supervisory authorities
BMW AG takes your concerns and rights very seriously. However, if you believe that we have not responded in an appropriate manner to your complaints or concerns, you have the right to lodge a complaint with your local data protection authority.

Use of Facebook Social Plugins on www.bmw-werk-berlin.de On our website www.bmw-werk-berlin.de we use website elements from the social network Facebook. Supplier of the plug-in is the companiy Facebook Inc. (“Provider”). Web page elements are e.g. buttons (so-called “social plug-ins) or integrated content from the provider.

The operator of Facebook is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). For an overview of Facebook web page elements and their look go to https://developers.facebook.com/docs/plugins.

Your browser establishes a direct connection to the server of the provider when you visit a page from our website that contains such a website element. The content of the website element is transmitted by the respective provider directly to your browser and integrated into the BMW page. By integrating the website elements, the provider gains knowledge that your browser has accessed the corresponding page of our website, and even if you do not have a profile with the provider or are not logged in at the time. This information (including your IP address) is transmitted by your browser directly to a server of the provider in the USA and stored there.

If you are logged into one of the services, the provider can directly assign the visit to our website to your profile with this provider.

BMW has no influence on the parameters of the data that the provider lifts out with the help of the website elements. For details on the purpose and extent of the data collection and the further processing and use of the data by the provider as well as your related rights and setting options for protecting your privacy, please refer to the privacy policy of the provider:

Facebook: https://www.facebook.com/about/privacy/

You would need to log out of the provider’s services if you want to prevent provider from directly associating the data collected through our website with your profile in that service. Finally, there is the possibility of completely preventing the loading of the website elements with browser add-ons.