DATA PROTECTION

Who is the data controller responsible for data processing?

BMW (Switzerland) Ltd (hereinafter referred to as “BMW (Switzerland)” and/or “we”), Industriestrasse 20, 8157 Dielsdorf, Switzerland, is the data controller responsible for the processing of your personal data. BMW (Switzerland) is based in Dielsdorf, Switzerland.

Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, Germany, registered office and court of registration: Munich HRB 42243 (hereinafter referred to as the “BMW Group”), is responsible for the technical provision of some services. When providing services and customer support in the case of problems, data are transferred by BMW (Switzerland) to the BMW Group.

BMW (Switzerland) represents BMW in Switzerland. It coordinates the business activities for the sale of BMW cars, original BMW parts, accessories and related services in Switzerland through the BMW organisation. BMW (Switzerland) also includes BMW Niederlassung.

BMW (Switzerland) can also involve other organisational divisions of BMW (Switzerland) in providing support for customers and potential customers in Switzerland. These are essentially the areas BMW ConnectedDrive and BMW Online Shops.

BMW (Switzerland) authorises BMW dealers and BMW workshops (hereinafter referred to as “BMW Dealers” if no further differentiation is required). It also provides support on technical and non-technical matters for customers, potential customers and contracting partners as well as other interest groups, operates the website bmw.ch, which allows for the creation of My BMW and/or BMW ConnectedDrive online accounts, and advertises the BMW brand in Switzerland.

Unless stated otherwise, BMW Dealers are legally and economically independent companies and not part of BMW. They have licensed the use of the BMW brand and are variously authorised to sell BMW cars, original BMW parts and accessories. They are further authorised for brand-related maintenance and repair services.

BMW Niederlassung is authorised by BMW (Switzerland) in the same way as BMW Dealers.

BMW (Switzerland) is the controller responsible for your data that are processed in the context of BMW and/or BMW direct marketing measures via the website experiencebmwgroup.ch, your online account My BMW, the BMW ConnectedDrive services, your contacts with BMW and/or BMW customer service (hereinafter collectively referred to as “BMW Customer Service”). BMW also processes your data transmitted by BMW Dealers if and to the extent the necessary data protection requirements are met.

BMW Dealers are responsible for processing those personal data that you yourself have provided to them in connection with your enquiries and customer service related to sales and service. BMW Dealers will also process your data transmitted by BMW (Switzerland) if and to the extent the necessary data protection requirements are met.

This Data Protection Notice also describes instances when your data may be processed by BMW Dealers. However, BMW Dealers may possibly collect further personal data and provide their own data protection notices. If applicable, see the data protection notices of the respective BMW Dealer to learn more about how your data are used in such a case. The contact details of BMW Customer Service and regarding data protection at BMW (Switzerland) can be found here.

The contact details of BMW AG regarding Group data protection can be found here.

When does BMW collect and process personal data?

BMW collects and processes your personal data in the following cases, among other things:

  • When you contact us directly, for example via our website, via BMW Customer Service or BMW Dealers, and when you express an interest in our products or services, for instance, or contact us for any other enquiry.
  • When you buy products from us directly (e.g. in the BMW Lifestyle Shop on our website, at BMW Niederlassung).
  • When you buy services from us directly (e.g. BMW ConnectedDrive via the BMW ConnectedDrive Store on our website, maintenance or repair services for your vehicle at BMW Niederlassung).
  • When you request information about our products and services (e.g. in order to receive brochures or price lists).
  • When you respond to our direct marketing activities, for example by filling in a reply card or entering your data online on one of our websites (bmw.ch, experiencebmwgroup.ch or the landing page).
  • When your personal data are communicated to us by BMW Dealers or third parties if and to the extent the necessary data protection requirements are met, for example where you have given your consent or, aware of your right to object, have not objected to the disclosure of your data to BMW for the purposes of customer service (e.g. your identification when you contact BMW Customer Service) and in the case of written contact (e.g. where you are sent the BMW welcome package following the purchase of a vehicle).
  • When your vehicle data (including the vehicle identification number) are transmitted to us in connection with services as well as maintenance and repairs performed by our BMW workshops and BMW Niederlassung.
  • When other BMW Group companies and our business partners are permitted to provide us with data on you.
  • When third parties (e.g. certified address providers) are permitted to provide us with personal data on you.

Please help us to keep your information up to date by communicating to us any changes to your personal data – especially your contact details.

Which data may be collected about you?

The following categories of personal data may be collected through the numerous services and contact channels described in this Data Protection Notice: 

  • Contact details ► Name, address, telephone number, e-mail address
  • Interests ► Information provided by you about your areas of interest, such as vehicles of interest to you, preferred BMW Dealer or BMW branch, hobbies and other personal preferences
  • Other personal information ► Information provided by you on date of birth, education, household size or professional situation
  • Contract data ► Customer number, contract number, booked BMW ConnectedDrive services
  • Online account data ► Account information about My BMW, BMW ConnectedDrive, portals for customers and potential customers, payment information you have stored (e.g. credit-card number)
  • Use of websites and communication ► Information about how you use the website and whether you open or forward communications from us, including data collected through cookies and other tracking technologies; further information can be found here in our BMW Cookie Policy
  • Transaction and interaction data ► Information on purchases of products and services, interactions with BMW Customer Service (your enquiries and complaints) and BMW Dealers or BMW Niederlassung as well as participation in market research studies
  • Credit and identity information ► Data used to identify you, such as a driving licence or registration certificate part 1; also information about transactions, any outstanding payments to us; information about fraud cases, criminal offences, suspicious transactions, politically exposed persons and sanction lists that contain your data
  • Use of BMW apps and services ► Information about your use of BMW apps (on your mobile device) and the services of BMW ConnectedDrive
  • Information on vehicle functions and configurations ►Information on the functions and current configurations of your vehicle (identified by the vehicle identification number), such as BMW Teleservices, BMW ConnectedDrive services with BMW Online and My Info or BMW CarData
  • Technical vehicle data ► Data generated or processed in the vehicle

    Operating data in the vehicle
    Control units process data for operating the vehicle. 

These include, for example:

– Vehicle status information (e.g. speed, throttle delay, lateral acceleration, wheel speed, indication of whether seat belts have been applied)

– Environmental conditions (e.g. temperature, rain sensor, distance sensor)

As a rule, these data are temporary and are not stored beyond the operating time and are only processed in the vehicle itself. Several control units store data (including the vehicle key). These are used to document information, temporarily or permanently, about the vehicle’s condition, component stress, maintenance requirements as well as technical events and errors. 

Depending on the technical equipment, the following data are stored:

– Operating conditions of system components (e.g. fill levels, tyre pressure, battery status)
– Faults and defects in key system components (e.g. lights, brakes)
– Reactions of the systems in special driving situations (e.g. triggering of an airbag, deployment of the stability control systems)
– Information on vehicle-damaging events
– In the case of electric vehicles, state of charge of the high-voltage battery, estimated range

In special cases (e.g. if the vehicle has detected a malfunction), it may be necessary to store data that normally would be temporary only.

If you make use of services (e.g. repair or maintenance services), the stored operating data can be read out if necessary and used together with the vehicle identification number. The data can be read out from the vehicle by employees of the BMW Dealer or BMW Niederlassung or third parties (e.g. breakdown services). The same applies to warranty cases and quality assurance measures.

The data are generally read out via the legally required connection for on-board diagnosis (OBD) in the vehicle. The operating data thus read out document technical conditions of the vehicle or individual components, help with fault diagnoses, compliance with warranty obligations, and quality improvement. These data, in particular information about component stress, technical events, operating errors and other faults, will be sent to BMW together with the vehicle identification number. BMW is also subject to product liability. This represents a further use by BMW of vehicle operating data, such as for recall campaigns. These data can also be used to verify claims of the customer for warranty and repairs. 

Fault memory in the vehicle can be reset by a service company as part of repair or service work or at your request.

Convenience and infotainment functions
You can save convenience settings and customisations in the vehicle and change or reset them at any time.

Depending on the respective equipment, this includes, for example:

– Seat and steering-wheel positions
– Chassis and climate-control settings
– Customisations such as interior lighting

In connection with the equipment selected, you can add your own data to the infotainment functions of the vehicle. Depending on the respective equipment, this includes, for example:

– Multimedia data, such as music, films or photos for playback in an integrated multimedia system
– Address book data for use in conjunction with a built-in hands-free system or integrated navigation system
– Navigation destinations
– Data on the use of Internet services

These data for convenience and infotainment functions can be stored locally in the vehicle, or they can be stored on a device that you have connected to the vehicle (e.g. smartphone, USB stick or MP3 player). You can erase any data you input yourself at any time. 

These data will be transmitted from the vehicle only at your request, especially in the context of online services, according to the settings you have selected.

Smartphone integration, e.g. Apple CarPlay
If your vehicle is properly equipped, you can connect your smartphone or other mobile device to the vehicle so that you can control it via the on-board controls. This means that the picture and sound of the smartphone can be output via the multimedia system. At the same time, certain information is transmitted to your smartphone. Depending on the type of integration, this includes, for example, position data, day/night mode and other general vehicle information. Please refer to the user manual of the vehicle/infotainment system. 

The integration allows for the use of selected apps on the smartphone, such as navigation or music playback. There is no further interaction between the smartphone and the vehicle, in particular no active access to vehicle data. The type of further data processing is determined by the provider of the app used. Whether and which settings you can configure depends on the app and the operating system of your smartphone.

Online services
If your vehicle has a mobile network connection, data can be exchanged between your vehicle and other systems. The mobile network connection is made possible by an on-board transceiver or via a mobile device (e.g. smartphone) that you provide. Online functions can be used via this mobile network connection. These include online services and applications/apps provided to you by the manufacturer or other providers.

BMW Online services
The respective functions are described by BMW in an appropriate place (e.g. in the user manual, the BMW Driver’s Guide app, on BMW websites) together with relevant data protection information. Personal data may be used in the provision of online services. The data are exchanged via a protected connection, for example by means of the IT systems provided by BMW. Any collection, processing and use of personal data beyond the provision of services are exclusively subject to statutory permission, for example in connection with a legally required emergency call system, a contract or on the basis of consent given. 

You can enable or disable the services and features (some of which are available against a fee), and, in some cases, the entire mobile network connectivity of the vehicle. As far as technically possible, this does not apply to legally required functions and services, such as emergency call systems.

Third-party services
If you choose to use online services of other providers (third parties), these services are the responsibility of and subject to the privacy conditions and terms and conditions of use of the respective provider. BMW has no control over the contents exchanged in the process.

Please obtain information from the respective service provider about the nature, extent and purpose of the collection and use of personal data in the context of third-party services. 

  • Data for locating the vehicle ► Information on the location of your vehicle or your mobile device. BMW may receive such data as part of the provision of the BMW ConnectedDrive services and the BMW Connected app and uses them in accordance with the detailed service descriptions of the respective services and the security provisions for location data. 

For what purposes are your data processed?

The data collected in connection with the conclusion of the contract or the provision of the services will be processed for the following purposes. An explanation of the scope of the available legal bases is available here.

A. Fulfilment of the contractual obligation in the context of sales, maintenance and repair of vehicles (Article 13(2)(a) of the Swiss Federal Act on Data Protection, FADP – Bundesgesetz über den Datenschutz, DSG)

BMW, BMW Niederlassung and BMW Dealers collect, process and use personal data as part of the sales processes or during maintenance or repair services at the dealership.

As part of the sales processes, personal data are used by BMW Dealers and BMW Niederlassung in order to execute the contract of sale, conduct test drives and provide information related to your vehicle purchase.

In the context of these activities, the following categories of data are processed:

  • Contact details (last name, first name, address, e-mail address, etc.)
  • Account details (BMW ConnectedDrive or My BMW account, bank details, etc.)

BMW, BMW Niederlassung and BMW Dealers generally use your personal data for the execution of the contract (e.g. vehicle orders, workshop/repair orders, bookings of BMW ConnectedDrive services) or for handling a request you have made (e.g. a request for a quote or a test drive). For all aspects of the contract or addressing a concern you have expressed, we will contact you without separate consent, for example in writing, by telephone, via messenger services or by e-mail, depending on the contact details you provided.

Where maintenance and repair processes or services at BMW workshops and BMW Niederlassung are concerned, technical vehicle data relevant to the vehicle service are read out from the installed electronic control units by way of special diagnostic devices. These data are processed and used in the workshop by trained technicians to diagnose and correct any malfunctions. The technical vehicle data consist mainly of the following information:

  • Vehicle master data (e.g. vehicle identification number, vehicle type, production date, vehicle equipment)
  • Vehicle status data (measured values such as mileage in kilometres) 
  • Fault memory entries (e.g. malfunction of direction indicators) 
  • Load collectives 
  • Software versions 
  • Service and workshop data (e.g. service requests, performed work, installed spare parts, warranty cases, workshop reports)

The above information may be accessed by BMW to assist with technical or other challenges to performance by the BMW Dealers and BMW Niederlassung.

In addition, the aforementioned persons responsible may receive data on the location of the vehicle to a limited extent, insofar as this is necessary for the purpose of fulfilling the contract (e.g. as part of the BMW Mobile Service breakdown service). The data will only be used in accordance with the security precautions for location data.

B. Compliance with the contractual obligation to provide digital vehicle-related services (Article 13(2)(a) of the FADP)

For the purpose of fulfilling the ConnectedDrive contract between you and BMW, BMW will provide various services, such as Intelligent Emergency Call, Concierge Service, Real Time Traffic Information (RTTI), Teleservices, etc. For the provision of these services, BMW, the BMW Group and commissioned service providers will process the following, possibly personal, information from the vehicle:

  • Vehicle status data (annual mileage, battery voltage, door and flap status, etc.)
  • Position and movement data (time, position, speed, etc.)
  • Vehicle maintenance data (due date of next service, oil level, brakes, etc.)
  • Dynamic traffic information (traffic jams, obstacles, signs, parking lots, etc.)
  • Environmental information (temperature, rain, etc.)
  • User profile (configured news, e-mail and audio providers, etc.)
  • Sensor information (radar, ultrasound, gestures, language, etc.)

The data protection notices of BMW ConnectedDrive can be found here; a complete list and detailed description of the services and the data used can be found here.
The processed personal data will be automatically erased after four weeks, unless they are required for a longer period of time for the provision of a special service.

You can enable or disable the services and features (some of which are available against a fee), and, in some cases, the entire mobile network connectivity of the vehicle. As far as technically possible, this does not apply to legally required functions and services, such as emergency call systems.

The following personal data are processed to provide the services of the BMW Connected app:

  • Vehicle status data (annual mileage, battery voltage, door and flap status, etc.)
  • Position and movement data of the vehicle and the mobile device (time, position, speed, etc.)
  • Vehicle maintenance data (due date of next service, oil level, brakes, etc.)
  • Dynamic traffic information (traffic jams, obstacles, signs, parking lots, etc.)
  • Environmental information (temperature, rain, etc.)
  • User profile (configured news, e-mail and audio providers, etc.)
  • Sensor information (radar, ultrasound, gestures, language, etc.)

The data protection notice of the BMW Connected app can be found here. The position and movement data will only be used in accordance with the security precautions for location data.
If you object to this processing of your personal data, you can withdraw your consent within the BMW Connected app – as far as technically possible – or uninstall the BMW Connected app on your mobile device.

C. Ensuring product quality, research and development of new products (Article 13(1) of the FADP)

BMW uses the data obtained (including location data) through the provision of services by BMW, BMW Niederlassung or through BMW Dealers in a depersonalised manner for ensuring the quality of products and services as well as for research and development purposes. Depersonalised means that the data are no longer directly attributable to you or your vehicle.

This processing is based on the legitimate interest of BMW (Switzerland) to meet the high expectations of our customers regarding high-quality products and services and to meet the customers’ demand for newly developed, innovative solutions. Apart from depersonalisation, additional safeguards and controls are implemented to protect your interests as needed. These include strict data access restrictions, data usage restrictions, security measures, retention periods and principles of data economy such as the exclusive collection of relevant data.

D. Fulfilment of the sales, service and administration processes of BMW (Switzerland) (including BMW Niederlassung), the BMW Group and BMW Dealers (Article 13(1) of the FADP)

In order to continuously optimise the customer experience and the collaboration with the BMW Dealers and the customer service provided by BMW Niederlassung, we prepare evaluations and reports on the basis of contract information, which we share with the BMW Dealer in question. These evaluations primarily serve to initiate appropriate measures (e.g. training for sales and service personnel) to improve the application and sales processes. We prepare the reports described above in aggregate and anonymous form only, which means that the recipients of the reports will not be able to draw any conclusions about you as a person from the data provided.

Parts of the vehicle-specific data collected will also be processed, to the extent necessary, to fulfil the service processes (e.g. repair, warranty, goodwill) of BMW, BMW Niederlassung, BMW workshops and BMW Group companies (including their branches) in Switzerland, in the European Economic Area and other countries in accordance with the BMW warranty provisions. This processing represents the legitimate interest of BMW to offer our customers the best possible service process. From time to time, the data may also be processed in connection with legal requirements (e.g. repair and maintenance information due to competition law requirements). To protect the privacy of our customers, the technical data are processed generally in a vehicle-related manner and without any direct connection to the customer.

The following data categories are used for this purpose:

  • Vehicle master data (e.g. vehicle identification number, vehicle type, production date, vehicle equipment)
  • Vehicle status data (measured values such as mileage in kilometres)
  • Fault memory entries (e.g. malfunction of direction indicators)
  • Load collectives
  • Software versions
  • Service and workshop data (e.g. service requests, performed work, installed spare parts, warranty cases, workshop reports)

The technical vehicle data will be erased at the end of the vehicle’s life cycle.
BMW (Switzerland) is a company of the BMW Group. We process your data partly in order to render the administration of the various companies within the BMW Group as efficient and successful as possible. This applies, for example, to joint consolidated accounting in accordance with international accounting standards for companies (such as the International Financial Reporting Standards, IFRS).

E. Customer service (Article 13(1) and (2)(a) of the FADP)

BMW, BMW Niederlassung and BMW Dealers generally use your personal data for the execution of the contract (see above) (e.g. vehicle orders, workshop/repair orders, bookings of BMW ConnectedDrive services) or for handling a request you have made (e.g. request for a quote or a test drive, enquiries and complaints addressed to BMW Customer Service). For all aspects of the contract or addressing a concern you have expressed, we will contact you without separate consent, for example in writing, by telephone, via messenger services or by e-mail, depending on the contact details you provided.

We will also contact you if your vehicle is affected by what is known as a technical inspection or a recall. Since such technical inspections are measures of mostly great importance (e.g. preventing risks to passengers or damage to the vehicle), we will contact you directly or indirectly via our BMW Dealers or BMW Niederlassung using the contact details you provided in order to comply with our legally required obligation of disclosure and providing information.

We will also contact you in carefully considered cases for the purpose of advertising (e.g. postal delivery of the welcome package after a vehicle purchase or a letter alerting you to the end of the warranty period or an offer of a vehicle check), if and to the extent as the necessary data protection requirements are met and you, aware of your right to object, have not objected to the use of your data for the purpose of written communications.

BMW also processes your personal data on this basis in order to further optimise your experience with BMW Customer Service, for example for the purpose of identifying you when you contact us.

F. Advertising and market research based on consent (Article 13(1) of the FADP)

Where you have separately given your consent to the further use of your personal data, your personal data may be used according to the extent described in the consent, for example for advertising purposes (selected offers for products and services), and with your consent also with a high degree of personalisation based on an individual customer profile and/or market research, and, where appropriate, shared with certain BMW Group companies and selected BMW Dealers. Details on this are derived from the respective declaration of consent, which you may withdraw at any time.

Where you have given the appropriate consent to communications for advertising purposes,

BMW collects and processes contact information, such as name, address, e-mail, telephone number

Supplementary personal information and preferences, such as

  • The company name, your relationship with this company, if you use a business vehicle or are our contact person for this company
  • A possible time when you need a new vehicle and express your interest in vehicles and services or request information and test drives, etc.
  • Preferred or current BMW Dealer or BMW branch
  • Vehicle identification number and other attributes that are linked to this
  • Interests and hobbies
  • Status of your data protection consent and selected or preferred communication channel

Identification data, such as
Customer number, contract number

Customer history, such as

  • Vehicle purchase data including model, configurations, date of purchase, date of registration, registration number, order date, delivery date, owner, list price
  • Data collected from BMW Dealers and BMW Niederlassung (such as contact time and contact type, service history)
  • Campaign history and feedback (customer and potential customer care programmes and direct marketing measures)
  • Participation in events
  • History of enquiries and complaints with BMW Customer Service

Vehicle usage data, such as
Contract data for BMW ConnectedDrive, e.g. booking online entertainment

App/website/social media data
Insofar as you have registered or logged in, your account data, e.g. My BMW or BMW ConnectedDrive

BMW uses the sales and customer care information collected in this manner

  • to determine what information and offers are most likely to be of interest to you;
  • to contact you in connection with this information and offers; and
  • for advertising purposes (e.g. product launches or invitations to events) in accordance with your data protection consent.

In your data protection consent, you also determine the communication channels (e.g. by post, telephone, e-mail) through which we may contact you.

Furthermore, you decide here on your consent to the creation of an individual customer profile in order to receive personalised offers.

If applicable, the following information provided by you or generated by your use of products or services of BMW Group companies and BMW Dealers can be used for the profiling: contact information (e.g. name, address, e-mail), additional personal information/preferences (e.g. preferred dealer, hobbies), identification data (e.g. customer number, contract number), customer history (e.g. receiving offers, vehicle purchase data, dealer information), vehicle data (e.g. usage data of the BMW Connected app: mileage in kilometres, range), app/website/social media data (e.g. usage data from the online accounts My BMW or BMW ConnectedDrive).
Data are processed for advertising purposes in Switzerland or in the EU. No personal data will be transferred to a country outside the EU.

G. Fulfilment of legal obligations to which BMW is subject (Article 13(1) of the FADP)

BMW will also process personal data if there is a legal obligation to do so. This may be the case if we need to contact you because your vehicle is affected by a recall or a technical inspection.
Collected data are also processed for the purpose of ensuring the operation of IT systems. Ensuring in this context is understood to include the following activities:

  • The backup and recovery of data processed in IT systems
  • Logging and monitoring of transactions to check the correct functioning of IT systems
  • Detection and prevention of unauthorised access to personal data
  • Incident and problem management for troubleshooting IT systems

Collected data are also processed in the context of internal compliance management, in which we check, for example, whether you have been sufficiently advised with respect to a contract and whether the BMW Dealer has complied with all legal obligations.

BMW is subject to a variety of other legal obligations. In order to comply with these obligations, we process your data to the extent required and, if necessary, disclose these to the responsible authorities as part of legal reporting requirements.

If necessary, we process your data in the event of a legal dispute if the legal dispute requires the processing of your data.

H. Data transmission within the BMW Group

BMW (Switzerland) is part of the BMW Group. After careful review, we sometimes send your data to other Group companies, which process them further in their capacity as controllers. Such data transmission may occur, for example, under the following circumstances and for the following purposes:

Please note that this is not a complete or exhaustive list of the data transmission processes within the BMW Group, but merely lists examples that are intended to make data transmissions more transparent.

  • If you have previously given us your explicit consent to share your data with other Group companies for promotional or marketing purposes
  • To carry out the sales, service and administrative processes of the BMW Group; see section G
  • In the course of Group reporting, we may transmit data; for example in the case of leased vehicles, in order to assess residual values, we transmit billing-relevant information regarding the respective vehicle identification numbers

 

I. Data transmission to selected third parties

Data are forwarded to the following companies, for example, if and to the extent that the necessary data protection requirements are met:

  • To BMW Dealers (e.g. to respond to and meet your request for a test drive or a service and make concrete offers). Your requests will be prioritised and forwarded to the BMW Dealer of your choice, the BMW Dealer where you have purchased products or services or the dealer with whom you are in contact. If you do not have a known contact with a BMW Dealer, we will forward your request to a BMW Dealer in your region.
  • To BMW Dealers to update the data, such as your contact information. The data for the data update will be forwarded to all BMW Dealers who list your address in their directories.
  • To carefully selected and verified service providers and business partners with whom we work to provide you with products and services. We do this for BMW (Switzerland) only within the strict conditions of commissioned data processing or on the basis of your explicit consent (e.g. forwarding to the insurer of the BMW insurance policy, if you so desire).
  • On the sale of one or more business units of BMW (Switzerland) to a company to which we assign our rights, in compliance with any existing agreements with you.
  • To other third parties (e.g. public bodies), to the extent we are legally obligated to do so.

Our BMW CarData platform also gives you the option of instructing us if personal data collected by us as part of the provision of BMW ConnectedDrive services are to be disclosed to authorised third parties selected by you (e.g. your car insurance provider). This is done exclusively based on your consent, which you may withdraw at any time. Further information can be found here.

 

How do we protect your personal data?

We use a variety of security measures, including state-of-the-art encryption and authentication tools, to protect and maintain the security, integrity and availability of your data.

Full protection against unauthorised access cannot be guaranteed for data transmissions over the Internet or a website, but we and our service providers and business partners make every effort to safeguard your personal data in accordance with applicable data protection regulations through state-of-the-art physical, electronic and procedural security measures. Among other things, we use the following measures:

  • Strict criteria for the right to access your data according to the need-to-know principle (limited to as few people as possible) and only for the stated purpose
  • Transfer of collected data exclusively in encrypted form
  • Storage of confidential data, such as credit-card data, exclusively in encrypted form
  • Firewall protection of IT systems for protection against unauthorised access, e.g. by hackers
  • Permanent monitoring of access to IT systems to detect and prevent the misuse of personal data

If you have obtained a password from us or have created one yourself that gives you access to certain areas of our website or to other portals, apps or services that we operate, you are responsible for keeping this password secret and for following all other security procedures, about which we keep you informed. In particular, we ask that you do not share your password with anyone.

Security precautions for location data

Certain services can only be offered if you disclose your location or the location of your vehicle. We take the confidentiality of this location data very seriously.
Therefore, your location data (including data accessed as part of vehicle maintenance) will be protected with the following safeguards:

  • They will only be stored in a form traceable to you or your vehicle for as long as is necessary to fulfil the purpose to which you have consented.
  • Data collection and access in this form will only take place if this is necessary to provide the requested service.
  • Data collection and access to it in this form will also take place to the extent we are legally obligated to store and/or hand over the data. 
  • Data for locating the vehicle and data for locating a/your mobile device are only linked together if this is necessary to provide the requested service.
  • Any other use of location data for analysis purposes will be made on data sets that have been previously anonymised.

We, BMW Niederlassung and your BMW Dealer may have access to the data for locating the vehicle, and the BMW Group may have access to the data for locating the/your mobile device via the services it provides (e.g. BMW ConnectedDrive).

When purchasing a vehicle or when activating or configuring the BMW ConnectedDrive services or the BMW Connected app, you will receive a detailed description of the location data transmitted for the provision of location-specific services.

Via the BMW ConnectedDrive portal, the BMW Connected app or directly in the vehicle – where technically possible – you can decide whether such data may still be collected and processed by us, thereby preventing future data collection. Please note that we may not be able to provide our services under certain circumstances if you limit the collection of the location data.

How long do we keep your data?

In accordance with Article 4 of the FADP, we will only keep your data for as long as necessary for the respective purposes for which we process your data. If we process data for multiple purposes, they will be automatically erased or stored in a format that does not allow for direct conclusions about your person once the final specific purpose has been completed. To ensure that all your data are erased in accordance with the principle of data minimisation, BMW has put in place an internal erasure concept. The basic principles according to which this erasure concept provides for the erasure of your personal data are shown below.

Use for performance of a contract
In order to fulfil contractual obligations, data collected from you may be kept for as long as the contract is in force and, depending on the nature and scope of the contract, 6 or 10 years beyond the contract in order to comply with statutory retention obligations and clarify any enquiries or claims after the expiry of the contract.

In addition, there are contracts for the supply of products and services that require longer retention periods – see also below “Use for the verification of claims”.

Use for the verification of claims
Data that we believe may be necessary to verify and defend against claims or to prosecute you or any third party or to bring any claims may be retained by us for as long as any such proceedings may be pursued.

Use for customer service and marketing purposes
For customer service and marketing purposes, the data collected from you may be retained for a period of 3 to 10 years after collection, unless you wish to erase that data and there are no contractual or statutory retention requirements that conflict with this erasure request.

To whom do we grant international access to your data and how do we protect your data?

BMW is a global group. Personal data are preferably processed by employees of BMW (Switzerland), BMW Group companies, BMW Dealers and service providers commissioned by us within Switzerland or the EU.

Should data be processed in countries outside of Switzerland or the EU, BMW will ensure through contracts, including appropriate technical and organisational measures, that your personal data are processed in accordance with Swiss data protection standards.

For some countries, such as Canada and New Zealand, the Swiss Federal Data Protection and Information Commissioner (FDPIC) has already determined a comparable level of data protection. Due to the comparable level of data protection, data transmission to these countries does not require any special approval or agreement.

Contact us here if you want to know more about the specific safeguards for the transfer of your data to other countries.

BMW uses a number of service providers to assist in the provision of the listed services and uses, which are commissioned by BMW (Switzerland) or the BMW Group to process the data under the strict requirements of data protection law.

How can you view and change your data protection settings online?

You can change your settings for the use of your data in BMW online accounts yourself at any time via the corresponding options in your online account My BMW, in your BMW ConnectedDrive account or in the BMW Connected app.

You can access and, where possible, modify the following data:

  • Consent to advertising – here you can agree to your desired communication channels (contact by post, e-mail, etc.) and agree to the use of statistical methods to create an individual customer profile in order to receive tailor-made, personalised offers for products and services.
  • BMW CarData – here you can view and download or transfer your vehicle data.
  • BMW ConnectedDrive account – here you can view and change your detailed settings for BMW ConnectedDrive. Some settings for BMW ConnectedDrive can only be changed via the BMW Connected app or only in the vehicle; we ask you to use the corresponding options in the app or in the vehicle.

However, the settings for the use of your data by BMW Dealers cannot be changed in your online account (data protection portal). For such a change or questions about the use of your data, you must therefore contact the respective BMW Dealer directly.

Contacting us and your data protection rights

If you have any questions regarding the use of your personal data by us, it is best to first contact BMW Customer Service – either by e-mail to kundenbetreuung@bmw.ch or by calling 0844 250 250 (daily 8.00 a.m. to 8.00 p.m.).

BMW Customer Service can also forward your request to the responsible data protection officer.

As the data subject affected by the processing of your data, you may assert certain rights against us under the FADP and other relevant data protection regulations. The following section contains explanations about your rights under the FADP. Depending on the nature and scope of your request, we will ask you to address it to us in writing.

Data subject rights

According to the FADP, you are entitled to the following rights in particular as the data subject:

Right to information (Article 8 of the FADP): You may request information from us about your data that we keep at any time. Such information includes, among other things, the categories of data we process, the purposes for which we process them, the source of the data if we have not collected them directly from you, and, if applicable, the recipients to whom we have transmitted your data. You can obtain a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for further copies.

Right to rectification (Article 5(2) of the FADP): You may request that we correct your data. We will take reasonable steps to ensure that your data that we have about you and process continuously are accurate, complete and up to date, based on the most up-to-date information we have.

Right to erasure (Article 15(1) of the FADP): You may request that we erase your data, provided that the legal requirements for this are met. This may be the case, for example, if

  • the data are no longer required for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent, which is the basis of data processing, and there is no other legal basis for the processing; 
  • you object to the processing of your data and there are no overriding legitimate reasons for processing, or if you object to the processing of data for direct marketing purposes;
  • the data were processed unlawfully;

    unless processing is necessary
  • to ensure compliance with a legal obligation that requires us to process your data; 
  • in particular with regard to statutory retention periods;
  • to assert, exercise or defend against legal claims.

Right to object (Article 13(1) of the FADP): You may object to the processing of your data at any time for reasons that arise from your particular situation, insofar as the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for the processing that override your interests or if we need your data to assert, exercise or defend against legal claims.

Deadlines for complying with data subject rights

We endeavour to comply with all enquiries within 30 days. However, such period may be extended for reasons relating to the specific data subject right or due to the complexity of your request.

Restriction of information in the compliance of data subject rights (Article 9 of the FADP)

In certain situations, we may be unable to provide you with information about all of your data due to legal requirements. If we have to reject your request for information in such a case, we will inform you at the same time about the reasons for the refusal. 

Complaints

BMW (Switzerland) takes your concerns and rights very seriously. However, if you believe that we have not adequately complied with your requests or concerns, you have the right to lodge a complaint with the company data protection officer of BMW (Switzerland).