BMW (Switzerland) Ltd (hereinafter referred to as “BMW (Switzerland)” and/or “we”), Industriestrasse 20, 8157 Dielsdorf, Switzerland, is the data controller responsible for the processing of your personal data. BMW (Switzerland) is based in Dielsdorf, Switzerland.
Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, Germany, registered office and court of registration: Munich HRB 42243 (hereinafter referred to as the “BMW Group”), is responsible for the technical provision of some services. When providing services and customer support in the case of problems, data are transferred by BMW (Switzerland) to the BMW Group.
BMW (Switzerland) represents BMW in Switzerland. It coordinates the business activities for the sale of BMW cars, original BMW parts, accessories and related services in Switzerland through the BMW organisation.
BMW (Switzerland) can also involve other organisational divisions of BMW (Switzerland) in providing support for customers and potential customers in Switzerland. These are essentially the areas BMW ConnectedDrive and BMW Online Shops.
BMW (Switzerland) authorises BMW dealers and BMW workshops (hereinafter referred to as “BMW Dealers” if no further differentiation is required). It also provides support on technical and non-technical matters for customers, potential customers and contracting partners as well as other interest groups, operates the website bmw.ch, which allows for the creation of My BMW and/or BMW ConnectedDrive online accounts, and advertises the BMW brand in Switzerland.
Unless stated otherwise, BMW Dealers are legally and economically independent companies and not part of BMW. They have licensed the use of the BMW brand and are variously authorised to sell BMW cars, original BMW parts and accessories. They are further authorised for brand-related maintenance and repair services.
BMW (Switzerland) is the controller responsible for your data that are processed in the context of BMW and/or BMW direct marketing measures via the website experiencebmwgroup.ch, your online account My BMW, the BMW ConnectedDrive services, your contacts with BMW and/or BMW customer service (hereinafter collectively referred to as “BMW Customer Service”). BMW also processes your data transmitted by BMW Dealers if and to the extent the necessary data protection requirements are met.
BMW Dealers are responsible for processing those personal data that you yourself have provided to them in connection with your enquiries and customer service related to sales and service. BMW Dealers will also process your data transmitted by BMW (Switzerland) if and to the extent the necessary data protection requirements are met.
This Data Protection Notice also describes instances when your data may be processed by BMW Dealers. However, BMW Dealers may possibly collect further personal data and provide their own data protection notices. If applicable, see the data protection notices of the respective BMW Dealer to learn more about how your data are used in such a case. The contact details of BMW Customer Service and regarding data protection at BMW (Switzerland) can be found here.
The contact details of BMW AG regarding Group data protection can be found here.
BMW collects and processes your personal data in the following cases, among other things:
Please help us to keep your information up to date by communicating to us any changes to your personal data – especially your contact details.
The following categories of personal data may be collected through the numerous services and contact channels described in this Data Protection Notice:
These include, for example:
– Vehicle status information (e.g. speed, throttle delay, lateral acceleration, wheel speed, indication of whether seat belts have been applied)
– Environmental conditions (e.g. temperature, rain sensor, distance sensor)
As a rule, these data are temporary and are not stored beyond the operating time and are only processed in the vehicle itself. Several control units store data (including the vehicle key). These are used to document information, temporarily or permanently, about the vehicle’s condition, component stress, maintenance requirements as well as technical events and errors.
Depending on the technical equipment, the following data are stored:
– Operating conditions of system components (e.g. fill levels, tyre pressure, battery status)
– Faults and defects in key system components (e.g. lights, brakes)
– Reactions of the systems in special driving situations (e.g. triggering of an airbag, deployment of the stability control systems)
– Information on vehicle-damaging events
– In the case of electric vehicles, state of charge of the high-voltage battery, estimated range
In special cases (e.g. if the vehicle has detected a malfunction), it may be necessary to store data that normally would be temporary only.
If you make use of services (e.g. repair or maintenance services), the stored operating data can be read out if necessary and used together with the vehicle identification number. The data can be read out from the vehicle by employees of the BMW Dealer or third parties (e.g. breakdown services). The same applies to warranty cases and quality assurance measures.
The data are generally read out via the legally required connection for on-board diagnosis (OBD) in the vehicle. The operating data thus read out document technical conditions of the vehicle or individual components, help with fault diagnoses, compliance with warranty obligations, and quality improvement. These data, in particular information about component stress, technical events, operating errors and other faults, will be sent to BMW together with the vehicle identification number. BMW is also subject to product liability. This represents a further use by BMW of vehicle operating data, such as for recall campaigns. These data can also be used to verify claims of the customer for warranty and repairs.
Fault memory in the vehicle can be reset by a service company as part of repair or service work or at your request.
Convenience and infotainment functions
You can save convenience settings and customisations in the vehicle and change or reset them at any time.
Depending on the respective equipment, this includes, for example:
– Seat and steering-wheel positions
– Chassis and climate-control settings
– Customisations such as interior lighting
In connection with the equipment selected, you can add your own data to the infotainment functions of the vehicle. Depending on the respective equipment, this includes, for example:
– Multimedia data, such as music, films or photos for playback in an integrated multimedia system
– Address book data for use in conjunction with a built-in hands-free system or integrated navigation system
– Navigation destinations
– Data on the use of Internet services
These data for convenience and infotainment functions can be stored locally in the vehicle, or they can be stored on a device that you have connected to the vehicle (e.g. smartphone, USB stick or MP3 player). You can erase any data you input yourself at any time.
These data will be transmitted from the vehicle only at your request, especially in the context of online services, according to the settings you have selected.
Smartphone integration, e.g. Apple CarPlay
If your vehicle is properly equipped, you can connect your smartphone or other mobile device to the vehicle so that you can control it via the on-board controls. This means that the picture and sound of the smartphone can be output via the multimedia system. At the same time, certain information is transmitted to your smartphone. Depending on the type of integration, this includes, for example, position data, day/night mode and other general vehicle information. Please refer to the user manual of the vehicle/infotainment system.
The integration allows for the use of selected apps on the smartphone, such as navigation or music playback. There is no further interaction between the smartphone and the vehicle, in particular no active access to vehicle data. The type of further data processing is determined by the provider of the app used. Whether and which settings you can configure depends on the app and the operating system of your smartphone.
If your vehicle has a mobile network connection, data can be exchanged between your vehicle and other systems. The mobile network connection is made possible by an on-board transceiver or via a mobile device (e.g. smartphone) that you provide. Online functions can be used via this mobile network connection. These include online services and applications/apps provided to you by the manufacturer or other providers.
BMW Online services
The respective functions are described by BMW in an appropriate place (e.g. in the user manual, the BMW Driver’s Guide app, on BMW websites) together with relevant data protection information. Personal data may be used in the provision of online services. The data are exchanged via a protected connection, for example by means of the IT systems provided by BMW. Any collection, processing and use of personal data beyond the provision of services are exclusively subject to statutory permission, for example in connection with a legally required emergency call system, a contract or on the basis of consent given.
You can enable or disable the services and features (some of which are available against a fee), and, in some cases, the entire mobile network connectivity of the vehicle. As far as technically possible, this does not apply to legally required functions and services, such as emergency call systems.
If you choose to use online services of other providers (third parties), these services are the responsibility of and subject to the privacy conditions and terms and conditions of use of the respective provider. BMW has no control over the contents exchanged in the process.
Please obtain information from the respective service provider about the nature, extent and purpose of the collection and use of personal data in the context of third-party services.
The data collected in connection with the conclusion of the contract or the provision of the services will be processed for the following purposes. An explanation of the scope of the available legal bases is available here.
A. Fulfilment of the contractual obligation in the context of sales, maintenance and repair of vehicles (Article 13(2)(a) of the Swiss Federal Act on Data Protection, FADP – Bundesgesetz über den Datenschutz, DSG)
BMW and BMW Dealers collect, process and use personal data as part of the sales processes or during maintenance or repair services at the dealership.
As part of the sales processes, personal data are used by BMW Dealers in order to execute the contract of sale, conduct test drives and provide information related to your vehicle purchase.
In the context of these activities, the following categories of data are processed:
BMW and BMW Dealers generally use your personal data for the execution of the contract (e.g. vehicle orders, workshop/repair orders, bookings of BMW ConnectedDrive services) or for handling a request you have made (e.g. a request for a quote or a test drive). For all aspects of the contract or addressing a concern you have expressed, we will contact you without separate consent, for example in writing, by telephone, via messenger services or by e-mail, depending on the contact details you provided.
Where maintenance and repair processes or services at BMW workshops are concerned, technical vehicle data relevant to the vehicle service are read out from the installed electronic control units by way of special diagnostic devices. These data are processed and used in the workshop by trained technicians to diagnose and correct any malfunctions. The technical vehicle data consist mainly of the following information:
The above information may be accessed by BMW to assist with technical or other challenges to performance by the BMW Dealers.
In addition, the aforementioned persons responsible may receive data on the location of the vehicle to a limited extent, insofar as this is necessary for the purpose of fulfilling the contract (e.g. as part of the BMW Mobile Service breakdown service). The data will only be used in accordance with the security precautions for location data.
B. Compliance with the contractual obligation to provide digital vehicle-related services (Article 13(2)(a) of the FADP)
For the purpose of fulfilling the ConnectedDrive contract between you and BMW, BMW will provide various services, such as Intelligent Emergency Call, Concierge Service, Real Time Traffic Information (RTTI), Teleservices, etc. For the provision of these services, BMW, the BMW Group and commissioned service providers will process the following, possibly personal, information from the vehicle:
The data protection notices of BMW ConnectedDrive can be found here; a complete list and detailed description of the services and the data used can be found here.
The processed personal data will be automatically erased after four weeks, unless they are required for a longer period of time for the provision of a special service.
You can enable or disable the services and features (some of which are available against a fee), and, in some cases, the entire mobile network connectivity of the vehicle. As far as technically possible, this does not apply to legally required functions and services, such as emergency call systems.
The following personal data are processed to provide the services of the BMW Connected app:
The data protection notice of the BMW Connected app can be found here. The position and movement data will only be used in accordance with the security precautions for location data.
If you object to this processing of your personal data, you can withdraw your consent within the BMW Connected app – as far as technically possible – or uninstall the BMW Connected app on your mobile device.
C. Ensuring product quality, research and development of new products (Article 13(1) of the FADP)
BMW uses the data obtained (including location data) through the provision of services by BMW or through BMW Dealers in a depersonalised manner for ensuring the quality of products and services as well as for research and development purposes. Depersonalised means that the data are no longer directly attributable to you or your vehicle.
This processing is based on the legitimate interest of BMW (Switzerland) to meet the high expectations of our customers regarding high-quality products and services and to meet the customers’ demand for newly developed, innovative solutions. Apart from depersonalisation, additional safeguards and controls are implemented to protect your interests as needed. These include strict data access restrictions, data usage restrictions, security measures, retention periods and principles of data economy such as the exclusive collection of relevant data.
D. Fulfilment of the sales, service and administration processes of BMW (Switzerland), the BMW Group and BMW Dealers (Article 13(1) of the FADP)
In order to continuously optimise the customer experience and the collaboration with the BMW Dealers, we prepare evaluations and reports on the basis of contract information, which we share with the BMW Dealer in question. These evaluations primarily serve to initiate appropriate measures (e.g. training for sales and service personnel) to improve the application and sales processes. We prepare the reports described above in aggregate and anonymous form only, which means that the recipients of the reports will not be able to draw any conclusions about you as a person from the data provided.
Parts of the vehicle-specific data collected will also be processed, to the extent necessary, to fulfil the service processes (e.g. repair, warranty, goodwill) of BMW, BMW workshops and BMW Group companies in Switzerland, in the European Economic Area and other countries in accordance with the BMW warranty provisions. This processing represents the legitimate interest of BMW to offer our customers the best possible service process. From time to time, the data may also be processed in connection with legal requirements (e.g. repair and maintenance information due to competition law requirements). To protect the privacy of our customers, the technical data are processed generally in a vehicle-related manner and without any direct connection to the customer.
The following data categories are used for this purpose:
The technical vehicle data will be erased at the end of the vehicle’s life cycle.
BMW (Switzerland) is a company of the BMW Group. We process your data partly in order to render the administration of the various companies within the BMW Group as efficient and successful as possible. This applies, for example, to joint consolidated accounting in accordance with international accounting standards for companies (such as the International Financial Reporting Standards, IFRS).
E. Customer service (Article 13(1) and (2)(a) of the FADP)
BMW and BMW Dealers generally use your personal data for the execution of the contract (see above) (e.g. vehicle orders, workshop/repair orders, bookings of BMW ConnectedDrive services) or for handling a request you have made (e.g. request for a quote or a test drive, enquiries and complaints addressed to BMW Customer Service). For all aspects of the contract or addressing a concern you have expressed, we will contact you without separate consent, for example in writing, by telephone, via messenger services or by e-mail, depending on the contact details you provided.
We will also contact you if your vehicle is affected by what is known as a technical inspection or a recall. Since such technical inspections are measures of mostly great importance (e.g. preventing risks to passengers or damage to the vehicle), we will contact you directly or indirectly via our BMW Dealers using the contact details you provided in order to comply with our legally required obligation of disclosure and providing information.
We will also contact you in carefully considered cases for the purpose of advertising (e.g. postal delivery of the welcome package after a vehicle purchase or a letter alerting you to the end of the warranty period or an offer of a vehicle check), if and to the extent as the necessary data protection requirements are met and you, aware of your right to object, have not objected to the use of your data for the purpose of written communications.
BMW also processes your personal data on this basis in order to further optimise your experience with BMW Customer Service, for example for the purpose of identifying you when you contact us.
F. Advertising and market research based on consent (Article 13(1) of the FADP)
Where you have separately given your consent to the further use of your personal data, your personal data may be used according to the extent described in the consent, for example for advertising purposes (selected offers for products and services), and with your consent also with a high degree of personalisation based on an individual customer profile and/or market research, and, where appropriate, shared with certain BMW Group companies and selected BMW Dealers. Details on this are derived from the respective declaration of consent, which you may withdraw at any time.
Where you have given the appropriate consent to communications for advertising purposes,
BMW collects and processes contact information, such as name, address, e-mail, telephone number
Supplementary personal information and preferences, such as
Identification data, such as
Customer number, contract number
Customer history, such as
Vehicle usage data, such as
Contract data for BMW ConnectedDrive, e.g. booking online entertainment
App/website/social media data
Insofar as you have registered or logged in, your account data, e.g. My BMW or BMW ConnectedDrive
BMW uses the sales and customer care information collected in this manner
In your data protection consent, you also determine the communication channels (e.g. by post, telephone, e-mail) through which we may contact you.
Furthermore, you decide here on your consent to the creation of an individual customer profile in order to receive personalised offers.
If applicable, the following information provided by you or generated by your use of products or services of BMW Group companies and BMW Dealers can be used for the profiling: contact information (e.g. name, address, e-mail), additional personal information/preferences (e.g. preferred dealer, hobbies), identification data (e.g. customer number, contract number), customer history (e.g. receiving offers, vehicle purchase data, dealer information), vehicle data (e.g. usage data of the BMW Connected app: mileage in kilometres, range), app/website/social media data (e.g. usage data from the online accounts My BMW or BMW ConnectedDrive).
Data are processed for advertising purposes in Switzerland or in the EU. No personal data will be transferred to a country outside the EU.
G. Fulfilment of legal obligations to which BMW is subject (Article 13(1) of the FADP)
BMW will also process personal data if there is a legal obligation to do so. This may be the case if we need to contact you because your vehicle is affected by a recall or a technical inspection.
Collected data are also processed for the purpose of ensuring the operation of IT systems. Ensuring in this context is understood to include the following activities:
Collected data are also processed in the context of internal compliance management, in which we check, for example, whether you have been sufficiently advised with respect to a contract and whether the BMW Dealer has complied with all legal obligations.
BMW is subject to a variety of other legal obligations. In order to comply with these obligations, we process your data to the extent required and, if necessary, disclose these to the responsible authorities as part of legal reporting requirements.
If necessary, we process your data in the event of a legal dispute if the legal dispute requires the processing of your data.
H. Data transmission within the BMW Group
BMW (Switzerland) is part of the BMW Group. After careful review, we sometimes send your data to other Group companies, which process them further in their capacity as controllers. Such data transmission may occur, for example, under the following circumstances and for the following purposes:
Please note that this is not a complete or exhaustive list of the data transmission processes within the BMW Group, but merely lists examples that are intended to make data transmissions more transparent.
I. Data transmission to selected third parties
Data are forwarded to the following companies, for example, if and to the extent that the necessary data protection requirements are met:
Our BMW CarData platform also gives you the option of instructing us if personal data collected by us as part of the provision of BMW ConnectedDrive services are to be disclosed to authorised third parties selected by you (e.g. your car insurance provider). This is done exclusively based on your consent, which you may withdraw at any time. Further information can be found here.
We use a variety of security measures, including state-of-the-art encryption and authentication tools, to protect and maintain the security, integrity and availability of your data.
Full protection against unauthorised access cannot be guaranteed for data transmissions over the Internet or a website, but we and our service providers and business partners make every effort to safeguard your personal data in accordance with applicable data protection regulations through state-of-the-art physical, electronic and procedural security measures. Among other things, we use the following measures:
If you have obtained a password from us or have created one yourself that gives you access to certain areas of our website or to other portals, apps or services that we operate, you are responsible for keeping this password secret and for following all other security procedures, about which we keep you informed. In particular, we ask that you do not share your password with anyone.
Security precautions for location data
Certain services can only be offered if you disclose your location or the location of your vehicle. We take the confidentiality of this location data very seriously.
Therefore, your location data (including data accessed as part of vehicle maintenance) will be protected with the following safeguards:
We and your BMW Dealer may have access to the data for locating the vehicle, and the BMW Group may have access to the data for locating the/your mobile device via the services it provides (e.g. BMW ConnectedDrive).
When purchasing a vehicle or when activating or configuring the BMW ConnectedDrive services or the BMW Connected app, you will receive a detailed description of the location data transmitted for the provision of location-specific services.
Via the BMW ConnectedDrive portal, the BMW Connected app or directly in the vehicle – where technically possible – you can decide whether such data may still be collected and processed by us, thereby preventing future data collection. Please note that we may not be able to provide our services under certain circumstances if you limit the collection of the location data.
In accordance with Article 4 of the FADP, we will only keep your data for as long as necessary for the respective purposes for which we process your data. If we process data for multiple purposes, they will be automatically erased or stored in a format that does not allow for direct conclusions about your person once the final specific purpose has been completed. To ensure that all your data are erased in accordance with the principle of data minimisation, BMW has put in place an internal erasure concept. The basic principles according to which this erasure concept provides for the erasure of your personal data are shown below.
Use for performance of a contract
In order to fulfil contractual obligations, data collected from you may be kept for as long as the contract is in force and, depending on the nature and scope of the contract, 6 or 10 years beyond the contract in order to comply with statutory retention obligations and clarify any enquiries or claims after the expiry of the contract.
In addition, there are contracts for the supply of products and services that require longer retention periods – see also below “Use for the verification of claims”.
Use for the verification of claims
Data that we believe may be necessary to verify and defend against claims or to prosecute you or any third party or to bring any claims may be retained by us for as long as any such proceedings may be pursued.
Use for customer service and marketing purposes
For customer service and marketing purposes, the data collected from you may be retained for a period of 3 to 10 years after collection, unless you wish to erase that data and there are no contractual or statutory retention requirements that conflict with this erasure request.
BMW is a global group. Personal data are preferably processed by employees of BMW (Switzerland), BMW Group companies, BMW Dealers and service providers commissioned by us within Switzerland or the EU.
Should data be processed in countries outside of Switzerland or the EU, BMW will ensure through contracts, including appropriate technical and organisational measures, that your personal data are processed in accordance with Swiss data protection standards.
For some countries, such as Canada and New Zealand, the Swiss Federal Data Protection and Information Commissioner (FDPIC) has already determined a comparable level of data protection. Due to the comparable level of data protection, data transmission to these countries does not require any special approval or agreement.
Contact us here if you want to know more about the specific safeguards for the transfer of your data to other countries.
BMW uses a number of service providers to assist in the provision of the listed services and uses, which are commissioned by BMW (Switzerland) or the BMW Group to process the data under the strict requirements of data protection law.
You can change your settings for the use of your data in BMW online accounts yourself at any time via the corresponding options in your online account My BMW, in your BMW ConnectedDrive account or in the BMW Connected app.
You can access and, where possible, modify the following data:
However, the settings for the use of your data by BMW Dealers cannot be changed in your online account (data protection portal). For such a change or questions about the use of your data, you must therefore contact the respective BMW Dealer directly.
If you have any questions regarding the use of your personal data by us, it is best to first contact BMW Customer Service – either by e-mail to firstname.lastname@example.org or by calling 0844 250 250 (daily 8.00 a.m. to 8.00 p.m.).
BMW Customer Service can also forward your request to the responsible data protection officer.
As the data subject affected by the processing of your data, you may assert certain rights against us under the FADP and other relevant data protection regulations. The following section contains explanations about your rights under the FADP. Depending on the nature and scope of your request, we will ask you to address it to us in writing.
Data subject rights
According to the FADP, you are entitled to the following rights in particular as the data subject:
Right to information (Article 8 of the FADP): You may request information from us about your data that we keep at any time. Such information includes, among other things, the categories of data we process, the purposes for which we process them, the source of the data if we have not collected them directly from you, and, if applicable, the recipients to whom we have transmitted your data. You can obtain a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for further copies.
Right to rectification (Article 5(2) of the FADP): You may request that we correct your data. We will take reasonable steps to ensure that your data that we have about you and process continuously are accurate, complete and up to date, based on the most up-to-date information we have.
Right to erasure (Article 15(1) of the FADP): You may request that we erase your data, provided that the legal requirements for this are met. This may be the case, for example, if
Right to object (Article 13(1) of the FADP): You may object to the processing of your data at any time for reasons that arise from your particular situation, insofar as the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for the processing that override your interests or if we need your data to assert, exercise or defend against legal claims.
Deadlines for complying with data subject rights
We endeavour to comply with all enquiries within 30 days. However, such period may be extended for reasons relating to the specific data subject right or due to the complexity of your request.
Restriction of information in the compliance of data subject rights (Article 9 of the FADP)
In certain situations, we may be unable to provide you with information about all of your data due to legal requirements. If we have to reject your request for information in such a case, we will inform you at the same time about the reasons for the refusal.
BMW (Switzerland) takes your concerns and rights very seriously. However, if you believe that we have not adequately complied with your requests or concerns, you have the right to lodge a complaint with the company data protection officer of BMW (Switzerland).