Legal notices on data protection
MINI App Privacy Statement

The high standard that you associate with the features of our products and services is the guideline BMW uses in handling your data. In doing so, BMW seeks to create and maintain an environment conducive to a trustworthy business relationship with its customers and interested parties. The confidentiality and integrity of your personal data is especially important to BMW. BMW processes personal data especially in accordance with the EU General Data Protection Regulation (“GDPR”) and the German Telecommunications-Digital-Services-Data-Protection Act (“TDDDSG”) as well as applicable local data privacy laws.

Last updated: 12/2024


Who is responsible for data processing? 
Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, Germany, headquarters and court of registration: Munich HRB 42243 (hereinafter “BMW”), provides the customer with car-related information, auxiliary services, and the temporary or permanent activation of additional functions under the name “BMW ConnectedDrive” and “MINI Connected” (collectively hereinafter “Services”) and is responsible for data processing in the respective context.

The Services include i.a. the My BMW App for iOS, the My BMW App for Android, the MINI App for iOS, the MINI App for Android, BMW ConnectedDrive, and MINI Connected applications running in a respective car, and integrations with third party services such as Apple services, Amazon Alexa and Google Assistant.

The following privacy statement applies to the My BMW App for iOS, the My BMW App for Android, the MINI App for iOS and the MINI App for Android and the respective features and functions (hereinafter “App”).

Data Protection Officer
BMW AG
Petuelring 130
80788 Munich
Germany
datenschutz@bmw.de

What data does BMW process about you and for what purpose?
BMW has designed the App (including any features and functions) to be a highly personalized mobility companion. BMW processes your personal data in compliance with applicable law in order to provide the App to you and to provide any personalized features and functions of the App to you. BMW may collect your personal data directly or indirectly from you or other sources.

If you fail to provide your Personal Data when requested, we may not be able to provide our products and services to you. Additionally, this may affect the compliance with any laws that we or you are obligated to comply with.

BMW processes the respective personal data for the following purposes:

A. Conclusion and Fulfillment of the App Usage Contract (Article 6 (1) (b), (f) GDPR, Section 25 (2) no. 2 TDDDSG as well as applicable local data privacy laws)
BMW processes the following data categories, in order to enable the use of the App:
• Account data (BMW Group Login).
• Contact data (last name, first name, address, email address, etc.).

BMW can access and/or store data within your App on your device to the extent necessary to enable the use of the App. BMW may also process personal data based on legitimate interests for the operation of the App, such as IT security measures.

B. Using our services / BMW Group Login (Article 6 (1) (b) GDPR, Section 25 (2) no. 2 TDDDSG as well as applicable local data privacy laws)
The use of certain services may require a registration via the App or the My BMW / MINI Portal. When you register, you will receive an online customer account that gives you access to other BMW Group portals and offers. In order to provide you the BMW Group Login service, your data is passed on to the respective BMW Group company that acts as a provider of applications you use. BMW processes the data with regard to your customer account. Such data is separated from any other (even potentially identical) data about your person that may be available to other companies of the BMW Group.

C. To provide personalized Features of the respective App (Article 6 (1) (a), (b), (f) GDPR, Section 25, (1), (2) no. 2 TDDDSG as well as applicable local data privacy laws)
BMW processes the following data in order to provide personalized features and functions of the App to a user:

Service data, e.g.:
• User profile (preferences, language, App ID, top driver number, secondary user, profile picture etc.).
• User feedback (service rating, comment, problem description, etc.).
• User engagement (user interactions with regard to an App feature such as a community feature, including but not limited to user created content, user comments, any other type of user interactions etc.).
• Position and movement data (time, position, speed, etc.).
• Destination (position, start/end trip, time in car, charging station, street address, destination name, calendar, contacts etc.).
• Messages (message, recipient contact information, etc.).
• Car profile (car identification number (VIN), license plate, etc.).
• BMW/MINI retailer or service center (preference, etc.).
• Image (3D image around the car, interior camera).
• Anonymized application analytics (click events, App launch events, etc.).

Car data, e.g.:
• Car ID (links your specific car to your App, if such linking is possible).
• Car maintenance data (next service, oil level, brake wear, etc.).
• Car status data (mileage, battery voltage, fuel levels, door and window status, etc.).
• Car data (remote event, date/time, etc.).

BMW may process such data in order to provide you with personalized content and/or offers via App.

Consent
When you launch the App for the first time, you will be prompted for your consent for a few specific data types and for specific purposes, which we cannot rely on other legal bases, before the service begins collecting the data. If you decline, the features which require that data will be disabled. You can provide your consent in the future, if you choose to do so. We will seek your consent from time to time if we are required under the applicable data protection law.

Specific consent may be requested for:
• Position (geolocation).
• Receiving notifications.
• Access to your camera and/or photos.
• Marketing.
• Profiling.

Third Party Data Transfers
The App includes features that utilize selected third parties in order to provide a specific function or feature. In most cases, BMW provides such data in anonymized form such as the request to the map provider to retrieve the map image for your location. In other cases, BMW may transfer your personal data to a third-party service provider in order to enable a specific function or feature, such as when you schedule a service appointment for your car. 
In general, BMW will ask for your consent before sending the respective data to a third party, unless there is another legal basis for such data transfer such as the performance of a contract to which you are party to or in order to take steps at your request prior to entering into a contract.
Data Deletion
You can delete your data at any time in the App. 

There are several ways to delete your data:

• For some data types, you can delete the individual data elements (e.g., a single destination).
• You can delete all application data by clicking the “clear all application data” in the privacy menu in the App. This deletes all the data generated and collected by the App. However, your BMW login, car data and other non-application data will not be deleted.
• You can de-map your car from the App either directly via the App or the My BMW / MINI Portal.
• To exercise your right to be forgotten contact your local customer support center.

Privacy Choices and Deleting the App
You can limit the processing of specific data types:

• You can turn off location, calendar access, contacts access, camera access, photos access and notification in the settings menu via the App.

In all other cases, you may delete the App application data and/or the App:

• Delete your App application data using the “Clear all application data” button in the privacy menu.
• Delete the App from your device.

You may delete your user account at any time as well. Please note that some services, features and/or functions might not be available to you anymore.

D. Assurance of Product Quality and Development of new Products (Article 6 (1) (f) GDPR as well as applicable local data privacy laws)
Beyond the mere provision of services, BMW also processes collected data for the purposes of quality assurance and for the development of new products and services by BMW. These processing activities serve the legitimate interests of BMW in our effort to bring you the highest quality products and services as well as new and innovative offerings.

In order to protect your privacy, the data used to improve our products and create new services is stored in a form that it is not directly traceable to you or your car. BMW is constantly monitoring the proper functioning of the App and its features and functions.  BMW may also process your personal data based on legitimate interests to secure product quality, improve its services and to take IT security measures.

E. Fulfillment of the Sales, Service and Administrative Processes of BMW, the national sales company and authorized dealers (Article 6 (1) (f) GDPR as well as applicable local data privacy laws)
Based on the legitimate interest to optimize the customer experience and collaboration with BMW/MINI distributors continuously, we create evaluations and reports based on information from agreements. We share these evaluations and reports with the applicable BMW Partners. These evaluations and reports are predominantly used for introducing appropriate measures (e.g. training courses for sales personnel) to improve the request and sales process. We will create the aforementioned reports only in an aggregated and anonymized form. This means that the recipients of such reports will not be able to draw any conclusions about you personally.

BMW may process your data in order to make the administration of the various companies within BMW Group as efficient and successful as possible. One example is our common group accounting in accordance with international accounting regulations for companies (such as the International Financial Reporting Standards (“IFRS”)). Other than that, BMW may process personal data based on legitimate interests in order to anonymize such data and/or to share such data with other companies of the BMW Group and BMW Partners.

F. Marketing Communications

Marketing Communications and Market Research due to Consent (Article 6 (1) (a) GDPR as well as applicable local data privacy laws)
If you have given your consent to any further use of your personal data, your personal data may be used and, if necessary, passed on to third parties in accordance with the scope outlined in the consent form, such as promotional purposes (e.g., for selected products and services of BMW Group and promotional partners) and/or market research. BMW provides relevant details via the respective consent form. 

If you have separately agreed to promotional communication by email, you will also receive promotional communication in the Message Centre of the app as part of your use of the app.

You can change your settings for promotional communication at any time via the settings in the app, your MINI account or via Customer Care, or you can revoke your consent completely.

Email Marketing for similar goods and/or services (Section 7 (3) German Act against Unfair Competition, Article 6 (1) (f) GDPR as well as applicable local data privacy laws)
BMW processes your personal data in order to send you marketing emails regarding similar goods and/or services by BMW if you have concluded an agreement with us and you have not objected to the corresponding use of your personal data. You may object to such processing at any time without incurring any costs other than the transmission costs according to the prime rates. 

G. Fulfillment of Legal Obligations of BMW (Article 6 (1) (c), (f) GDPR as well as applicable local data privacy laws)
BMW will also process personal data if it is necessary for compliance with a legal obligation or we have legitimate interest in processing personal data for the purpose of fulfilling legal requirements. This could be the case if we needed to contact you because your vehicle is subject to a recall or a Technical Campaign, for the purpose of money laundering checks when establishing a business relationship with you or to check relevant sanction lists or export control specifications that BMW Group must observe.

BMW is subject to numerous additional legal obligations. In order to comply with these obligations, we process your data to the necessary extent and may potentially pass this data on to the responsible authorities upon their legitimate request or as part of legal reporting obligations. We may also process your data in the event of a legal dispute, providing the legal dispute requires the processing of your data.

H. Safeguarding and Internal Compliance Management (Article 6 (1) (f) GDPR as well as applicable local data privacy laws)
Collected data is also processed as part of safeguarding the operation of IT systems. Safeguarding in this context includes, but is not limited to, the following actions:
• Backup and restore of data processed in IT systems,
• Logging and monitoring transactions to check the specific functionality of IT systems,
• Detecting and protecting against unauthorized access to personal data to guarantee the integrity and security of IT systems,
• Incident and problem management for resolving faults in IT systems.

Collected data is also processed as part of internal compliance management at BMW Group, wherein we review aspects such as whether you have received adequate advice as part of concluding an agreement and whether the BMW Partner has complied with all legal requirements. We also have a legitimate interest in processing personal data to protect BMW Group's selective sales system, for example by identifying unauthorized resellers.
Within the framework of legal obligations, certain consumption data (known as OBFCM data, such as fuel consumption and mileage) may be collected from your vehicle during workshop visits and directly transmitted to the EU Commission by the manufacturer (BMW AG). You can refuse to the collection and transmission of data for this purpose at authorized BMW workshops and BMW dealers.

I. Storing of Information and/or Access of Information already stored in your Device (Section 25 (1), (2) no. 2 TDDDSG as well as applicable local data privacy laws)
In some instances, accessing and/or storing of data in your device is necessary in order to provide you with the respective Services, such as functions and/or features of your App).  Other than that, BMW will ask for your consent in order to access and/or store data in your device. We subsequently process personal data based on the GDPR in accordance with the purposes described above.

How do we collect your personal data?
BMW collects your personal information in the following conditions:

• The App is actively running, either in the foreground or in background, on your mobile device.
• You actively use features of the App.
• If you access the App via an integrated device, the App will collect anonymized usage analytics.
• When you use the App for BMW ConnectedDrive / MINI Connected services such as executing a remote command (e.g., locking your doors) or viewing your car status the data is generated by your car. All BMW ConnectedDrive / MINI Connected data is collected and processed under your BMW ConnectedDrive / MINI Connected contract and is detailed under the BMW ConnectedDrive / MINI Connected legal notices on data protection included separately in the App.

How long do we store your data?
BMW stores your personal data only for as long as required for the respective specific purpose. BMW deletes your personal data when no further storing is necessary with regard to the respective data processing purpose and BMW does not need to comply with a statutory provision regarding the retention of certain personal data. If BMW cannot delete your personal data, BMW will restrict further processing of such personal data. 

If BMW processes data for several purposes, BMW deletes such data automatically or saves such data in a form that cannot be traced directly back to you once the last specified purpose has been met. 

How is your data stored?
BMW stores your data in accordance with state of the art of technology. The following security measures serve as an example of the measures applied to protect your personal data from misuse or other unjustified processing:

• The availability of access to personal data is restricted to just a limited number of authorized persons for the specified purposes.
• Collected data is transferred only in encrypted form.
• Sensitive data is also saved only in encrypted form.
• The IT systems for processing the data are compartmentalized from other systems, e.g., to prevent hacking.
• In addition, access to these IT systems is monitored continuously in order to ward off and detect misuse early.

To whom is the data passed and how do we protect it along the way?
BMW is a global company. Personal data is processed preferably in the EU / EEA by BMW employees, national sales companies, authorized dealers and by commissioned service providers.

If BMW processes data in countries outside the EU / EEA, BMW uses in general EU standard contractual clauses, including suitable technical and organizational measures, to ensure that your personal data is processed in accordance with the European level of data protection. If you want to access the actual protections for data transfer to other countries, please contact BMW using the communications channels specified below.

The EU has already issued adequacy decisions regarding the comparable data protection level for some countries outside the EU / EEA, e.g., Israel and Switzerland. Due to the comparable data protection level, data transfer to such countries does not require any special approval or agreement.

How can you view and modify your data privacy settings?
You can change your settings for the use of your personal data in BMW online accounts at any time using the corresponding options in the App or via the My BMW / MINI Portal. 

You can review and change your privacy settings at any time in the App via the settings menu. Depending on the car model, you can also access a privacy menu in your car in which you can also change the car related settings. You can access data in the following manner and, if possible, change it:

• Consent in advertising communication - here you can (if available) choose your desired communication channels (postal service, email etc.) and agree to the use of statistical procedures to create an individual customer profile in order to offer you personalized offers for products and services.
• BMW ConnectedDrive / MINI Connected account - here you can view and change your detailed settings for BMW ConnectedDrive / MINI Connected. Some settings can only be changed via the App or only in the car. BMW kindly asks you to use the corresponding options in the App or in the car.

In case data is transferred to BMW Partners and you would like to request a change or deletion of such data, kindly contact the respective BMW Partner directly. For further information regarding any data transfer to a BMW Partner, please see the descriptions of the relevant services.

Your rights as a data subject and your right to lodge complaints with a supervisory authority.
In the event of questions regarding BMWs use of your personal data, please contact BMW customer support, either by email at kundenbetreuung@bmw.de or by phone at +49 89 1250-16000 (daily 08:00 AM – 8:00 PM, German time). In addition, you can contact the responsible data protection officer at datenschutz@bmw.de or by mail at the address stated above.

As data subjects to the processing of your data, you can assert certain rights in accordance with the GDPR and in accordance with other applicable data protection provisions. The following section contains explanations regarding your rights as a data subject in accordance with the GDPR.

Right of access by the data subject (Article 15 GDPR as well as applicable local data privacy laws): 
At any time, you can request information about the data that BMW processes about you. This information includes the data categories processed by BMW, the purposes for which data is processed, the source of the data if BMW did not collect it from you directly and, where applicable, the recipients to which BMW has transferred your data. You can obtain a free copy of your data from BMW. If you are interested in additional copies, BMW reserves the right to charge you for any additional copies.

At any time, you can access the data stored at BMW in accordance with your BMW ConnectedDrive / MINI Connected contract and your mapped car via the My BMW / MINI Portal. There you can also exert your right to data portability.

Right to rectification (Article 16 GDPR as well as applicable local data privacy laws): 
You can request that BMW rectifies your data. We will take appropriate measures to maintain, based on the latest information available to us, the correctness, completeness, and timeliness of the data BMW has and continue to process regarding you.

Right to erasure (Article 17 GDPR as well as applicable local data privacy laws): 
You can request that BMW erases your data if the legal requirements exist for doing so. In accordance with Article 17 GDPR, this could be the case if
• the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• you withdraw your consent on which the processing is based and where there is no other legal ground for the processing; 
• you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes;
• the personal data has been unlawfully processed;

and if such process is not necessary
• for compliance with a legal obligation that requires that we process your data; 
• especially with respect to retention periods required by law;
• for the establishment, exercise or defense of legal claims.

Right to restriction of processing (Article 18 GDPR as well as applicable local data privacy laws): 
You can request the restriction of processing of your data by BMW if
• you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• BMW no longer needs your data, but you require it for the establishment, exercise or defense of legal claims;
• you have objected to processing pending the verification whether legitimate grounds of BMW override yours. 

Right to data portability (Article 20 GDPR as well as applicable local data privacy laws): 
Upon your request, we will transfer your data, where technically feasible, to another controller. You can exercise this right only insofar as data processing is based on your consent or is necessary in performance of an agreement.

Right to object (Article 21 GDPR as well as applicable local data privacy laws): 
You can object, on grounds relating to your particular situation, at any time to processing of your personal data if data processing is based on your consent or on legitimate interests of BMW or a third party. BMW will cease processing your data in such a case. The latter shall not apply if BMW can demonstrate compelling legitimate grounds for the processing which override your interests or where BMW requires your data for the establishment, exercise, or defense of legal claims. 

Information restriction for fulfillment of rights as a data subject
In certain situations, BMW may be unable to provide you with any information about any of your data due to legal requirements. If BMW is required to decline a request for information in such a case, BMW will also notify you of the reasons for the refusal. 

Complaints to supervisory authorities
BMW takes your rights and concerns very seriously. However, if you are of the opinion that we have not adequately complied with your complaints or concerns or that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.