Legal notices on data protection  
Date Revised: 15-01-2023; Version: Release 07/23  
BMW Group understands that use of your information requires your trust. BMW Group is committed to the highest  
standards of data privacy and will only use your information for clearly described purposes and in accordance with  
your data protection rights.  
Who is responsible for data processing?  
Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, with its registered office in Munich,  
is entered in the commercial register of the Local Court [Amtsgericht] of Munich under HRB 42243 (hereinafter  
referred to as "BMW"). The BMW Connected service is a family of applications and services. The service includes  
My BMW App for iOS, My BMW App for Android, MINI App for iOS, MINI App for Android, BMW Connected  
applications running in the vehicle, and integrations with Apple and Google Assistant. BMW provides the service to  
you and is responsible for related data processing activities.  
What information may be collected about you and how is it used?  
The service is designed to be a highly personalized mobility companion. In order to provide the personalized  
features of the service, BMW collects, stores and processes your personal data in compliance with applicable law.  
The data collected for the service are processed for the following purposes:  
A. Contracting to use the service (Art. 6(1)(b) GDPR)  
In order to use the service, the following data categories are processed:  
account login (BMW Group Login)  
contact data (last name, first name, address, email address, etc.)  
Login with BMW Group IDTo use the Service, you must register in the App / portal. When you register, you will  
receive an online customer account that gives you access to other BMW Group portals and offers. In order to  
provide you the BMW Group login service, your data is passed on to the BMW Group company that acts as a  
provider of the applications in use by you. Storage of the data from your customer account is handled by BMW AG  
and is separate from any other (even potentially identical) data about your person that may be available to BMW  
Your account login used to access your BMW Connected service is also your login for your other BMW services.  
You can delete your account at any time. For details, please go to the section on “Your data privacy rights”.  
B. To provide the personalized features of the service (Art. 6(1)(b) GDPR)  
The service collects and processes the following data to provide the user’s personalized features of the service:  
Service data  
user profile (preferences, language, App Id, Top driver number, etc.)  
user feedback (service rating, comment, problem description, etc.)  
position and movement data (time, position, speed, etc.)  
destination (position, street address, destination name, etc.)  
messages (message, recipient contact information, etc.)  
vehicle profile (vehicle identification number; VIN, license plate, etc.)  
BMW retailer or service center (preference, etc.)  
Image (3d image around the vehicle)  
environmental information (temperature, rain, etc.)  
anonymized application analytics (click events, App launch events, etc.)  
Vehicle data  
vehicle id (links your specific vehicle to the service)  
vehicle maintenance data (next service, oil level, brake wear, etc.)  
vehicle status data (mileage, battery voltage, fuel levels, door and window status, etc.)  
vehicle data (remote event, date/time, etc.)  
A complete list of the features, a detailed description for each and the data used can be found at service  
You can delete your data at any time in the App. There are several ways to delete your data:  
For some data types, you can delete the individual data elements; such as a single destination.  
You can delete all application data by clicking the “clear all application data” in the privacy menu in the app.  
This deletes all the data generated and collected by the app but your BMW login, vehicle data and other  
non-application data will not be deleted.  
To unlink your vehicle from the service log into the ConnectedDrive portal  
To exercise your right to be forgotten contact your local customer support center.  
When you launch the App for the first time, you will be prompted for your consent for a few specific data types  
before the service begins collecting the data. If you decline, the features which require that data will be disabled.  
Specific consent is requested for:  
position (geolocation)  
receiving notifications  
access to your camera and/or photos  
You consent to allow the service to collect and process all other described data types when you accept this privacy  
If you have given express consent to the processing of your personal data for marketing and/or market research  
purposes or for profiling purposes, the same personal data will be processed for such purposes and for sending you  
offers from the BMW Group (within the limits of the specific consent form and by party).  
Opt-out of data collection  
You have the right to opt out at any time.  
.. If you wish to continue using the App but opt-out of data collection for specific the data types  
You can turn off location, calendar access, contacts access, camera access, photos access and notification in  
the settings menu in the App.  
.. to opt-out of any other data collection the App will no longer function  
Delete your application data using the “Clear all application data” button in the privacy menu.  
Delete the App from your phone.  
C. Assurance of product quality and development of new products (Art. 6(1)(f) GDPR)  
Beyond the mere provision of services, the data collected under Section B. are also processed for the purposes of  
quality assurance and for the development of new products and services by BMW. These processing activities serve  
the legitimate interests of BMW in our effort to bring you the highest quality products and services as well as new  
and innovative offerings.  
In order to protect your privacy, the data used to improve our products and create new services is stored in a form  
that it is not directly traceable to you or your vehicle.  
The health of the service is constantly monitored. If the monitoring detects critical system fault some data collected  
under Section B. may be reviewed be to help determine the cause in order to correct the problem. Access to this  
information is strictly limited and is only used when needed to resolve a critical issue.  
D. Fulfillment of the sales, service and administrative processes of BMW AG, the national sales company and  
authorized dealers (GDPR 6(1)(f))  
In order to optimize the customer experience and collaboration with BMW distributors continuously, we create  
evaluations and reports based on information from agreements and we share these evaluations and reports with the  
applicable BMW distributors. These evaluations are predominantly used for introducing appropriate measures (e.g.  
training courses for sales personnel) to improve the request and sales process. We will create the aforementioned  
reports only in an aggregated and anonymized form; this means that the recipients of the reports will be unable to  
draw any conclusions about you personally.  
BMW AG is a company within BMW Group. In part, we process your data in order to make the administration of the  
various companies within BMW Group as efficient and successful as possible. One of the areas this affects is  
common group accounting in accordance with international accounting regulations for companies (such as the  
International Financial Reporting Standards (IFRS)).  
E. Consent-based customer care (Art. 6(1)(a) GDPR)  
If you have separately given your consent to the further use of your personal data for marketing purposes and/or  
market research your personal data will be used for this purpose.  
If you have separately agreed to promotional communication by email, you will also receive promotional  
communication in the Message Centre of the app as part of your use of the app. You can change your settings for  
promotional communication at any time via the settings in the app, your MINI account or via Customer Care, or you  
can revoke your consent completely.  
F. Compliance with legal obligations to which BMW is subject (Art. 13(1)(c), Art. 6(1)(c) GDPR)  
BMW will also process personal data if there is a legal obligation to do so. This may be the case if we need to  
contact you because your vehicle is affected by a recall or technical action.  
Collected data is also processed in the course of ensuring the operation of IT systems; such as:  
backup and recovery of data processed in IT systems,  
logging and monitoring of transactions to verify proper functioning of IT systems,  
detection and prevention of unauthorized access to personal data,  
Incident and problem management for troubleshooting IT systems.  
Collected data is also processed in the context of internal compliance management, in which we check, whether you  
have been sufficiently advised in the context of a contract and that the dealer has complied with all legal  
BMW is subject to a variety of other legal obligations. In order to comply with these obligations, we process your  
data to the extent required and, if necessary, pass these on to the responsible authorities within the framework of  
statutory reporting obligations  
G. Data transfer to selected third parties  
The service includes features that utilize selected third parties in order to provide the function of the feature. In  
most cases, the data is provided in anonymized form such as the request to the map provider to retrieve the map  
image for your location. In other cases, the feature may require the transfer of your personal information to the  
third party such as when you schedule a service appointment for your vehicle. Features that send your personal  
data to a third party will inform you of the transmission or prompt for your consent before sending the data.  
Details for all third party transmissions are described in the respective service descriptions.  
How do we collect your personal data?  
BMW collects your personal information in the following conditions:  
The App is actively running, either in the foreground or background, on your mobile device.  
You actively use the features of the App .  
If you access the service via an integrated device the service will collect anonymized usage analytics.  
When you use the service to perform ConnectedDrive functions such as executing a remote command (e.g.  
locking your doors) or viewing your vehicle status the data is generated by your vehicle. All ConnectedDrive  
data is collected and processed under your ConnectedDrive agreement and is detailed under the  
ConnectedDrive privacy policy included separately in the App.  
How do we keep your information safe?  
We secure your data using state-of-the-art technology. By way of example, the following security measures are used  
to protect your personal data against misuse or any other form of unauthorized processing:  
access to personal data is restricted to only a limited number of authorized persons for specified purposes;  
data is transferred only in encrypted form;  
data is stored in encrypted form;  
the IT systems used for the processing of the data are technically isolated from other systems to prevent  
unauthorized access, e.g. by hacking;  
access to the systems is monitored permanently in order to detect and avert misuse at an early stage.  
How long do we store your data?  
We only store your personal data for as long as is required for the respective purpose. If data is processed for  
multiple purposes, they are automatically erased, or stored in a form that is not directly traceable to you, as soon as  
the last specified purpose has been fulfilled.  
The service retains the data for a varying period depending on the data type. The details for each data type are  
described in the service descriptions. Retention periods fall into the following categories:  
Data retained only until the process, request or action is completed (example: you send a message to a friend  
to notify them of your estimated arrival time message is sent and then deleted)  
Data retained for a defined period (example: vehicle data is retained for 30 days, position data is retained for  
1 year)  
Data retained until you delete it or if you stop using the service for more than 5 years (example: your user  
profile, destinations you manually entered)  
Who will we share your data with and how will we protect it?  
BMW is a global company. Your personal data is processed preferably within the EU by BMW employees, national  
sales companies, authorized dealers and service providers engaged by us.  
If data are processed in countries outside the EU, BMW ensures that your personal data are processed in  
accordance with the European level of data protection, using EU standard agreements, including suitable technical  
and organizational measures.  
How you see and change your privacy preferences  
You can review and change your privacy settings at any time in the App under the settings menu. Depending on the  
vehicle model, you can also access a privacy menu in your vehicle in which you can also change the vehicle related  
Your data privacy rights, your right to complain and contacting BMW  
As BMW is processing your data, you are entitled to claim certain rights under GDPR and other relevant data  
protection regulations. This section explains your rights under the GDPR.  
Your rights  
According to the GDPR you are entitled to the following rights:  
Right to withdraw Consent (Art. 7 GDPR):  
If you wish to withdraw your consent allowing the service to process your data, in the App tap the “Delete all  
application data” option in the “Privacy and Terms” menu and then delete the App from your smartphone.  
Settings to change your data collection permissions service data types are available in the App under the “Settings”  
Right to access your information (Art. 15 GDPR):  
You can request information about the data that we hold about you at any time. This information includes, but is not  
limited to, the categories of data we process, for which purposes we process them, the source of the data if we have  
not collected it directly from you, and, if applicable, the recipients to whom we have submitted your information.  
You will receive 1 free copy of your data. If you are interested in additional copies, we reserve the right to charge  
for further copies.  
The data collected and generated by the service can be viewed in either your ConnectedDrive portal or the App  
itself. The data is shown in the App as part of the display for the feature that collects or uses it.  
You can also view your account information and vehicle data at any time in the ConnectedDrive portal.  
My Consent to marketing communication:  
You can change or withdraw your consent to marketing communication from your BMW subsidiary at any time in  
your App under Profile / My setting / Permissions / Marketing Permissions. In this section you can select not only  
on which communication channels (email,…) you would like to receive marketing communication from your BMW  
subsidiary but also if you would like personalized BMW Group product and service offers which were identified  
from your BMW subsidiary based on your personal preferences and behaviors, as well as from the use of products  
and services. You can also contact one of our BMW brand customer hotlines: For more information, see details in  
marketing permission section.  
Right to correction (Art. 16 GDPR):  
You can request that BMW to correct your data. We will take reasonable steps to keep the information we hold  
about you and process on an ongoing basis, accurate, complete, current, and relevant, based on the most up-to-date  
information available to us.  
You can correct most of the data processed by the Connected service directly in the App or on the ConnectedDrive  
Right to deletion (Art. 17 GDPR):  
You can ask that your data be deleted, if the legal prerequisites exist.  
This may be the case under Art. 17 GDPR if:  
The data is no longer required for the purposes for which it was collected or otherwise processed;  
You revoke your consent, which is the basis of the data processing and there is no other legal basis for  
You object to the processing of your data and there is no legitimate reason for the processing, or object to  
data processing for direct marketing purposes;  
The data was processed unlawfully  
unless processing is required:  
To ensure compliance with a legal obligation that requires us to process your data;  
Especially with regard to statutory retention periods;  
To assert, exercise or defend legal claims.  
Right to restriction of processing (Art. 18 GDPR):  
You may demand that we restrict the processing of your data if:  
You deny the accuracy of the data. Data will be restricted from further processing for the time period we  
need to verify the accuracy of the data;  
The processing is unlawful and you refuse the deletion of your data. Instead you demand the restriction of  
We no longer need your information, but you need it to enforce, exercise or defend your rights;  
You have objected to the processing, as long as it is not certain that our legitimate interest in processing of  
the data outweigh your personal rights.  
Right to data portability (Art. 20 GDPR):  
Upon your request, we will transfer your data - as far as is technically possible - to another person in charge.  
However, you are only entitled to this right if the data processing is based on your consent or is required to carry  
out a contract. Instead of receiving a copy of your data, you may also ask us to submit the data directly to another  
person in charge who you specify.  
Right to objection (Art. 21 GDPR):  
You may object to the processing of your data at any time for reasons that arise from your particular situation, if the  
data processing is based on your consent or on our legitimate interests or that of a third party. In this case, we will  
no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for processing  
that outweigh your interests or we need your data to assert, exercise, or defend legal claims.  
Time limits for the fulfillment of data subject rights:  
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons  
relating to the specific right or complexity of your request.  
Restriction of information in the fulfillment of data subject rights:  
In certain situations, we may be unable to provide you with information about all of your data due to legal  
requirements. If we have to reject your request for information in such a case, we will inform you at the time about  
the reasons of the refusal.  
Complaint to regulators:  
BMW AG takes your concerns and rights very seriously. However, if you believe that we have not adequately  
complied with your complaints or concerns, you have the right to lodge a complaint with a competent data  
protection authority.  
Contact BMW  
In the event of questions regarding our use of your personal data, please start by contacting BMW customer  
support, either by e-mail at or by phone at 0844 270 270 (Mo - Fr 08:00 AM 8:00  
You can also directly contact BMW’s data protection officer:  
Petuelring 130  
80788 Munich