Privacy Notice
Who is responsible for data processing?

Within the meaning of the EU General Data Protection Regulation ("DGSVO") BMW AG, Petuelring 130, 80788 Munich, Germany (hereinafter "BMW") is responsible ("Controller") for the processing of your personal data. BMW is registered in Munich.

BMW is Controller related to your personal data processed via the webpage b2b.bmw.com and b2b.bmwgroup.net

 

Definitions
The client of a contractual service is BMW, the contractor is a BMW Group Partner, hereinafter referred to as the employer.

 

Contact details of BMW Partner Management, BMW and BMW Group Data Privacy Protection:
BMW Group Partner Portal                                           BMW AG Group Data Privacy Protection

PartnerPortal@bmw.de                                                 Datenschutz@bmw.de

 

When does BMW collect and process personal data?

BMW collects and processes your personal data, amongst others, in the following cases:

  • As part of the registration of the BMW Group Partner Portal
  • As part of the use of the BMW Group Partner Portal

 

Which category of data can be collected?

The following categories of personal data are collected:

  • Contact details
    Company name, postal address and supplier number of your employer
    Name, job title, organizational unit, telephone number and e-mail address
    Online identification (user name) and password
  • Application-related personal configuration settings and preferences.

Please help us to keep your information up to date by informing us about changes to your personal data - in particular to your contact details - or by changing this yourself in the portal.

 

For what purposes is your personal data processed?

The personal data is collected in connection with the conclusion of the contract or the performance of the commissioned service. Collected personal data is processed for the following purposes.

 

A. Fulfillment of the contractual obligation in the context of commissioning (Article 6 (1) (b) (f) GDPR)

When using services provided via the BMW Group Partner Portal, the above-listed personal data are collected, processed and used primarily for the purposes of authentication, authorization, process control and establishing contact within the framework of the provisions of applicable data protection laws.

 

The master data of a sub-supplier is processed on the basis of Article 6 EU GDPR (1) lit f), provided that this collection, processing and storage serves to fulfill the contract between BMW Group and BMW's direct contractor. 
The sub-supplier registers and applies for a BMW Group supplier number on behalf of BMW's immediate contractor.
BMW's legitimate interest results from BMW's TISAX certification and the associated information security requirements, which state that BMW must be able to identify all people and companies that use BMW Group IT systems. 
 

B. Performance of legal obligations of BMW (Article 6 (1) (c) (f) GDPR)

Collected personal data is also processed to ensure the operation of IT systems. To ensure the operating of IT systems means e.g.

  • the backup and recovery of personal data processed in IT systems,
  • the logging and monitoring of transactions to check the functioning of IT systems,
  • the detection and prevention of unauthorized access to personal data
  • Incident and problem management for troubleshooting on IT systems.

BMW is subject to a variety of other legal obligations. In order to comply with these obligations, BMW process your data to the required extent and, if necessary, pass these on to the responsible authorities as part of legal reporting requirements.

If required, BMW will process your data in the event of a legal dispute only if the legal dispute requires the processing of your personal data.

 

D. How does BMW protect your personal data?

BMW uses various security measures, including state-of-the-art encryption and authentication tools, to protect and maintain the security, integrity, and availability of your personal data. It is protected by state-of-the-art physical, electronic and procedural safeguards in accordance with applicable privacy laws. BMW has implemented (among others) the following measures:

  • Strict eligibility criteria for accessing your personal data on a need-to-know basis and for the sole purpose,
  • Transfer of personal data only in encrypted form,
  • Storage of confidential data only in encrypted form,
  • Firewall protection of IT systems for protection against unauthorized access, e.g. by hackers and
  • Permanent monitoring of access to IT systems to detect and prevent the misuse of personal data.

 

How long does BMW store your personal data?

BMW does store your personal data only as long as the relevant purpose requires it. If personal data is processed for multiple purposes, the personal data will be automatically deleted or stored in a form that cannot directly be traced back to you, as soon as the last specified purpose has been fulfilled. To ensure that all your personal data is deleted, BMW has developed an internal deletion concept. The basic principles are shown below.

 

How can you view and revoke your registration online?

You can see your registration here . To revoke or delete your registration go to "My Account" and "Personal Data". There you can "Apply for deletion".

 

To whom does BMW give international access to your personal data and how does BMW protect it?

BMW is a company with an international presence. Personal data is preferably processed within the EU by BMW employees, national sales companies, authorized dealers, and service providers commissioned by us.

BMW will transfer your personal data to countries outside the EU only if it is necessary to fulfill the contractual obligations. BMW uses appropriate technical and organizational measures to ensure that your personal data is processed within the portal in accordance with the European data protection standard.

For certain countries outside the EU, such as Canada and Switzerland, the EU has already determined a comparable level of data protection. Given the comparable level of data protection, data transmission to these countries does not require any special approval or agreement.

BMW relies on a number of service providers which are processing personal data on behalf of BMW AG to assist in the provision of the listed services and use cases. The service providers are commissioned under the strict requirements of applicable data protection laws.

 

Contact us, your privacy rights and your right to complain to the Data Protection Authority

If you have any questions regarding the use of your personal data by BMW, please contact the BMW Hotline - by e-mail at PartnerPortal@bmw.de.

In addition, you can contact the responsible data protection officer. Address see above.

As an individual whose data is subject to processing, you may assert certain rights against us in accordance with the GDPR and other relevant data protection regulations. The following section contains explanations of your rights under the GDPR.