As BMW is processing your data, you are entitled to claim certain rights under GDPR and other relevant data protection regulations. This section explains your rights under the GDPR.
According to the GDPR you are entitled to the following rights:
Right to withdraw Consent (Art. 7 GDPR):
If you wish to withdraw your consent allowing the service to process your data, in the app tap the “Delete all application data” option in the “Privacy and Terms” menu and then delete the app from your smartphone.
Settings to change your data collection permissions service data types are available in the app under the “Settings" menu.
Right to access your information (Art. 15 GDPR):
You can request information about the data that we hold about you at any time. This information includes, but is not limited to, the categories of data we process, for which purposes we process them, the source of the data if we have not collected it directly from you, and, if applicable, the recipients to whom we have submitted your information. You will receive 1 free copy of your data. If you are interested in additional copies, we reserve the right to charge for further copies.
The data collected and generated by the service can be viewed in either your ConnectedDrive portal or the app itself. The data is shown in the app as part of the display for the feature that collects or uses it. The number of destinations shown on the Destination tab are limited to make the feature easier to use. All destinations stored in the service can be viewed under the menu option Privacy and Terms | Learned Destinations.
You can also view your account information and vehicle data at any time in the ConnectedDrive portal.
Right to correction (Art. 16 GDPR):
You can request BMW to correct your data. We will take reasonable steps to keep the information we hold about you and process on an ongoing basis, accurate, complete, current, and relevant, based on the most up-to-date information available to us.
You can correct most of the data processed by the Connected service directly in the Connected Drive smartphone app or on the ConnectedDrive portal.
Right to deletion (Art. 17 GDPR):
You can ask that your data be deleted, if the legal prerequisites exist.
This may be the case under Art. 17 GDPR if:
- The data is no longer required for the purposes for which it was collected or otherwise processed;
- You revoke your consent, which is the basis of the data processing and there is no other legal basis for processing;
- You object to the processing of your data and there is no legitimate reason for the processing, or object to data processing for direct marketing purposes;
- The data was processed unlawfully
unless processing is required:
- To ensure compliance with a legal obligation that requires us to process your data;
- Especially with regard to statutory retention periods;
- To assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR):
You may demand that we restrict the processing of your data if:
- You deny the accuracy of the data. Data will be restricted from further processing for the time period we need to verify the accuracy of the data;
- The processing is unlawful and you refuse the deletion of your data. Instead you demand the restriction of use;
- We no longer need your information, but you need it to enforce, exercise or defend your rights;
- You have objected to the processing, as long as it is not certain that our legitimate interest in processing of the data outweigh your personal rights.
Right to data portability (Art. 20 GDPR):
Upon your request, we will transfer your data - as far as is technically possible - to another person in charge. However, you are only entitled to this right if the data processing is based on your consent or is required to carry out a contract. Instead of receiving a copy of your data, you may also ask us to submit the data directly to another person in charge who you specify.
Right to objection (Art. 21 GDPR):
You may object to the processing of your data at any time for reasons that arise from your particular situation, if the data processing is based on your consent or on our legitimate interests or that of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for processing that outweigh your interests or we need your data to assert, exercise, or defend legal claims.
Time limits for the fulfillment of data subject rights:
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.
Restriction of information in the fulfillment of data subject rights:
In certain situations, we may be unable to provide you with information about all of your data due to legal requirements. If we have to reject your request for information in such a case, we will inform you at the time about the reasons of the refusal.
Complaint to regulators:
BMW AG takes your concerns and rights very seriously. However, if you believe that we have not adequately complied with your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.
To this end, please contact BMW Customer Service
By email: firstname.lastname@example.org or
by calling the hotline: +49 89 1250 160 00 (Mon–Sun 8:00 am to 8:00 pm).
You can also directly contact BMW’s data protection officer: