Privacy Notice

For us, the high standards you place on the characteristics of our products and services are the guideline for handling your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospects. The confidentiality and integrity of your personal information is very important to us.

Who is the data processor?

Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, D-80788 Munich, Office and register court: Munich HRB 42243 (hereinafter referred to as "BMW") provides the customer, via the "Aftersales Online System AOS" (hereinafter "Portal"), with specific technical information, in particular information and applications (hereinafter referred to as "Content") for the professional maintenance and repair of equipment manufactured by the operator and / or vehicles and motorcycles sold under the Operator's trademarks and is the controller of any data processing in this context.

What data do we process about you and for what purpose?

The data collected in connection with the conclusion of the contract or the provision of the services will be processed for the following purposes:

A. Approval test before the conclusion of the contract (Art. 6 (1) (b) of the General Data Protection Regulation)

The following data categories are processed as part of the pre-contract approval test:

  • Contact Information (last name, first name, address, e-mail address, etc.)

B. Conclusion of contract and fulfilment of contractual obligations (Article 6 (1) (b) of the General Data Protection Regulation)

Within the scope of the contract, the following data categories will be processed:

  • Contact Information (last name, first name, address, e-mail address, etc.)

The contract data will be automatically deleted 1 year after expiry of the contract, financial transactions will be deleted within 10 years under the legal provisions.

For the purpose of fulfilling the contract between you and BMW, BMW provides various services, such as Technical Help Desk, Change Requests, User Administration.

For the provision of these services, the following, possibly personal information for the provision by BMW and commissioned service providers will be processed:

  • Vehicle Identification Number (VIN)
  • Contact Information (last name, first name, address, e-mail address, etc.)

The provision of this data is not required to complete the contract. However, BMW cannot provide the service for you without the provision of the data and its processing.

The processed personal data will be automatically deleted unless you are required to provide the service for a longer period.

In the context of the order, the specified personal payment data (credit card number, expiry date of the card, card verification number, bearer name) is processed by the payment service provider SIX Payment Services (Europe) S.A., 10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg („SIX"). The payment details are neither stored on BMW servers nor cached. For more information about SIX privacy, visit the SIX Web site at .

C. Ensuring product quality and development of new products (Article 6 (1) (f) Basic Data Protection Regulation)

Beyond the mere provision of services, the data collected under B. is also processed to ensure the quality of the BMW Group's products and services and to develop new BMW products and services. This processing serves the legitimate interest of BMW to meet the high customer demands of existing products and services and to be able to meet our customers' future needs through new products and services still to be developed. The processing is done only in a form not directly traceable to the customer in order to protect the privacy of our customers.

D. Fulfilment of the sales, service and administrative processes of BMW AG (Article 6 (1) (f) of the General Data Protection Regulation)

BMW AG is a company of the BMW Group. We partially process your data in order to make the administration of the various companies within the BMW Group as efficient and successful as possible. This applies, for example, to the consolidated group accounting according to international accounting standards for companies (such as the International Financial Reporting Standards - IFRS).

E. Customer support (Article 6 (1) (b), (g), (f) Basic Data Protection Regulation)

BMW uses your personal data to address you as part of the contract settlement s. o. (for example, processing the registration) or processing a request you have made (e. g. inquiries and complaints to support). For all aspects of the execution of a contract or the handling of a concern, we speak to you without separate consent, for example in writing, by telephone, by e-mail, depending on the contact media you have specified.

Q. Fulfilment of legal obligations to which BMW is subject (Article 13 (1) (c), 6 (1) (c) of the General Data Protection Regulation)

BMW will also process personal information when there is a legal obligation to do so.

Collected data is also processed in the course of ensuring the operation of IT systems. Ensuring subsequent activities are understood:

  • Backing up and restoring data processed in IT systems
  • Logging and monitoring of transactions to verify proper functioning of IT systems
  • Detection and Prevention of Unauthorized Access to Personal Information
  • Incident and Problem Management for Troubleshooting IT Systems

Collected data is also processed in the context of internal compliance management, in which we check, for example, whether you have been sufficiently advised in the context of a contract and whether the dealer has complied with all legal obligations.

BMW is subject to a variety of other legal obligations. In order to fulfil these obligations, we process your data to the required extent and, if necessary, pass it on to the responsible authorities within the scope of statutory reporting obligations.

How long do we store your data?

We store your personal data only as long as the purpose requires. If data is processed for multiple purposes, the data will be automatically deleted or stored in a form that cannot be directly traced back to you as soon as the last specified purpose has been met.

How is your data backed up?

We back up your data according to the state of the art. For example, the following safeguards are used to protect your personal information from misuse or other unauthorized processing:

  • Access to personal data is restricted to a limited number of beneficiaries for the purposes stated.
  • Collected data will only be transmitted in encrypted form.
  • Sensitive data is stored only in encrypted form.
  • The IT systems for processing the data are technically isolated from other systems to prevent unauthorized access, for example to prevent hacking.
  • In addition, access to these IT systems is permanently monitored in order to detect and ward off abuse at an early stage.

Who do we share information with and how do we protect it?

BMW is a global company. Personal data is preferably processed by BMW employees and service providers commissioned by us within the EU.

If data is processed in countries outside the EU, BMW will ensure that your personal data is processed in accordance with European data protection standards through EU standard contracts, including appropriate technical and organizational measures. If you would like to see the specific safeguards for the transfer of data to other countries, please contact us using the communication channels listed below.

For some non-EU countries, such as Canada and Switzerland, the EU has already established a comparable level of data protection. Due to the comparable level of data protection, data transfer to these countries does not require any special approval or agreement.

Contact details, your data subject rights and your right to complain to a regulator.

For questions about the use of your personal information by us, it is best to first contact AOS Support - either by email at or via the contact form code.

In addition, you can contact the responsible data protection officer:

Data protection officer of BMW AG
Petuelring 130
80788 Munich

Persons affected by the processing of your data may claim certain rights under the General Data Protection Regulation and other relevant data protection regulations. The following section provides explanations about your rights under the General Data Protection Regulation.

Data subjects' rights

Under the General Data Protection Regulation, you have in particular the following rights as the affected person vis-à-vis BMW:

Right to information (Article 15 of the General Data Protection Regulation): You can request information from us about the data we hold about you at any time. This information includes, but is not limited to, the categories of data we process, the purpose for which we process them, the source of the data if we have not collected it directly from you, and, if applicable, the recipients to whom we have submitted your data. You can get a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you further copies.

Right to rectification (Article 16 of the General Data Protection Regulation): You can ask us to correct your data. We will take reasonable steps to keep the information we hold and continually process about you accurate, complete and up-to-date, based on the most up-to-date information available.

Right to cancellation (Article 17 of the General Data Protection Regulation): You can request deletion of your data from us, provided the legal requirements apply. In accordance with Article 17 of the General Data Protection Regulation, this may be the case in the following circumstances:

  • The data is no longer required for the purposes for which it was collected or otherwise processed.
  • You revoke your consent, which is the basis of data processing, and there is no other legal basis for processing.
  • You object to the processing of your data, there are no legitimate reasons for processing, or you object to data processing for direct marketing purposes.
  • The data was processed unlawfully.

Exceptions are in the following cases:

  • Storage is necessary to comply with a legal obligation that requires us to process your data.
  • The storage is necessary to comply with legal retention periods.
  • The storage is necessary to assert, exercise or defend legal claims.

Right to restriction of processing (Article 18 of the General Data Protection Regulation): You may ask us to restrict the processing of your data in the following cases:

  • You deny the accuracy of the data for the period we need to verify the accuracy of the data.
  • Processing is unlawful and you refuse to delete your data and instead request the restriction of use.
  • We no longer need your information, but you need it to enforce, exercise or defend your rights.
  • You have objected to the processing, as long as it is not certain that our legitimate reasons prevail.

Data transferability right (Article 20 General Data Protection Regulation): At your request, we will transfer your data – if technically possible – to another person in charge. However, you are only entitled to this right if the data processing is based on your consent or is required to carry out a contract. Instead of receiving a copy of your information, you may ask us to submit the information directly to another person in charge who you specify.

Right of opposition (Article 21 General Data Protection Regulation): You may object to the processing of your data at any time for reasons that arise from your particular situation, if the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for processing that outweigh your interests or if we need your data to assert, exercise or defend legal claims.

Respect for affected persons’ rights

We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.

Restriction of information regarding the fulfilment of data subject rights

In certain situations, we may be unable to provide you with information about all of your information due to legal requirements. If we have to decline your request for information in such a case, we will inform you at the same time about the reasons for the refusal.

Regulatory complaints

BMW takes your concerns and rights very seriously. However, if you believe that we have not adequately complied with your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.