Privacy policy.
Authorised BMW motorcycle dealer privacy policy.
The high standards that you place on BMW products and services as well as the customer service provided by us as a BMW partner are the guideline for handling your data. Our aim is to create and maintain the basis for a trusting business relationship with our existing and prospective customers. It is especially important to us that we observe confidentiality and integrity when handling your personal data. For this reason, we will process and use your data carefully, for a specific purpose or after gaining your consent and in accordance with the statutory provisions on data protection.
This privacy policy describes in the following sections how we, the authorised BMW motorcycle dealer as a BMW partner, collect, process and use personal data of existing and prospective customers.
The authorised BMW Motorrad dealer (hereinafter referred to as "car dealership", "BMW Partner" or "We"), Strasse 1, D-80331 Munich, Germany, are responsible for the processing of your personal data as defined in the EU General Data Protection Regulation (GDPR). The authorised BMW motorcycle dealer is based in Munich.
As an authorised BMW dealer, we are an authorized BMW Motorrad dealer and a legally and economically independent company and not part of BMW AG.
As a licensee, we use the BMW Motorrad brand for the sale of BMW motorcycles, original BMW parts and accessories as well as for brand-related maintenance and repair.
We are responsible for your data that is collected and processed by us through this website, through your contacts with us in the dealership and in the context of customer service and in the context of our direct marketing activities.
Furthermore, we process your data, provided that it is transmitted to us by BMW AG, if and insofar as the necessary data protection requirements are met.
You can find information about data processing by BMW AG here online in the privacy policy of BMW.
Our contact details are:
Authorised BMW Motorrad dealer
Strasse 1
D-80331 Munich, Germany
Tel.: 089 - 1234567
E-Mail: bmwhaendler@bmw.de
We collect and process your personal data in the following cases:
- If you contact us directly, e.g. via this website or in the motorcycle dealership.
- If you buy products directly from us (e.g. vehicles or parts and accessories).
- If you buy services directly from us (e.g. during maintenance or repair of your vehicle).
- If you request information about our products and services (e.g. sending brochures or price lists).
- If you respond to our direct marketing activities, for instance if you fill out an answer or prize draw card or if you submit your data online to this website.
- If BMW AG provides us with data about you in a permissible manner, if and insofar as the necessary data protection requirements are met.
- If third parties provide us with personally identifiable information about you.
Please help us to keep your information up to date by informing us about changes to your personal data – in particular your contact details.
The following categories of personal data may be collected through the many services and contact channels described in this privacy policy:
- Contact details: Name, address, telephone number, e-mail address.
- Interests: Information provided by you about your areas of interest, such as for instance the vehicles you are interested in, hobbies and other personal preferences.
- Other personal information: Information provided by you relating to date of birth, education, household size or occupational situation.
- Contractual data, Customer number, contract number.
- Use of websites and communication: Information about how you use the website and whether you open or forward communications from us, including information collected through cookies and other tracking technologies. You can find more information here in our cookie guidelines.
- Transaction and interaction data: Information on purchases of products and services from our car dealership and our online shop, interactions with us (your inquiries and complaints) and participation in our market research studies.
- Credit and identity information: Data to establish your identity, e.g. driver's license or registration certificate part 1; also information about transactions, any unpaid payments to us; information on fraud, criminal activity, suspicious transactions, politically exposed persons and sanctioned lists containing your data.
- Information about vehicle functions and settings: Information about the functions and current settings of your vehicle (identified by the vehicle identification number), e.g. BMW TeleServices, if you have saved us as your desired BMW partner in the system.
- Technical data on the vehicle, Data that is generated or processed in the vehicle.
Operating data in the vehicle: Control units process data to operate the vehicle.
This includes, for example:
- Vehicle status information (e.g. speed, motion delay, lateral acceleration, wheel revolution speed, closed seat belt indicator),
- Environmental conditions (e.g. temperature, rain sensor, distance sensor).
As a rule, this data is transitory and is not stored beyond service hours and only processed in the vehicle itself. Control units often contain data memories (including the ignition key). These are used to temporarily or permanently document information about vehicle condition, component stress, maintenance requirements as well as technical events and errors.
Depending on the technical equipment:
- Operating conditions of system components (e.g. fill levels, tyre pressure, battery status),
- Faults and defects in important system components (e.g. light, brakes),
- Reactions of the systems in special traffic situations (e.g. activation of an airbag, deployment of stability control systems),
- Information on vehicle-damaging events,
- for electric vehicles, state of charge of the high-voltage battery, estimated range.
In special cases (e.g. if the vehicle has detected a malfunction), it may be necessary to save data that would actually only be transitory.
If you make use of services (e.g. repair services, maintenance work), the stored operating data together with the vehicle identification number can be read out and used if necessary. The readout can be done by our employees or third parties (e.g. breakdown services) from the vehicle. The same applies to warranty cases and quality assurance measures.
The readout usually takes place via the statutory connection for OBD ("on-board diagnosis") in the vehicle. The operating data read out documents technical conditions of the vehicle or individual components, help with fault diagnosis, compliance with warranty obligations and quality improvement. This data, in particular information about component stress, technical events, operating errors and other errors, is transmitted to BMW AG, if applicable, together with the vehicle identification number. In addition, BMW AG is subject to product liability. For this purpose, BMW AG also uses operating data from vehicles, for example for technical campaigns. This data can also be used to test customer claims for warranty and repair.
Fault memory in the vehicle can be reset by a service company during repair or servicing or at your request.
For more information about processing data in the vehicle, refer to the operating instructions of your vehicle or
find them here the privacy policy of BMW AG.
Data for locating the vehicle: Information about the location of your vehicle or mobile device. We may receive limited data on the location of the vehicle, as far as this is necessary for the purpose of contract performance (e.g. in the context of breakdown assistance provided by BMW breakdown assistance).
The data collected in connection with the conclusion of contracts or the provision of our services is processed for the following purposes. Here is an explanation of the legal basis for the processing of personal data:
We process your data only if an applicable law allows this. We will process your data in particular on the basis of Art. 6 and Art. 9 of the GDPR as well as on the basis of consents pursuant to Art. 7 GDPR. Among other things, we will base the processing of your data on the following legal bases. Please note that this is not a complete or exhaustive list of legal bases, but merely examples that are intended to make the legal basis more transparent.
- Consent (Art. 6(1)(1)(a), Art. 7 GDPR, or Art. 9 (2)(a), Art. 7 GDPR): We will process certain data only on the basis of your previously given explicit and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
- Fulfilment of a contract / pre-contractual measures (Art. 6(1)(1)(b) GDPR): In order to initiate or execute your contract with us, we need access to certain data.
- Fulfilment of a legal obligation (Art. 6(1)(1)(c) GDPR): We are subject to a number of statutory requirements. To meet these requirements, we must process certain data.
- Preservation of legitimate interests (Art. 6(1)(1)(f) GDPR): We will process certain data in order to safeguard our interests or the interests of third parties. However, this only applies if your interests do not predominate in a give case.
A. Fulfilment of the contractual obligation in the context of sales, maintenance and repair of vehicles
(Art. 6(1)(b) GDPR)
We collect, process and use personal data in the context of sales processes or during maintenance or repair at our motorcycle dealership.
As part of the sales process, personal data is used by us to process the purchase contract, perform test drives and transmit information in connection with your vehicle purchase.
In the context of these activities, the following categories of data are processed:
- Contact details (name, first name, address, e-mail address, etc.)
- If necessary bank details
We use your personal data to address as part of the contract processing (e.g. vehicle order, workshop/repair order) or for handling a request formulated by you (e.g. offer, test drive request). For all aspects of the contract or the settlement of a concern we will address you without separate consent e.g. in writing, over the phone, via messenger services, by e-mail, depending on the contact details you provided.
As part of the maintenance and repair processes or services with us, technical data on the vehicle relevant for the vehicle service is read out from the built-in electronic control units with special diagnostic devices. This data is processed and used in the workshop by trained technicians to diagnose and correct any malfunctions. This technical data on the vehicle mainly consists of
- Vehicle master data (e.g. vehicle identification number, vehicle type, production date, vehicle equipment),
- Vehicle condition data (measured values such as distance reading),
- Fault memory entries (e.g. turn indicator malfunction),
- Peak loads,
- Software versions and
- service and workshop data (e.g. service requests, work performed, replacement parts fitted, warranty cases, workshop reports)
The above information may be accessed by BMW AG to assist us with any technical or other challenges to our service fulfilment.
The technical vehicle data is deleted at the end of the vehicle's life cycle.
We may furthermore receive limited data on the location of the vehicle, as far as this is necessary for the purpose of contract performance (e.g. in the context of breakdown assistance of the BMW breakdown assistance). The data will be used by us exclusively for the purpose of fulfilling the contract.
B. Fulfilment of our sales, service and administration processes in cooperation with BMW AG
(Art. 6(1)(a),(b), (f) GDPR)
For the fulfilment of sales, service and administrative processes, a transfer of data to BMW AG is required. This is the case when we submit data
- for the examination of warranty / goodwill cases
- for processing vehicle orders and services
- for questions about specific repairs
- for marketing campaigns or market research
- for the execution of contractual agreements between us and BMW AG
- to maintain product liability and product monitoring for any potential technical campaigns
- for product and quality improvement
For these processes, depending on the relevant legal basis, the following categories of data are transmitted:
- Contact details
- Identification data
- Vehicle master data
- Vehicle condition data
- Fault memory entries
- Service and workshop data
C. Customer care
(Art. 6(1)(b),(f) GDPR)
We use your personal data to address you as part of the contract processing (see above) (e.g. vehicle order, workshop / repair order) or to handle a request formulated by you (e.g. offer, test drive requests, enquiries and complaints). For all aspects of the contract or the settlement of a concern we will address you without separate consent e.g. in writing, over the phone, via messenger services, by e-mail, depending on the contact details you provided.
We will also contact you if your vehicle is affected by a so-called technical campaign or a recall. Since technical campaigns are measures that usually have high importance (e.g. avoiding occupant hazards, avoiding damage to the vehicle), we will contact you or BMW AG using the contact details provided by you.
We also process your personal data on this basis in order to further optimize your experience with us, for instance in order to clearly identify you, should you choose to make contact with us.
D. Advertising communication and market research based on consent
(Art. 6(1)(a) GDPR)
If you have separately consented to the further use of your personal data, your personal data may be used in accordance with the scope described in the consent, for instance for advertising purposes (selected offers of products and services) and/or market research, and if necessary passed on to certain affiliated companies of the motorcycle dealership authorised BMW motorcycle dealer and BMW AG (Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, D-80788 Munich, Germany) and BMW M GmbH (Daimlerstrasse 19, D-85748 Garching-Hochbrück, Germany). Details on this can be found in the respective declaration of consent, which can be revoked at any time.
If you have issued the appropriate consent to advertising communication, we will collect and process:
Contact information, e.g.
- name, address, e-mail, phone number
Supplementary personal information / preferences, e.g.
- company name, your relationship with this company, if you use a business vehicle or are our contact person for this company
- A possible time when you need a new vehicle and your interest in BMW vehicles and services as well as your requests for information and test drives, etc.
- Vehicle identification number and other attributes associated with it
- Interests and hobbies
- Status of your privacy policy declaration of consent and selected or preferred channel of communication
Identification data, e.g.
- customer number, contract number
Customer history, e.g.
- vehicle purchase data including model, configurations, date of purchase, registration date, license plate, order date, delivery date, owner, list price
- Service order data including scope of activities performed and replacement parts installed
- Campaign history and response to direct marketing measures
- Participation in events
- Inquiry and complaint history
In the privacy statement, you also determine the communication channels (e.g. post, telephone, e-mail), via which we may contact you.
Data processing for advertising purposes is usually carried out in Germany; there is no transfer of personal data to a country outside the EU.
E. Performance of legal obligations to which we are subject
(Art. 6(1)(c), (f) GDPR)
In addition, we will process personal data when there is a legal obligation to do so.
Collected data is also processed in the course of ensuring the operation of IT systems. Ensuring refers to the following activities among others:
- Backup and recovery of data processed in IT systems,
- Logging and monitoring of transactions to check the correct functioning of IT systems,
- Detection and prevention of unauthorized access to personal data,
- Incident and problem management for troubleshooting IT systems.
We are subject to a variety of other legal obligations. In order to comply with these obligations, we process your data to the required extent and, if necessary, pass it on to the responsible authorities as part of legal reporting requirements.
If necessary, we process your data in the event of a legal dispute if the legal dispute requires the processing of your data.
F. Data transmission to selected third parties
Data is passed on to the following companies, among others, if and to the extent that the necessary data protection requirements are met:
If you have previously given us your express consent to share your information with affiliates of our group for advertising or marketing purposes. This concerns the
BMW Motorrad dealer
Straße 1
80331 München
089 / 1234567
bmwhaendler@bmw.de
- To BMW AG, e.g. to update your address and your vehicle, if and insofar as the necessary data protection requirements have been met and you have not objected to the use of your data for the purpose of a written address in the knowledge of a right of objection, as well as contact details and personal data (e.g. date of birth, driving license class, hobbies and interests), if your consent to advertising purposes permits this or also vehicle data that is used by BMW AG, in particular for the purposes of product monitoring and development.
- To carefully selected and verified service providers and business partners with whom we work together to provide you with products and services. We only do this within the strict conditions of data processing on behalf of or on the basis of your express consent.
- To other third parties (e.g. public authorities) as far as we are legally obliged to do so.
We use various safety precautions such as state-of-the-art encryption and authentication tools to protect and maintain the security, integrity, and availability of your data.
Full protection against unauthorized access cannot be guaranteed for data transmissions over the Internet or a website, but we and our service providers and business partners make every effort to safeguard your personal data in accordance with applicable data protection regulations through physical, electronic and procedural security precautions in accordance with the current state of the art. Among other things, we use the following measures:
- Strict criteria for authorisation to access your data in accordance with the "need-to-know" principle (restriction to as few people as possible) and only for the stated purpose,
- Transfer of collected data only in encrypted form,
- Saving of confidential data, e.g. credit card data only in encrypted form,
- Firewall protection of IT systems for protection against unauthorized access, e.g. by hackers and
- permanent monitoring of access to IT systems to detect and prevent the misuse of personal data.
We will only retain your data for as long as necessary for the purposes for which we process your data. If we process data for multiple purposes, it will be automatically deleted or saved in a format that does not allow it to be directly linked to your personal identity once the final specific purpose has been met. To ensure that all your data is deleted in accordance with the principle of data minimization, we have a deletion concept. The basic principles according to which this deletion concept provides for the deletion of your personal data are shown below.
Use to fulfil a contract
In order to fulfil contractual obligations, data collected about you may be retained for as long as the contract is in force and, depending on the nature and scope of the contract, for 10 years after that in order to comply with statutory retention requirements and to clarify any requests or claims upon expiration of the contract.
In addition, there are contracts for the supply of products and services, which require longer retention periods, see also "Use for the examination of claims" below.
Use for the examination of claims
Any data we deem necessary to investigate or defend claims made to us or to prosecute you, us, or any third party, or make any claims, may be retained by us for as long as any such proceedings could be pursued.
Use for customer service and for marketing purposes
For customer service and marketing purposes, the data collected about you may be retained for 10 years after collection, unless you request that this data be deleted and there are no contractual or statutory retention obligations that conflict with this deletion request.
We are a company operating in Germany. Personal data is processed by us and our affiliated companies as well as service providers commissioned by us preferably in Germany or within the EU.
If data is processed in countries outside the EU, we ensure that your personal data is processed in accordance with the European data protection standard by means of EU standard contracts, including appropriate technical and organizational measures.
For some countries outside the EU, such as Canada and Switzerland, the EU has already established a comparable level of data protection. Due to the comparable level of data protection, data transmission to these countries does not require any special approval or agreement.
Contact us if you would like to see specific safeguards for sharing your information with other countries:
BMW Motorrad dealer
Straße 1
80331 München
089 / 1234567
bmwhaendler@bmw.de
If we take recourse to service providers to assist in the provision of the listed services and uses, we ensure that they are commissioned by us under the strict conditions of data processing in accordance with data protection law.
If you have any questions regarding the use of your personal data by us, please contact us by e-mail at bmwhaendler@bmw.de or by phone at +49 89 1234567 (Mon-Fri 9.00 a.m. - 6.30 p.m., Sat 10.00 a.m. - 2.00 p.m.)
As a person affected by the processing of your data, you may exercise certain rights with respect to us under the GDPR and other relevant data protection regulations. The following section contains explanations of your rights according to the GDPR. Depending on the nature and scope of your request, we will ask you to address it in writing.
Affected party rights
According to the GDPR, you are in particular entitled to the following rights as an affected party:
Right to information (Article 15 GDPR): You may request information about the data we hold on you at any time. This information includes, but is not limited to, the categories of data processed by us, the purposes for which we process this data, the source of the data if we have not collected it directly from you, and, if applicable, the recipients to whom we have submitted your data. You can get a free copy of your data from us. If you are interested in additional copies, we reserve the right to charge you for additional copies.
Right to rectification (Article 16 GDPR): You can request that we correct your data. We will take reasonable steps to keep your data, which we store about you and process on a regular basis, accurate, complete and up-to-date, based on the most up-to-date information available to us.
Right to deletion (Art. 17 GDPR): You can request that we delete your data, provided that there are legal requirements for this. This may be the case under Art. 17 GDPR if
- the data is no longer required for the purposes for which it was collected or otherwise processed;
- Your consent, which is the basis for the data processing, is revoked and there is no other legal basis for the processing;
- You object to the processing of your data and there are no legitimate grounds for processing, or object to the data processing for the purposes of direct marketing;
- the data was processed unlawfully; the processing is not necessary to ensure compliance with a legal obligation that requires us to process your data, in particular with regard to statutory retention periods; to assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR): You may require us to restrict the processing of your data if
- you dispute the accuracy of the data for the period we need to verify the accuracy of the data;
- the processing is unlawful and you refuse the deletion of your data and instead demand the restriction of use;
- we no longer need your data but you need it to enforce, exercise or defend your legal rights;
- you have objected to the processing, as long as it is not determined that our legitimate reasons outweigh yours.
Right to data portability (Art. 20 GDPR): At your request, we will transfer your data – provided this is technically possible – to another responsible person. However, you are only entitled to this right if the data processing is based on your consent or is required to fulfil a contract. Instead of receiving a copy of your data, you may ask us to submit the data directly to another responsible person specified by you.
Right to objection (Article 21 GDPR): You may object to the processing of your data at any time for reasons that arise from your particular situation, if the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can prove compelling legitimate reasons for the processing that outweigh your interests or we need your data to assert, exercise or defend legal claims.
Time limits for the fulfilment of data subject rights
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right of the data subject or the complexity of your request.
Restriction of information in the fulfilment of data subject rights
In certain situations, we may be unable to provide you with information about all of your data due to legal requirements. If we have to decline your request for information in such a case, we will inform you at the same time about the reasons for the refusal.
Complaint to regulators
We take your concerns and rights very seriously. However, if you believe that we have not adequately responded to your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.