MINI DATA PROTECTION INFORMATION.

The high standards you expect from the features of our products and services are our guideline for handling your data. It is our aim to establish and preserve the basis for a trusting business relationship with our customers and potential customers. We regard the confidentiality and integrity of your personal data as an important matter. We will therefore process and use your data carefully for specific purposes in line with the consent you have granted and in accordance with legal provisions for data protection.

 

The MINI data protection information described in the following sections how MINI Asia / BMW AG collects, processes, and uses personal data of their customers and potential customers. 

Topics overview

  • Who is responsible for data processing operations?

    As defined by the basic EU data protection regulations, BMW AG (hereinafter referred to as "BMW" and/or "we" and/or "us"), Petuelring 130, 80788 Munich, is responsible for the processing of your personal data. The headquarters of BMW AG are in Munich.

     

    BMW AG is the parent company of the BMW Group and through the organizational entity MINI Asia, it coordinates business activity for the sale of MINI automobiles, original MINI parts, accessories and lifestyle products, and associated services in Asia.

     

    Under the auspices of MINI Asia, other organizational entities of BMW AG are also active in providing support for customers and potential customers in Asia. Essentially, these are the areas of MINI App and MINI Online Shops.

     

    MINI Asia authorizes MINI contracted dealers, MINI contracted workshops, – hereinafter referred to as MINI partners where no differentiation is necessary – to provide support and customer care in technical and non-technical matters for customers, potential customers, contract partners, and other interest groups. It operates the website www.mini.com.sg, where it offers the possibility of the online account "MyMINI" and/or "MINI App" and promotes the MINI brand in Asia.

     

    Unless otherwise specified, MINI partners are legally and economically autonomous companies and not part of MINI. As licensees, they use the MINI brand - depending on authorization - for the sale of MINI original parts and accessories, as well as for brand-related maintenance and repairs.

     

    The MINI dealership is authorized by MINI Asia in the same way as MINI partners.

     

    MINI is responsible for any of your data that are processed via the website www.mini.com.sg, your online account MyMINI, MINI App services, your contacts with MINI, and within the framework of MINI direct marketing measures. MINI also processes your data where they are passed on by MINI partners and to the extent that the requirements in compliance with data protection legislation necessary for this are met.

     

    MINI partners are responsible for processing the personal data that you make available to them in the context of your business and customer care in the areas of sales and service. MINI partners also process your data insofar as they are passed on by MINI Asia and to the extent that the requirements in compliance with data protection legislation necessary for this are met.

     

    This data protection information also describes some processing of your data by MINI partners. However, it might be that MINI partners acquire other personal data and have their own data protection information. In this case, you can find out from the data protection information of the respective MINI partner how your data are used there.

  • When does MINI acquire and process personal data?

    MINI acquires and processes your personal data in the following cases, among others:

     

    • When you contact us directly, for example via our website, via MINI Customer Care or the MINI dealership, and you are interested for example in our products or services or have any other concerns.
    • When you purchase products from us directly (for example in the MINI Lifestyle Shop on our website, in a MINI dealership).
    • When you purchase services from us directly (for example MINI App in the MINI App store on our website, maintenance and/or repairs for your vehicle in a MINI dealership).
    • When you request information regarding our products and services (for example mailing of brochures or price lists).
    • When you respond to our direct marketing activities, for example when you complete a reply card or submit your data online on one of our websites (www.mini.com.sg or respective landing pages).
    • When your personal data is sent to us by MINI partners or third parties where and to the extent that the requirements in compliance with data protection legislation necessary for this are met, for example you have granted consent or in full awareness of your right of objection have not objected to the forwarding of your data to MINI for the purpose of customer care (for example recognizing you if you contact MINI Customer Care) and contact in writing (for example sending the MINI welcome package following a vehicle purchase).
    • When you send us your vehicle data (with the vehicle identification number) within the framework of the service process and maintenance / repair services of our MINI contracted workshops and MINI dealership.
    • When other BMW Group companies as well as our business partners provide data about you in a manner that is permitted.
    • When third parties (for example certified address vendors) provide personal data about you in a manner that is permitted.

     

    Please help us to keep your details up to date by notifying us regarding changes to your personal data – in particular your contact data.

  • Which data about you can be collected?

    The following categories of personal data can be collected via the numerous services and contact channels described in this data protection information: 

     

    • Contact data: Name, address, telephone number, e-mail address.
    • Interests: Information you have provided regarding areas that interest you, for example vehicles you find interesting, preferred MINI partners or MINI dealership, hobbies and other personal preferences.
    • Other personal data: Information you have provided regarding date of birth, education, size of household or professional situation.
    • Contract data: Customer number, contract number, booked MINI App services.
    • Online account data: Account information regarding My MINI, MINI App, customer and potential customer portals, payment information you have set (for example credit card number)
    • Use of websites and communication: Information on how you use the website and whether you open or forward messages from us, including data gathered via cookies and other tracking technologies. More information on this can be obtained here [Web link cf. Chapter 5 MINI Cookie policy] in our MINI cookie policy.
    • Transaction and interaction data: Information on purchases of products and services, interactions with MINI Customer Care (your requests and complaints), and MINI, MINI partners or MINI dealership as well as participation in market research surveys.
    • Creditworthiness and identity details: Data to determine your identity, for example driver's license or certificate of registration, part 1; also information regarding transactions, payments that might not have been made to us; including information on cases of fraud, punishable offenses, suspicious transactions, politically prominent persons, and lists of sanctions that contain your data.
    • Use of MINI apps and services: Information on your use of MINI apps (on your mobile user device) and the services of MINI App.
    • Details of vehicle functions and settings: Information on the functions and current settings of your vehicle (identified on the basis of the vehicle identification number), for example MINI TeleServices, MINI App services with MINI CarData.
    • Technical data of the vehicle: Data created and/or processed in the vehicle. 

     

    Operating data in the vehicle

     

    Control unit data processed for operation of the vehicle. This includes, for example:

     

    • Vehicle status information (for example speed, deceleration, lateral acceleration, wheel speed, display of fastened seat belts)
    • Ambient conditions (for example temperature, rain sensor, distance sensor).

     

    As a rule, these data are volatile and are not saved beyond the operating time; they are only processed in the vehicle itself. Control units contain data memories (among other things, also the vehicle ignition key). These are deployed to be able to document information regarding the vehicle condition, component stress, maintenance requirements, as well as technical events and faults temporarily or permanently.

     

    The following are stored depending on the technical equipment:

     

    • Operating states of system components (for example fill levels, tyre pressure, battery status)
    • Malfunctions and defects in important system components (for example light, brakes)
    • Reactions of the systems in special driving situations (for example activation of an airbag, deployment of the stability control systems)
    • Information regarding events that damage the vehicle
    • In the case of electric vehicles, state of charge of the high-voltage battery, estimated range

     

    In special cases (for example if the vehicle has detected a failure), it can be necessary to save data which would normally only be volatile.

     

    If you use services (for example repairs, maintenance work), the stored operating data can be read out and used together with the vehicle identification number, if required. Employees of the MINI partner or MINI dealership or third parties (for example breakdown services) can read the data from the vehicle. The same applies to cases of warranty and quality assurance measures.

     

    As a rule, the data are read using the legally prescribed connection for OBD (On-Board Diagnosis) in the vehicle. The operating data that are read document technical states of the vehicle or individual components and help with diagnosis, adherence to warranty obligations, and improvements in quality. These data, particularly information regarding component stress, technical events, incorrect operation, and other errors, are transferred together with the vehicle identification number to MINI, if necessary. Over and above this, MINI is subject to product liability. MINI also uses operating data from vehicles for this, for example for recall campaigns. These data can also be used to check customer warranty claims and claims for subsequent improvement.

     

    Error memories in the vehicle can be reset at your request by a service center within the framework of repairs or servicing.

     

    Comfort and infotainment functions

     

    You can save comfort settings and individualization in the vehicle and change or reset them at any time.

    These include, depending on the respective equipment:

     

    • Settings of the seat and steering-wheel positions
    • Chassis and climate control setting
    • Individualizations such as interior lights.

     

    Within the framework of the selected equipment, you can enter data yourself in the infotainment functions of the vehicle. These include, depending on the respective equipment:

     

    • Multimedia data such as music, films or photos for playback in an integrated multimedia system
    • Address book data for use in conjunction with an integrated hands-free system or an integrated navigation system
    • Entered navigation destinations
    • Data regarding the use of internet services

     

    These data for comfort and infotainment functions can be stored locally in the vehicle or they are on a device you have connected to the vehicle (for example smartphone, USB stick or MP3 player). If you have entered data yourself, you can delete them at any time.

     

    These data are only transferred from the vehicle at your request, particularly within the framework of using online service in line with the settings you have chosen.

     

    Smartphone integration, for example Apple CarPlay

    If your vehicle has the corresponding equipment, you can connect your smartphone or another mobile user device to the vehicle and operate it using the operating elements integrated in the vehicle. The images and sound of the smartphone can be output via the multimedia system. At the same time, certain information is transferred to your smartphone. Depending on the type of integration, this includes for example position data, daytime / night-time mode and other general vehicle information. Please consult the "Infotainment Systems" section of the vehicle owner's manual for more information.

    The integration enables the use of selected apps of the smartphone, for example navigation or music playback. There is no other interaction between a smartphone and the vehicle, in particular no active access to vehicle data. The way other data is processed is determined by the provider of each app that is used. Whether you can make any settings and, if so, which settings you can make, depends on the respective app and the operating system of your smartphone.

     

    Online services

     

    If your vehicle has a mobile phone network connection, this enables the exchange of data between your vehicle and other systems. The mobile phone network connection is enabled by the vehicle's own transmitter and receiver unit or a mobile user device (for example smartphone) that you take into the vehicle. Online functions can be used across this mobile phone network connection. These include online services and applications / apps provided by the manufacturer or other providers.

     

    MINI online services

     

    In the case of MINI online services, the respective functions are described at suitable points by MINI (for example Owner's Manual, MINI Driver's Guide App, MINI websites) and the associated information in compliance with data protection legislation. Personal data can be used to provide online services. The data exchange for this takes place across a protected connection, for example with the BMW IT systems specifically designed for the purpose. Any data acquisition, processing, and use of personal data that goes beyond the provision of services takes place exclusively on the basis of legal permission, for example in the case of a legally prescribed emergency call system, a contract, or consent that has been granted.

     

    You can have the services and functions (some of which are subject to charges) – and in some cases also the entire mobile phone network connection of the vehicle – enabled or disabled. Excluded from this – where technically possible – are legally prescribed functions and services such as an emergency call system.

     

    Third-party services

     

    If you use the possibility to have online services of other providers (third parties), these services are the responsibility of the respective provider and are subject to their data protection conditions and terms of use. MINI has no influence on the content exchanged here.

     

    You should therefore obtain information from the respective service provider regarding the nature, scope, and purpose of the collection and use of personal data within the framework of third-party services.

     

     

    • Data for localization of the vehicle: Details of the location of your vehicle or mobile user device. MINI can receive these data in the course of providing MINI App services and the MINI App and uses these data in line with the detailed service descriptions of the respective services as well as the security precautions for location data.

  • What is the purpose of processing your data?

    The data acquired in the context of contract conclusion or the provision of services are processed for the purposes stated below. An explanation of the area of application of the available legal basis can be found here.

     

    A.    Compliance with contractual duties within the framework of the sale, maintenance, and repair of vehicles
    (Article 6, Paragraph 1 b of basic EU data protection regulations)

     

    MINI dealership, and MINI partners acquire, process, and use personal data within the framework of the sales processes or maintenance and/or repair in the dealership.

     

    Within the framework of the sales processes, personal data are used at the MINI dealership to manage the purchasing agreement, to carry out test drives, and to transfer information related to your vehicle purchase.

     

    Within the framework of these activities, the data categories stated below are processed:

     

    • Contact data (last name, first name, address, e-mail address etc.)
    • Account data (MINI App or My MINI account, bank details, etc.)

     

    MINI dealership, and MINI partners use your personal data for contract administration (for example vehicle ordering, workshop / repair order, booking MINI App services) or to handle any request you have submitted (for example offer, test drive request). Regarding all aspects of contract administration or dealing with a concern, we will contact you without separate consent, for example in writing, by telephone, per messenger service, per e-mail, depending on which contact data you have specified.

     

    Within the framework of the maintenance and repair processes and/or services at MINI contracted workshops and MINI dealership, special diagnosis units are used to read technical data relevant to vehicle service from the electronic control units fitted in the vehicle. These data are processed and used in the workshop by trained technicians for the diagnosis and rectification of any malfunctions. These technical data regarding the vehicle essentially consist of

     

    • Vehicle master data (for example vehicle identification number, type of vehicle, date of manufacture, vehicle equipment)
    • Vehicle condition data (measured values, for example mileage)
    • Error memory entries (for example failure of turn indicator)
    • Load duty spectrums
    • Software versions
    • Service and workshop data (for example service requirements, work performed, fitted spare parts, cases of warranty, workshop reports) 

     

    MINI can access the above information in order to support MINI contracted workshops and MINI dealership with technical or other challenges they face in providing their services.

     

    Over and above this, the persons responsible mentioned above possibly receive to a limited extent data regarding the location of the vehicle where this is required for the purpose of contract fulfilment (for example within the framework of MINI Roadside Assistance). The data are used exclusively in line with the security precautions for location data.

     

    B.    Compliance with contractual duties for the provision of digital vehicle-based services
    (Article 6, Paragraph 1 b of basic EU data protection regulations)

     

    In order to execute any MINI App contract concluded between you and MINI, MINI provides various services, for example Intelligent Emergency Call, Concierge Service, Real Time Traffic Information (RTTI), TeleServices etc.

     

    For the provision of these services, the following personal information from the vehicle is processed by BMW and its commissioned service providers:

     

    • Vehicle status data (mileage, battery voltage, door and flap status, etc.)
    • Position and movement data (time, position, speed, etc.)
    • Vehicle maintenance date (due date of next service, oil level, brake wear, etc.)
    • Dynamic traffic information (traffic jams, obstacles, signs, parking spaces, etc.)
    • Environmental information (temperature, rain, etc.)
    • User profile (configured news, e-mail, audio providers, etc.)
    • Sensor information (radar, ultrasonic signal, gestures, voice, etc.)

     

    The processed personal data are automatically deleted after 4 weeks unless they are required for a longer period for the provision of the special service.

     

    You can have the services and functions (some of which are subject to charges) – and in some cases also the entire mobile phone network connection of the vehicle – enabled or disabled. Excluded from this – where technically possible – are legally prescribed functions and services such as an emergency call system.

     

    For provision of the MINI App services, the following personal data are processed:

     

    • Vehicle status data (mileage, battery voltage, door and flap status, etc.)
    • Position and movement data of the vehicle and mobile user device (time, position, speed, etc.)
    • Vehicle maintenance date (due date of next service, oil level, brake wear, etc.)
    • Dynamic traffic information (traffic jams, obstacles, signs, parking spaces, etc.)
    • Environmental information (temperature, rain, etc.)
    • User profile (configured news, e-mail, audio providers, etc.)
    • Sensor information (radar, ultrasonic signal, gestures, voice, etc.)

     

    Position and movement data are used exclusively in line with the security precautions for location data.

     

    If you do not want this processing of your personal data, you can – where technically possible – cancel your consent within the MINI App or remove the MINI App from your mobile user device.

     

    C.    Ensuring product quality, research and development of new products
    (Article 6, Paragraph 1 f of basic EU data protection regulations)

     

    MINI uses the data (including location data) acquired as a result of the provision of services by MINI dealership or MINI partners in a depersonalized form to ensure the quality of products and services as well as for the purposes of research and development. "Depersonalized" means that the data can no longer be traced directly to you or your vehicle.

     

    This processing is based on the legitimate interest of BMW AG in meeting the high expectations of our customers with regard to high-quality products and services and taking account of the customer wish to have newly developed, innovative solutions. To protect your interests – alongside de-personalization – additional security precautions and controls are implemented as required, for example strict data access restrictions, restrictions in data use, security measures, retention periods, as well as data economy principles such as exclusively gathering relevant data.

     

    D.    Compliance of sales, service, and administration processes of BMW AG, the national distribution company and MINI partners
    (Article 6, Paragraph 1 f of basic EU data protection regulations)

     

    In order to continuously optimize the customer experience and cooperation with MINI partners and customer care by MINI dealership, we create evaluations and reports on the basis of contract information and share these with the MINI partners responsible. The main purpose of these evaluations is to initiate corresponding measures (for example training courses for Sales and Service personnel) to improve application and sales processes. We will create the reports described above in an aggregated and anonymized form, i.e. the recipients of the reports are unable to draw any conclusions regarding you as a person from the data they contain.

     

    Parts of the acquired vehicle-specific data are also processed - where required - for compliance with the service processes (for example repair, warranty, goodwill) of MINI dealership as well as MINI contracted workshops and national BMW Group sales companies (including their branch offices) in the European economic area and other countries named in the BMW quality letter. This processing is within the legitimate interest of BMW to offer our customers the best possible service process. The processing also occasionally takes place in the context of legal specifications (for example repair and maintenance information based on specifications from the point of view of competition). As a general principle, to protect the private sphere of our customers, the processing of technical data is vehicle-based and without a direct link to the customer.

     

    The following data categories are used for this:

     

    • Vehicle master data (for example vehicle identification number, type of vehicle, date of manufacture, vehicle equipment)
    • Vehicle condition data (measured values, for example mileage)
    • Error memory entries (for example failure of turn indicator)
    • Load duty spectrums
    • Software versions
    • Service and workshop data (for example service requirements, work performed, fitted spare parts, cases of warranty, workshop reports)

     

    The technical vehicle data are deleted at the end of the lifecycle of the vehicle.

     

    BMW AG is a company of the BMW Group. In some cases, we process your data to ensure that the different companies within the BMW Group are managed as efficiently and successfully as possible. This concerns, for example, joint consolidated accounting in line with International Financial Reporting Standards (IFRS) for companies.

     

    E.    Customer care
    (Article 6, Paragraph 1 b, g & f of basic EU data protection regulations)

     

    MINI dealership, and MINI partners use your personal data for contract administration (for example vehicle ordering, workshop / repair order, booking MINI App services) or to handle any request you have submitted (for example offer request, test drive request, queries and complaints to MINI Customer Care). Regarding all aspects of contract administration or dealing with a concern, we will contact you without separate consent, for example in writing, by telephone, per messenger service, per e-mail, depending on which contact data you have specified.

     

    We will also contact you if your vehicle is affected by a so-called technical campaign or recall. As technical campaigns are usually measures of great importance (for example avoiding danger to vehicle occupants, avoiding damage to the vehicle), we contact you directly or indirectly through our MINI partners or our MINI dealership using the contact data you have specified in order to comply with our legally required duty to inform.

     

    We will also contact you in carefully considered cases with promotional communication (for example mailing the welcome package following a vehicle purchase or a letter indicating the end of the warranty period and offer of a vehicle check) if and to the extent that the requirements in compliance with data protection legislation necessary for this are met and in full awareness of your right of objection you have not objected to the use of your data for the purpose of written communication.

     

    BMW also processes your personal data on this basis to optimize your experience with MINI Customer Care, e.g. to identify you correctly if you make contact with us.

     

    F.    Promotional communication as well as market research based on consent
    (Article 6, Paragraph 1 a of basic EU data protection regulations)

     

    Insofar as you have separately given your consent to further use of your personal data, your personal data may be used in accordance with the scope described in the consent, for example for promotional purposes (selected offers of products and services), and/or market research and, if necessary, forwarded to certain subsidiaries of BMW AG and selected MINI partners. Details are included in the respective declaration of consent, which you can revoke at any time.

     

    If you have given the corresponding consent to promotional communication, MINI gathers and processes the relevant data.

     

    Contact information, for example:

    • Name, address, e-mail, telephone number

     

    Supplementary personal details / preferences, for example:

    • Company name, your relationship with this company if you use a company car or are our contact person for this company
    • A possible point in time at which you need a new vehicle and your interest in MINI vehicles and services as well as your requests for information and test drives etc.
    • Preferred and/or current MINI partner or dealership
    • Vehicle identification number and other attributes linked to this
    • Interests and hobbies
    • Status of your data protection declaration of consent and selected and/or preferred communication channel

     

    Identification data, for example:

    • Customer number, contract number

     

    Customer history, for example:

    • Vehicle purchase data, including model, configurations, purchase date, date of 1st registration, license plate number, purchase order date, delivery date, holder, list price
    • Data acquired at MINI partners and dealership (such as point in time of contact and contact type, service history)
    • Campaign history and resonance (customer and potential customer care program and direct marketing measures
    • Participation in events
    • Inquiry and complaint history at MINI Customer Care

     

    Vehicle use data, for example:

    • Contract data for MINI App, for example booking online entertainment

     

    App / website / social media data

    If you have registered or logged in, your account data, for example at MyMINI or MINI App. MINI uses the sales and customer care data acquired in this way:

    • To determine which information and offers are most likely to be of interest to you
    • To make contact with you in the context of this information and these offers
    • To send promotional communication (e.g. product launches or invitations to events) in line with your data protection declaration of consent. 

     

    In the data protection declaration of consent, you also lay down the communication channels (e.g. post, telephone, e-mail) we are permitted to use to contact you. A conclusive list of data of these categories can be viewed here.

                                                                   

    As a rule, data processing for promotional purposes takes place in Asia; under no circumstance are personal data transferred to a country outside the EU.

     

    G.    Compliance with legal obligations to which MINI is subject
    (Article 6, Paragraph 1 c & f of basic EU data protection regulations)

     

    MINI will also process personal data if there is a legal obligation to do so. This can be the case, for example, if we contact you if your vehicle is affected by a technical campaign or recall.

     

    Gathered data are also processed within the framework of ensuring the operation of IT systems. Ensuring operation involves the following activities:

     

    • Backup and restore of data processed in IT systems
    • Logging and monitoring of transactions to check the correct function of IT systems
    • Detection and defense against unauthorized access to personal data
    • Incident and problem management to remedy malfunctions in IT system.

     

    Gathered data are also processed within the framework of internal compliance management in which we, for example, check whether you have been advised to an adequate extent within the framework of concluding a contract and that the MINI partner has complied with all legal obligations.

     

    MINI is subject to a large number of other legal obligations. In order to fulfill these obligations, we process your data to the required extent and, if necessary, pass them on to the authorities responsible within the framework of legal obligations of notification.

     

    We also process your data in the event of legal conflicts if the legal conflict makes processing the data necessary.

     

    H.    Data transfer within the BMW Group

     

    BMW AG is a company of the BMW Group. In some cases, after a careful check, we send your data to other companies of the BMW Group, who are then responsible for further processing. Such a data transfer can occur under the following circumstance and for the following purposes:

     

    Please bear in mind that this is not a complete or conclusive list of the data transfer operations within the BMW Group, rather only examples intended to make the data transfers more transparent.

     

    If you have given us your express consent beforehand to share your data with other companies of the BMW Group for promotional or marketing purposes. This concerns:  

     

    • For compliance with the sales, service, and administration processes of BMW AG, cf. point G.
    • In the course of group reporting, we might transfer data, for example we transfer invoice-relevant information for the respective vehicle identification numbers in the case of leased vehicles for assessment of the residual values.

     

    I.    Data transfer to selected third parties

     

    Data are forwarded to the following companies, among others, if and to the extent that the requirements in compliance with data protection legislation necessary for this are met:

     

    • To MINI partners (for example in order to be able to comply with your request for a test drive or a service and submit specific offers). Your requests are forwarded with priority to your preferred MINI partner, the MINI partner where you purchased products or services, the partner with whom you are in contact. If you have not yet had any contact with a MINI partner that we are aware of, we forward your inquiry to a MINI partner in your region.

     

    To MINI partners for data updates, for example of your contact data. The data for a data update are forwarded to all MINI partners that keep you in their address list.

     

    • To carefully selected and checked service providers and business partners with whom we cooperate to be able to offer you products and services. We do this for BMW AG only within the framework of the strict conditions of data processing on your behalf or on the basis of your express consent (for example transfer to the insurance provider of MINI accident and breakdown cover, if you so wish).
    • In the event of the sale of a business unit or several business units of BMW AG to a company to which we assign our rights in compliance with all agreements that exist between us.
    • To other third parties (for example public authorities) to the extent that we are legally obliged to do so.

     

    Via our MINI CarData platform, you also have the possibility to instruct us what personal data we have gathered within the framework of providing MINI App services is to be forwarded to authorized third parties you have selected (for example your motor vehicle insurance company). This occurs exclusively based on your consent, which you can revoke at any time. 

  • How do we protect your personal data?

    We deploy various security measures such as encryption and authentication tools in line with the current state of the art to protect and maintain the security, integrity, and availability of your data.

     

    100% protection against unauthorized access in the case of data transfers across the internet or a website cannot be guaranteed, but we and our service providers and business partners do our utmost to protect your personal data in line with the prevailing data protection regulations by means of physical, electronic, and process-oriented security precautions in line with the current state of the art. Among other things, we use the following measures:

     

    • Strict criteria for authorization to access your data according to the "need-to-know principle" (restriction to as few people as possible) and exclusively for the specified purpose
    • Transfer of acquired data exclusively in encrypted form
    • Storage of confidential data, for example credit card data, exclusively in encrypted form
    • Firewall safeguarding of IT systems to provide protection against unauthorized access, for example by hackers
    • Permanent monitoring of accesses to IT systems to detect and prevent the misuse of personal data

     

    If you have received a password from us or have assigned one yourself to gain access to certain areas of our website or other portals, apps, or services that we operate, you are responsible for keeping this password confidential and for compliance with all other security procedures of which we make you aware. We ask you in particular not to tell anyone your password.

     

    Security precautions for location data

     

    Certain services can only be offered if you reveal your location or the location of your vehicle. We take the confidentiality of these location data very seriously.

     

    Your location data (including data accessed within the framework of vehicle maintenance) are therefore protected with the following security precautions:

     

    • They are only stored in a form that can be traced to you or your vehicle as required to fulfill the intended purpose to which you have agreed.
    • Data are only gathered and accessed in this form when they are required to provide the requested service.
    • Data are also gathered and accessed in this form to the extent that we are legally obliged to store or pass on the data.
    • Data for localization of the vehicle and data for localization of a / your mobile user device are only linked if this is necessary to provide the requested service.
    • Any other use of location data for the purpose of analysis takes place using data records that have been anonymized beforehand.

     

    We, your MINI dealership and MINI partner might have access to the data for localization of the vehicle and BMW AG might have access to the data for localization of the / your mobile user device via the services provided (for example MINI App).

     

    On purchasing the vehicle or activating or configuring the MINI App services or the MINI App, you receive a detailed description of the location data that are transferred to provide location-specific services.

     

    Via the MINI App portal, the MINI App or directly in the vehicle – where technically possible – you can set whether we are permitted to continue gathering and processing these data, thus preventing future data acquisition. Please bear in mind that we might no longer be able to provide certain aspects of our services if you have restricted the gathering of location data. 

  • How long do we keep your data?

    In line with article 17 of the basic EU data protection regulations, we will keep your data only as long as necessary for the respective purposes for which we process your data. If we process data for a number of purposes, they are automatically deleted or stored in a format that does not permit conclusions to be drawn directly as regards your person as soon as the last specific task has been performed. To ensure that all of your data are deleted in line with the principle of data minimization and article 17 of the basic EU data protection regulations, MINI has created an internal deletion concept. The fundamental principles by which this deletion concept envisages the deletion of your personal data are described below.

     

    Use for compliance with a contract


    To comply with contractual obligations, data acquired from you can be kept for as long as the contract is in force and - depending on the nature and scope of the contract - for 6 or 10 years beyond this point in order to comply with legal requirements for preservation and to ensure clarification of any queries or claims after the end of the contract.

     

    Over and above this, there are contracts for the delivery of products and services that necessitate longer retention periods, see also "Use for the assessment of claims" below.

     

    Use for the assessment of claims


    Data that in our opinion will be necessary to assess and avert claims against us or to initiate criminal proceedings or assert claims against you, us or third parties can be kept by us for as long as corresponding proceedings could be initiated.

     

    Use for customer care and marketing purposes


    For customer care and marketing purposes, the data acquired from you can be kept for 3 to 10 years, unless you wish to have these data deleted and there are no contractual or legal requirements for preservation that prevent this request for deletion.

  • Whom do we grant international access to your data and how do we ensure protection?

    BMW AG is a company that operates globally. Personal data are processed by employees of BMW AG, national sales companies, MINI partners, and by service providers we have commissioned, preferably within the EU.

     

    If data are processed in countries outside of the EU, BMW AG uses EU standard contracts, including suitable technical and organizational measures, to ensure that your personal data are processed at the same level as European data protection.

     

    In some countries outside the EU, for example Canada and Switzerland, the EU has already determined a level of data protection comparable with that in Europe. The comparable level of data protection means that data transfer into these countries does not require any special permission or agreement.

     

    To support the provision of the services and intended purposes listed above, BMW AG uses a number of service providers that are commissioned by BMW AG within the framework of the strict conditions of data processing in compliance with data protection legislation.

  • How can you see and change your online data privacy protection settings?

    You can change the settings for the use of your data in MINI online accounts in the corresponding options in your online account "MyMINI", in your MINI App account or in the MINI App at any time.

     

    You can access the following data and, if possible, also change them:

     

    • Consent to promotional communication – here you can choose the communication channels you wish to have (communication by mail, e-mail etc.)
    • MINI CarData – here you can view and download and/or transfer your vehicle data
    • MINI App account – here you can view and change your detailed settings for MINI App. Some settings for MINI App can only be changed using the MINI App or only in the vehicle; please use the corresponding options in the app or in the vehicle.

     

    The settings for the use of your data by MINI partners, however, cannot be changed in your online account, in the area of the data protection portal of BMW AG. To make such a change or if you have any questions regarding the use of your data, you therefore have to contact the respective MINI partner directly.

  • Contact us regarding your data privacy protection rights, and your rights to file complaints with data privacy protection authorities

    If you have any questions regarding the use of your personal data by us, it is best to contact MINI Customer Care first – either by e-mail to minikundenbetreuung@mini.de or by telephone at the number +49 89 1250-16060 (daily 08:00 – 20:00 hrs).

     

    As the person affected by the processing of your data, the basic EU data protection regulations and other relevant data privacy protection regulations enable you to assert certain rights in relation to us. The following section contains explanations of your rights as defined by the basic EU data protection regulations. Depending on the type and scope of your inquiry, we ask you to put the inquiry in writing.

     

    Rights of persons affected

     

    In line with the basic EU data protection regulations, as the person affected, you have the following rights in particular vis-à-vis MINI:

     

    Right to information (Article 15 of basic EU data protection regulations):

    You can ask us for information regarding any data of yours that we keep at any time. This information concerns, among other things, the data categories we process, for what purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in other copies, we reserve the right to charge for the additional copies.

     

    Right to correction (Article 16 of basic EU data protection regulations):

    You can request that we correct your data. We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete, and up to date, based the latest information available to us.

     

    Right to deletion (Article 17 of basic EU data protection regulations):

    You can request that we delete your data provided the legal requirements have been met. In accordance with Article 17 of basic EU data protection regulations, this can be the case if;

    • The data are no longer required for the purposes they were acquired or otherwise processed
    • You revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing
    • You object to the processing of your data and there are no legitimate reasons for the processing or you object to data processing for the purposes of direct advertising
    • The data have been processed illegally

     

    Where the processing is not necessary;

     

    • To ensure adherence to a legal obligation that requires us to process your data
    • In particular with regard to legal retention periods
    • To assert, exercise or defend against legal claims

     

    Right to restriction of processing (Article 18 of basic EU data protection regulations):

    You can request that we restrict the processing of your data if;

     

    • You dispute the correctness of the data - for the period of time we need to check the correctness of the data
    • The processing is illegal but you do not wish to have your data deleted and request a restriction of use instead
    • We no longer need your data, but you need them to assert, exercise or defend against legal claims
    • You have filed an objection to the processing, though it has not yet been decided whether our legitimate grounds outweigh yours.
    •  

    Right to data transferability (Article 20 of basic EU data protection regulations):

    At your request, we will transfer your data – where technically possible – to another responsible entity. However, this right only applies if the data processing is based on your consent or is required to fulfill a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.

     

    Right to objection (Article 21 of basic EU data protection regulations):

    You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party. In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.

     

    Time limits for compliance with the rights of persons affected

     

    As a general principle, we make every effort to comply with all requests within 30 days. This time limit, however, can be extended for reasons related to the specific rights of persons affected or complexity of your request.

     

    Restriction in the provision of information regarding the rights of persons affected

     

    In certain situations, legal specifications might require us not to provide information regarding all of your data. If we have to refuse your request for information in such a case, we will inform you of the reasons for refusal at the same time.

     

    Complaints to supervisory authorities

     

    BMW AG takes your reservations and rights very seriously. However, if you are of the opinion that we have not dealt with your complaints or reservations adequately, you have the right to submit a complaint to the data privacy protection authorities responsible.