What are the BMW companies in Finland
BMW Finland provides services through a number of different parties in Finland.
Oy BMW Suomi AB coordinates the BMW business in Finland: it appoints dealers and agents, deals with second level support and technical issues, operates the BMW.fi website and the ConnectedDrive Service and promotes the BMW brand.
BMW AG is the parent company of the BMW Group and provides much of the IT infrastructure through the above mentioned companies. Dealers provide services to customers and third level support for technical issues.
BMW Finland is responsible for, and “the data controller” of, your information that it receives through the BMW.fi website, MyBMW account, ConnectedDrive Service, and through dealing with any second level support and technical issues.
Dealers are data controllers of information about you that you and in addition BMW Finland provides them in relation to your sales and service requests.
BMW AG is generally a service provider or data processor to the above mentioned parties. However, BMW AG is in addition the data controller for information received through the usage of the Connected App as well as a joint data controller for the technical provisioning of ConnectedDrive Services.
All of the controllers listed above will ensure with reasonable effort that any questions related to processing by any other controllers as listed above are routed to the correct controller for response.
The contact details of each of the controllers listed above and their data protection officers can be found here.
How do we collect your personal information
BMW companies in Finland process your personal information amongst others in the following occasions:
• If you contact us directly e.g. via the bmw-motorrad.fi website or via our customer hotlines to request information about our products and services.
• If you buy a product or service directly from us (e.g. BMW lifestyle shop or ConnectedDrive store at our website).
• If you reply to our direct marketing campaigns, e.g. filling out a response card or entering data online at one of our web sites.
• If your contact details are transferred from authorised dealers or other third parties with your permission.
• If your vehicle data (incl. vehicle identification number) are transferred to BMW AG while you’re having your vehicle serviced or repaired at e.g. authorized dealers.
• If other BMW Group legal entities or business partners permissibly transfer your personal data to us.
• If we acquired your personal data from other sources (e.g. commercial address brokers).
Please help us to keep your information up to date by informing us of any changes to your contact details or preferences.
What information may be collected about you
• Contact Details ► – name, address, phone numbers, email address.
• Interests ► – information you provide us about your interests, including the type of vehicles you are interested in.
• Site & Communication Usage ► – how you use our site and whether you open or forward our communications, including information collected through cookies and other tracking technologies our Cookies Policy found here
• Sales and Services Information ► – information relating to purchases, support and service, including complaints and claims.
• Credit and Anti-Fraud Information ► – information which establishes your identity, such as driving licences, passports and utility bills; information about transactions, requests for credit and non-payment of debts with us and third parties and credit ratings from credit reference agencies; fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included.
• Device and Service Usage ►– how you use your device (mobile or vehicle) and service offered on the device.
• Vehicle Configuration Details ► – information about the features and current settings of your vehicle (identified by the Vehicle Identification Number).
• Vehicle Technical Information ► – information about how the engine and systems within the vehicle are, or have been, performing.
• Vehicle / Device Location Information ► – your vehicle’s or mobile device’s location.
How may your information be used
Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found here – We note the grounds we use to justify each use of your information next to the use.
Customer Support and Marketing
- to respond to enquiries and to bring you news and offers
►BMW Finland collects Contact Details, Interests, Site & Communications Usage and may use Sales and Service Information that it receives from you through the bmw-motorrad.fi website, and the ConnectedDrive
Service or via the Dealer and information about when your current finance product expires to determine what news and offers are most likely to interest you and to contact you in relation to those offers in accordance with you marketing preferences. BMW Finland may share this information with Dealers to follow up on your requests and to make more specific offers to you.
Vehicle Sales & Service
– to process your sale, configure and service your vehicle
►Dealers will obtain Contact Details, Vehicle Configuration Details, Vehicle Technical Information and Sales and Services Information when you purchase, service or repair a vehicle from or with them as part of the sale or service and will use it to provide the services you request and notify you of issues in relation to your vehicle. This information may be accessed by BMW Finland and BMW AG to troubleshoot technical or other issues relating to the delivery of these services. The above mentioned controllers may also receive limited Vehicle Location Information during the repair process which will be used only in accordance with the Location Information Safeguards
– to assess your eligibility for finance and administer its repayment
►BMW FS will obtain Credit and Anti-Fraud Information from you, credit reference agencies and fraud prevention agencies for the purposes of verifying your identity, complying with its anti-money laundering duties, determining your eligibility for credit and to administer its repayment. This may also involve it obtaining details of your financial associates (a person with whom you have or have had joint personal financial arrangements with). If you give BMW FS false or inaccurate information it will record this. When you ask for credit BMW FS may share any of the preceding information, the request for credit and its response with credit reference agencies. These agencies may share it with other lenders as part of a reciprocal credit analysis and anti-fraud scheme and who may take such information into account in relation to their lending or fraud detection decisions. BMW FS may also share this information with debt recovery agents.
You must read this information before applying for finance.
Some applications may be automatically rejected due to our automated credit or anti-fraud filters. Wherever your application is rejected you may explain your position to BMW FS and BMW FS will reconsider the position if the rejection decision was undertaken without human intervention.
BMW FS does not share this information with Dealers or BMW AG, except the fact that you have taken out a finance option on a vehicle and the date that the option expires or is terminated.
– to provide digital services in the vehicle
– to provide digital services relating to the vehicle through a mobile device
►BMW AG will obtain Contact Information, Device and Vehicle Location Information as well as Device and Service
Usage Information through the provision of these services which it uses in accordance with the detailed service descriptions for each element of the services set out here and the Location Information Safeguards.
Quality Assurance, Research and Development
– to improve our products and services ►
BMW AG may use any of the information that it receives through the provision of services to BMW Finland, Dealers and BMW FS (including Location Information) in de-personalised form for product and service quality assurance and development purposes. Before any such use is undertaken your information will be de-personalized so it can’t be directly linked back to you.
Compliance with binding requests for your information
– to comply with our legal obligations to law enforcement, regulators and the court service
►All the controllers are subject to the laws in the countries in which they operate and must comply with those laws.
This includes to provide your information to law enforcement agencies, regulators and courts and third party litigants in connection with proceedings or investigations anywhere in the world, where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Transfer to 3rd Parties
Personal data which we collected e.g. to fulfill ConnectedDrive Services may be transferred to 3rd parties on your behalf and with your consent only to e.g. execute a pay-as-you drive insurance contract. Further details can be found here.
How do we keep your information safe
We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information. Although data transmission over the Internet or website cannot be guaranteed to be secure from intrusion, we and our subcontractors and business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. We use amongst others measures such as:
• tightly restrict personal access to your data on a „need to know“ basis and for the communicated purpose only,
• transfer collected data only in encrypted form,
• store highly confidential data - e.g. credit card information - only in encrypted form,
• firewalling IT systems to prohibit unauthorized access e.g. from hackers and
• permanently monitor access to IT systems to detect and stop misuse of personal data.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or any other portal, app or service we operate, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Location Information Safeguards
Certain services can only be offered where you disclose your location or the location of your vehicle. We take the confidentiality of that location information very seriously. The following safeguards are applied to Location Information (including information accessed as part of the vehicle service process):
• It is only kept in a form associated to you or your vehicle for as long as necessary to fulfil the purpose consented to.
• It is only obtained or accessed in that form where necessary to provide the service requested or where we are obliged to retain and/or provide the information by law (and where we are required to provide the information to law enforcement or any other third party, we will - notify you unless to do so would prejudice the prevention or detection of a crime or we are not permitted to do so).
• Vehicle Location Information and Device Location Information are not linked unless necessary to provide the service requested.
• Any other use of Location Information for analytics purposes will be undertaken on irreversibly anonymized data sets.
We and the Dealer may have access to Vehicle Location Information and BMW AG may have access to Device Location Information through the services they provide (e.g. ConnectedDrive).
You will have been provided with a detailed description of the location information obtained to provide a location information dependent service when you initially purchased the vehicle or activated or configured the service or application (e.g. ConnectedDrive or Connected App). Please note that we may not be able to provide certain features of our services to you if you limit the collection of your location information.
How long we keep your information for.
We retain your information only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes (for example, where relevant to the defence of a claim against us). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
We restrict access to your information to those persons who need to use it for the relevant purpose.
Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
Use for marketing: In relation to your information used for marketing purposes, we may retain your information for that purpose for [X months] after, the date we last obtained a consent to market to you, or, the date you last responded to a marketing communication from us (other than to opt out of receiving further communications).
Use to perform a contract: In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus [X years] to deal with any queries or claims thereafter.
ConnectedDrive and Connected App: we set out how long we retain Vehicle Location Information and Device Information in relation to each service in the service descriptions here
Where claims are contemplated: in relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
Who may we share your information, and how do we keep it safe.
BMW is a global company. Your personal information may be accessed by our staff, agents or contractors from a country outside the European Economic Area (EEA) for any of the purposes set out, in which data protection laws may be of a lower standard than in the EEA. We will ensure that any of your information that is accessible outside the EEA is handled subject to appropriate safeguards.
Certain countries outside the EEA, such as Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required. In countries which have not had such approval, such as India or Japan, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
Please contact us here if you would like to request to see a copy of the specific safeguards applied to the export of your information.
BMW Finland and BMW AG use a range of service providers to assist them to provides the services and uses listed. BMW AG provides IT and storage services to the controllers in respect of the majority of these uses and therefore stores the majority of your information detailed above on the controllers’ behalves. Although data transmission over the Internet or website cannot be guaranteed to be secure from intrusion, we and our subcontractors and business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements.
All your information is stored on our or our subcontractors’ or business partners’ secure servers (or secure hard copies) and accessed and used subject to our security policies and standards (or equivalent standards of our subcontractors or business partners).
Contacting us, your data protection rights and your right to complain to the data protection authority
Under certain conditions you may have the right to require us to
• provide you with further detail on the use we make of your information,
• provide you with a copy of information that you have provided to us,
• update any inaccuracies in the information we hold,
• to delete any information we no longer have a lawful ground to use,
• where processing is based on consent and in relation to any direct marketing to withdraw you consent so that we stop that particular processing,
• to object to any processing [,including profiling,] based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights,
• restrict how we use your information whilst a complaint is investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority.
Company and Data Privacy Officer Contact Details
If you have any questions in relation to our use of your information you should first contact us:
BMW Finland Oy C/O BMW Northern Europe AB, Box 775, SE-191 38 Sollentuna, Sweden
Visit us at Vetenskapsvägen 10, in Sollentuna, Sweden
BMW Financial Services
Monday to Friday from 08:30 to 16:30 .
Legal grounds for processing of personal data
The use of your information set out above is permitted under EU data protection law on the basis of these principal legal grounds:
• where you have consented to the use (you will have been presented with a consent form in relation to any such use and may withdraw your consent by contacting us on firstname.lastname@example.org);
• where necessary to enter into or perform our contract with you;
• where we need to use it to comply with our legal obligations;
• where we use it to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting the BMW Group business and tailoring news and offers to your profile, research and development of vehicle related products and services, assessing your creditworthiness, detecting fraud and criminal activities);
• where necessary for us to defend, prosecute or make a claim against you, us or a third party.
There may be uses that are permitted on the basis of other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.