The high standards you place on the qualities of our products and services govern how we handle your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospective customers. The confidentiality and integrity of your personal data is one of our prime concerns.

Who is responsible for data processing?

Digital Charging Solutions GmbH, Brunnenstraße 19-21, 10119 Berlin, Germany (“DCS”) provides the customer with the BMW Charging services as data controller and is responsible for related data processing activities.

What data do we process about you, for what purpose and how long is the data stored?

The personal data collected in connection with entering into a BMW Charging contract or providing the BMW Charging services are processed to enter into the BMW Charging contract, to allow the customer to use the BMW Charging services (e.g. charging at a charge station) and to invoice the BMW Charging services to the customer. (Art. 6(1)(b) EU General Data Protection Regulation “GDPR”).

Conclusion of contracts

In connection with entering into a BMW Charging contract, the following data categories are processed:

  • contact data (e.g. last name, first name, address, email address)
  • account data (e.g. the BMW Charging login account, payment details)
  • vehicle data (VIN)

The contractual data are automatically erased after expiry of the BMW Charging contract; financial transactions are erased in accordance with the statutory provisions after 10 years.

Provision of services

For the purposes of the provision of the BMW Charging services by DCS the following (where required, personal) information is processed (Art. 6(1)(b) GDPR):

  • an individual identification number which is allocated to the BMW Charging card respectively the authentication instrument used by the customer at a charging station
  • the charge detail records showing the charging events conducted by the customer.
  • the location of the charging station where the charging events are conducted and the location of the customer (the location only to the extent that an e-route service is offered and to the extent the customer has activated the GPS function in the BMW Charging app).
  • All other data collected during the charging process.

Although the provision of these data is not required to enter into the BMW Charging contract, DCS is unable to provide you with the respective service if these data are not provided and are not processed. The processed personal data are automatically erased after 90 days unless they are needed longer for the provision of a specific service.

The provision of the customer's vehicle data is necessary for the correct handling of the billing of the charging process with our service provider. The VIN is required to identify the corresponding contractual relationships.

DCS uses commissioned service providers to provide the BMW Charging services.

Securing product quality, research and development of new products

Beyond the mere provision of BMW Charging services, the data collected are also processed for the purposes of quality assurance of the BMW Charging services offered by DCS and for the development of new related services by DCS. These processing activities serve the legitimate interests of DCS to comply with the high standards placed by our customers on existing services and to be capable of satisfying our customers' future wishes through the development of new services (Art. 6(1)(f) GDPR). In order to protect our customers' privacy, the data processed in accordance with this section are processed exclusively in a form that is not directly traceable to the customer.Furthermore, the contact details are used to send direct advertising for our own, similar services or products of DCS (Art. 6 (1)(f) GDPR). The customer will be contacted by email or via the app. At any time, the customer has the right to object to the processing of personal data for the purposes of such advertising using the contact options below.

We also analyse your user behaviour in our mobile apps. This is to adapt the quality and user-friendliness of our services to the wishes of our customers, also in the context of the mobile apps (Art. 6(1)(f) GDPR). This serves the legitimate interest DCS in meeting growing customer demands. You have the opportunity to object to this processing in our mobile apps at any time.

The following data categories are processed in connection with user behaviour in our mobile apps:

General use: Start and end of use (date and time), length of stay, use of individual functions, buttons and page views, search behaviour and search terms, use of promotions such as voucher codes

Device-related data: Device type, operating system, language settings, time zones, location, app settings, app crashes and other errors

This personal information will be transferred to Mixpanel, Inc. (405 Howard St., 2nd Floor, San Francisco, CA 94105) for processing. Mixpanel, Inc is EU-US Privacy Shield certified, thus ensuring an appropriate level of data protection.

Advertising communication and market research based on consent

If you have separately given your consent to the further use of your personal data, your personal data may be used to the extent described in the consent declaration, e.g. for marketing purposes and/or market research, and where applicable disclosed to third parties (Art. 6(1)(a) GDPR). Further details can be found in the respective consent declaration, which can be revoked at any time.

Legal obligation

Furthermore, DCS will process personal data if it has a legal obligation to do so (Art. 13(1)(c), Art. 6(1)(c) GDPR). For example, DCS may be legally obliged to disclose personal data to public authorities or other third parties.

Third party services (Google Maps)

In order to ensure the correct input of addresses, we have integrated into our website the service Google Maps from Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) through an API. Google acts on our behalf in this matter. In order to display the content in your browser, Google must receive your IP address, otherwise Google will not be able to provide you with this embedded content.

The legal basis for processing arises from Art. 6(1)(a) of the GDPR, i.e. we process your personal data based on your consent.

By using Google Maps, information about your use of this website (including your IP address) may be processed in countries outside the European Union (including the United States). There may not be an “adequate level of protection” for the processing of personal data in these third party countries from the European Union's standpoint. However, such a level of protection can be created via certain measures. This measure is in place by what is called the EU-US Privacy Shield. You can find details on certification according to the EU-US Privacy Shield on this US government website (unfortunately, only officially available in English): https://www.privacyshield.gov. Google may transfer the information obtained from Maps to third parties, if required by law or to the extent that third parties process this data on behalf of Google.

You can deactivate the Google Maps service and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we would point out that in this case you cannot use the map display on our pages.

More information on the purpose and scope of the data collection and its processing by Google Maps can be found in the privacy policy. There you will also find further information about your rights as well as settings options for the protection of your privacy:https://policies.google.com/privacy.

How do we protect your personal data?

We secure your data using state-of-the-art technology. By way of example, the following security measures are used to protect your personal data against misuse or any other form of unauthorised processing:

  • access to personal data is restricted to only a limited number of authorised persons for the specified purposes;
  • collected data are transferred only in encrypted form;
  • furthermore, access to these IT systems is monitored permanently in order to detect and avert misuse at an early stage.

We only store your personal data for as long as is required for the respective purpose. If data are processed for multiple purposes, they are automatically erased, or stored in a form that is not directly traceable to you, as soon as the last specified purpose has been fulfilled.

Contacting us, your data protection rights and your right to complain to the Data Protection Authority

You are entitled to request access to your personal data, to request the rectification/erasure or restriction of processing, to object to the processing by contacting Digital Charging Solutions GmbH, Brunnenstraße 19-21, 10119 Berlin, E-Mail: dataprotection@digitalchargingsolutions.com. If you are in the opinion that we do not take your concerns or complaints regarding the processing of data seriously you can also reach out to the responsible regulatory authority.

If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. To this end, please contact Digital Charging Solutions GmbH, Brunnenstraße 19-1, 10119 Berlin, E-Mail: dataprotection@digitalchargingsolutions.com