The high standards you place on the qualities of our products and services govern how we handle your data. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospective customers. The confidentiality and integrity of your personal data is one of our prime concerns.
Who is responsible for data processing?
Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, Germany (“DCS”) provides the customer with the BMW Charging services as data controller and is responsible for related data processing activities.
What data do we process about you, for what purpose and how long is the data stored?
The personal data collected in connection with entering into a BMW Charging contract or providing the BMW Charging services are processed to enter into the BMW Charging contract, to allow the customer to use the BMW Charging services (e.g. charging at a charge station) and to invoice the BMW Charging services to the customer. (Art. 6(1)(b) EU General Data Protection Regulation “GDPR”).
Conclusion of contracts
In connection with entering into a BMW Charging contract, the following data categories are processed:
- contact data (e.g. last name, first name, address, email address)
- account data (e.g. the BMW Charging login account, payment details)
- vehicle data (VIN)
The contractual data are automatically erased after expiry of the BMW Charging contract; financial transactions are erased in accordance with the statutory provisions after 10 years.
Provision of services
For the purposes of the provision of the BMW Charging services by DCS the following (where required, personal) information is processed (Art. 6(1)(b) GDPR):
- an individual identification number which is allocated to the BMW Charging card respectively the authentication instrument used by the customer at a charging station.
- the charge detail records showing the charging events conducted by the customer.
- the location of the charging station where the charging events are conducted and the location of the customer by displaying a map for easier orientation and ensuring correct addresses (the location only to the extent that an e-route service is offered and to the extent the customer has activated the GPS function in the My BMW app).
- All other data collected during the charging process.
DCS is unable to provide you with the respective service if these data are not provided and are not processed. The processed personal data are automatically erased after 90 days unless they are needed longer for the provision of a specific service.
The provision of the customer's vehicle data is necessary for the correct handling of the billing of the charging process with our service provider. The VIN is required to identify the corresponding contractual relationships.
DCS uses commissioned service providers to provide the BMW Charging services.
Transfer of personal data to charge point operators
When transferring personal customer data to a charge point operator, both DCS and the charge point operator are to be deemed as controllers.
Where DCS acts as an agent of the charge point operator ("Partner CPO") or if the customer has purchased an additional package from the charge point operator via DCS, which result in a separate charging contract between the customer and the charge point operator, DCS transmits the following data to the charge point operator:
Transfer of this data to a charge point operator is necessary to provide the purchased charging services, Art. 6 (1) (b) GDPR.
Securing product quality, research and development of new products
Beyond the mere provision of BMW Charging services, the data collected are also processed for the purposes of quality assurance of the BMW Charging services offered by DCS and for the development of new related services by DCS. These processing activities serve the legitimate interests of DCS and Bayerische Motoren Werke Aktiengesellschaft · Petuelring 130 · 80809 München (BMW AG) to comply with the high standards placed by our customers on existing services and to be capable of satisfying our customers' future wishes through the development of new services (Art. 6(1)(f) GDPR). In order to protect our customers' privacy, the data processed in accordance with this section are processed exclusively in a form that is not directly traceable to the customer. Furthermore, the contact details are used to send direct advertising for our own, similar services or products of DCS (Art. 6 (1)(f) GDPR). The customer will be contacted by email or via the app. At any time, the customer has the right to object to the processing of personal data for the purposes of such advertising using the contact options below.
To improve our services, logged-in users can rate the charging stations of the DCS network, comment on them, or upload user-generated content to a charging station (hereinafter "ratings"). These ratings are stored by DCS together with personal data and used exclusively to improve our services.
DCS reserves the right to display the ratings on the website, app and via other channels (hereinafter "frontends") together with the initials of the customer, in order to make them available to other users for an improved service and customer experience. It is also possible for DCS to make the ratings available to the partners in the DCS network to display on their frontends. Any such use of a rating by DCS or a partner of the DCS network is carried out in a way that protects the user's data in an anonymous form, i.e. only using the user's initials and without other personal information, unless the user has consented in advance to another use.
Every user has the option of deleting their rating via a charging station at any time using the settings in the respective frontends.
We also analyse your user behaviour in our mobile apps. This is to adapt the quality and user-friendliness of our services to the wishes of our customers, also in the context of the mobile apps (Art. 6(1)(f) GDPR). This serves the legitimate interest DCS in meeting growing customer demands. You have the opportunity to object to this processing in our mobile apps at any time.
The following data categories are processed in connection with user behaviour in our mobile apps:
General use: Start and end of use (date and time), length of stay, use of individual functions, buttons and page views, search behaviour and search terms, use of promotions such as voucher codes
Device-related data: Device type, operating system, language settings, time zones, location, app settings, app crashes and other errors
In individual cases, your personal data may be transferred to third parties. These are companies in the categories of IT services, logistics, telecommunications, consulting, customer support, and dunning. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Some third countries are certified by the European Commission as having data protection comparable to the EEA standard through so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a uniformly high level of data protection due to the lack of legal regulations. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company rules, standard contractual clauses issued by the European Commission, certificates or recognised codes of conduct. In addition, the transfer of data outside the European Economic Area (EEA) is based on your consent in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, provided you have given this consent in advance. Please contact us, if you would like further information on this.
Advertising communication and market research based on consent
If you have separately given your consent to the further use of your personal data, your personal data may be used to the extent described in the consent declaration, e.g. for marketing purposes and/or market research, and where applicable disclosed to third parties (Art. 6(1)(a) GDPR). Further details can be found in the respective consent declaration, which can be revoked at any time.
Furthermore, DCS will process personal data if it has a legal obligation to do so (Art. 13(1)(c), Art. 6(1)(c) GDPR). For example, DCS may be legally obliged to disclose personal data to public authorities or other third parties.
Third party services (Google Maps)
In order to ensure the correct input of addresses, we have integrated into our website the service Google Maps from Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) through an API. Google acts on our behalf in this matter. In order to display the content in your browser, Google must receive your IP address, otherwise Google will not be able to provide you with this embedded content.
Google may transfer the information obtained from Maps to third parties, if required by law or to the extent that third parties process this data on behalf of Google.
To whom do we transmit your personal data?
We only pass on your personal data to third parties if this is necessary for the fulfilment of the contract or if you have given your explicit consent. For customers of “BMW ID”, we will transmit your vehicle data (VIN) to BMW AG, to enable the eligibility check required for the service support for new vehicles and for invoicing purposes.
How do we protect your personal data?
We secure your data using state-of-the-art technology. By way of example, the following security measures are used to protect your personal data against misuse or any other form of unauthorised processing:
- access to personal data is restricted to only a limited number of authorised persons for the specified purposes;
- collected data are transferred only in encrypted form;
- furthermore, access to these IT systems is monitored permanently in order to detect and avert misuse at an early stage.
We only store your personal data for as long as is required for the respective purpose. If data are processed for multiple purposes, they are automatically erased, or stored in a form that is not directly traceable to you, as soon as the last specified purpose has been fulfilled.
Contacting us, your data protection rights and your right to complain to the Data Protection Authority
You are entitled to request access to your personal data, to request the rectification/erasure or restriction of processing, to object to the processing by contacting Digital Charging Solutions GmbH, Rosenstraße 18-19, 10178 Berlin, E-Mail: firstname.lastname@example.org. If you are in the opinion that we do not take your concerns or complaints regarding the processing of data seriously you can also reach out to the responsible regulatory authority.
If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. To this end, please contact:
Digital Charging Solutions GmbH