BMW FINANCIAL SERVICES PRIVACY POLICY

Which BMW companies are covered by this policy

The following BMW companies are covered by this policy: BMW Financial Services ( Ireland ) DAC. (We, our, us)

What personal data we collect and why we collect it

Our registered address is:

Swift Square
Santry Demesne
Santry
Dublin 9

References to Dealers are to BMW Group motor dealerships who introduce you to us. We are a financial services company:

We provide regulated and unregulated motor finance products, services, and associated general insurance products to customers in Ireland through our Retailers. We operate under the following trading styles:

• BMW Insurance Solutions
• Mini Financial Services
• Alphera Financial Services
• BMW Financial Services
• Mini Financial Services (Ireland)
• Bmw Financial Services
• Mini Financial Services (Ireland)

DEALERS

Dealers are independent businesses and not part of the BMW Group. They undertake credit broking and insurance mediation activities; they are not covered by this policy and are referenced here to provide additional clarity regarding your personal information.

Although this Privacy Policy describes some of the uses of your information made by us, our Dealers may also collect other information relating to you. Each Dealer is a Data Controller in relation to the information it processes for its own purposes. Their privacy policies will set out how they use your information.  If you have any queries regarding the use of your information by our Dealers please contact them directly or visit the privacy policy on their website.

Our responsibilities as data controllers:

We are the Data Controller of the information we use to grant and provide finance to you.

Our ultimate parent company is Bayerische Motoren Werke Aktiengesellschaft (BMW AG) which is a company based in Munich, Germany. BMW AG provides much of the IT infrastructure to us. BMW AG is generally a service provider or Data Processor for us.

Contact details of our Data Protection Officer are dataprivacyoffice@bwmfin.com.

How do we collect your personal information?

If you submit an application for finance to us via this website, your personal details will be sent to one of our Dealers who will then make a formal application for finance to us on your behalf.

If you give information on behalf of someone else you must ensure that you have their permission and that they have been provided with this Privacy Policy before doing so.

If you are under 16 please do not provide us with any of your information unless you have the permission of your parent or guardian.

Please help us to keep your information up to date by informing us of any changes to your contact details or privacy preferences. You may change or review your preferences by email at bmwcustomerservice@bmwfin.ie, by telephone on 1890 253 181 (calls are free of charge plus your phone company’s access charge), or by writing to us at BMW Financial Services, Building 2 Swift Square, Santry, Santry Dimense, Dublin 9.

What information may be collected about you?

The following types of personal information about you may be collected:

Contact Details

• Name
• Address
• Phone numbers
• Email address

Interests

• Information you provide us about your interests
• Including the type of vehicles you are interested in.

Website and Communication Usage

• How you use our website and whether you open or forward our communications, including information collected through cookies and other tracking technologies (our Cookies Policy).

Sales and Services Information

• Relating to purchases and services, including complaints and claims.

Credit and Anti-Fraud Information

• Which establishes your identity, such as driving licences, passports and utility bills
• Information about transactions, requests for credit and non-payment of debts with us and third parties and credit ratings from credit reference agencies
• Fraud, offenses, suspicious transactions, politically exposed person and sanctions lists where your details are included.
• Employment history
• Bank details
• We may also ask you to provide information about your health if we become aware of a condition that might affect your ability to repay the finance without difficulty.

How your personal information may be used.

Use of personal information under Irish data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found here.
If you have any questions in relation to our use of your information you should first contact the our Customer Information Centre in one of the following ways:

• Call the centre on on 1890 253 181 (calls are free of charge plus your phone company’s access charge).
• Or by sending an email to bmwcustomerservices@bmwfin.ie
• Or by writing to us at BMW Financial Services, Building 2, Swift Square, Santry Demesne, Santry, Dublin 9.

The main uses of your information are:

Customer Support and Marketing – to respond to enquiries and complaints and to bring you news and offers.

We may use your personal data for customer care and for personalised communications of BMW Group product and service information, with your consent where necessary. For these purposes, we may transmit this data to authorised dealerships and brokers.

In order to ensure that you receive relevant and personalised communications, we will use some of your data to create an individual customer profile and we may share your personal data with authorised our Partners. This may include data you have provided to these companies, or which is generated by your use of our products, for example contact details, preferences, customer history, vehicle data, app usage and online behaviour.

We may pass on your agreement details (term, monthly payment, rate, mileage, final payment, and agreement number and vehicle details) to the dealership who sold your vehicle to you to discuss your end of contract options, and if you agree, to discuss any future financing with us.

Vehicle Finance – to assess your eligibility for finance to comply with legal obligations and for legitimate interests. For example to ensure that we offer the most appropriate finance products to you, to ensure that the services function correctly, to prevent fraud and money laundering and to ensure that your records are accurate and up to date

When you apply for finance from us you must provide certain personal information.  We may share the information with Credit Reference and Fraud Prevention Agencies to help us to decide whether to offer you finance. Using information about you in this way is necessary for us to make this decision and if you do not provide it to us we may not be able to offer you finance. Your information will be used by us and these agencies as follows:

• We will check records about you and others held by them and by Credit Reference and Fraud Prevention agencies, for example to assess your application for credit and verify identities to prevent and detect crime and money laundering. The Credit Reference Agencies will place a search footprint on your credit file that may be seen by other lenders. They will supply public information (for example information held on the electoral register) as well as shared credit and fraud prevention information. The Fraud Prevention Agencies will use your personal information to prevent fraud and money-laundering and to verify your identity.
• If you are making a joint application or if you advise us of a director or that you have a spouse or financial associate, they will link your records together so you must be sure that you have their agreement to disclose information about them. Credit Reference Agencies also link your records together and these links will remain on your and their files until such a time as you, a director or your partner successfully files for a disassociation with the Credit Reference Agencies to break that link.
• If you give us false or inaccurate information or we suspect or identify fraud, we will record this and may also pass on the information to Fraud Prevention Agencies and other organisations involved in crime prevention. Law enforcement agencies may also access and use this information. If fraud is detected, you could be refused certain services, finance or employment.
• We and other organisations may access and use from other countries the information recorded by Fraud Prevention Agencies, which may be publicly-available sources.
• Your data may also be used for other purposes for which you give your permission or, in limited circumstances, when required by law or where permitted under the terms of relevant data protection and privacy law.

If you would like full details about how your information will be used by us, Credit Reference Agencies and Fraud Prevention Agencies, including details of your rights in relation to your information, or you would like to obtain contact details of the Credit Reference Agency, please: visit http://www.icb.ie/policy_privacy.php.

We use automated decision-making tools to help it to decide whether to offer you finance. Based on the information you provide us, we will compare this against different metrics to determine whether you meet the eligibility criteria for finance or to determine whether you will be able to make repayments on a vehicle without difficulty. If your application for finance is rejected using automated means alone, you will be given the opportunity to ask for the decision to be reviewed manually. This does not mean that the decision will be changed.

We do not share credit and anti-fraud information with Dealers or any other BMW Group Company.

If your application for finance is successful, we will also use your personal information to manage our contractual obligations and to enforce our rights under the finance agreement. For example, if you fall into arrears or break any other term of the agreement, we may pass on your details to a debt collection agency for the purpose of collecting the debt or to a vehicle recovery agent to repossess the vehicle or to solicitors to issue court proceedings against you. We may also activate your GPS tracker or review publicly available information to trace your whereabouts. For full details of how we process your personal information please refer to the “Our Use of Your Personal Information” clause in your finance agreement.

Compliance with legal requests for your information – to comply with our legal obligations to law enforcement, regulators and the court service

We may be legally required to provide your information to law enforcement agencies, regulators, courts and third party litigants in connection with civil or criminal proceedings or investigations anywhere in the world. Where permitted, we will direct any such request to you or we may notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Legal grounds for processing of your personal information

The use of your information set out above is permitted under Irish data protection law on the basis of these principal legal grounds:

• Where you have consented to the use you will have been presented with a consent form in relation to any such use and you may withdraw your consent at any time by contacting us by email at bmwcustomerservices@bmwfin.ie or by telephone on 1890 253 181 (calls are free of charge plus your phone company’s access charge) or by writing to us at BMW Customer Information Centre, Swift Square, Santry Demesne, Santry, Dublin 9.
• Where necessary to enter into or perform our contract with you
• Where we need to use it to comply with our legal obligations
• Where necessary in order to protect yours or someone else’s vital interests (in life threatening situations, such as following an accident.)
• Where we use it to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting the BMW Group business and tailoring news and offers to your profile, research and development of vehicle related products and services, assessing your credit-worthiness, detecting fraud and criminal activities).

There may be uses that are permitted on the basis of other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.

Third parties to whom we may transfer your data.

Personal information which we collect may be transferred to or accessed by third parties on our behalf, with your consent where necessary.

In addition to the third parties already mentioned above, we may transfer your personal details to the following types of third parties:

• Marketing and research companies who run and manage marketing and research campaigns.
• Event companies who run and manage sponsored eventsPartners who provide services to you.
• IT providers who provide us systems and services for customer support.
• Card Payment Services providers who operate payment platforms.
• Logistics and courier companies who transport our products to you.
• Companies who provide transport to you or offer you mobility services (e.g. chauffeurs).
• Law firms who provide legal advice to us (e.g. where there is a customer dispute).

This is only shared in a secure manner, using a consistent security protocol. When we share with other parties we ensure that they only use your personal data for the purpose it was collected and do not allow them to abuse this agreement.

We may also transfer your personal information to a third party without your consent if it is in our legitimate interest or if there is a contractual obligation to do so. For example, we may pass on your personal details to a third party debt recovery agent if you fail to make the payments due under your finance agreement or to a vehicle recovery agent to collect the vehicle at the end of your finance agreement. For full details of how we use and share your personal information please refer to the “Our Use of Your Personal Information” clause in the finance agreement.

How do we keep your personal information safe?

We use technical and organisational security measures including encryption and authentication tools to protect your personal information, against manipulation, loss, destruction, and access by third parties.

Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:

• Tightly restricted access to your data on a “need to know” basis and for the communicated purpose only.
• Transferred collected data only in encrypted form.
• Highly confidential data stored only in encrypted form – e.g. credit card information.
• Firewalled IT systems to prohibit unauthorised access e.g. from hackers.
• Permanently monitored access to IT systems to detect and stop misuse of personal data.

If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.

How long will we keep your personal information.

We retain your information for as long as is necessary and only for the purpose for which we obtained them.  We restrict access to your information to only those persons who need to use it for the relevant purpose. Please see below for further details.

Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.

Use for end of contract options:

For example, if you have obtained finance for the purchase of a vehicle, we will retain your personal data for the life of your finance product, so that towards the end of that period we can get in touch with you about your options at the end of the finance term.

Use to perform a contract:

We will retain your information for the duration of your agreement with us to perform any contractual obligation and to enforce our rights if necessary.

We will keep your personal information for an additional six years to deal with any queries or claims thereafter.

Where claims are contemplated:

In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.

Data sharing with third parties.

The BMW Group is an international organisation. Some of your personal information may be accessed by our staff, agents or contractors from a country outside the European Economic Area (EEA) for any of the purposes set out in this policy. These countries may have in place data protection laws which may be of a lower standard than in the EEA. We will ensure that any of your information that is accessible outside the EEA is handled subject to appropriate safeguards.

Certain countries outside the EEA, such as the U.K, Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required. In countries which have not had such approval, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

We will not share your contract information with other Group Companies other than as specifically mentioned in this Privacy Policy or the Use of Information clause on the finance agreement.

Please contact us if you would like to see a copy of the specific safeguards applied to the export of your information.

Contacting us about this privacy policy.

If you have any questions in relation to our use of your information you should first contact our Customer Information Centre in one of the following ways:

• Call the centre on 1890 253 181 (calls are free of charge plus your phone company’s access charge).
• Or by sending an email to bmwcustomerservices@bmwfin.ie
• Or by writing to us at BMW Customer Information Centre, Swift Square, Santry Demesne, Santry, Dublin 9.

Your rights.

• Provide you with further detail on the use we make of your information
• Provide you with a copy of your information
• Update any inaccuracies in the information we hold about you
• Delete any information about you that we no longer have a lawful ground to use
• Remove you from any direct marketing lists when you object or withdraw your consent
• Provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability)
• Restrict our use of your personal information
• Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights (click here for more information).

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third parties.

If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to the Data Protection Commission which regulates the processing of personal data in Ireland (click here for more information).

Data Privacy Officer Contact Details.

If you have questions in relation to our use of your personal information you should contact our Data Privacy Officer. Contact details are below.

Data Protection Officer
dataprivacyoffice@bwmfin.com

Tel: 1890 253 181

Changes to this Privacy Policy:

We may modify or update this privacy policy from time to time.

If we change this Privacy Policy, we will notify you of the changes. Where changes to this Privacy Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have under local law (e.g. to object to the processing).