Skip to Content

BMW STEP NA PRIVACY POLICY

Last Updated: January 1, 2023

This privacy policy applies to BMW of North America, LLC, its subsidiaries, affiliates, and service providers (collectively, “BMW NA,” “we,” “our,” and “us”). This privacy policy applies to information collected through our websites, mobile or smart watch apps, vehicles, API applications, virtual assistants, and any of our other products and services that display or link to this privacy policy, information collected through our call center agents and service representatives, information collected offline, and information obtained from third parties (collectively, “Services”).
This privacy policy describes the information we collect about you, how BMW NA uses this information, the choices you have regarding how we use your information, and other important information regarding our privacy practices, including steps BMW NA takes to protect this information. Please note that we may provide you with additional data privacy notices that supplement this privacy policy.

Before engaging with us, submitting information to us, or buying or using our Services, please review this privacy policy carefully. By using our Services, you understand and agree to the terms as outlined in this privacy policy.

You may print or download a pdf version of this privacy policy.

We may collect information from you in various ways, including the following:

  • We collect information you provide us when you use our Services;
  • We collect information when you use our Services;
  • We collect information from third parties, such as our service providers, data providers, or partners; and
  • We collect information automatically.

When you use our Services, we may collect the information you provide us, for example, when you:

  • Use our vehicles or Services;
  • Ask a question;
  • Email us or modify your account;
  • Conduct transactions;
  • Keep a BMW app actively running on your mobile device;
  • Actively use the features of the Services;
  • Use the Services to perform ConnectedDrive functions, such as executing a remote command or viewing your vehicle status;
  • Register for an event;
  • Begin or complete a form;
  • Make a payment;
  • Contact customer support;
  • Respond to a survey;
  • Enter into a sweepstakes;
  • Tour a manufacturing facility;
  • Purchase a vehicle through a special sales or delivery channel;
  • Provide feedback or a complaint; or
  • Apply for a job.

We may collect information when you use our Services, including:

  • Name, address, and phone number;
  • BMW ID credentials, including email address, password, and related security questions, as applicable;
  • Vehicle profile, vehicle identification number, or other vehicle identifiers;
  • User profile, including preferences, language, or ID;
  • User feedback, including service ratings, comments, or problem descriptions;
  • Position and movement data relating to your vehicle, including time, position, or speed;
  • Destination data pertaining to your vehicle, including position, street address, or destination name;
  • Travel estimates, such as estimated travel time;
  • Calendar events, including event title, location, or start or end times;
  • Your contacts, including names, addresses, or phone numbers;
  • Notifications, including the recipient of the notification or their contact information;
  • BMW retailer or service center information, such as your preferred retailer or service center;
  • Vehicle images, including 3-D images around your vehicle;
  • Environmental information, including weather conditions;
  • Analytics pertaining to your use of the Services, such as click events or app launch events;
  • Records of Services requested or purchased; and
  • Other information you provide to us.

Some forms on our Services may require that you provide certain information to submit the form. You may choose not to provide information in those cases, but this may prevent you from being able to use certain features of our Services.

We may collect personal information about you from third parties. In some instances, we may combine the personal information we collect about you from third parties with personal information we collect from you. Depending on your relationship with us, this personal information we collect from third parties may include:

  • Name, address, email address, and phone number;
  • Information on your buying habits and interests and other publicly observed data (such as from social media);
  • Demographic information;
  • Information we obtain when you connect to BMW NA through social media; or
  • Device identification information about your mobile phone, tablet, vehicle, or other device.

We may also use the personal information that we collect from you and about you to draw inferences, such as information regarding your preferences or habits.

We may use your information in a variety of ways, including to:

  • Offer you Services;
  • Develop new Services;
  • Improve our Services, content, products, and offerings;
  • Notify you about changes to the Services;
  • Facilitate efficient transactions;
  • Create, maintain, and customize your account;
  • Respond to your requests, questions, or comments;
  • Communicate with you and others;
  • Provide you with customized content, targeted offers, and advertising;
  • Provide you with information, newsletters, and promotional materials;
  • Promote customer reviews and testimonials in marketing and advertising material;
  • For marketing research and other marketing and service related purposes;
  • Address problems and review the usage and operations of our Services or business;
  • Protect the security and integrity of our Services and our business, including to detect fraud or illegal activities;
  • Enforce our legal agreements, terms, and other applicable policies;
  • Protect and defend our rights and property or the rights of third parties;
  • Analyze usage patterns and performance of our Services;
  • Evaluate advertisement interactions relating to our Services;
  • For internal business analysis or other business purposes consistent with our mission; and
  • Carry out other purposes that are disclosed to you and to which you consent.

We may also use your information as otherwise described to you at the point of collection.

If you provided your information for a job application, we may use that information for human resources, job placement, qualification, or other related purposes.

We may retain and use your personal information in accordance with our records retention schedule, as required or permitted by law, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. We also retain your information as needed to provide Services to you and while you maintain an account with us.

In addition to sharing your personal information as described at time of collection, we may share your information as follows, among others:

  • When we have your consent or at your direction;
  • To perform or provide the Services you requested;
  • With a parent, subsidiary, or affiliate entity within the BMW corporate family, as permitted by law;
  • With a third party in the event that a division or product line of BMW NA is bought, sold, or otherwise transferred, or the third party is in the process of a potential transaction as among the transferred business assets;
  • With your consent, with our business partners that administer specific programs or provide specific offerings to you;
  • With our dealers, centers, or others who sell or facilitate the sale of our Services;
  • Your destination may be shared with an authorized service center in the event of a roadside assistance incident;
  • When necessary and with your permission, we may share your vehicle ID, vehicle maintenance data, vehicle status data, or remote vehicle data with an authorized BMW center;
  • With our vendors, as needed to perform their functions for us;
  • With third parties to provide you with a product or service, as permitted by law;
  • With legal entities, if required by law, or a regulatory authority or at the request of governmental, law enforcement, or regulatory authorities, including to respond to subpoenas or other litigation process;
  • With other companies or organizations for fraud protection or similar risk reduction;
  • When we believe such sharing is necessary, such as to protect the rights, property, life, security, or safety of BMW NA, visitors to our Services, customers, employees, or others or to address national security situations; and
  • In the case of a corporate transaction, such as a merger, acquisition, or divestiture.

We may share your information with providers of third-party products and services in order for you to receive the products or services. When we share your information with these providers, we may receive information related to such products or services, including, without limitation, whether you have signed up for a product or service. We encourage you to review the privacy policies of these third-party providers for further information. The collection, use, storage, or other processing of your personal information by that third party is governed by their privacy policies and terms.

We may also maintain aggregate data or other deidentified information about you, such as usage statistics, online traffic patterns and user feedback. In addition to using this information for the purposes discussed in this privacy policy, we may disclose this aggregated or other deidentified information to third parties without restriction.

We may share your personal information for marketing purposes. This includes the sharing of your information with our BMW NA service providers, affiliates, dealers, or centers. You may opt out of the marketing emails or exercise rights under applicable laws as described below.

We may collect information automatically using cookies and similar technologies or when you use our Services, send us an email, or interact with our emails or advertisements. The information we may collect automatically using these technologies or methods may include:

  • Internet protocol address;
  • Device or vehicle identifier;
  • Advertising identifier;
  • Browser type and language;
  • Operating system;
  • Date and time stamp;
  • Session ID;
  • Internet service provider;
  • Data regarding network-connected hardware;
  • Web pages and advertisements visited;
  • Internet protocol address geolocation or other location information;
  • Click or touch stream data, movement, scroll, and in some cases, keystroke activity;
  • Third-party sites or services you were using before and after interacting with our Services, including the web search that landed you on our Services; and
  • Deidentified usage analytics when you access the Services via an integrated device.

We use this automatically-collected information to:

  • Conduct analyses about our Services;
  • Associate the different devices you use;
  • Remember your browser or device;
  • Remember your preferences and interactions;
  • Deliver relevant advertisements or other content;
  • Market our Services to you;
  • Collect information about our Services; and
  • Log activity on our Services.

We may use these technologies for providing our Services, security, authentication, analytics, product or service improvement, advertising, fraud detection, and for other similar purposes.

We may use local storage or similar technologies to store content information or preferences or to display advertising.

Most internet browsers allow you to block, manage, or delete cookies or local storage through the privacy features of your browser. Please refer to the help section of your browser or mobile device for additional information. Your browser may also offer add-ons, plugins, or extensions to manage cookies, local storage objects, scripts, or similar technologies mentioned in our privacy policy. Please note that if you block cookies or similar technologies, you may not be able to use the full functionality of our Services. For further information about cookies and similar technologies, including how to manage and delete cookies on your device, please review our FAQs.

Our Services may use AdobeBingFacebook ConnectGoogle AnalyticsGoogle AudiencesMetaLinkedInPinterestSnapchatTikTokTwitter, and others for audience measurement and analytics purposes. These analytics services may use cookies or similar technologies to collect information to help us analyze users and how they use our Services. The information collected by these technologies is used to assess how often you visit our Services, what pages you view when you visit our Services, and what other websites you visited before coming to our Services. Information generated by these services may be transmitted to and stored by these providers and they may use this information for purposes such as evaluating your use of our Services, compiling statistics reports on the website’s activity, and providing other services relating to website activity and other internet usage.

You may review Google’s data privacy practices for Google Analytics and data privacy practices for Google Tag Manager. You may also review Google’s Privacy Policy and Terms of Service for more information. To opt out of being tracked by Google Analytics, you may download and install the Google Analytics Opt-out Browser Add-on.

We may use Google reCAPTCHA on our Services, which checks whether our Services are being used by humans or bots. reCAPTCHA analyzes website visitor behavior based on various characteristics, including mouse movements, visit duration, IP address, and other information.

Our Services may use service providers and partners to serve advertisements on our behalf on our Services and across the internet, and to track and report on the performance of those advertisements. These service providers may include AdobeGoogle Ads (formerly Google Adwords), Microsoft Advertising (formerly Bing Ads), FacebookLinkedInPinterestSnapchatTapadTwitter, and others. These entities may use cookies or similar technologies to identify your device when you use our Services and interact with our electronic communications and ads, as well as when you visit other online services. Data collected and maintained by such third-party ad providers will be subject to the privacy policies and legal terms of those providers. You may learn more about online interest-based advertising by visiting this Federal Trade Commission website.

If you notify us of changes to your personal information, we will endeavor to correct or update your personal information. You may update or correct the personal information in your online profile which can be updated on the ’My Profile’ page of the My BMW website. You may access your online My BMW profile using a unique email address and password (your BMW ID). With this password you can edit, delete, or add to information you have shared while visiting our Services.

BMW NA and its affiliates may send you text messages with your consent for each event-based interaction you have with BMW NA. Event-based interactions include BMW-sponsored events, test drive experiences, and vehicle service requests. Each event-based interaction with BMW NA provides an opportunity to give text message consent and requires a separate opt-out for each event. At any time, you may discontinue receiving text messages by replying with the message “STOP” in response to the BMW message you received or by following other instructions provided in the last BMW NA message received for that event. Please contact the appropriate dealer or center to opt out of text messages you may receive from a BMW dealer or center.

By creating your BMW ID, you will receive notifications within the Services pertaining to your vehicle and the services BMW NA provides to you. By creating a BMW ID, you agree to receive personalized communications with product or service offers from BMW using an app, website, email, or mail. If you wish to opt out of receiving these offer contact lists, you may call BMW NA Customer relations at (800) 831-1117 or visit the Profile page within the My BMW app or website, as applicable.

We work with advertising companies to provide you with advertisements that may interest you. This is often referred to as interest-based advertising. We may use cookies or similar technologies for such advertising. We share this information with our service providers to manage our online advertising.
You may also opt out of receiving interest-based advertisements from third-party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) by visiting the NAI website. You may opt out of receiving interest-based advertisements from other companies that perform interest-based advertising services who are members of the Digital Advertising Alliance (DAA) by visiting the DAA website.

Please note that when using the ad industry opt-out tools described above, you may need to execute opt-outs for each browser or device that you use. Opting out of interest-based advertising does not mean you will no longer see advertising online, but it does mean that the companies from which you opt out will no longer show ads that have been tailored to your interests. If you use industry opt-out tools, your opt out will only apply to companies who are participating in those industry organization tools.

For your mobile device, you can opt out of online interest-based advertising by using “Limit Ad Tracking,” “Opt out of Ads Personalization,” or a similar feature. If your vehicle is capable of displaying online interest-based advertising, you may be able to limit such advertising by reviewing the applicable settings.
You may continue to see generic or non-targeted advertisements after opting out.

Our Services do not currently respond to Do Not Track signals. To learn more about Do Not Track signals, you may visit the Future of Privacy Forum’s website for additional information.

Our Services, other materials, and products may contain references or links to third-party websites, apps, and services, including references and links to dealers, centers, or third parties that accept and process your payments to us. We are not responsible for any third party’s data collection or privacy practices, and we have no control over what information third parties track or collect. Any access to and use of such linked websites, apps, or services is not governed by this privacy policy but instead is governed by the privacy policies of those third-party websites, apps, or services. We encourage you to review the privacy policies posted on those third-party websites, apps, or services for further information.

We may use Stripe’s payment processing services. Stripe may act as a data processor to process your payments. Stripe may act as a data controller for some of your payment processing information. You may read Stripe’s privacy policy and terms for more information. By processing payments from BMW NA systems that use Stripe, you consent to Stripe’s privacy policy and terms.

We may use PayPal’s payment processing services. PayPal may act as a data processor to process your payments. PayPal may act as a data controller for some of your payment processing information. You may read PayPal’s privacy policy and terms for more information. By processing payments from BMW NA systems that use PayPal, you consent to PayPal’s privacy policy and terms.

We may offer Electrify America’s electric charging or location services. You may read Electrify America’s privacy policy and terms for more information. By charging your vehicle or obtaining charging data through Electrify America, you consent to Electrify America’s privacy policy and terms.

Our Services may permit you to post or submit content publicly. If you choose to submit content containing personal information to any public area of our Services, your content will be accessible by anyone, including us. We encourage you to exercise caution when disclosing information publicly.

We maintain some physical, electronic, and procedural safeguards designed to protect personal information. However, we cannot guarantee that your personal information will not be lost, accessed without authorization, disclosed, altered, or destroyed. Any information you provide to us is at your own risk.

There is a type of solicitation commonly known as a ‘phishing’ scam, with the primary objective being to obtain one’s personal information. This information can then be used to steal a person’s identity. Examples of these types of scams include requests for you to send passwords, login names, social security numbers, or other personal information through email, mail, fax, mobile ads, or text message. BMW NA does not participate in this type of solicitation. If you receive suspicious messages, please delete them and, if possible, update your filter settings to block such messages. The Federal Trade Commission and the Antiphishing Workgroup are also good sources of information about these types of security threats and how they may be reported to the authorities. You may also review our fraud warnings for more information about fraudulent emails you may have received.

Our Services are not intended for children under the age of 13. We do not knowingly collect or use any personal information from children under the age of 13. We do not knowingly allow children to order our products, communicate with us, or use any of our online services. We do not knowingly sell the personal information of consumers under 16 years of age.

If you become aware that a child has provided us with personal information, please contact us at [email protected] or write to BMW of North America, Privacy Office, PO Box 1227, Westwood NJ 07675-1227. We will take reasonable measures designed to delete the information as required by applicable law and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required or permitted by law.

You may have additional privacy rights under applicable state consumer privacy laws that we describe in further detail below.

The personal information that BMW NA collects about you may include the following categories of personal information (followed by examples for each category).

  • Identifiers. Examples include real name, alias, postal address, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, Vehicle Identification Number, or other similar identifiers.
  • Personal information described in California Civil Code Section 1798.80(e). Examples include signature, physical characteristics or description, telephone number, bank account number, credit card number, or debit card number.
  • Characteristics of protected classifications under California or federal law. Examples include gender, age, or marital status.
  • Commercial information. Examples include records of products or services purchased, leased, rented, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric information. BMW NA does not collect biometric information about you.
  • Internet or other electronic network activity information. Examples include internet protocol address, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement, operating system, session ID, information about your device, browser type and language, referring and exit pages, click or touch stream data, movement, scroll, or keystroke activity.
  • Geolocation data. Examples include information used to identify your physical location, including geolocation data collected in connection with your use of our websites, apps, or vehicles.
  • Audio, electronic, or visual information. Examples include recording of your calls to our call centers.
  • Professional or employment-related information. Examples include information collected from job applications and resumes.
  • Education information. Examples include information collected from job applications, transcripts, or resumes.
  • Inferences. Examples include information BMW NA collects to create a profile about a consumer reflecting the consumer’s preferences, characteristics, marketing, analytics, and preference data, brand loyalty, behavior, or attitudes.
  • Sensitive personal information. Examples include social security number, driver’s license number, passport number, account log-in, financial account, debit card, or credit card number, or precise geolocation.

The types of personal information we have collected or disclosed in the last twelve (12) months or beyond depend on your relationship with BMW NA. If the nature of your relationship with BMW NA changes, an additional data privacy notice may apply.

Types of Personal Information Do we collect it? Categories of Sources Purposes of Collection Do we disclose it to third parties? Purposes of Disclosure Categories of Third Parties PI Disclosed To Do we sell it to third parties? Purposes of Selling Sharing for Behavioral Advertising Purposes of Sharing for Behavioral Advertising Retention
Identifiers Yes You, data brokers, marketing service providers, publicly available databases, government databases, data aggregators, social media networks, affiliates, subsidiaries, dealers, centers, financial service providers, and other service providers Respond to questions, requests, social media messages, and emails; track applications, provide customer service, market and provide products and services to you, set up, manage accounts, conduct website or other surveys, verify your identity, and update our records Yes Customer service, account set up, management, or servicing, or data verification services Service providers that provide us with customer service, account set up, management, or servicing, or data verification services No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Personal information described in California Civil Code Section 1798.80(e) Yes You, data brokers, marketing service providers, publicly available databases, government databases, data aggregators, social media networks, affiliates, subsidiaries, dealers, centers, financial service providers, and other service providers Respond to questions, requests, social media messages, and emails; track applications, provide customer service, market and provide products and services to you, set up, manage accounts, conduct website or other surveys, verify your identity, and update our records Yes Customer service, account management, or servicing, or data verification services Service providers that provide us with customer service, account management, or servicing, or data verification services No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Characteristics of protected classifications under California or federal law Yes Directly from you or from service providers, such as data brokers Provide products and services to you Yes Provide products and services to you Entities that provide us with services to provide products and services to you No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Commercial information Yes You directly, from your use of our websites or mobile apps, or from data brokers Service your account, including the marketing of products or services to you; provide your transactions, personalize the service, send you messages about products and services that may be of interest to you, process refund requests, and for fraud and security purposes Yes Market products or provide services to you Entities that help us market products or provide services to you No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Biometric information No Not available Not available No Not available Not available No We don’t sell No Not available Not available
Internet or other electronic network activity information Yes You directly or from your use of our websites, apps, or your vehicle Personalize your experience, recognize your browser or device for repeat visits, remember your preferences and interactions, conduct website and mobile app analysis, conduct research and analytics, develop our websites, respond to questions, requests, and emails, provide products and services to you, manage and service accounts, recognize visitors’ computers and devices, for information security and confidentiality purposes, collect information about our website usage and email responses, log activity on our website, market products or services to you, manage our online advertising and the effectiveness of our advertisements, to determine what pages or features are popular, and to determine where our products and services could be improved, conduct website and other surveys Yes Website or app analysis, conducting research and analytics, developing and logging activity on our websites and mobile apps, collecting information about our website and mobile app usage and email responses, managing our online advertising and the effectiveness of our advertisements, responding to questions, requests, and emails, marketing and providing products and services to you, and managing and servicing accounts Entities that provide or assist us with website or app analysis, conducting research and analytics, developing and logging activity on our websites and mobile apps, collecting information about our website and mobile app usage and email responses, managing our online advertising and the effectiveness of our advertisements, responding to questions, requests, and emails, marketing and providing products and services to you, and managing and servicing accounts No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Geolocation data Yes Your use of our websites, mobile apps, or in connection with the use of your vehicle Conduct website and mobile app analysis, for development, to provide you with geographically relevant information, and other legal purposes, and for the provision of services Yes Conducting website and mobile app analysis, developing our websites and mobile apps, and marketing products or providing services to you Entities that assist us with conducting website and mobile app analysis, developing our websites and mobile apps, and marketing products or providing services to you No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Audio, electronic, visual, thermal, olfactory, or similar information Yes When you call our customer service call center, your vehicle is inspected, or you use available features in your vehicle Improve our services, quality assurance, analytics, or for security purposes Yes Improve customer service, end of lease inspections, and loss prevention; authentication or fraud investigations Entities that provide us with services to improve customer service; entities that provide us with end of lease inspection services; entities that provide us with loss prevention services; entities that provide authentication or fraud services No We don’t sell No Not applicable Generally 1 year but also subject to data retention schedules
Professional or employment-related information Yes Your job applications or resumes or recruiters Process job applications and offers or denials of employment Yes Processing job applications and offers or denials of employment Entities that help us with processing job applications and offers or denials of employment No We don’t sell No Not applicable Generally 1 year but also subject to data retention schedules
Education information Yes Job applications, transcripts or resumes or recruiters Processing your job application and to verify eligibility for an education discount Yes Human resources, job application, or recruitment purposes Entities that provide us with human resources, job application, or recruitment services No We don’t sell No Not applicable Generally 1 year but also subject to data retention schedules
Inferences Yes Your use of our websites or apps, your vehicle, or from information provided by our service providers Market products or services to you, to improve business decisions, analyze customer trends and satisfaction, and offer personalized services or communications Yes Market products or services to you Entities that provide us with services to market products or services to you No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules
Sensitive personal information Yes You, your use of our websites or mobile apps, affiliates, subsidiaries, dealers, centers, or other service providers Respond to questions, requests, social media messages, and emails; track applications, provide customer service, market and provide products and services to you, set up, manage accounts, conduct website or other surveys, verify your identity, and update our records Yes Customer service, account set up, management, or servicing, or data verification services Service providers that provide us with customer service, account set up, management, or servicing, or data verification services No We don’t sell Yes Promotion of our goods and services and related commercial purposes Generally 1 year but also subject to data retention schedules

For all categories of personal information, we may collect data directly from you, from third parties, including your authorized BMW dealer or center and those to whom you have previously provided data, and from our service providers.

We collect and use personal information for business or commercial purposes. For all categories of personal information, these purposes may include auditing; detecting security incidents; protecting against and prosecuting illegal activity (such as fraud); ensuring the physical safety of individuals; debugging; short-term transient use of personal information; performing services on behalf of BMW NA, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing analytic services, providing storage, or providing similar services on behalf of BMW NA; providing advertising and marketing services; undertaking internal technological research; verifying or maintaining the quality or safety of a service or device; improving a service or device; monitoring and improving our website functionality; and personalizing your website experience.

We also collect and use personal information to comply with our legal obligations, resolve disputes, enforce our agreements, and for everyday Service provision purposes.

We may combine the data that we collect in order to provide these functions.

We will not collect additional categories of personal information nor use the personal information collected for additional purposes without providing you notice.

For all categories of personal information, we may disclose your personal information to third parties in the event BMW NA is involved in a merger, acquisition, or sale or transfer of all or part of its assets. We may also disclose all categories of personal information to our affiliates and subsidiaries. BMW NA may be required to disclose your personal information to law enforcement, regulatory agencies, or litigants based on enforceable requests for this information. We may also need to disclose information based on fraud protection, or other legal purposes.

Please note that for all categories of personal information, we may also disclose your personal information to our service providers, partners, or collaborators we work with in the course of our business, authorized dealers or centers, any entity you instruct us to disclose your personal information to and others.

BMW NA will obtain your consent before collecting sensitive personal information where required to do so under applicable laws.

BMW NA retains personal information in accordance with our legal obligations, to defend against claims, or in compliance with our data retention policies and procedures. Also, we may retain your personal information in our backup or archived systems until the retention period of those systems expires.

You may have the following rights with respect to your personal information depending on the applicable state consumer privacy laws.

  • Notice. The right to a notice about our collection, use, disclosure, sale, or sharing of information about you. This statement is intended to satisfy this right.
  • Access. The right to request access to the personal information, including the specific pieces of information, that BMW NA has about you and information about any automated-decision making about you made by BMW NA.
  • Correction. The right to request that BMW NA correct your personal information.
  • Deletion. The right to request that we delete the personal information we have about you. We may not be required to delete information under particular circumstances.
  • Opt Out of Sale or Sharing of Personal Information. The right to opt out of the sale or sharing of your personal information. There is no need for you to opt out of the sale of your personal information to third parties as BMW NA does not sell your personal information. However, BMW NA may use personal information for behavioral advertising, which may be considered to be a sale of personal information under some state privacy laws. You may have the right to opt out of cross-context behavioral advertisements.
  • Limit Use of Sensitive Personal Information. The right to ask us to limit our use of your sensitive personal information. BMW NA does not use your sensitive personal information in a manner that requires you to limit its use. Therefore, there is no need for you to limit the use of your sensitive personal information.
  • Portability. The right to obtain a copy of your personal information in an easily understandable and portable format that you may also request be transmitted to another entity.
  • Opt out of Automated Decision-Making and Profiling. The right to opt out with respect to BMW NA’s use of automated decision-making technology or profiling. BMW NA does not use your personal information using automated decision-making or profiling as described under applicable laws. Therefore, there is no need for you to opt out such profiling or automated decision-making.
  • Appeal. The right to appeal BMW NA’s denial of your request to exercise a right described under this privacy policy.
  • Non-Discrimination. The right to be free from discrimination for opting out or exercising your other rights.

You can exercise your rights by clicking the links below. You can also call (855) 811-2309 for assistance. In most cases, BMW must be able to verify your account or your identity in order for you to be able to exercise your rights.

To exercise your rights specific to data collected and used from your vehicle, please visit the CarData section within your My BMW Garage Vehicle Profile.

You may have the right to designate an authorized agent to make a request on your behalf in compliance with applicable state consumer privacy laws. Your designated authorized agent may use the links above to make a request on your behalf. The FAQs below provide you with additional information about this process.

If you are visiting our Services from outside the United States, please be aware that we are based in the United States and the information we collect will be transferred to, processed, and stored on our servers in the United States in accordance with this privacy policy and applicable laws.

We may change this privacy policy from time to time in accordance with applicable law. If we make material changes to this privacy policy, we will post the changes on our Services (or our Services that replace them) and provide you notice prior to the changes becoming effective either through the relevant Services or by some other means, such as email or through your account. Your continued use of our Services after such notice constitutes your consent to the changes. We encourage you to periodically review our privacy policy for the latest information on our privacy practices.

We provide means (email or otherwise) throughout the Services to allow you to contact us directly with any questions or comments you may have. Information in the message is used to respond to your comments or questions. We may also use your comments to improve the Services, or review and discard the information. Your personal information is processed in accordance with this privacy policy.

We provide an ‘unsubscribe’ link in our emails to you. If you do not wish to receive correspondence from BMW NA, you may manage your preferences on the ‘My Profile’ page of the My BMW website, or by calling BMW Customer Relations at (800) 831-1117. To prevent notifications in BMW apps, you may update the settings on your mobile device. If you would like to be removed from emails or mailings from an authorized BMW dealer or center, you must contact them directly. BMW NA is not responsible for and cannot remove your information from a BMW dealer’s or center’s communication list. Please note that even if you opt out of receiving promotional emails from us, we may continue to send you transactional emails.

If you have any questions about this privacy policy or our other information practices, please contact us at [email protected] or write: BMW of North America, Privacy Office, PO Box 1227, Westwood NJ 07675-1227. You may also call BMW Customer Relations at (800) 831-1117. Prompt ‘Customer Relations.’ Customer telephone calls may be recorded to protect you and our staff. In all written communications, please indicate that you are writing concerning BMWUSA.com or My BMW.

Frequently Asked Questions for BMW NA and California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act:

  1. What is BMW NA’s Privacy Policy?
    You may read more about BMW NA’s Privacy Policy above.
  2. What are my rights under BMW NA’s Privacy Policy?
    Depending on your relationship with us and applicable laws, you may have various rights.
    The use of our websites is governed by our privacy policy and website legal terms. Your rights under this privacy policy include the right to not provide us with personal information, the ability to opt out of targeted advertisements, and the right to opt out of cookies.
  3. What is the California Consumer Privacy Act?
    California Consumer Privacy Act (CCPA) is an act passed by the California legislature in 2018. It took effect on January 1, 2020. The rights under CCPA apply to all California residents.
  4. What are my rights under the California Consumer Privacy Act?
    You may have the rights of access, deletion, notice, opt out, and non-discrimination. You may find additional information about these rights in our Privacy Policy referenced above.
    Your right of access includes the right to request we disclose the categories and specific pieces of your personal information collected, the sources from which your personal information is collected, the business or commercial purpose we collect it, and with whom we share your personal information. Your right of access also includes the right to request we disclose for the preceding 12 months (or longer where you have requested it) the categories of your personal information we have collected or sold, the categories of third parties to whom we have sold it, and the categories of personal information that we have disclosed about you for a business purpose.
  5. What is the California Privacy Rights Act?
    On November 3, 2020, California voters approved the California Privacy Rights Act (CPRA), a consumer privacy ballot initiative that amends and expands the CCPA. The CPRA’s substantive provisions become effective on January 1, 2023. Until then, the CCPA will remain in force. The CPRA provides consumers with expanded privacy rights, including the right to request that the business correct inaccuracies in their personal information and, in certain circumstances, to direct a business to limit its use of sensitive personal information. Additionally, a consumer’s opt out rights may extend to third-party behavioral advertising.
    Under CPRA, a consumer’s right of access may, in some cases, extend beyond the 12 month period specified in CCPA. You may ask that we disclose information beyond the 12 month period. However, in some cases, we may not be able to accommodate the longer look back period, such as when the time extension proves impossible or would require disproportionate effort.
  6. What is the Virginia Consumer Data Protection Act?
    The Virginia Consumer Data Protection Act (CDPA) was signed into law on March 2, 2021 and is set to take effect on January 1, 2023. The CDPA provides consumers with the right to access, correct, and delete their personal information, as well as the right of data portability. Consumers also have the right to opt out of cross-context behavioral advertising, the sale of personal data, and certain profiling. Additionally, the CDPA requires that businesses obtain opt-in consumer consent to process sensitive data.
  7. What is the Colorado Privacy Act?
    The Colorado Privacy Act (CPA) was signed into law on July 8, 2021 and is scheduled to take effect on July 1, 2023. The CPA provides consumers with the right to access, correct, and delete their personal data, obtain a portable copy of their personal data, and opt out of cross-context behavioral advertising, the sale of personal data, or certain profiling. The CPA requires that businesses obtain opt-in consumer consent to process sensitive data.
  8. What is the Utah Consumer Privacy Act?
    Governor Spencer Cox signed the Utah Consumer Privacy Act (UCPA) into law on March 24, 2022. The law goes into effect on December 31, 2023. Under the UCPA, consumers have the right to access their personal data, delete the personal data they provided to the controller, data portability, opt out of the sale of their personal data, and opt out of the processing of their personal data for purposes of targeted advertising. The UCPA does not give consumers the right to correct their personal data, nor do they have the right to opt out of profiling.
  9. What is the Connecticut Data Privacy Act?
    Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring,” also known as the Connecticut Data Privacy Act (CTDPA), into law on May 10, 2022. The law goes into effect on July 1, 2023. Under the CTDPA, consumers have the right to access, delete, and correct their personal data, to obtain a copy of their personal data in a portable format, and to opt out of the sale of their personal data and the processing of their personal data for purposes of targeted advertising or certain profiling. The CTDPA requires that businesses obtain opt-in consumer consent to process sensitive data.
  10. How do you use my sensitive personal information?
    BMW NA may use your sensitive personal information to maintain or service accounts, provide customer service, process and provide products and services, verify customer information, verify the quality or safety of a service or product, provide information security, improve, upgrade, develop, or enhance our Services, conduct website and mobile app analysis, provide analytic services, provide storage, provide Services, process payments, develop our websites and mobile apps, market products and services, or other similar services.
  11. Where can I exercise my rights under the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act or the Connecticut Data Privacy Act?
    You may exercise your rights under applicable state laws by visiting Section 25 of this privacy policy or by calling (855) 811-2309 Monday through Thursday, 9am-9pm ET and Friday, 9am-6pm ET.
  12. Does BMW NA sell my personal information?
    BMW NA does not sell your personal information. However, BMW NA may use personal information for behavioral advertising, which may be considered to be sale of personal information under some state privacy laws. You may have the right to opt out of cross-context behavioral advertisements.
  13. How about my BMW Financial Services account?
    You may wish to review BMW Financial Services’ privacy policy. BMW Financial Services is a financial institution with separate privacy policies than BMW NA. You may exercise your rights under applicable laws by visiting their privacy portal.
  14. How about BMW Centers?
    BMW NA’s privacy policy does not apply to BMW Centers. BMW Centers are separate and independent businesses and have their own privacy policies. We recommend that you review the privacy policies that apply to the BMW Center that you work with.
  15. How do I opt out of BMW NA selling or sharing my personal information?
    You need not opt out of the selling of your personal information because BMW NA does not sell your personal information. However, BMW NA may use personal information for behavioral advertising, which may be considered to be a sale of personal information under some state privacy laws. You may have the right to opt out of cross-context behavioral advertisements. You may adjust your settings relating to online behavioral advertising on our website by clicking the Do Not Sell My Personal Information link, adjusting your cookies, or using the NAI or DAA websites.
  16. What about my rights regarding cross-context behavioral advertising or targeted advertising?
    If you are a consumer, you may have the right to opt out of the sharing of your information for purposes of cross-context behavioral advertising. Some state privacy laws, like Virginia, Colorado, and Utah may call this “targeted advertising.” You may opt out of this type of sharing by visiting our website and clicking AdChoices in the footer.
    Please note that the term “targeted advertising” can mean different things depending on how it is defined in a privacy statute or other law. At times, it is essentially interchangeable with the term “cross-context behavioral advertising.” For example, under the CPRA, “cross-context behavioral advertising” is defined as the “targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.” The broad definition covers a business’s collection of a consumer’s personal information across third-party digital properties for the purposes of targeted advertising.
    Both the CDPA and CPA use the word “targeted advertising” to mean something similar. Under CDPA § 59.1-571, “targeted advertising” means displaying advertisements to a consumer where the advertisement is selected based on personal data obtained from that consumer’s activities over time and across nonaffiliated websites or online applications to predict such consumer’s preferences or interests. Similarly, CPA § 6-1-1303(25) defines “targeted advertising” as “displaying to a consumer an advertisement that is selected based on personal data obtained or inferred over time from the consumer’s activities across nonaffiliated websites, applications, or online services to predict consumer preferences or interests.”
  17. What types of cookies and tracking technologies may our Services use?
    Our Services may use the following cookies and tracking technologies, among others:

    1. ‘Session’ cookies: Session cookies are temporary bits of information that are erased once you exit your web browser window or log out of a mobile app. Session cookies are used, for example, to improve navigation on our Services, block visitors from providing information where inappropriate (e.g., the website may remember previous entries of age that are outside the permitted parameters and block subsequent changes) and to collect aggregated statistical information.
    2. ‘Persistent’ cookies: Persistent cookies are more permanent bits of information that are placed on the hard drive of your computer or mobile device and stay there unless you delete the cookie. Persistent cookies store information on your computer or mobile device for a number of purposes, such as retrieving certain information you have previously provided (e.g., BMW ID), helping to determine what areas of the website visitors find most valuable, and customizing the website based on your preferences on an ongoing basis.
    3. ‘Web beacons’ (also known as internet tags, single-pixel GIFs, clear GIFs, and invisible GIFs): A web beacon is a tiny graphic on a web page or in an email message that is used to track pages viewed or messages opened. Web beacons tell the Services server information such as the IP address and browser type related to the visitor’s computer. Web beacons may be placed on online advertisements that bring people to our Services and on different pages of our Services. Web beacons provide us with information on how many times a page is opened and which information is consulted.
  18. Why might we allow third-party partners to place cookies on your computer or mobile device?
    Like most advertisers, we may place advertisements where we think they will be most relevant to customers. One way we might do so is by allowing network advertising companies with whom we work to place their own cookies or similar markers when an individual visits our Services. This enables the network advertising companies to recognize individuals who have previously visited our Services. When the individual visits a third-party website on which that network advertising company has purchased ad space, the advertising company can then recognize the individual’s interest in BMW products and services and deliver one of our advertisements.
  19. What choices do I have regarding cookies, including third-party cookies and the delivery of targeted advertisements on third-party sites?
    Most internet browsers allow you to change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it, or to automatically refuse all cookies. Please be aware that some functionality of our Services that relies on the use of cookies may not be available should you choose to refuse all cookies. In addition, because BMW NA does not control these management tools, we cannot guarantee their effectiveness. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please review our FAQs. 

    For more information, you may review the discussion of cookies in our Privacy Policy.

  20. Who can I contact regarding other questions for California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, Connecticut Data Privacy Act and BMW NA?
    You may read more about your rights under CCPA, CPRA, CDPA, CPA, UCPA or CTDPA by reading our States Privacy Rights Statement above. You may read more about the CCPA and CPRA by visiting the California Attorney General’s website. You may read more about the CPRACDPACPAUCPA or CTDPA. You may also contact BMW NA with any remaining privacy questions by calling (855) 811-2309.
  21. What must I do to access my personal information under CCPA, CPRA , CDPA, CPA, UCPA, or CTDPA?
    You must either use the functions within Section 25 of this privacy policy or call us at (855) 811-2309 Monday through Thursday, 9am-9pm ET or Friday, 9am-6pm ET. You must provide us with your personal information so we may verify your request and locate your information in our systems. If we are unable to verify your identity as described in this privacy statement, we will be unable to process your request. If we are able to verify your identity and you are a current BMW NA customer, we may deliver your personal information access report through our data subject rights portal or certified mail.
  22. When I access my information, why is my personal information displayed in the manner in which it is displayed?
    In allowing you to access your information, we consolidate information from various applications to provide data about the products and services you have with us in a single report. Some of this information may include variations of your personal information and may be limited to data collected or generated in the 12 months prior to the date of your request (or longer if you have requested it).
  23. How do I correct my information?
    You may correct your information as set forth in Section 14 of this privacy policy, by visiting Section 25 of this privacy policy, or by calling us at (855) 811-2309 Monday through Thursday, 9am-9pm ET or Friday, 9am-6pm ET.
  24. What if I am a job applicant?
    BMW NA Privacy Policy is intended to provide you with your right to know, under state privacy laws such as the CCPA, CPRA, CDPA, CPA, UCPA, and CTDPA, the categories of personal information, including sensitive personal information, we collect, the purposes for which such personal information is to be used, whether such information is sold or shared, and the time we intend to retain each such category of personal information. We may also provide you with additional privacy notices relating to the processing of your personal information. However, please note that job applicants do not currently have rights to access or delete personal information under the CDPA, CPA, UCPA or CTDPA. Furthermore, please note that BMW NA does not sell your personal information in the context of your job application. Therefore, you don’t have to opt out of the sale of your personal information.
  25. Are there any authorized agent designation requirements?
    Some states, like Virginia and Utah, do not provide for an authorized agent to exercise a right on behalf of a consumer. Other states, like California, Colorado, and Connecticut, do permit the use of authorized agents.
    We may require that your designated authorized agent provide us with a written declaration signed by you that the authorized agent is permitted to make a request on your behalf. When an authorized agent makes a request on your behalf, we will deliver to you, not the authorized agent, the responsive documents.
    As you must with a direct consumer request, you or your designated authorized agent must provide us with adequate information to verify your identity. We may verify your identity by matching the information you provide with our records. If we cannot verify your identity, we will let you know and may deny the request. We may also require that your authorized agent comply with the requirements of applicable law, such as being registered with the appropriate Secretary of State.
  26. Does BMW NA charge a fee to respond to requests?
    Generally, no. However, under CCPA, CPRA, CDPA, UCPA, and CTDPA, we may charge a reasonable fee for or refuse to act on requests that are manifestly unfounded or excessive, including repetitive requests. If we refuse to act on a request, we will notify you of the reason.
    Under the CPA, your first request is free. However, we may charge a fee if you make more than one request in a 12-month period.
  27. How long will it take to process my request?
    We attempt to verify and complete requests within 45 days. In some cases, it may be necessary to extend the time frame. You will be notified if a request cannot be fulfilled and an extension is needed.
  28. Why didn’t I get any information?
    It may be that we were unable to find you in our systems with the information you provided to us. If you make a subsequent request and provide additional information about yourself, we may be able to find out more information about you in our systems. It is also possible that any information you may have provided us has since been deleted as a part of our record retention policies. It is also possible that the information you requested is covered under one of the permitted exemptions under the CCPA, CPRA, CDPA, CPA, UCPA, CTDPA or other applicable privacy law.
  29. Does my personal information access report include everything you have about me?
    Not necessarily. Some types of information are exempt from the CCPA, CPRA, CDPA, CPA, UCPA or CTDPA. Generally, CCPA, CPRA, CDPA, CPA, UCPA, and CTDPA do not apply to credit reports under the Fair Credit Reporting Act (FCRA), financial records under GLBA, or medical records under the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act.
    In addition, please note that the applicable regulations do not require us to search for personal information if we: 

    • Do not maintain the personal information in a searchable or reasonably accessible format;
    • Maintain the personal information solely for legal or compliance purposes;
    • Do not sell the personal information and do not use it for any commercial purpose; and
    • Describe to the consumer the categories of records that may contain personal information that we did not search because we met the three conditions stated above

    The types of records we did not search include records relating to litigation, unstructured paper records, and other categories.
    As a result, these types of personal information or records are not included in your personal information access report.

  30. What happens when I request that you delete my data?
    We delete your data subject to our legal obligations and related data retention policies and schedules.
    Please note that, under the CPRA, we are not required to comply with your request to delete your personal information if it is reasonably necessary for BMW NA to maintain your personal information in order to complete the transaction, fulfill the terms of a written warranty or product recall, provide a good or service you requested, perform the contract between us, help ensure security and integrity, debug to identify and repair errors, ensure free speech or other rights provided by law, comply with the California Electronic Communications Privacy Act, engage in certain scientific, historical, or statistical research, enable internal uses that are expected and context compatible, and comply with a legal obligation.
    As permitted under the applicable regulations, we may retain your personal information in our backup or archival systems until the retention period of those systems expires.
  31. Can I delete my data in a BMW app?
    Yes, you can delete your data in a BMW app. There are several ways to accomplish this: 

    • For some data types, you can delete the individual data elements, such as a single destination.
    • You can delete all app data by clicking the “clear all application data” in the privacy menu in the app. This deletes all the data generated and collected by the app except your BMW ID, vehicle data, and other non-application data.
    • To unlink your vehicle from the Services, log into the My BMW website.
  32. Are there exceptions to compliance with these laws and my requests?
    Yes, CPRA, CDPA, CPA, UCPA or CTDPA may create exceptions to compliance for the following reasons, among others: Complying with federal, state, or local laws or regulations or with a court order or subpoena; complying with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons; cooperating with law enforcement agencies concerning matters that may violate the law; cooperating with a government agency access request when a person is at risk of injury or death or otherwise protecting the vital interests or physical safety of an individual; exercising or defending legal claims; providing a product or service requested by the consumer; performing a contract to which the consumer is a party; fulfilling the terms of a written warranty; performing internal operations that are reasonably aligned with the expectations of the consumer; preventing and protecting against security incidents, identity theft, and other illegal activity; preserving the integrity or security of systems; ensuring the exercise of free speech; and when compliance by the business would violate an evidentiary privilege.
  33. What about deidentified information?
    BMW NA may deidentify or aggregate your personal information in compliance with the CCPA and CPRA. In those situations, we are not obligated to provide access to or delete this information in response to a request.
  34. For what purposes do you use the information provided in my requests?
    We use the information you provide us to verify your identity and process your request.
  35. How long do you retain the information about my request?
    We retain the information relating to your request in accordance with our legal obligations and records retention policies and schedules. We will maintain, for a minimum of 24 months, a record of your request as required under CCPA. Communications provided to you through our data subject rights portal are available for 90 days.
  36. How long do you retain my information?
    We retain your information in accordance with our legal obligations and records retention policies and schedules. We may delete your data once the legal obligation expires or after the period of time specified in our retention policies.
  37. Why was my request denied?
    The security of your information is of utmost importance to us. We need to ensure that you are who you claim to be. We may deny your request if we are unable to verify your identity based on the information you provide with your request. Among other reasons, your request may also be denied if you have made more than two requests in the past 12-month period. We may provide you with the reason for the denial.
  38. How many requests may I make in one year?
    You may make two requests to access your personal information in a 12-month period under the CCPA, CPRA, and CDPA. You may make more than two requests; however, we are not required under the CCPA, CPRA, or CPDA to respond to them. Under the CPA, UCPA, and CTDPA, you may make one request in a 12-month period free of charge. While you may make subsequent requests during that period, we may charge a fee for such requests.