LEGAL DISCLAIMER
Information About Data Privacy Protection
No. 1 The body responsible in accordance with Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:
BMW AG München
Petuelring 130
80788 München
Registered office: Munich
Registry court: Munich HRB 42243
Should you have questions regarding the use of your personal data by us, please contact golfsport@bmw.de or BMW customer services.
Either by e-mail at kundenbetreuung@bmw.de or by telephone at +49 89 1250-16000 (daily 08:00 - 20:00 hrs).
You may also contact the responsible data protection officer:
Stefan Winkler
BMW AG
Petuelring 130
80788 München
datenschutz@bmw.de
Processing of your personal data on commission by CAA Sports GmbH, Munich
CAA Sports GmbH Munich was commissioned by BMW AG to organize the "BMW Golf Cup World Final 2021" and to process the personal data required for that purpose.
CAA Sports GmbH
Infantriestr. 11 a, Haus C
80797 Munich
Should questions arise, you may also contact the data protection officer of CAA Sports GmbH:
Astrid Biermeier
CompCor Compliance Solutions GmbH&Co. KG
Königsbacher Str. 51
75196 Remchingen
Tel. 0800/313 400 900
dsb-caa-sports@compcor.de
No. 2 Information about the collection of personal data
(1) In this document we would like to inform you about the collection and processing of your personal data during use of our website.
Which data about you can be collected?
Personal data means all data relating to you personally, e.g. your name, address, telephone number, e-mail addresses, user behaviour.
What is the purpose of the data processing?
The data collected in connection with conclusion of the contract will be processed for the purposes listed below:
A. Fulfilment of the contractual obligation to provide event services (Art. 6(1)(b), EU General Data Protection Regulation)
For the purpose of performing the contract on event services (here: BMW Golf Cup International World Final 2018) concluded between yourself and BMW, the latter and the service providers shall provide various services such as, for example, coordination of the world final of the BMW Golf Cup International 2018. In order to provide these services, the following, possibly personal information will be processed by BMW and commissioned service providers:
- contact details of the participants (name, first name, address, e-mail address, etc.)
- other personal data relating to organization of the event (specific accommodation requests, allergies, specific health issues)
B. Advertising communication and market research based on consent (Art. 6(1)(a), EU General Data Protection Regulation)
Insofar as you have separately granted your consent to more extensive use of your personal data, such data may be used and, if appropriate, provided to third parties in accordance with the scope specified in the consent, e.g. for advertising purposes and/or market research. The relevant details are set out in the individual declaration of consent, which may be revoked at any time.
C. Transfer of data to selected third parties
Data shall be transferred to the following enterprises, among others, if and insofar as the relevant requirements under data protection law have been met:
- To carefully selected and verified service providers and business partners with which we work together in order to be able to offer services to you. We do so on behalf of BMW AG solely within the boundaries of the strict requirements of data-processing on commission or on the basis of your express consent.
- To other third parties (e.g. public bodies) insofar as we are subject to a corresponding statutory obligation.
How do we protect your personal data?
We safeguard your data in accordance with the state of the art. For example, the following safety measures are applied in order to protect your personal data against misuse and other unauthorized processing:
- The number of authorized persons permitted to gain access to personal data for the purposes stated is strictly limited.
- In addition, sensitive data is stored and transferred solely in encrypted form.
- The IT systems for processing of the data are isolated using technical means from other systems in order to prevent unauthorized access, e.g. through hacking.
- Furthermore, access to these IT systems is permanently monitored in order to detect and avert misuse at an early point in time.
For how long do we store your data?
We shall only store your data in accordance with Art. 17, EU General Data Protection Regulation, for as long as is necessary for the relevant purposes for which we process your data. If we process data for several purposes, as soon as the final specific purpose has been achieved the data will be automatically erased or stored in a format that does not permit direct conclusions as to your identity. In order to ensure that all your data has been erased in accordance with the principle of data minimization and Art. 17, EU General Data Protection Regulation, BMW has drawn up an internal concept for erasure. The fundamental principles underlying the erasure of your personal data under that concept are set out below.
Use in order to fulfil a contract
In order to fulfil contractual obligations, the data you have collected may be stored for as long as the contract is in force, and for a further 6-10 years depending on the nature and impact of the contract, in order to comply with statutory storage obligations and in order to clarify potential queries or claims after the contract has ended.
Furthermore, there are contracts for the delivery of products and services that require longer storage periods, see also "Use in order to review claims" below.
Use in order to review claims
Data that in our opinion will be required in order to review or avert claims made against us or in order to initiate prosecution under criminal law or to make claims against you, us or third parties may be stored by us for as long as such proceedings could be initiated.
Use for customer services and for marketing purposes
The data collected about you may be stored for 3 years after contact was most recently established, for customer services and marketing purposes, unless you request that such data be erased and provided there are no contractual or statutory storage obligations conflicting with such request for erasure.
Who do we permit to obtain international access to your data and how do we protect such data in that context?
BMW is a globally engaged enterprise. Personal data is processed by BMW employees, national distribution companies, authorized dealers and service providers we commission, preferably within the European Union.
Should data be processed in countries outside the EU, BMW shall ensure through EU standard contracts including appropriate technical and organizational measures that your personal data is processed in accordance with the European level of data protection. If you wish to inspect the specific protective precautions for the transfer of data to other countries, please contact us using the communication channels mentioned below.
The EU has already established a comparable level of data protection in several countries outside the EU, for example Canada and Switzerland. Owing to the comparable level of data protection, the transfer of data to these countries is not subject to separate authorization or agreement.
In order to obtain assistance for the provision of the services and purposes of use listed, BMW avails itself of a number of service providers who are commissioned by BMW AG within the context of the strict requirements for data processing under data protection law.
No. 3 Your rights
(1) As a data subject affected by the processing of your data, you may assert certain rights in relation to us under the EU General Data Protection Regulation and other pertinent data protection provisions. The following section contains explanations about your rights as a data subject under the EU General Data Protection Regulation.
Rights of data subjects
You have the following rights especially as a data subject in relation to BMW under the EU General Data Protection Regulation:
Right to obtain information (Art. 15, EU General Data Protection Regulation): You may at any time require information from us about the data that we are holding about you. Among other things, this information concerns the data categories processed by us, the purposes for which we process such data, the origin of the data where we did not collect it directly from you, and where appropriate the recipients to whom we transferred your data. You may obtain a copy of your data from us free of charge. Should you be interested in obtaining additional copies, we reserve the right to charge you for such additional copies.
Right to rectification (Art. 16, EU General Data Protection Regulation): You may require us to rectify your data. We shall take appropriate measures in order to keep the data we hold about you and that we regularly process accurate, complete and up-to-date, based on the most recent information available to us.
Right to erasure (Art. 17, EU General Data Protection Regulation): You may require us to erase your data insofar as the relevant legal requirements are met. This can be the case under Art. 17, EU General Data Protection Regulation, if
- the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the data processing is based and if there is no other legal ground for the processing;
- you object to the processing of your data and there are no overriding legitimate grounds for the processing, or if you object to the data processing for direct marketing purposes;
- the data was unlawfully processed
insofar as such processing is not necessary
- in order to ensure compliance with a statutory obligation requiring us to process your data;
- especially with regard to statutory storage periods;
- in order to establish, exercise or defend legal claims.
Right to restrict processing (Art. 18, EU General Data Protection Regulation): You may require us to restrict the processing of your data if
- you dispute the accuracy of the data, for the period we need in order to verify the accuracy of the data;
- the processing is unlawful and you oppose the erasure of your data and instead request a restriction on use;
- we no longer need your data, but if you require it in order to establish, exercise or defend legal claims;
- you have objected to the processing, until it is clear whether or not our legitimate grounds will override yours.
Right to data portability (Art. 20, EU General Data Protection Regulation): At your request we will transfer your data to another controller insofar as technically possible. However, this right only accrues to you where the data processing was based on your consent or was necessary in order to perform a contract. Instead of receiving a copy of your data, you may also ask us to transfer the data directly to another controller you specify.
Right to object (Art. 21, EU General Data Protection Regulation): You may object to the processing of your data at any time based on grounds relating to your particular situation insofar as the data processing was based on our consent or on our legitimate interests or those of a third party. In that case we shall no longer process your data. This does not apply where we are able to demonstrate compelling legitimate grounds for the processing which override your interests or where we require your data for the establishment, exercise or defence of legal claims.
Deadlines for the satisfaction of data subjects' rights
As a matter of principle, we endeavour to respond to all queries within 30 days. However, this deadline can be extended for reasons relating to the specific right of a data subject or to the complex nature of your query.
Restrictions on providing information when satisfying data subjects' rights
In certain situations, based on legal requirements, we might not be able to provide information about all your data to you. If we have to refuse your request for information in such a case, we shall inform you simultaneously about the reasons for the refusal.
Lodging a complaint with supervisory authorities
BMW takes your reservations and rights very seriously. However, if you believe that we have not dealt with your complaints or reservations adequately, you are entitled to lodge a complaint with a competent data protection authority.
No. 4 Collection of personal data during visits to our website
(1) Where the website is used merely for informational purposes, i.e. if you do not register or otherwise provide information to us, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data we require for technical reasons in order to display the website to you and in order to ensure its stability and security (the legal basis is Art. 6(1), first sentence, (f), EU General Data Protection Regulation).
- IP address
- Date and time of the query
- Time zone difference to Greenwich Mean Time (GMT)
- Specific content (webpage) of the query
- Access status/HTTP status code
- Quantity of data communicated in each case
- Website that is the source of the query
- Browser
- Operating system and its surface
- Language and version of the browser software.
This data shall not be collected continuously, but, rather, only where necessary for technical or technical safety reasons.
(2) In addition to the above-mentioned data, cookies are also stored on your computer when you use our website. Cookies are tiny text files that are stored on your hard disk and attributed to the browser you use, and which enable certain information to flow to the party placing the cookie (in this case, us). Cookies are unable to run programs or transfer viruses to your computer. They serve to render internet products more user-friendly and more effective overall.
(3) Use of cookies:
a) This website uses the following kinds of cookies, the scope and functioning of which are explained below:
- Transient cookies (see (b))
- Persistent cookies (see (c)).
b) Transient cookies are deleted automatically when you close your browser. They include session cookies in particular. Session cookies store a so-called session ID which enables various queries from your browser to be attributed to a certain session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are deleted automatically after a pre-set period which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
d) You can adjust your browser settings as you wish and may reject, for example, the acceptance of third-party cookies or of all cookies. However, we would like to point out that you may be unable to use all functions of this website.
e) The Flash cookies used are not recorded by your browser, but, rather, by your Flash plug-in. We also use HTML5 storage objects that are placed on your computer. These objects store the necessary data irrespective of the browser you use and have no automatic expiry date. If you do not want the Flash cookies to be processed, you have to install a corresponding add-on, for example Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by adjusting your browser to private mode. We also recommend the regular manual deletion of your cookies in the browser history.
No. 5 Additional information
SSL encryption
For security reasons and in order to protect the transfer of confidential content, for example queries you send to us as the website operator, this webpage uses SSL encryption. You can detect an encrypted connection from the fact that the address line of the browser changes from "http://" to"https://" and from the padlock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Establishing contact
When contact with the provider is established (e.g. using the contact form or by e-mail), information about the user is stored in order to process the query and in case follow-up questions arise.