BMW x Festival de Cannes 2025
Time left to finalize registration: Minutes
 

DATA PROTECTION

LEGAL INFORMATION ON DATA PROTECTION (PRIVACY NOTICE).

We treat your data in accordance with the same high standards that you expect from our products and services. Our aim is to create and maintain the basis for a trusting business relationship with our customers and prospective customers. The confidentiality and integrity of your personal data is of particular concern to us.

WHO IS RESPONSIBLE FOR DATA PROCESSING?

Bayerische Motoren Werke Aktiengesellschaft, Petuelring 130, 80788 Munich, domicile and court of registry: Munich HRB 42243 (hereinafter "BMW"), is the provider of the website www.cannesbmw.com. BMW provides the Event Services for the event BMW at CANNES 2025 (hereinafter “Event Services”) and is responsible for data processing in connection with the use of the website.

WHAT DATA DO WE PROCESS AND FOR WHAT PURPOSE?

The data collected in connection with the conclusion of the contract or the provision of the Event Services is processed for the following purposes:

A. Fulfilment of the contractual obligation to provide Event Services (Article 6 (1) lit. (b) GDPR)

For the purposes of fulfilling the Event Services contract concluded between yourself and BMW, BMW shall provide various services such as participation in the event BMW at CANNES 2025.

For the provision of these services, the following potentially personal information from the participant is processed for the provision of services by BMW and commissioned service providers:

  • Salutation, title, first name and surname - required
  • Company, department - required
  • Company address - required
  • Email address - required
  • Biological data (birthday, gender) - required
  • Socio-cultural data (nationality) - required
  • Participation in programs - required
  • Hotel: Check-in and check-out date, special requests - required
  • Arrival and departure: Arrival/departure means and times; train and flight numbers and details of the shuttle transfer, if applicable, and other notes on arrival/departure - required
  • Personal data on health - optional
  • Information on vegetarian/vegan diet; allergies and other notes on eating habits - optional

The provision of the optional data is not required to complete the Event Services contract.

The processed personal data is automatically deleted after 8 - 12 weeks after the event, unless it is needed for longer for the provision of the special service.

B. Fulfilment of legal obligations imposed on BMW (Article 6 (1) lit. (c) GDPR)

In addition, BMW also processes personal data if there is a legal obligation to do so.

BMW is subject to a variety of other legal obligations. In order to fulfil these obligations, we process your data to the required extent and, if necessary, pass it on to the responsible authorities in accordance with legal reporting requirements.

If necessary, we will process your data in the event of a legal dispute should the legal dispute require us to do so.

C. Data transmission to selected third parties

Data is forwarded to the following companies, if and insofar as the necessary data protection requirements are met:

To business partner, accommodation provider, catering provider, transfer provider (to fulfil execution of the Event Services).

To carefully selected and audited service providers and business partners with whom we work together to provide you with Event Services (to fulfil execution of the Event Services).

To other third parties (e.g. public bodies) insofar as we are legally obliged to.

HOW LONG DO WE STORE YOUR DATA FOR?

We store your personal data only for as long as the relevant purpose requires it. If data is processed for multiple purposes, the data will be automatically deleted or stored in a form that cannot directly be traced back to you as soon as the last specified purpose has been fulfilled.

HOW IS YOUR DATA STORED?

We store your data based on the state of the art. For example, the following safeguards are used to protect your personal information from misuse or any other unauthorized processing:

  • Access to personal data is restricted to a limited number of authorized persons for the stated purposes only.
  • The data collected will only be transmitted in encrypted form.
  • Sensitive data is stored only in encrypted form.
  • The IT systems for processing the data are technically isolated from other systems to prevent unauthorized access, e.g. through hacking.
  • In addition, access to these IT systems is continuously monitored to detect and ward off misuse at an early stage.

WHO DO WE SHARE INFORMATION WITH AND HOW DO WE PROTECT IT?

BMW is a company with an international presence. Personal data is preferably processed within the EU by BMW employees, national sales companies and service providers commissioned by us.

If data is processed in countries outside the EU, BMW will ensure that your personal data is processed in accordance with European data protection standards thanks to EU-standard agreements, including the appropriate technical and organizational measures. If you would like to see the specific safeguards for the transfer of data to other countries, please contact us using the communication channels listed below.

How can you view and change your data protection settings?

You can view and change the settings relevant to data protection in the Event Services portal at any time.

Contact details, subject rights, and your right to complain to a supervisory authority.

If you have any questions about the way we use your personal data, please contact BMW data protection officer:

Datenschutzbeauftragter

BMW AG
Petuelring 130
80788 Munich, Germany
datenschutz@bmw.de

As an individual whose data is subject to processing, you may assert certain rights against us in accordance with the GDPR and other relevant data protection regulations. The following section contains explanations of your rights under the GDPR.

Rights of affected persons

In accordance with the GDPR, you, as an affected person, are entitled to the following rights in particular:

Right of access by the data subject (Article 15 GDPR):

You may request information about the data we hold about you at any time. This information includes, but is not limited to, the categories of data we have processed, the purposes for which we have processed this data, the origin of the data if we did not collect it from you directly, and, if applicable, the recipients to whom we have transferred your data. You can request a copy of your data free of charge. If you are interested in obtaining additional copies, we reserve the right to charge you accordingly.

Right to rectification (Article 16 GDPR):

You can ask us to rectify your data. We will take reasonable measures to keep the information we hold and process about you accurate, complete, and up to date, based on the most current information available to us.

Right to erasure (Article 17 GDPR):

You can request the deletion of your data, provided there are legal requirements in place to support this. This may be the case under Article 17 GDPR if:

  • The data is no longer required for the purposes for which it was collected or otherwise processed;
  • Your consent, which is the basis of data processing, is revoked and there is no other legal basis for the processing;
  • You object to the processing of your data and there are no overriding legitimate grounds for processing, or you object to the processing of data for direct marketing purposes;
  • The data was processed unlawfully,

 unless processing is necessary

  • to ensure compliance with a legal obligation that requires us to process your data;
  • particularly with regard to legal retention periods;
  • to enforce, exercise, or defend legal claims.

Right to restriction of processing (Article 18 GDPR):

You may require us to restrict the processing of your data if

  • You dispute the accuracy of the data for the period of time that we need to verify the accuracy of the data;
  • The processing is unlawful, but you refuse the deletion of your data and instead demand a restriction of use;
  • We no longer need your information, but you need it to enforce, exercise, or defend legal claims;
  • You have lodged an objection against processing as long as it is not clear whether our justified reasons outweigh yours.

Right to data portability (Article 20 GDPR):

You have the right to request that we transfer your data - if technically possible - to another responsible party. However, you are entitled to this right only if the data processing is based on your consent or is necessary to execute a contract. Rather than receive a copy of your data, you may also ask us to transfer the data directly to another person in charge specified by you.

Right to object (Article 21 GDPR):

You may object to the processing of your data at any time for reasons that arise from your particular situation, if the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can provide compelling legitimate reasons for the processing that outweigh your interests or we need your data to enforce, exercise, or defend legal claims.

Time limits for the fulfilment of subject rights

We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific subject right or complexity of your request.

Restriction of information in the fulfilment of subject rights

In certain situations, we may be unable to provide you with information about all your data owing to legal requirements. If we have to refuse your request for information in such cases, we will inform you at the time of the reasons for the refusal.

Complaints to supervisory authorities

BMW takes your rights and concerns very seriously. However, if you believe that we have not adequately addressed your complaints or concerns, you are entitled to file a complaint with a competent data protection authority.
 

March 2025