一、 Instruction of Third Party SDKs

In order to ensure the implementation of My BMW App related features and stable operation of application, we may use the software development packages (SDKs) provided by the third parties to achieve relevant purposes. You can click the privacy policy links below to check the rules of third-party for the use and protection of personal information. Please notice that the personal information type of third party SDKs may change for the edition update, tactic change and others. The official instruction to public shall be prevail.

Name of SDK: Tencent OCR

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd.

Usage purpose: to complete online real-name registration (RNR) process.

Usage scenario: online real-name registration (RNR) of Connected driving card

Personal information type: Identification Card information, VIN.

Sharing method: Directly collect through SDK

Name of SDK: WeChat Open

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd.

Usage purpose:

(1) to call certain functionality of WeChat (sharing/authorization), and check the application installation status

(2) to make account correlation of tencent scenes and BMW Login Administration

Usage scenario:

(1) My trip-monthly report or community information shared from My BMW App to WeChat friends, Moments or Favorites and opening the WeChat applet

(2) BMW Login Administration in My Car

(3) WeChat information shared to vehicle

Personal information type: image data of Community service and destinations in Map module, device information (device model), application installation list.

Sharing method: Directly collect through SDK

Name of SDK: Alipay Pay Task

Name of the third party entity: Alipay (China) Network Technology Co., Ltd.

Usage purpose: to call Alipay complete online payment; risk control, and to better choose the internet lines and internet optimization; fix the function failure in part of device and system.

Usage scenario: when calling Alipay complete online payment

Personal information type: IMEI, IMSI, Android ID, MAC address, Hardware serial number, ICCID, SSID, BSSID, gyroscope sensor details, network type, operator details, WIFI status/parameter/list, system setting, system property, device manufacturer, device model, operating system.

Sharing method: Directly collect through SDK

Name of SDK: Tencent Map and Tencent locator

Name of the third party entity: Tencent Technology (Beijing) Co., Ltd

Usage scenario: when using Tencent Map and Tencent locator service

(1) Usage purpose: to return user location information, and thus allow developers to provide required services accordingly based on accurate location details.

Personal information type: Geographic location

(2) Usage purpose: in order to provide location services, assisted location service to users, and provide developers with more accurate location information of final users.

Personal information type: device information (IP address, GNSS configuration, operator base information, WiFi information, sensor information, bluetooth information)

(3) Usage purpose: in order to resolve user’s feedback problems, anti-spam, log statistic, maintain SDK operation and geolocation, repair the problems in operation, and deal with the locating strategies of different systems.

Personal information type: Device Identification Information (OAID, IDFV, Android ID), Device Parameters and system information (mobile phone screen density, size, device model, operating system version, system attribute)

(4) Usage purpose: Tencent locator SDK uses sensor 3 times every second to provide assistant locating function, deduce and predict locations, among which the rotation vector sensor is used for getting the screen orientation

Personal information type: Sensor (Gravity sensor, gyroscope sensor, acceleration sensor, magnetic field sensor, rotation vector sensor)

(5) Usage purpose: On the map page, the high frequency continuous acquisition of locating information will be triggered, and switching to other pages will not continuously acquire locating information at high frequency. Therefore, on the map page, by default, Tencent locating SDK is called continuously every 4 seconds to obtain accurate locating information in real time, so that avoiding showing users wrong locating information, and providing accurate user locating for functions requiring accurate locating information. Tencent will try again many times to return accurate locating information within 2 seconds when it fails to obtain information. Please note that this calling frequency does not include location requests triggered by users.

Personal information type: getting geolocation information at high frequency.

Sharing method: Directly collect through SDK

https://privacy.qq.com/document/preview/dbd484ce652c486cb6d7e43ef12cefb0

Name of SDK: Countly

Name of the third party entity: Countly Ltd.

Usage scenario: when users browsing and clicking in MINI App

1. Usage purpose: Operating system information and App crash data are collected to provide more perspectives for data analysts to evaluate user data and better record behavior data for users who have logged into multiple devices, Android ID collected as an unique identifier for guest users’ behavior data.

Personal information type:

(1) Default properties: Application package

(2) Default hardware, software and telemetry information: Application Key, Generated device ID or custom ID (IDFV, Android ID, Hashed GCID), Session duration extension, Country code and city, Operating system, Operating system version, Device resolution, Carrier, Application version, Density, Locale (device or browser language), Application Store (Store that this app is downloaded from), Traffic sources and search terms (for web SDK), Browser information

(3) Crash data : Crash dump, Current and total RAM, Current and total disk space, device online or not, device muted or not, App is in background or not, Name of crash, Fatal or non-fatal (Whether crash caused app to exit or not), Running time of app, Any custom key/value provided by developer

(4) Terminal device operating information: Operating system and version, Application version, Equipment model, OS version of terminal equipment, IDFV, Android ID

2. Usage purpose: User behavior data within mobile App are collected for the purpose of data analysis and feature success evaluation. User behavior data are not analyzed in the way to identify a specific user.

Personal information type: Custom user data that all detailed behavior related data (include product SKU number, selected vehicle color), User behavior data (include page view, tap, click)

Sharing method: Directly collect through SDK

Name of SDK: Getui push

Name of the third party entity: Merit Interactive Co.,Ltd.

Usage scenario: Notification push service

(1) Usage purpose: used for improve the efficiency of channel resource, enhance the efficiency and stability of notification push

Personal information type: Device model, device brand, system version, notification switch status and application installation list

(2) Usage purpose: used for generating unique push target ID(CID) and device ID(GID), so as to ensure the accurate notification push and identify

Personal information type: Device identifier (Android ID, Advertising ID, UAID)

(3) Usage purpose: in order to maximally ensure the network connection stability, and build long link. Through getting the device network status and change, so as to provide stable and continued push service

Personal information type: Internet information (IP address, WiFi information, base station information)

Sharing method: Directly collect through SDK, and transfer to backend server through API

Name of SDK: Huawei Push

Name of the third party entity: HUAWEI Software Technology Co., Ltd.

Usage purpose: in order to provide Huawei push, and analysis success rate of Huawei interface invocation.

Usage scenario: Notification push service

Personal information type: Application information, device identifier (AAID and Push Token）, device type, system type and version, region code.

Sharing method: Directly collect through SDK, and transfer to backend server through API

Privacy policy link: https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177

Name of SDK: Xiaomi Push

Name of the third party entity: Xiaomi Technology Co., Ltd.

Usage scenario: Notification push service

(1) Usage purpose: in order to generate device identifier, and ensure notification push to the unique device

Personal information type: Device identifier OAID, encrypted Android ID

(2) Usage purpose: to ensure the notification push and service display

Personal information type: Device manufacturer, device type, device memory, system version, SDK version of Xiaomi push, region, SIM operator name, internet type.

Sharing method: Directly collect through SDK, and transfer to backend server through API

Name of SDK: VIVO Push

Name of the third party entity: Guangdong Tiancheng Network Technology Co., Ltd.

Usage scenario: Notification push service

(1)Usage purpose: in order to provide notification push service

Personal information type: Device type, device manufacturer, device identification information (include IMEI, EmmC ID, UFS ID, ANDROID ID, GUID, GAID, OPENID, VAID, OAID, Reg ID, and encrypted Android ID), application software information (include application package name, version number, APPID, installation, uninstallation, factory reset, running status, and installation list), country code,

(2)Usage purpose: in order to ensure the service stability, and provide timely service

Personal information type: Network information (include IP address and network type)

Sharing method: Directly collect through SDK, and transfer to backend server through API

Name of SDK: OPPO Push

Name of the third party entity: Guangdong HeyTap Technology Co., Ltd.

Usage scenario: Notification push service

(1) Usage purpose: in order to provide push service

Personal information type: Device information (OAID, user ID, Android ID, Google advertising ID, mobile phone region, device type, device battery, device system version and language).

(2) Usage purpose: in order to push notifications to certain applications

Personal information type: Application information(App package name and version, running status), SDK version of OPPO push, installation list

(3) Usage purpose: in order to ensure the display of push notification

Personal information type: Internet information, status of notification bar, screen locking status.

Sharing method: Directly collect through SDK, and transfer to backend server through API

Name of SDK: Ti-Net IM

Name of the third party entity: Beijing Tianrun Rongtong Technology Co., Ltd.

Usage purpose: in order to provide instant messaging service for service status tracking, support different message formats, including text, picture, audio, video, documents, etc. And to judge whether App operates in frontend. Only when the App operates in frontend can start the message sending service.

Usage scenario: for service status tracking, chatting with App official account and dealers in eWorkshop chat room.

Personal information type: Mobile device operation information (device model, terminal device manufacturer), operation info.

Sharing method: Directly collect through SDK, and transfer to backend server through API

Name of SDK: Tencent Cloud Eye Facelive SDK

Name of the third party entity: Tencent Cloud Computing(Beijing) Co., Ltd.

Usage purpose: Facelive video is used for live detection and real-person verification, it is necessary to compare and verify the name, ID number, and facial video with the information stored in the reputable identity authentication platform or the national citizen ID number query service center. Guide users to perform colorful light for live detection and real-person verification in an environment with normal lighting, reducing the authentication failure caused by environmental factors. To obtain the network connection type for transmission optimization; IP address is needed for network transmission, and to establish communication with SDK server; device information is required to monitor device risk environment, malicious application detection, ROM hijacking attacks, network security monitoring, and other security checks and protection functions. This is to identify whether the device and the user of this SDK are genuine, and timely intercept cheating, hijacking or attacks during the face-scanning process. It's also needed to troubleshoot faults occurring during SDK operation, analyze abnormalities and performance issues of the SDK and device itself, facilitating localization and analysis of anomalies.

Usage scenario: Real-name registration and facial recognition

Personal information type: Identity Card information (name, ID number), facelive video and photos, Light sensor information, Device model, operating system, network connection type, IP address, system Settings, system properties (including sensor list information), camera (camera parameters, interfaces), For iOS: Operator information, IDFV. For Android: OAID, storage file path, mobile phone model, mobile phone brand, Android system version, Android api level, manufacturer system version, cpu architecture type, device root, disk space usage, sdcard space usage, memory space usage, network type, and the Running application Name and PID.

Sharing method: Directly collect through SDK

Name of SDK: Ximalaya SDK

Name of the third party entity: Shanghai Ximalaya Technology Co., Ltd. and its affiliates

Usage purpose: to bind/unbind Ximalaya account with BMW ID via Login Administration

Usage scenario: Vehicle related feature Login Administration

Personal information type: Device information (device model, operating system version, unique mobile device identifier (OAID, IDFA, IDFV, SIM card), UUID/Android ID)

Sharing method: Directly collect through SDK

Name of SDK: Sensor SDK

Name of the third party entity: Sensors Data Network Technology (Beijing) Co., Ltd.

Usage scenario: when you browse and click in My BMW App

(1) Usage purpose: to identify user through the anonymized ID

Personal information type: device attribute information (Android ID, OAID, IDFA, IDFV, UUID), device connection information (browser type, carrier info, operating system, operating system version, device model), SD Card data, application installation list.

(2) Usage purpose: to make user behavior analysis

Personal information type: Logs info, App usage, IP address, Sensor URL, browser type, language, timestamp, Location info, IP location, GPS location, Application info, App ID, App name, App version, User behavior data

Sharing method: Directly collect through SDK

Name of SDK: Bugly SDK (only for Android)

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd

Usage purpose: when the face-live crash during RNR process, the exception would be submitted to Tencent server (via default Bugly)

Usage scenario: face-live verification during RNR process.

Personal information type: mobile phone model, brand, Android version, API type, manufacture system version, CPU framework, root status, disk using status, SD card using status, usage of memory, network type, current process name and PID

Sharing method: Directly collect through SDK

Name of SDK: Chromium SDK

Name of the third party entity: Google LLC

Usage purpose: to load H5/Web View. The org.chromium.net collects SSID to load H5/Web View. Because TC PP is displayed as H5/Web View, the org.chromium.net collects SSID before TC PP is shown.

Usage scenario: All H5/Web View related features, incl. T&C, SF, community, vehicle 3D display, etc.

Personal information type: WiFi Network status (SSID, WiFi status)

Sharing method: Directly collect through SDK

Name of SDK: Aliyun OSS Android SDK

Name of the third party entity: Alibaba Cloud Ltd.

Usage purpose: in order to provide document upload and download service, and save Aliyun OSS Android SDK operating logs, collect the error logs, etc.

Usage scenario: used for the in-App Chatting and messaging function, sending pictures and videos

Personal information type: reading/writing SD card data

Sharing method: Directly collect through SDK

Privacy policy link: http://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud201902141711_54837.html?spm=a2c4g.11174283.J_9220772140.87.14c44c07PsdG0C

Name of SDK: io.flutter SDK

Name of the third party entity: Google

Usage purpose: Flutter is an open source framework by Google for building beautiful, natively compiled, multi-platform applications from a single codebase, and used to implement My BMW App functions

Usage scenario: App operation based on io.flutter.

Personal information type: For Android: Application package information, hardware serial number, Android ID, application list, phone parameter information, gyroscope sensor, acceleration sensor; For iOS: Location information, IDFV, SIM card information, clipboard, camera and gallery, IP address

Sharing method: Directly collect through SDK

二、 Instruction of Personal Information Sharing to BMW Affiliated Companies

In order to provide you with services of【BMW Financing Products】, we would share your personal information with the affiliated companies below. The detailed information sharing instructions are as follows,

BMW affiliated company: BMW Automotive Finance (China) Co., Ltd., Herald International Financial Leasing Co., Ltd.

Usage purpose: for the synchronous login of user-authorized financing / leasing interface, access to financial loan / financing leasing scheme calculator, fast online pre-audit, e-finance, mobile Butler and other modules to enjoy relevant services

Usage scenario: use BMW finance product

Personal information type: Phone number

Sharing method: API

三、Instruction of Personal Information Sharing to Third Party Vendors

In order to provide you with services of【online payment, map locating and walk navigation, map search, park and charge, community operation, charging wall box installation and maintenance, App shopping store service】, we would share your personal information with the third party vendors below. The detailed information sharing instructions are as follows,

Third party vendor: Alipay (China) Network Technology Co., Ltd.

Usage purpose: in order to complete online payment

Usage scenario: when calling Alipay complete online payment

Personal information type: encrypted order number

Sharing method: API

Third party vendor:

(1) Baidu map, Tencent map, Apple map (IOS only), Tencent map

Usage purpose: in order to provide according geolocation and navigation services based on users location information

Usage scenario: when using Walk Navigation function

Personal information type: vehicle location, mobile phone location

Sharing method: transfer through URL

Privacy policy link: https://map.baidu.com/zt/client/privacy/index.html, https://map.wap.qq.com/vision/privacyv2-care-tmap/index.html,

https://www.apple.com.cn/legal/privacy/data/zh-cn/apple-maps/,

https://developer.amap.com/pages/privacy/

(2) Tencent map

Usage purpose: in order to search places, locating and send interest points to vehicles

Usage scenario: when using search function in the Map service of the App

Personal information type: Geographic location, destination information

Sharing method: API

Third party vendor:

(1) Vendors for brand cooperation charging: MALLSHARE (Beijing)Media Technology Co., Ltd., TELD New Energy Co., Ltd., Beijing Sinoair Century Culture Communication Co., Ltd.

Usage purpose: in order to provide vehicle charging, charging card and invoicing services

Usage scenario: Plug and Charge, Public charging station query service, Dedicated parking and charging service

Personal information type: name, phone number, car plate number, email address, transaction amount.

Sharing method: API

https://cv.teld.cn/module/Pictivity.html#/ActivityPage3?hiCode=yszcteld

http://bmw.chinasinoair.com/?code=081qKG000gSVoO1Nr94009C4HE2qKG0m&state=STATE#/policy

(2) Vendors for public charging point: Wangbang Star Charge Technology Ltd., Shanghai SAIC Anyo Charging Technology Co., Ltd., Shanghai EV Power Limited, Beijing XiaoJu New Energy Automobile Technology Co., Ltd., Potevio New Energy Co., Ltd., TELD New Energy Co., Ltd., KuaiDianDongLi (Beijing) New Energy Technology Co. limited., State Grid Smart Internet of Vehicles Co., Ltd.

Usage purpose: in order to provide vehicle charging, charging card and invoicing services

Usage scenario: Plug and Charge, Public charging station query service, dedicated parking and charging service

Personal information type: name, My BMW ID, phone number, car plate number, VIN, email address, address, vehicle SOC, vehicle GPS and charging card type.

Sharing method: API

Privacy policy link: https://app-cdn.starcharge.com/wap/index.html#/privacyPolicy?cityCode=320400&city=320400&lmdTag=1&userId=d663843c-ca50-4a54-899a-f9319a07a014&appVipType=0&localCity=320400&version=7.6.0&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzdGFyQ2hhcmdlQXBwIiwiZXhwIjoxNjY5NDMwODE5LCJpYXQiOjE2NjMzODI4MTksInVzZXJJZCI6ImQ2NjM4NDNjLWNhNTAtNGE1NC04OTlhLWY5MzE5YTA3YTAxNCJ9.3yXK9DFlxn7KMwmpAWuTf5tl8SvJRKft6oNCGej5Qns&navheight=88

http://app.anyocharging.com:8981/privacy/

https://h5-prod.e-chong.com/ev-app-h5/#/privacyPolicy

https://page.udache.com/driver-activity-biz/baichuan-policy-agreement/index.html?mode=2&bc_appid=120084&bc_scene=epower_app&lang=zh-CN#/xpub?cid=111696&cnt_id=21092214475&s=op-json-oOShHdCK5

http://appinfo.ims-ptne.cn/privacyAgreement/privacyprotocol.html

https://cv.teld.cn/module/Pictivity.html#/ActivityPage3?hiCode=yszcteld

https://h5.fleetingpower.com/helpdetail/202002/6?isdown=1om

https://cdn-evone-oss.echargenet.com/resource/protocal/private.html

(3) Vendors for EMSP public charging: Beijing Uniev Network Technology Co., Ltd

Usage purpose: in order to provide vehicle charging, charging card and invoicing services

Usage scenario: Plug and Charge, Public charging station query service, dedicated parking and charging service

Personal information type: name, phone number, car plate number, email address

Sharing method: API

Third party vendor: Leo Group Digital Technology Co., Ltd

Usage purpose: in order to provide App community operation service

Usage scenario: Activity awards distribution, activity participation and management, community content management

Personal information type: name, phone number and delivery address

Sharing method: backend transfer

Third party vendor: Allianz Partners International Assistance Services (Beijing) Co., Ltd

Usage purpose: in order to install and repair charging wall boxes

Usage scenario: charging wall box installment and repair services

Personal information type: phone number, install address (only for Shanghai area).

Sharing method: API

Third party vendor: Hangzhou Bicheng Digital Technology Co., Ltd

Usage purpose: in order to provide shopping and logistic service in new car shopping store and after-sale shopping store of My BMW App

Usage scenario: new car shopping store and after-sale shopping services in My BMW App

Personal information type: name, phone number and delivery address

Sharing method: API

Third party vendor: NavInfo Co., Ltd.

Usage purpose: in order to provide shopping and logistic services in Connected driving shopping store of My BMW App

Usage scenario: Connected driving shopping services in My BMW App

Personal information type: name, VIN, phone number, invoice title, taxpayer identification number and email address

Sharing method: API