Instruction of Third-Party SDKs

Instruction of Third-Party SDKs

In order to ensure the implementation of My BMW App related features and stable operation of application, we may use the software development packages (SDKs) provided by the third parties to achieve relevant purposes. You can click the privacy policy links below to check the rules of third-party for the use and protection of personal information. Please notice that the personal information type of third party SDKs may change for the edition update, tactic change and others. The official instruction to public shall be prevail.

Name of SDK: Tencent OCR SDK

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd.

Usage purpose: to complete online real-name registration (RNR) process.

Usage scenario: online real-name registration (RNR) of Connected driving card

Personal information type: Identification Card information, VIN.

System permission: Camera permission, Photo permission (only iOS), Network permission and Storage permission

Sharing method: Directly collect through SDK

Name of SDK: WeChat Open SDK

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd.

Usage purpose:

(1) to call certain functionality of WeChat (sharing/authorization), and check the application installation status

(2) to make account correlation of tencent scenes and Login Administration function

(3) to call WeChat Pay complete online payment

Usage scenario:

(1) My trip-monthly report or community information shared from My BMW App to WeChat friends, Moments or Favorites and opening the WeChat applet

(2) Vehicle related feature of Login Administration function

(3) WeChat information shared to vehicle

(4) When calling WeChat Pay complete online payment

Personal information type: image data of Community service and destinations in Map module, device information (device model), application installation list.

System permission: Access to network permission, Storage permission and Access to network status permission

Sharing method: Directly collect through SDK

Name of SDK: Alipay Pay Task SDK

Name of the third party entity: Alipay (China) Network Technology Co., Ltd.

Usage purpose: to call Alipay complete online payment; risk control, and to better choose the internet lines and internet optimization; fix the function failure in part of device and system.

Usage scenario: when calling Alipay complete online payment

Personal information type: IMEI, IMSI, Android ID, MAC address, Hardware serial number, ICCID, SSID, BSSID, gyroscope sensor details, network type, operator details, WIFI status/parameter/list, system setting, system property, device manufacturer, device model, operating system, application installation list.

System permission: Access to network permission and Access to network status permission

Sharing method: Directly collect through SDK

Name of SDK: Tencent Map SDK and Tencent locator SDK

Name of the third party entity: Tencent Technology (Beijing) Co., Ltd

Usage scenario: when using Tencent Map and Tencent locator service

(1) Usage purpose: to return user location information, and thus allow developers to provide required services accordingly based on accurate location details.

Personal information type: Geographic location

(2) Usage purpose: in order to provide location services, assisted location service, and map service so as to enhance Map loading effect and provide developers with more accurate location information of final users

Personal information type: device information (IP address, system location setting, carrier base station information, WiFi information, gyroscope sensor details, blue tooth and device system info. construction, BSSID, SSID, SD Card file)

(3) Usage purpose: in order to resolve user’s feedback problems, anti-spam, log statistic, maintain SDK operation and geolocation, repair the problems in operation, and deal with the locating strategies of different systems.

Personal information type: Device identification information (OAID, IDFV, AAID), device parameters and system information (mobile phone screen density, size, device model, operating system version, system attribute)

(4) Usage purpose: Tencent locator SDK uses sensor 3 times every second to provide assistant locating function, deduce and predict locations, among which the rotation vector sensor is used for getting the screen orientation

Personal information type: Sensor (Gravity sensor, gyroscope sensor, acceleration sensor, magnetic field sensor, rotation vector sensor)

(5) Usage purpose: On the map page, the high frequency continuous acquisition of locating information will be triggered, and switching to other pages will not continuously acquire locating information at high frequency. Therefore, on the map page, by default, Tencent locating SDK is called continuously every 4 seconds to obtain accurate locating information in real time, so that avoiding showing users wrong locating information, and providing accurate user locating for functions requiring accurate locating information. Tencent will try again many times to return accurate locating information within 2 seconds when it fails to obtain information. Please note that this calling frequency does not include location requests triggered by users.

Personal information type: getting geolocation information at high frequency

System permission: Bluetooth permission, Location permission, Network permission, Access to network permission, Access to network status permission, Read device information permission, Read and write access to files permission, Wifi permission

Sharing method: Collect through SDK

https://privacy.qq.com/document/preview/dbd484ce652c486cb6d7e43ef12cefb0

Name of SDK: Countly SDK

Name of the third party entity: Countly Ltd.

Usage scenario: when users browsing and clicking in My BMW App

1. Usage purpose: Operating system information and App crash data are collected to provide more perspectives for data analysts to evaluate user data and better record behavior data for users who have logged into multiple devices, Android ID collected as an unique identifier for guest users’ behavior data.

Personal information type:

(1) Default properties: Application package

(2) Default hardware, software and telemetry information: Application Key, Generated device ID or custom ID (IDFV, Android ID, Hashed GCID), Session duration extension, Country code and city, Operating system, Operating system version, Device resolution, Carrier, Application version, Density, Locale (device or browser language), Application Store (Store that this app is downloaded from), Traffic sources and search terms (for web SDK), Browser information

(3) Crash data : Crash dump, Current and total RAM, Current and total disk space, device online or not, device muted or not, App is in background or not, Name of crash, Fatal or non-fatal (Whether crash caused app to exit or not), Running time of app, Any custom key/value provided by developer

(4) Terminal device operating information: Operating system and version, Application version, Equipment model, OS version of terminal equipment, IDFV, Android ID

2. Usage purpose: User behavior data within mobile App are collected for the purpose of data analysis and feature success evaluation. User behavior data are not analyzed in the way to identify a specific user.

Personal information type: Custom user data that all detailed behavior related data (include product SKU number, selected vehicle color), User behavior data (include page view, tap, click)

System permission: Network permission and Read and write access to files permission

Sharing method: Directly collect through SDK

Name of SDK: Getui push SDK

Name of the third party entity: Merit Interactive Co.,Ltd.

Usage scenario: Notification push service

(1) Usage purpose: used for improve the efficiency of channel resource, enhance the efficiency and stability of notification push

Personal information type: Device model, device brand, system version, notification switch status and application installation list

(2) Usage purpose: used for generating unique push target ID(CID) and device ID(GID), so as to ensure the accurate notification push and identify

Personal information type: Device identifier (IDFA，IDFV，IMEI、OAID、Android ID、Advertising ID、Serial Number、IMSI)

(3) Usage purpose: in order to maximally ensure the network connection stability, and build long link. Through getting the device network status and change, so as to provide stable and continued push service

Personal information type: Internet information (IP address, WiFi information, base station information，operator information)

System permission: Notification permission, Network permission, WiFi permission, Read device information permission and Vibrant permission (only for Android)

Sharing method: Directly collect through SDK

Name of SDK: Huawei Push SDK

Name of the third party entity: HUAWEI Software Technology Co., Ltd.

Usage purpose: in order to provide Huawei push, and analysis success rate of Huawei interface invocation.

Usage scenario: Notification push service

Personal information type: Application information, device identifier (AAID and Push Token）, device type, system type and version, region code.

System permission: Notification permission, Network permission and Read device information permission

Sharing method: Directly collect through SDK

Privacy policy link: https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177

Name of SDK: Xiaomi Push SDK

Name of the third party entity: Xiaomi Technology Co., Ltd.

Usage scenario: Notification push service

(1) Usage purpose: in order to generate device identifier, and ensure notification push to the unique device

Personal information type: Device identifier OAID, encrypted Android ID

(2) Usage purpose: to ensure the notification push and service display

Personal information type: Device manufacturer, device type, device memory, system version, SDK version of Xiaomi push, region, SIM operator name, internet type.

System permission: Notification permission, Network permission and Read device information permission

Sharing method: Directly collect through SDK

Name of SDK: VIVO Push SDK

Name of the third party entity: Guangdong Tiancheng Network Technology Co., Ltd.

Usage scenario: Notification push service

(1)Usage purpose: in order to provide notification push service

Personal information type: Device type, device manufacturer, device identification information (include IMEI, EmmC ID, UFS ID, ANDROID ID, GUID, GAID, OPENID, VAID, OAID, Reg ID, and encrypted Android ID), application software information (include application package name, version number, APPID, installation, uninstallation, factory reset, running status, and installation list), country code,

(2)Usage purpose: in order to ensure the service stability, and provide timely service

Personal information type: Network information (include IP address and network type)

System permission: Notification permission, Network permission and Read device information permission

Sharing method: Directly collect through SDK

Name of SDK: OPPO Push SDK

Name of the third party entity: Guangdong HeyTap Technology Co., Ltd.

Usage scenario: Notification push service

(1) Usage purpose: in order to provide push service

Personal information type: Device information (OAID, user ID, Android ID, Google advertising ID, mobile phone region, device type, device battery, device system version and language).

(2) Usage purpose: in order to push notifications to certain applications

Personal information type: Application information(App package name and version, running status), SDK version of OPPO push, installation list

(3) Usage purpose: in order to ensure the display of push notification

Personal information type: Internet information, status of notification bar, screen locking status.

System permission: Notification permission, Network permission and Read device information permission

Sharing method: Directly collect through SDK

Name of SDK: Ti-Net IM SDK

Name of the third party entity: Beijing Tianrun Rongtong Technology Co., Ltd.

Usage purpose: in order to provide instant messaging service for service status tracking, support different message formats, including text, picture, audio, video, documents. And to judge whether App operates in frontend. Only when the App operates in frontend can start the message sending service.

Usage scenario: for service status tracking, chatting with App official account and dealers in eWorkshop chat room.

Personal information type: Mobile device operation information (device model, terminal device manufacturer), operation info.

System permission: Camera permission and Storage permission

Sharing method: Directly collect through SDK

Name of SDK: Tencent Cloud Eye Facelive SDK

Name of the third party entity: Tencent Cloud Computing(Beijing) Co., Ltd.

Usage purpose: Facelive video is used for live detection and real-person verification, it is necessary to compare and verify the name, ID number, and facial video with the information stored in the reputable identity authentication platform or the national citizen ID number query service center. Guide users to perform colorful light for live detection and real-person verification in an environment with normal lighting, reducing the authentication failure caused by environmental factors. To obtain the network connection type for transmission optimization; IP address is needed for network transmission, and to establish communication with SDK server; device information is required to monitor device risk environment, malicious application detection, ROM hijacking attacks, network security monitoring, and other security checks and protection functions. This is to identify whether the device and the user of this SDK are genuine, and timely intercept cheating, hijacking or attacks during the face-scanning process. It's also needed to troubleshoot faults occurring during SDK operation, analyze abnormalities and performance issues of the SDK and device itself, facilitating localization and analysis of anomalies.

Usage scenario: Real-name registration and facial recognition

Personal information type: Identity Card information (name, ID number), facelive video and photos, Light sensor information, Device model, operating system, network connection type, IP address, system Settings, system properties (including sensor list information), camera (camera parameters, interfaces), For iOS: Operator information, IDFV. For Android: OAID, storage file path, mobile phone model, mobile phone brand, Android system version, Android api level, manufacturer system version, cpu architecture type, device root, disk space usage, sdcard space usage, memory space usage, network type, and the Running application Name and PID.

System permission: Camera permission, Access to network permission, Storage permission and Access to network status permission

Sharing method: Directly collect through SDK

Name of SDK: Ximalaya SDK

Name of the third party entity: Shanghai Himalaya Network Technology Co., Ltd. and affiliates

Usage purpose: to bind/unbind Ximalaya account with BMW ID via Login Administration function

Usage scenario: Vehicle related feature of Login Administration function

Personal information type: Device information (device model, operating system version, unique mobile device identifier (OAID, IDFA, IDFV, SIM card), UUID/Android ID)

System permission: None

Sharing method: Directly collect through SDK

Name of SDK: Sensor SDK

Name of the third party entity: Sensors Data Network Technology (Beijing) Co., Ltd.

Usage scenario: when you browse and click in My BMW App

(1) Usage purpose: to identify user through the anonymized ID

Personal information type: device attribute information (Android ID, OAID, IDFA, IDFV, UUID), device connection information (browser type, carrier info, operating system, operating system version, device model),.

(2) Usage purpose: to make user behavior analysis

Personal information type: Logs info, App usage, IP address, Sensor URL, browser type, language, timestamp, Location info, IP location, GPS location, Application info, App ID, App name, App version, User behavior data, Using cookie

System permission: Location permission, Network permission, Access to network permission, Read device information permission

Sharing method: Directly collect through SDK

Name of SDK: Bugly SDK (only for Android)

Name of the third party entity: Shenzhen Tencent Computer System Co., Ltd

Usage purpose: when the face-live crash during RNR process, the exception would be submitted to Tencent server (via default Bugly)

Usage scenario: face-live verification during RNR process.

Personal information type: mobile phone model, brand, Android version, API type, manufacture system version, CPU framework, root status, disk using status, SD card using status, usage of memory, network type, current process name and PID

System permission: Network permission

Sharing method: Directly collect through SDK

Name of SDK: Chromium SDK

Name of the third party entity: Google LLC

Usage purpose: to load H5/Web View. The org.chromium.net collects SSID to load H5/Web View. Because TC PP is displayed as H5/Web View, the org.chromium.net collects SSID before TC PP is shown.

Usage scenario: All H5/Web View related features, incl. T&C, SF, community, vehicle 3D display.

Personal information type: WiFi Network status (SSID, WiFi status), Motion Sensor (Gravity Sensor, Accelerometer), Position Sensor (Game Rotation Vector Sensor)

System permission: Network permission

Sharing method: Directly collect through SDK

Name of SDK: Aliyun OSS Android SDK

Name of the third party entity: Alibaba Cloud Ltd.

Usage purpose: in order to provide document upload and download service, and save Aliyun OSS Android SDK operating logs, collect the error logs.

Usage scenario: used for the in-App Chatting and messaging function, sending pictures and videos

Personal information type: reading/writing SD card data

Sharing method: Directly collect through SDK

System permission: Storage permission and Photo permission(only for iOS)

Privacy policy link: http://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud201902141711_54837.html?spm=a2c4g.11174283.J_9220772140.87.14c44c07PsdG0C

Name of SDK: io.flutter SDK

Name of the third party entity: Google

Usage purpose: Flutter is an open source framework by Google for building beautiful, natively compiled, multi-platform applications from a single codebase, and used to implement My BMW App functions

Usage scenario: App operation based on io.flutter.

Personal information type:

For Android: Application package information, hardware serial number, Android ID, application list, phone parameter information, gyroscope sensor, rotation vector sensor, linear acceleration sensor, acceleration sensor, clipboard, SD card root directory, AAID, OAID, Magnetic field sensor, Game vector rotation sensor;

For iOS: Location information, IDFV, SIM card information, clipboard, camera and gallery, IP address

System permission: Location permission, Camera permission, Photo permission (only iOS), Storage permission (only Android) and Microphone permission (only Android)

Sharing method: Directly collect through SDK

Name of SDK: Honor Push SDK

Name of the third party entity: Shenzhen Honor Software Technology Limited Co.

Usage purpose: Sending push notification when the App operates in background.

Usage scenario: All function operations using push notification.

Personal information type: AAID、Push Token

System permission: None

Sharing method: Directly collect through SDK

Privacy policy link: https://developer.hihonor.com/cn/kitdoc?category=%E5%9F%BA%E7%A1%80%E6%9C%8D%E5%8A%A1&kitId=11002&navigation=guides&docId=sdk-data-security.md

Name of SDK: Google Play Services SDK

Name of the third party entity: Google

Usage purpose: Mobile App installed on Android devices built upon Google Play Services at the base will call methods provided by Google Play Services to check location permission or installed package list on a device for business requirements

Usage scenario: to support App obtain the location of mobile phone system, or sending the location to the vehicle

Personal information type: Package list, location permission status

System permission: Location permission

Sharing method: Directly collect through SDK

Name of SDK: Timber SDK

Name of the third party entity: None(this SDK belongs to open source project)

Usage purpose: to record network changes

Usage scenario: Timber SDK work as the logger provides utility on Android platform to record necessary, wanted logs for mobile App. Whenever network changes, IP address will be logged.

Personal information type: IP address

System permission: Access to network status permission

Sharing method: Directly collect through SDK

Name of SDK: photo_manager SDK

Name of the third party entity: None(this SDK belongs to open source project)

Usage purpose: the media resources of the devices(pictures/videos)

Usage scenario: the photo_manager SDK works as the tool to choose pictures/videos from the phone album, and provide the necessary info. When apply for the page, it will monitor the album to know whether there are changes until the page close.

Personal information type: media files

System permission: Photo permission (only iOS), Storage permission

Sharing method: Directly collect through SDK

Name of SDK: AndroidX SDK

Name of the third party entity: Google

Usage purpose: When calling the libraries to implement My BMW App functions.

Usage scenario: when calling the libraries to implement My BMW App functions

Personal information type: For Android: SD card root directory, SD card data, Application package list for Android, Camera permission

System permission: None

Sharing method: Directly collect through SDK

Name of SDK: ZX SDK

Name of the third party entity: Zhonghu Zhian (Beijing) Technology Co., Ltd.

Usage purpose: Collect relevant device information to provide technical services for traffic anti-fraud and security risk control. Anonymize and de identify data locally on user devices when collecting information. Use desensitized information combined with self-developed data algorithms to generate controlled, verifiable, expired, and anonymized device basic IDs, which are used to determine whether the device is a forged and untrusted device, identify various cheating behaviors and tools, effectively judge risky devices, evaluate channel quality, identify malicious brushing volume, malicious programs, protect your account security and legitimate rights and interests.

Usage scenario: Foreground operation

Personal information type: device manufacturer, device model, and device system information, OAID, device networking mode and status information, the screen brightness, battery status, and location of the device, application names, package names, versions, installation information and update time

System permission: None

Sharing method: Directly collect through SDK

Name of SDK: APM SDK

Name of the third-party entity: Beijing Volcano Engine Technology Co., Ltd.

Usage purpose: To provide app performance monitoring functions.

Usage scenario: Foreground operation

Personal information type:

(1) Device information: system time zone, number of running threads, CPU information (frequency, model, architecture), mobile device country code (MCC), mobile device network code (MNC); Android ID, device brand, operating system api version, battery power, network traffic, device abi, ROM; device model, operating system, screen resolution, disk usage, memory usage, Jailbreak status, identifier for vendor (IDFV), SD card root directory

(2) Application information: application version, application package name, process start time, crash time, crash thread name, active page name, all thread stacks of the current process, application service log information, application file name, application file size, and disk size, fd list, In-app language, app publishing channels

(3) System and network identification information: carrier information, network access mode

System permission: None

Sharing method: Directly collect through SDK

Name of SDK: OKhttp

Name of the third-party entity: Square

Usage purpose: To make network request on Android only

Usage scenario: Foreground operation

Personal information type: IP Address, Network status information

System permission: Network Permission

Sharing method: Directly collect through SDK

Instruction of Personal Information Sharing to BMW Affiliated Companies

In order to provide you with services of【BMW Financing Products】, we would share your personal information with the affiliated companies below. The detailed information sharing instructions are as follows,

BMW affiliated company: BMW Automotive Finance (China) Co., Ltd., Herald International Financial Leasing Co., Ltd.

Usage purpose: for the synchronous login of user-authorized financing / leasing interface, access to financial loan / financing leasing scheme calculator, fast online pre-audit, e-finance, mobile Butler and intelligent marketing platform to enjoy relevant services

Usage scenario: use BMW finance product

Personal information type: Phone number, BMW ID log-in information

Sharing method: API

Instruction of Personal Information Sharing to Third Party Vendors

In order to provide you with services of【online payment, map locating and walk navigation, map search, park and charge, community operation, charging wall box installation and maintenance, App shopping store service】, we would share your personal information with the third party vendors below. The detailed information sharing instructions are as follows,

Third party vendor: Alipay (China) Network Technology Co., Ltd.

Usage purpose: in order to complete online payment

Usage scenario: when calling Alipay complete online payment

Personal information type: encrypted order number

Sharing method: API

Third party vendor:

(1) Tencent map, Apple map (IOS only), Tencent map

Usage purpose: in order to provide according geolocation and navigation services based on users location information

Usage scenario: when using Walk Navigation function

Personal information type: vehicle location, mobile phone location

Sharing method: transfer through URL

https://www.apple.com.cn/legal/privacy/data/zh-cn/apple-maps/

https://developer.amap.com/pages/privacy/

(2) Tencent map

Usage purpose: in order to search places, locating and send interest points to vehicles

Usage scenario: when using search function in the Map service of the App

Personal information type: Geographic location, destination information

Sharing method: API

Third party vendor:

(1) Vendors for brand cooperation charging: TELD New Energy Co., Ltd., Beijing Sinoair Century Culture Communication Co., Ltd.

Usage purpose: in order to provide vehicle charging, charging card and invoicing services

Usage scenario: Plug and Charge, Public charging station query service, Dedicated parking and charging service

Personal information type: name, phone number, car plate number, email address, transaction amount.

Sharing method: API

https://cv.teld.cn/module/Pictivity.html#/ActivityPage3?hiCode=yszcteld

http://bmw.chinasinoair.com/?code=081qKG000gSVoO1Nr94009C4HE2qKG0m&state=STATE#/policy

(2) Vendors for public charging point:

State Grid Smart Internet of Vehicles Co., Ltd., Wangbang Star Charge Technology Ltd., TELD New Energy Co., Ltd., Shanghai SAIC Anyo Charging Technology Co., Ltd., Potevio New Energy Co., Ltd., Shanghai EV Power Limited, Beijing IONCHI New Energy Technology Ltd., Beijing XiaoJu New Energy Automobile Technology Co., Ltd., Zhejiang Anji Jiayu Big Data Technology Service Technology Co., Ltd., Yunkuai Charging New Energy Technology Co., Ltd

Usage purpose: in order to provide vehicle charging, charging card and invoicing services

Usage scenario: Plug and Charge, Public charging station query service, dedicated parking and charging service

Personal information type: name, My BMW ID, phone number, car plate number, VIN, email address, address, vehicle SOC, vehicle GPS and charging card type.

Sharing method: API

http://cdn-evone-oss.echargenet.com/resource/protocal/register.html

http://evcs-bmw.test.ccchong.com:8086/PnC.html

https://cv.teld.cn/module/Pictivity.html#/ActivityPage3?hiCode=BMWapp20211224

http://app.anyocharging.com:8981/privacy/

https://h5-prod.e-chong.com/ev-app-h5/static/html/bmwPrivacyPolicy.html

https://cv.ionchi.com/module/Pictivity.html#/ActivityPage3?hiCode=BMWapp20240812

https://page.udache.com/driver-activity-biz/baichuan-policy-agreement/index.html?mode=2&bc_appid=120084&bc_scene=epower_app&lang=zh-CN#/catalog/-1

https://static.ykccn.com/app-res/com/server-agreement.html

Third party vendor: Leo Group Digital Technology Co., Ltd

Usage purpose: in order to provide App community operation service

Usage scenario: Activity awards distribution, activity participation and management, community content management

Personal information type: name, phone number and delivery address

Sharing method: backend transfer

Third party vendor: Hangzhou Bicheng Digital Technology Co., Ltd

Usage purpose: in order to provide shopping and logistic service in new car shopping store and after-sale shopping store of My BMW App

Usage scenario: new car shopping store and after-sale shopping services in My BMW App

Personal information type: name, phone number and delivery address

Sharing method: API

Third party vendor: NavInfo Co., Ltd.

Usage purpose: in order to provide shopping and logistic services in Connected driving shopping store of My BMW App

Usage scenario: Connected driving shopping services in My BMW App

Personal information type: name, VIN, phone number, invoice title, taxpayer identification number and email address

Sharing method: API