General Terms and Conditions of Use for the BMW Group Partner Portal

0. Preamble
These terms and conditions of use shall apply to external as well as internal users. The terms and conditions of use were developed in co-operation with selected BMW partners as part of the BMW Group Portal Agreement.

1. Scope
BMW AG ("BMW") offers BMW Group Partner Portal (the "Portal") Internet services through its website https://b2b.bmw.com.
Employees of BMW AG and its affiliated companies shall access the website by way of the BMW intranet URL: https://b2b.bmwgroup.net.

The following terms and conditions shall regulate the use of the Portal.
It is possible that existing contracts (including terms and conditions of use, confidentiality agreements, conditions of purchase) could apply to any services of BMW AG and its affiliated companies to which the Portal may refer. In the event of a conflict between those existing contracts and these General Terms and Conditions of Use the former shall prevail.

2. Services
The BMW Group Partner Portal has web pages, which are accessible by the public, as well as access-restricted web pages for which registration is required. After logging in, partners have access to a general as well as a function-specific selection of information and services.

3. Costs
BMW, itself, shall request no remuneration for the development of the Portal and making it available for use. The cost of any services provided by means of the Portal shall be subject to separate agreement. Any user costs associated with the Portal such as, in particular, access to the Internet, user and administration overheads as well as the purchase of necessary hardware and software shall not be refundable by BMW.

4. Organizational Requirements
Access to the Portal's non-public web pages is restricted to the employees of BMW and its affiliated companies and those companies designated by BMW as partners. Access requires prior registration.
Users shall log in at the beginning of every session. User names and initial passwords required for login shall be assigned to users on registration.
BMW reserves the right to fully or partially refuse registration or login or to cancel any existing rights of access.

5. Technical Requirements
The current technical requirements for access are described under Technical Requirements. These requirements may, if necessary, be adapted to individual situations.

6. Duration and Extent of User Rights
The right to use the Portal is restricted to employees of BMW and its affiliated companies and to the employees of those companies designated by BMW as BMW partners.
The use the Portal by the above-mentioned group of individuals shall only be in connection with actual business with BMW and its affiliated companies. The timing and purpose of such use is restricted to the performance of respective contractual obligations. Any other use is prohibited. This shall in particular also apply to users whose assigned function includes unnecessary privileges.
BMW is entitled to determine the duration and extent of any rights of access as well as the general scope of services provided through the Portal. In the event that BMW terminates user rights without cause and notwithstanding the user's need for access for the performance of contractual obligations to BMW, BMW shall have no claim for the non-performance of those contractual obligations.
Both BMW and the user are entitled to terminate user rights and obligations at any time.

7. User's Duty of Care
The right of access is not transferable. The user shall assure that his password does not come into the possession of any unauthorized third party. In the event that a user becomes aware that an unauthorized third party has come into possession of his password or if the user has reason to believe that improper use is being made of his access details, the user shall immediately amend his password. Should this not be possible, the user shall promptly notify his master administrator / administrator.
Upon any changes in his position or responsibilities, the user shall request the master administrator / administrator to change his rights of access to be consistent with his changed responsibilities. In addition, the user shall inform the master administrator / administrator whenever the reasons for the granting rights of access cease to exist such as in connection with the termination of employment by a partner company or an early termination of the contractual relationship between BMW or its affiliate company and the partner company.
BMW reserves the right to deny access and to seek other forms of legal redress in the event of any infringement of these terms and conditions in particular in relation to the improper use of user-related access details.
The user is further prohibited to engage in any activities, which could result in the destruction or manipulation by that user or any third party of databases or IT systems of BMW or its affiliated companies or its designated partner companies.

8. Confidentiality, Information Protection, and Protection of Personal Data
Notwithstanding any existing legal or contractual obligations regarding confidentiality, the following undertakings shall be continuing and therefore remain valid after the termination of user rights:
The user undertakes to treat all knowledge relating to business secrets, which come into his possession, as confidential.
The user shall assure that any protected data, which comes into his possession through the use of the Portal, is not transmitted to any unauthorized persons.
Details of information protection requirements are set out in Information Protection.

BMW complies with international standards for the protection of personal data. Details can be found in the Portal's Data Protection Notice.

9. Liability
The portal is maintained with the necessary diligence. Nevertheless, while the information provided is believed to be accurate, it may include errors or inaccuracies. In no event shall BMW AG be liable to any person for any special, indirect or consequential damages relating to the use of the portal or its unavailability, unless caused by gross negligence or intentional misconduct. For the clarification it shall be ascertained, that this limitation of liability shall not infringe the supplier´s right to accuse BMW of the unavailability of the portal or any inaccuracy of information provided, if the use of the portal was necessary and agreed upon contractually.

BMW AG waives its liability for any links from the portal to third party websites and their content.

10. Trademarks
Unless otherwise stated, all trademarks used in the Portal are protected by BMW AG or its affiliated companies. This is, in particular, applicable to any trademarks, type designations, logos and emblems.

11. License
All intellectual property contained in the Portal such as patents, trademarks and copyrights are protected. User rights are granted only to the extent and for the duration that they are required in connection with any legal use of the Portal. In addition, no license is granted for the use of intellectual property of BMW AG or its affiliated companies or third parties.

12. Copyright
Text, pictures, graphics, sound, animations and videos as well as their layout in the Portal are protected by copyright and/or other intellectual property rights. User rights are granted only to the extent and duration that they are required for the legal use of the Portal. In addition, the contents of the website may not be copied, distributed, altered or otherwise made available to third parties for commercial purposes. It is possible that photographs or other images on the website may have been copyrighted by third parties.

13. Supplementary Terms and Conditions for Administrators
The following terms and conditions apply to master administrators / administrators. The master administrator / administrator shall be the partner companies' central organizational point of contact in connection with the use of the Portal. He is responsible for the organization and co-ordination of electronic communications between partner companies and BMW. To assist him, deputies and, for decentralized user administration, additional administrators may be designated.
The master administrator / administrator shall, in general, receive all information relating to the operation and use of the Portal server and shall have access to all data of the Portal server intended for his company.
A master administrator / administrator shall be designated by each partner company and shall act on its behalf.
The master administrator / administrator is responsible for assuring that only requests for access from authorized persons are forwarded or notified to BMW. He shall be personally responsible for the maintenance and updating of his company's user data. Whenever a user's position or responsibilities are changed, he shall assure the consistency of access privileges with that user's new responsibilities including the termination of employment with a partner company or an early termination of the contractual relationship between BMW or its affiliate companies and the partner company.In addition, the master administrator / administrator shall delete user information either on termination of the user's employment or at that user's express request.

14. Concluding Provisions
In the event that it becomes necessary to amend these General Terms and Conditions of Use, BMW shall notify the user and offer to extend the validity of his user privileges applying the amended terms and conditions. If the amended terms and conditions are refused by the user, BMW shall terminate user privileges and cancel existing rights of access.
In the event that any provision of these General Terms and Conditions of Use is or becomes ineffective, then all other terms and conditions of use shall remain unaffected. BMW and the partner company shall, in all reasonable good faith, replace the ineffective provision with a permissible provision, the commercial consequences of which are as close as possible to those of the ineffective provision, to the extent that this does not result in a material amendment of the content.
These terms and conditions as well as the legal relationship between the parties are subject to German law. Any disputes arising in connection with these General Terms and Conditions of Use shall be subject to the exclusive jurisdiction of the courts of Munich.

Any questions regarding these General Terms and Conditions of Use shall be directed to b2b.info@bmw.de.

Information Protection for the BMW Group Partner Portal

Increasing national and international pressure to compete is forcing every company to protect its operating and business confidential information. On the other hand, collaboration with suppliers, system suppliers and designers is inconceivable these days without the exchange of confidential information. It is therefore in our mutual interest that operational and commercial confidential information receives the same degree of protection from both sides.

Information protection essentially incorporates the following main areas:

• 1. Security Management
• 2. Organisation and Personnel
• 3. Employee Responsibility
• 4. Technical Infrastructure
• 5. Information and Communication Infrastructure
• 6. System Administration
• 7. Product Security

1. Security Management

1.1 Senior management must have described a security policy. They must make sure that this is understood, implemented and adhered to on all levels. The following must be defined when the security policy is implemented:

• clearly defined and measurable security objectives according to confidentiality, integrity, availability, authenticity (CIA²),
• the scope,
• the principles and rules of conduct to be implemented,
• measures to uphold the security process.

The regulations to be implemented must cover the following topics in particular:

• confidentiality and delimitation of confidential data (e.g. development and design data)
• integrity, availability of data,
• access protection to high security areas
• the ability to restart and
• the integration of partner companies.

Accordingly, measurable objectives must be described.

1.2 Senior management must make appropriate means and personnel available for managerial and executive tasks in order to achieve security objectives (resource management).

1.3 In order to implement the security policy, a security process must exist which is documented and upheld. This must take into account:

• Determination of protection requirements of business processes and company data (according to the CIA² criteria described above),
• Analysis of threats/risks for development projects requiring protection (e.g.: unauthorised photography of designs or innovations; circulation of confidential documents, drawings or data; appropriation of rights/protection of registered designs),
• Analysis of threats/risks for IT systems, programs and data requiring protection (e.g.: negligent, inappropriate use of IT systems and data, system break-ins, appropriation of rights, denial-of-service attacks, hardware failures, computer viruses),
• Planning, realisation and maintenance of security measures to reduce the threats/risks determined
• Training of management and employees, in particular when accepting new projects and introducing new systems,
• Continuous checking that resources are appropriate.
• Planning, carrying out and documentation of internal checks (audits) to check whether the security-related activities and measures meet those already determined and whether the security process is effective,
• Drafting of and training on emergency measures,
• Tracking, remedying and recording of security-related incidents and emergencies.

Comment 1:
Where there is a high protection requirement / damage potential a systematic risk analysis can be appropriate. This must contain at least the following:

• a definition of the risk (quantitative association between the extent of the damage and the probability of occurrence),
• an inventory of the high-security-related security systems, applications, programs, information and their level of risk,
• allocation of measures to reduce the risk.

Comment 2:
Where necessary, define and document a particular security strategy for external services (cleaning, repair and service personnel) ("Authorization Plan").
This may contain:

• the dual-control principle,
• responsibility for keys, particularly security guidelines, access checks and access protocols.

Comment 3:
Where necessary, define and document a particular security strategy for the company's external services (World Wide Web, E-mail, Application Gateway) ("Firewall Design"). This may contain:

• setting up of a demilitarised zone,
• articular security guidelines, access checks and access protocols.

Comment 4:
The security process must take into account special threats such as unauthorised access to confidential models, prototypes, parts, data, drawings, images, by:

• employees or external personnel,
• attackers during the transmission of data, targeted attacks (break-ins, corruption, social engineering, hackers, virus / trojan corruption, denial of service, etc.) for the purposes of economic espionage or investigative journalism,
• attackers/photographers during test drives,
• inadequate access protection.

The indirect transmission of data and new products to third parties must also be considered in this.

1.4 When the security policy is implemented, security incidents, emergency and disaster situations must also be considered. The IT security and conventional security complaints concerned and security related incidents and emergencies must be recorded and the management informed.

1.5 Internal checks (audits) must be aligned not only to IT, but also to conventional security processes, which are exposed to particular threats, and to the evaluation of security incidents.

 

2. Organisation and Personnel

2.1 The responsibility, competence, authorisation, representation and reciprocal relations of personnel, whose activities affect the security process, must be defined and known. Measures derived from the security policy and customer requirements (particularly the SE partners) must contain regulations concerning the responsibilities and competencies of personnel with regards to

• the establishment, maintenance and organisation of the processes corresponding to partners' business relationships,
• the content and technical delimitations of these processes for the purposes of secrecy,
• regular information/training of employees, particularly when new processes or systems are introduced,
• rules of conduct with regards to communication services (telephone, fax, e-mail, data exchange, use of the BMW Group Partner Portal, etc.)
• the noting, recording and evaluation of security-related processes,
• security, emergency and disaster situations,
• implementation of solutions to problems according to defined processes.

2.2 The position/area responsible (e.g. senior management) must name sufficient information protection delegates (IPDs) who possess the authority to:

• make sure that a security process meeting the requirements of the protection measures, is defined, realised and maintained;
• report to the company management on the effectiveness of the security process as a basis for its improvement at least annually.

Regulations on responsibilities, competencies and representatives must be defined in an appropriate form and documented individually, e.g. by means of an organisational chart.

2.3 All employees in the area of the department including external staff and senior management who come into contact with security related and/or confidential information/data must be informed of the sensitivity of this data and must sign in writing their obligation to confidentiality when handling this information/data. These employees must be familiar with confidential or otherwise security-relevant activities and the responsible contact persons.

2.4 This also applies to external partners.

Comment :
Employees who come into contact with personal data through their work must sign to indicate their acceptance of responsibility to data confidentiality in accordance with the Bundesdatenschutzgesetz (BDSG) (German Act for the Protection of Personal Data) and the Teledienstedatenschutzgesetz (TDDSG) (German Teleservices Act for the Protection of Personal Data).
Data protection (protection of personal data) must not be confused with information protection.

2.5 When selecting personnel, in particular external employees, appropriate selection criteria must also be considered in respect of security. Maintenance, management and service of development projects should only be carried out by correspondingly named, authorised personnel who have signed their obligation to confidentiality.

 

3. Employee Responsibility in the Workplace, in Working Areas and in Public Areas

3.1 Where access to confidential data is possible in the office and workplace, the conduct of behavior should be laid down and monitored by senior management or the information protection delegates (IPD). This must cover the following, where applicable:

• Creation, modification, storage, transfer, copying, printing, backing up, archiving of data and documents,
• The use of unprotected exchange directories,
• Virus protection, particularly with e-mails, attachments, data media exchange,
• Working with passwords,
• Copying or taking along of data media and documents,
• Secure postage (reputable courier service or recorded delivery),
• Leaving the workplace (password protection, locking up, "Clear Desk Policy" (locking away confidential documents, etc.),


• Working with laptops,
• Disposal of information and data (use of shredders, secure deletion)
• Behavior in case of emergencies or during problems caused by lack of availability of resources and virus attacks,
• Teleworking / home offices,
• Communication of information via the telephone or answering machines,
• Effectiveness of confidentiality, for example, in public (trade fairs, airplanes, friends, etc.)
• Behavior towards enquiries by the media, in academic publications,
• Uploading/copying of software,
• Access, monitoring and control of cleaning and external personnel and visitors.

 

4. Technical Infrastructure

4.1 Appropriate access controls must be employed to ensure that only authorised personnel have access to protected areas or direct access to data and confidential products and IT systems. Depending on the protection requirement / risk this can be ensured through:

• regulations on personal vetting,
• technical access equipment,
• suitable structural and organisational measures for access protection,
• graded protected areas,
• alarm systems.

4.2 Suitable access regulations must be worked out according to the particular threats and implemented accordingly (e.g. accompaniment of visitors, carrying visible ID cards).

4.3 Necessary vision protection measures must be used. These may be any of the following, depending on the risk:

• Blinds, shutters,
• Tinted windows,
• Partition walls, curtains,
• Canopies, camouflage netting,
• Security walls around car parks.

4.4 Depending on the protection requirements / risks, effective, physical protective equipment must be available, which counteracts the following possible threats in particular:

• Bugging of lines and devices,
• Power failure,
• Fire,
• Water damage,
• Destruction, terrorist attacks
• Failure of air conditioning necessary for operation.

 

5. Information and Communication Infrastructure

5.1 All systems which process confidential data (know-how, design plans, bills of material, design studies, etc.) must be equipped with effective measures against the loss of confidentiality according to the classification in the relevant protection requirement class. Data transmission equipment (telephone, fax, e-mail, data exchange system, web portals) must be designed so that strictly confidential information is encoded and can only be transferred over the public network with suitable authorization.

5.2 All data must be classified according to affiliation and protection requirements, in particular with regards to confidentiality.

5.3 The critical technical IT systems for maintaining the business process must be designed in accordance with requirements, the availability desired and the confidentiality arising from protection requirements and data integrity. A comprehensive plan for data backup and archiving as well as disaster recovery must be prepared and its implementation guaranteed. The processes and means are checked regularly.

5.4 There must be a plan for assigning authorizations. A list of employees and their access rights to security-related data has always to be kept up to date (e.g. by means of a database).

5.5 Systems for protecting data, as well as the technical information and communications infrastructure (authorisation setup, firewall, backup equipment, encryption equipment) must be designed and run in accordance with protection requirements and risks.

5.6 A plan for the IT network topology, including the hardware/software inventory register must be maintained.

Comment:
Detailed measures for the installation and operation of various IT systems are described in the basic IT protection manual of the BSI (Bundesamt für Sicherheit in der Informationstechnik, Federal Office for IT Security).

 

6. System Administration

6.1 When central servers are used, appropriate Service Level Agreements (SLAs) must be agreed in respect of the security requirements (CIA² criteria). There must be appropriate regulations and responsibilities with regard to the administration of security-related systems. These must take into account the specific conditions of the various operating systems (midrange/mainframe, Unix, Windows, Novell Netware, etc.) and network infrastructures (LAN, Intranet, Extranet, Internet). These must cover the following, where applicable:

• Setting up work stations,
• User administration, management of rights and access control,
• Central system administration (single sign-on, network management systems),
• Destruction of data media (hard copy data media, hardware),
• Operation of RAS access (Remote Access Services),
• Central database, central applications (host, server),
• Data backup and archiving,
• Maintenance,
• Configuration,
• Recording and evaluation of system accesses,
• Management of encryption infrastructure,
• Operation of data communications equipment: modem, ISDN, radio, fax, telephone, leased line, Internet, Extranet,
• Setup, management and control of security software (firewall, anti-virus software, authentication systems, etc.).

Comments:
A current listing of all software products must be held. In particular, the management of licenses, user rights for external software or proof for internally created software must be taken into account.
Suggestions for these regulations can be found in the basic IT protection manual of the BSI (Bundesamt für Sicherheit in der Informationstechnik, Federal Office for IT Security).

6.2 There must be a plan for remote management for customers and our own personnel which shall be appropriately implemented according to specified security objectives. Emergency measures must be brought to the management's attention.

 

7. Product Security

7.1 The development or test operation of prototypes or vehicle components and the setup of design models requires particular protection in terms of design and innovations. It is particularly important that the risks are analysed and effective protection measures carried out during these processes. The basis for working with new BMW developments is laid down in the BMW "Handling / protection measures" for new developments (must be made available by BMW contact persons).

7.2 With regard to transport, note that:

• people / haulage firms are obliged to uphold confidentiality,
• the driver must always be able to be contacted (e.g. by mobile phone),
• the type of transport used has suitable locking options and where necessary an alarm system,
• loading and unloading is carried out in a secure and concealed area (not visible),
• acceptance/handover is overseen by a responsible person.

7.3 The products must be stored in a secured, monitored area. They should be covered with a canopy and secured with a lock at the end of the working day. A cover is sufficient in secure prototype areas.

7.4 Photographing products is only permitted upon agreement with the client and should be documented . Negatives (if they exist) should be documented and developed in our own laboratories or those of contractual partners. Digital photographs should be handled securely (access authorisation / encryption) and deleted from the original data medium after being transferred.

7.5 In principle, presentations to third parties are prohibited. If these are required in order to fulfill the task, it must be carried out in a secure area and authorised by those responsible for the project.

7.6 Test drives / tests are usually carried out at test sites. Driving on public roads requires approval from the client. Any camouflage on the vehicle may only be removed in agreement with the client / project leader. The information protection representative for the client must be informed.

7.7 After confidentiality has been removed, all relevant sensitive data must be checked for confidentiality requirements (e.g. in another development project).

7.8 After confidentiality has been removed, there are usually further restrictions on the product. These will be defined by BMW project management and must be observed.

7.9 In addition, the persons responsible for the project/product must inform the user of the current status of

• handling (protection measures)
• transport (regulations).

Notice of the Protection of Personal Data in the BMW Group Partner Portal

This notice of protection of personal data applies to the BMW Group Partner Portal Internet service (hereinafter "the portal") offered by BMW AG (hereinafter "BMW") on the website https://b2b.bmw.com.

Employees of BMW AG and its affiliated companies may access the portal via the BMW Intranet from the website https://b2b.bmwgroup.net.

All personal data of the user that is collected for purposes of registration for and use of the portal will be processed and used to implement the agreement in accordance with German regulations for the protection of personal data.

Protection of Personal Data

In order to ensure the necessary confidentiality of communication, BMW must collect, process, and transmit personal data.
BMW ensures compliance with internationally accepted data protection standards and sees to it that its personnel who are in charge of processing data comply with security and confidentiality standards.
Data is only collected, transmitted, and processed in the manner described below. If the scope of use should change, BMW will inform the users of this event in an appropriate and timely manner and will obtain their consent where necessary.

Scope of Personal Data Processing

Individuals may use the public area of the portal without disclosing their identity.
Access to the portal's non-public pages is restricted to employees of BMW and its affiliated companies and those partner companies designated by BMW globally. This access requires prior registration.
In order to properly perform our services and to ensure that users are properly identified and authorized, the following information concerning users is collected and stored for our non-public information services:

• the business name, mailing address, and supplier number of the user's employer
• the user's name, job title, organizational unit, telephone number, and e-mail address
• the user's online identification (user name) and password
• the user's application-related personal configuration settings and preferences.

All personal data is collected during registration and must be confirmed by the user. No data is collected from other sources such as public directory services or external information providers.
BMW reserves the right as a provider of this portal to verify thoroughly all information contained in user applications and to reject any request for registration or to block access in whole or in part, even short-term.
BMW will not make personal data available to any third party. However, users may distribute personal data via the communication offering at their own risk and account.

User Directory

For purposes of maintaining its information services, BMW makes a central directory service available to all users.
This directory service contains the personal data that is required for the establishment of communication connections. BMW will keep the scope of this data as narrow as possible.
Personal data will only be included in the central directory service with the prior consent of the affected persons as indicated in the User's Data Protection Consent Statement. Users give their consent voluntarily and may revoke it at any time.

Security and Confidentiality

BMW takes extensive protective measures, both technical and organizational, to prevent potential misuse through, for instance, the following:

• unauthorized modification or disclosure of confidential information
• data loss through unauthorized deletion or system breakdowns.

Logging of Personal Data

BMW's automated data processing of applications that are accessible via the portal also includes the recording of personal data for the following purposes:

• user administration and authentication
• maintaining operation and performing targeted troubleshooting (data security).

Only a small number of select individuals who are bound by data secrecy may access log data.

Transmitting Data Abroad

The BMW AG and its affiliated companies that participate in the portal are located all around the world. Because of this, personal data may be transferred to countries outside the European Union that do not necessarily ensure an adequate level of data protection.

Anonymous Data and Cookies

BMW uses cookies for session handling. This is the only way to reliably assign actions to a particular user and to establish access control. The cookies employed are only used for the duration of one session, and the only personal data they contain is an individual session ID that can be assigned to a registered user for purposes of verifying his identity in the future.

Children's Privacy

The BMW Group's Partner Portal is not accessible to children. BMW does not knowingly collect or record personal data of any child under 13 years of age without obtaining the prior consent of the child's parent or legal guardian. BMW is committed to complying with the US Children's Online Protection Act.

Right to Information and Revocation

BMW enables users to initiate the update, correction, or blocking of their personal information at any time.
Registered users may inform themselves at any time and at no charge about the personal data that has been stored regarding them. A self-service information system is available for this purpose in the non-public area of our information offering. You may also use any of the contact options indicated at the end of this Data Protection Notice.
Any consent that has been issued may be revoked at the Portal Menu 'Revoke Access Agreements' (under 'Personalization') at any time.
Information requests and revocations are handled free of charge.

Contact Information

Please address any questions or suggestions you may have regarding this Data Protection Notice to our hotline at b2b.info@bmw.de.

User's Consent Statement for the Protection of Personal Data in the BMW Group Partner Portal

I hereby consent to BMW AG's collection, processing, and use of my personal data for the purpose of recording my personal data in the user directory of the BMW Group Partner Portal. I know that the data is stored to ensure the proper identification and authorization of users in order to ensure confidential communication between BMW AG and its partner companies.

The following data pertaining to me will be stored:

• my employer's business name, mailing address, and supplier number
• my name, job title, organizational unit, telephone number, and e-mail address
• my online identification (user name) and password
• my application-related personal configuration settings and preferences.

BMW AG's automated data processing of applications that are accessible via the portal also includes the recording of personal data for the following purposes:

• user administration and authentication
• maintaining operation and performing targeted troubleshooting (data security).

Only a small number of select individuals who are bound by data secrecy may access log data.

My consent also extends to the processing and use of the aforementioned data by BMW AG and its affiliated companies and the transmission of the data to partners (suppliers) of BMW AG and its affiliated companies both in Germany and abroad, insofar as this data is required for establishing and maintaining communication connections.
I have issued this statement voluntarily and understand I may revoke it at any time with prospective effect at the Portal Menu 'Revoke Access Agreements' (under 'Personalization'). I understand that if I fail to consent to the recording of my personal data in the user directory for purposes of registration for the BMW Group's Partner Portal, my registration or the assignment to me of access authorizations for certain applications may not be possible or may only be possible subject to certain restrictions.

I have reviewed the Notice of the Protection of Personal Data in the BMW Group Partner Portal, and I agree with this Notice of the Protection of Personal Data and with this User's Consent Statement for the Protection of Personal Data.