Authenticator Enrollment Portal (AEP) Privacy Policy

This privacy policy ("policy") will help you understand how Bayerische Motoren Werke (BMW)'s Strong Authentication group uses and protects the data you provide to us when you visit and use the Authenticator Enrollment Portal (AEP) (https://securelogin.bmw.com).

We reserve the right to change this policy at any given time. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

What User Data We Collect

When you visit the website, we may collect the following data:

• Your login ID.
• Your session information regarding your online behavior on our website.

Why We Collect Your Data

We are collecting your data for several reasons:

• To ensure only authorized personnel can access BMW resources.
• To improve the user experience and security for our products and services.
• To customize our website according to your online behavior and personal preferences.

Note: The information received is not archived but temporarily stored to assist users who are having trouble logging in or accessing services and/or resources.

Safeguarding and Securing the Data

The Strong Authentication group is committed to securing your data and keeping it confidential, and to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.

Links to Other Websites

Our website contains links that may lead to other websites. If you click on these links, the Strong Authentication group is not held responsible for your data and privacy protection. Visiting those websites is not governed by this privacy policy agreement. Be sure to read the privacy policy documentation of the website you go to from our website.

Reducing the Risks of unwanted Collection of your Personal Data

It is our goal is to ensure your information remains private. One way we achieve this is by requiring you to provide only the minimal amount of information needed for access. We also do not archive or store your data for long periods of time. You can further protect your information by doing the following:

1. When you are filling the forms on the website, make sure to ensure you are using the correct logon credentials.
2. Be aware of "Shoulder Surfing": Shoulder Surfing is a visual hack where an attacker gains access to sensitive information by observing a user's screen, keystrokes and other habits when logging on to a system. To help prevent such attacks, we recommend the following:
• Tilt your screen away from the person next to you.
• Use a privacy screen on your computing devices.
• Create a physical barrier between your screen and prying eyes.
• Be aware when working in crowded areas such as airplanes, trains, airports, cafes, hotel lobbies and other public spaces.
• Work with your back to a wall preventing others from getting behind you and looking over your shoulder.
3. Watch out for phishing: Phishing attacks use online communications (usually email) to trick users into giving out their sensitive information. Often these messages appear to be from banks, social media sites, shopping sites, or payment processers. Phishing messages frequently contain links that lead to counterfeit versions of popular sites. You can avoid falling victim to phishing schemes by ignoring unsolicited messages and not clicking on hyperlinks or attachments in emails (type or copy/paste the URL as it appears instead).
4. Disable stored passwords: Nearly all browsers and many websites in general offer to remember your passwords for future use. Enabling this feature stores your passwords in one location on your computer, making them easier for an attacker to discover if your system gets compromised. If you have this feature enabled, disable it, and clear your stored passwords.

We will NOT lease, sell, or distribute your personal information to any third parties, unless obligated to do so under the law. Your personal information will be used in accordance with this privacy policy. If you have any questions, feel free to contact us via email (yubikey(at)bmwgroup.com).