Data Privacy Declaration

We, Porsche Deutschland GmbH (hereafter "we" or "Porsche Deutschland"), appreciate your visit to our website and your interest in our company and our products. Your privacy is extremely important to us. We therefore take the protection of your personal details very seriously, and treat them in strictest confidence. Your personal data is processed only within the scope of the legal provisions of the EU's data protection law, in particular the General Data Protection Regulation (hereafter "GDPR").

In this privacy policy we provide you with information about the processing of your personal data and your rights as a data subject within the scope of the use of our website. For information on other products and services offered by other companies in the Porsche Group, please consult the respective privacy policy for these services or Porsche companies.

If we provide a link to this data privacy declaration on external social media websites, the following conditions only apply insofar as the data processing procedures for such social media websites are actually within our area of responsibility and unless such social media websites contain more specific data privacy information that takes precedence.

1. Controller and data protection officer for data processing; contact

Controller for data processing within the meaning of the data protection legislation is:

Porsche Deutschland GmbH
Porschestraße 1
74321 Bietigheim-Bissingen
Germany

Please do not hesitate to contact us if you have questions or ideas relating to data protection.

You can contact our data protection officers at the following address:

Porsche Deutschland GmbH
Data protection officer
Porschestraße 1
74321 Bietigheim-Bissingen
Germany
Contact: pd.datenschutz@porsche.de

2. Subject matter of data protection

The subject matter of data protection is personal data. This is all the information that relates to an identified or identifiable natural person (known in the legislation as the data subject). This covers, for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our website, such as details about the start, end, and scope of use, and the communication of your IP address.

3. Type, scope, purposes of, and legal basis for automated data processing

In general, it is possible to use our website without registering. Even if you use our website without registering, personal data can still be processed.

An overview of the type, scope, purposes of, and legal bases for automated data processing via our website is provided below.

3.1 Provision of our website

When you access our website using your device, we process the following data:

  • date and time of access
  • duration of your visit
  • type of device
  • operating system used
  • functions that you use
  • quantity of data sent
  • type of event
  • referrer URL
  • IP address
  • domain name

We process this data on the basis of Article 6 (1) (f) GDPR to provide the website, to ensure the technical operation, and to identify and rectify faults. In this way, we pursue the interest of facilitating and ensuring the long-term use of our website and its technical functional capability. When our website is selected, this data is automatically processed. You cannot use our website unless this data is provided. We do not use this data for the purpose of drawing conclusions about you or your identity.

3.2 Cookies

When you visit our website, "cookies", which are small files, may be stored on your device in order to provide you with a comprehensive scope of func-tions, make it easier to use our service, and optimize our offerings. If you do not wish to allow the use of cookies, you can prevent them from being stored on your device by configuring the relevant settings in your Internet browser or using the specific opt-out options. Please note that the functional capability and functional scope of our offering could be restricted as a result. Please refer to our Cookie Policy for details on the type, scope, purposes of, legal basis for, and opt-out options for data processing in relation to cookies.

4. Individual services and offers

You can voluntarily enter personal data or register for services with an individual profile at several locations on our website, e.g. as part of the following offers: webshops, newsletter registration, contact requests, requests for information, participation in competitions, web specials, Car Configurator, pre-owned vehicle searches (including search agent, for example) and dealer contact. Without registering, it may not be possible to use some of the services mentioned above or only with a limited scope of functions.

4.1 Registration process

An input field marked with a "*" indicates that the data entered in the relevant field is mandatory for registration and usually includes the following: salutation, first name and surname, postal and e-mail address. It is not possible to register without entering the mandatory data. When registering, you also have the option of voluntarily entering other information such as company contact details, profession, date of birth, etc. Please note that this information is not required for registration and you alone must decide whether you wish to provide us with this data. However, if you do not provide this data, in certain circumstances we may not be able to respond to your needs in the best possible way when using our offers.

We will use the personal data you provide during the registration process to create your profile and identify you every time you subsequently log in. The applicable legal basis for these data processing procedures is Article 6 1 (b) GDPR. Other data such as a vehicle configuration you selected using the Car Configurator may be collected and then linked with your profile data, depending on the service you wish to register for. When the services and offers described below in detail are used, other personal data may also be collected and processed (e.g. payment information specified when placing orders) and disclosed to third parties (e.g. Porsche Dealerships) so that these services and offers can be made available to you.

We will carry out all the processing procedures described in this section either based on your consent, to fulfill our contract with you or on the basis of our legitimate interests – as far as indicated.

You can find out more information about other services and offers in the following section:

4.2 Magazine orders / subscriptions

Registration with an individual profile is required to order a magazine or subscription, e.g. Christophorus magazine. The principles outlined in Section 4.1 apply accordingly here. When an order is placed, the following data is processed: salutation, first name, surname, postal address, e-mail address. You can also provide other information voluntarily, although this information is not required to place and execute the order.

We will use the personal data you provide when placing the order to execute and process orders and payment transactions initiated. If a credit card is used for payment, the card number, card expiration date, cardholder's name and card verification number are collected. The applicable legal basis for these data processing procedures is Article 6 1 (b) GDPR. In order to process payment transactions, we may pass certain relevant items of your data to the payment service provider appointed by us, who will process this data on our behalf in order to execute the payment.

We will delete the data you provided when placing an order as soon as the purpose of collecting the data no longer applies, in particular when cancelling a subscription, subject to further storage of the data for the purpose of fulfilling the contract completely (e.g. during ongoing periods of limitation) and existing commercial law and tax law archiving obligations.

4.3 E-mail newsletter

In order to subscribe to our newsletter, you only need to specify your name (incl. salutation), your e-mail address and your country of residence. We only send newsletters to individuals who have subscribed, i.e. given their consent based on Article 6 (1) (a) GDPR. The contents of a newsletter are relevant for the scope of the consent, provided they are actually described during the subscription process. In addition, our newsletters contain information about our products, offers, campaigns and company.

Subscription is carried out using the so-called double opt-in process, i.e. after subscribing, you receive an e-mail prompting you to confirm your subscription to prevent misuse of your e-mail address. We make a record of all newsletter subscriptions so that we can provide evidence of the subscription process and associated consent in line with legal requirements. Subscriptions are always logged and the mandatory processing of data you entered during the subscription process is performed accordingly on the basis of our legitimate interests according to Article 6 (1) f) GDPR. You can withdraw your consent to receive our newsletter at any time by unsubscribing from the newsletter, for example. You can exercise this right using the unsubscribe link at the end of each newsletter.

We use the Salesforce Marketing Cloud service to distribute our newsletter, which is operated by salesforce.com Inc., The Landmark@One Market, Suite 300, San Francisco, California 94105, USA. To make our newsletter as interesting as possible for you, Salesforce evaluates user behavior on our behalf without drawing conclusions about you or your identity. In this way, we can find out how many of our readers have opened our newsletters and which links are used the most frequently, for example. Commercial technologies such as cookies or tracking pixels integrated in our newsletters are used for this purpose. Data is processed on the basis of our legitimate interests according to Article 6 (1) f) GDPR, namely our interests in the analysis and con-tent optimization of our newsletter. Further information on the Salesforce Marketing Cloud and processed data can be found at: https://www.salesforce.com/company/privacy/.

4.4 Other contact

Any personal data communicated via e-mail or a contact form is always done so voluntarily. In order to manage and process your contact request according to Article 6 (1) b) or f) GDPR and we will process and possibly disclose your information to third parties (e.g. Porsche Dealerships) within this context. With some contact points, you also have the possibility of registering for the Car Configurator or pre-owned vehicle search (including e.g. search agent), for example, whereby the principles described above in Section 4.1 apply accordingly.

5. Safeguarding of legitimate interests

We will process your personal data for the purpose of safeguarding our legitimate interests. In addition to the interests specified in the description of individual services and offers in Section 4, data processing procedures are performed on our website or after completing registrations, in particular against the background of the following interests:

  • Guaranteeing the availability, operation and safety of technical systems as well as technical data management;
  • Further development of products, services and care offers;
  • Processing data on a central prospect and customer service platform as well as upstream and downstream systems for customer loyalty and sales purposes to provide customers and prospects with personalized support;
  • Needs analysis and customer segmentation, e.g. calculation and evaluation of affinities, preferences and potential;

The relevant data is processed on the basis of Article 6 (1) (f) GDPR.

6. Consent

If you have given consent to perform certain data processing procedures, this consent always relates to a specific purpose included in the content of the actual declaration of consent. In this case, data is processed on the basis of Article 6 (1) (a) GDPR. We cannot accommodate the request covered by the consent until you give your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on the consent given before its withdrawal.

Based on any declarations of consent you may have given, the companies listed in the declaration of consent can use data for a specific purpose, such as providing support for customers and prospects, for example, and contact you along one of your preferred communication channels. Your data is used within this framework to offer an exciting brand and service experience with Porsche and ensure that communication and interaction with you is as personal and relevant as possible.

Which of your data items are actually used to provide a personalized service to customers and prospects essentially depends on which data was collected based on requests, orders and consultations (e.g. when purchasing Porsche products) and which data (e.g. your personal interests) you have disclosed to the relevant contact points (e.g. via this website or in the Porsche Dealership). The scope and purpose of the consent you have given actually depends on the formulation of the declaration of consent at the contact point.

7. Recipients of personal data

Internal recipients: Within Porsche Deutschland, the only people who have access are those who need it for the purposes named.

External recipients: We only forward your personal data to external recipients outside PORSCHE DEUTSCHLAND if this is necessary for the administering or processing of your issue, if another legal authorization exists, or if we have your consent to forward the data.

External recipients can be:

a) Processors
Dr. Ing. h.c.F. Porsche AG or its group companies or external service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance for the Porsche AG offering or the provision of content. We carefully select and regularly inspect these processors to make sure that your privacy is protected. The service providers may use the data only for the purposes we have specified and in accordance with our instructions.

b) Public bodies
Authorities and public institutions, such as public prosecutors, courts, or financial authorities to which we must transfer personal data for legal reasons. The data is transferred on the basis of Article 6 (1) (c) GDPR.

c) Private bodies
Porsche dealers and service companies, cooperation partners, service providers or persons to whom the data is transferred on the basis of consent, to execute a contract with you or to safeguard legitimate interests, for example, other Porsche Dealerships and Porsche Service Centers, financing banks, providers of other services or transport service providers. The data is transferred on the basis of Article 6 (1) (a), (b) and/or (f) GDPR.

8. Data processing in third countries

If data is transferred to bodies whose headquarters or whose place of data processing is not located in a member state of the European Union or in another country outside of the European Union who is a signatory to the treaty, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between the European Union and the recipient) or you give sufficient consent for the transfer of the data.

We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact the address specified in Section 1.

9. Duration of storage and deletion

If the description of the individual services and offers do not contain any specific information about the storage duration or deletion of data, the following applies:

We store your personal data only for the length of time necessary to fulfill the intended purposes, or – in the case of consent – until you withdraw your consent. If you withdraw your consent to process your personal data, we will delete it unless relevant legal provisions stipulate that it can be processed further. We will also delete your personal data if we are obliged to do so for other legal reasons.

In line with these general principles, we will usually delete your personal data immediately

  • after the legal grounds cease to apply and provided that no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
  • if we no longer need the data for the purposes of preparing and executing a contract or legitimate interests and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
  • if the purpose of collecting the data no longer applies and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.

10. Rights of data subjects

As the data subject affected by the data processing, you have several rights. Specifically,

Right of access: You have the right to obtain information from us about the data that we have stored about you.

Right of rectification and erasure: You have the right to demand that we rectify incorrect data and – provided the legal requirements are met – that we delete your data.

Restriction of processing: You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.

Data portability: If you have provided us with data on the basis of a contract or consent, you have the right, in accordance with the legal requirements, to obtain the data you have provided in a structured, standard, and machine-readable format or you can demand that we transfer this data to another controller.

Objection to the processing of data on the legal grounds of "legitimate interest": You have the right to object at any time, on grounds relat-ing to your particular situation, to our processing of your data, provided this objection is based on the legal grounds of "legitimate inter-est". If you exercise your right to object, we will cease the processing of your data unless we can – pursuant to the legal requirements – prove compelling legitimate reasons for the further processing, which override your rights.

Withdrawal of consent: If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data remains unaffected up until the time of the withdrawal of consent.

Objection to cookies: You can also object to the use of cookies at any time. For details on how to object, please refer to our Cookie Policy.

Right to lodge a complaint with a supervisory authority: You can also submit a complaint to the competent supervisory authority if you believe that the processing of your data is in breach of the legislation. To do so, you can apply to the data protection authority that is responsible for your town/city or country or the data protection authority that is responsible for us.

Contacting us: Please do not hesitate to contact us if you have any questions regarding the processing of your personal data, your rights as a data subject, and any consent that you may have given. To exercise all of these previously mentioned rights, please contact „pd.datenschutz@porsche.de“ or the postal address specified above in Section 1. In doing so, please ensure that it is possible for us to uniquely define you.

11. Integration of third-party offerings

Websites and services delivered by other providers that are linked to our website have been and are structured and provided by third parties. We do not have any influence over the structure, content, or role of these third-party services. We explicitly distance ourselves from all content in all linked third-party offerings. Please note that the third-party offerings linked to our website may install their own cookies on your device or collect personal data. We have no influence over this. Please contact the providers of these linked third-party offerings as required for the relevant information.

Offerings from third parties also include offerings from other Porsche subsidiaries and Porsche Dealerships that are linked to our website or otherwise integrated in our website, such as:

  • My Porsche
  • Porsche Connect
  • Porsche Financial Services
  • Porsche Classic Parts Explorer
  • Porsche Tequipment / TEQ Finder
  • Porsche Service Reifenfreigaben (only available in selected countries)

The names of the relevant provider and person responsible are included, in particular, in the legal notice and relevant data protection information on the corresponding websites.

12. Status

The latest version of this privacy policy applies.

Date 05.25.18.