General Data Protection and Privacy Statement
My Porsche and Porsche Connect Store
1. Controller and data protection officer; contact information
The controller within the meaning of data protection and privacy laws is:
Porsche Smart Mobility GmbH
If you have any questions or suggestions about data protection, you can e-mail us at email@example.com, or the data protection officers directly at firstname.lastname@example.org, or write to the postal address below.
Porsche Smart Mobility GmbH
Data Protection Officer
2. Subject matter of data protection
The subject matter of data protection is personal data. This means any information concerning an identified or identifiable individual (the data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number, and also information that necessarily arises during and via the use of My Porsche, our Porsche Connect Store and the Porsche Digital Service Infrastructure, such as details about the start, end and scope of use of our website and your IP address.
3. Type, scope, purpose and legal basis of data processing when using our websites
Even if you use our website without logging in, data will be or may be collected. The text below provides an overview of the different types of collection and processing of data and the respective purposes of processing and legal bases.
3.1. Automated data collection
When you access our website, your Internet browser automatically transfers data for technical reasons. The following data are stored separately from other data that you may transmit to us:
- date and time of access
- duration of the visit to our website
- type of Web browser / Web browser version
- operating system used
- the pages you visit on our website
- volume of data transmitted
- nature of event
- system crashes and similar events
- IP address
- domain name
This data is processed on the basis of article 6 subparagraph 1. point (f) of the GDPR to provide the service, to ensure technical operation and detect and eliminate interference. We thereby pursue the interest in enabling the use of our website and its technical functionality. When you visit our website, this data will be processed automatically. Without this provision, you will not be able to use our services. We do not use this data for the purpose of drawing conclusions about you.
We normally delete this data after 13 months, unless by way of exception we need it for the purposes set out above. In such cases, we will delete the data immediately after the purpose ceases to exist.
In addition, this data is also processed without being assigned to a specific person for the purposes of analysis and performance improvements. See paragraphs 3.2 and 3.3. for more detail.
3.2. Data processing for improvement of our online offer
The automated data we collect mentioned in paragraph 3.1 is furthermore used to improve the performance of Porsche Digital Service Infrastructure, to ensure the availability of our platforms, to optimise user experience, to further evaluate your use of the website, to compile reports on website activities for us, and to provide other services related to website and internet usage.
We process your data based on our legitimate interest in the performance and availability of our products, as well as in the analysis of the use behaviour of our website visitors. The data will be stored for 13 months and not assigned to any particular person.
In addition, we store cookies as part of the processing described here. See paragraphs 3.3 for more detail.
We process information about our users via cookies to fulfill the contract with our users and for our legitimate interest in the user-friendly and secure provision of our websites.
4. Registering for your Porsche ID user account
When you register for and use My Porsche, the Porsche Connect store, and the Porsche Digital Service Infrastructure, personal data are collected, processed, and used, and may be transmitted to third parties as described below, in order to provide you with all services with regard to My Porsche, the Porsche Connect store, and the Porsche Digital Service Infrastructure and to fulfill our contractual obligations that exist in this context. We perform all of the data processing described in this section either - to the extent indicated - based on your consent or to fulfill our contract with you.
4.1. Registration process
To use My Porsche, registration on the Porsche infrastructure is required. Registration can take place in two ways, and you are free to choose the method of registration:
1. Invitation to register from authorized dealer
If you wish, your authorized dealer will enter the data you have communicated to the dealer for you via the dealer’s access to our systems. In this case, you will then receive, for example, a link sent by e-mail via which you are required to confirm your registration. Please note that the authorized dealers are independent companies, and we have no influence over them. A second feature will be used for additional verification. One example is a code sent via text message that you then enter in My Porsche.
In the event that registration has not taken place via an authorized dealer, you can register yourself and enter your data on your own. In selected countries, you can also add a vehicle and use additional digital services that require vehicle ownership. To do this, you will also have to upload a copy of an identification document and proof of ownership and – if you are not the owner of the vehicle – a power of attorney from the vehicle owner after entering your vehicle identification number. These documents will be reviewed based on our verification criteria. As proof of successful verification, we will also store the names, dates of birth, places of birth, addresses, and validity information of the documents shown in the respective identification documents and the vehicle identification numbers, owner names, and addresses shown in the ownership documentation. After the verification process is complete, the copies of the documents will be deleted. Following successful verification, you will receive, for example, a link sent by e-mail via which you are required to confirm your registration. A second feature will be used for additional verification. One example is a code sent via text message that you then enter in My Porsche.
(a) Required information during registration
When you register on My Porsche, you will be required – in case of self-registration – to enter your e-mail address (Porsche ID), a password, your name and any titles and suffixes, contact and address information, mobile phone number, and, where applicable,the language in which you wish to communicate with us or – in case of registration through an authorized dealer – to confirm this information in My Porsche. This information is necessary in order to set up and manage a Porsche ID user account for you so that you can use the full range of services and functions offered by My Porsche and the Porsche Connect store. In selected countries, you can also use our offerings as a potential customer. In this case, you are only required to state your name, e-mail address, and a password. We need this information – and, where applicable, further information – not least in order to be able to respond to requests, questions, and criticism.
We also store the time of your last login.
During registration, we will perform a plausibility check of your name and address information.
(b) Voluntary information during registration
Within the scope of your registration, you will also have the opportunity to enter additional voluntary information, such as additional name information (e.g. academic titles, etc.), company contact information, date of birth, additional phone numbers, credit card information (this information is stored exclusively by the payment service provider), and your vehicle license plate number and a personal vehicle name. You can also provide information on your interests and preferences and your desired contact channels. Please note that this information is not required in order to register, and that it is entirely up to you to decide whether you wish to communicate this information to us.
4.2. Porsche Digital Service Infrastructure: data processing after registration
If you have registered for a Porsche ID user account, we will exchange basic information about your user account and your vehicles with responsible Porsche dealers in order to be able to serve you via our dealer organisation. In addition to the vehicle identification number, we transfer your user name (Porsche ID), the technical or sales availability of services and product offers for your user account or vehicle, as well as relevant events as part of the creation, modification or deletion of your user account, the linking of vehicles, the selection of traders, or the activation or deactivation of services.
If you have selected an authorised dealer and provided your consent, your personal data stored with My Porsche, in particular contact data, support, contractual and service data, as well as data about your interests, vehicles and services used will also be exchanged with the authorized dealer and with synchronised with any personal data stored about you. If you no longer wish data to be transferred in the future, you can change this accordingly in your user settings. The aforementioned data will no longer be exchanged with the authorised dealer from that date. For technical reasons, both your consent and the termination of data exchange may take up to 24 hours to take effect. The legal basis for processing your data in this connection is your consent.
4.3. Deletion of your Porsche ID user account
If you delete your Porsche ID user account, your My Porsche profile will also be deleted when the contractual relationship ends, but upon expiration of your existing service licenses at the earliest. As far as data must be stored for legal reasons, these are blocked (so-called processing limitation). The data is for further use, especially for the use of services, and then is no longer available. The functionality of the services may be limited or eliminated. My Porsche will then no longer be available to you. If further responsible individuals within the Porsche Group and its sales organisation process personal data within their own responsibility, the processing of this data remains unaffected. If, on the basis of your consent, data has been exchanged with a dealer of your choice, we inform the dealer about the deletion of your Porsche ID user account.
5. Recipients of personal data
Within Porsche Smart Mobility GmbH, only those persons who need this for the purposes mentioned in paragraph 3 above have access.
We only pass on your personal data to external recipients outside of Porsche Smart Mobility GmbH if this is necessary for the provision of the respective Porsche Digital Service offer, if another legal licence exists, or if we have your consent.
External recipients may include:
Porsche AG group companies, or external service providers we use for the provision of services, for example in the areas of technical infrastructure and maintenance for the Porsche Smart Mobility GmbH offer. These processors are carefully selected by us, and regularly checked, to ensure that your privacy is maintained. The service providers may only use data for the purposes specified by us.
(b) Public bodies:
Authorities and state institutions, such as public prosecutors, courts or financial authorities, to whom we must transfer personal data for legal reasons. Transfer takes place on the basis of article 6 subparagraph 1. point (c) of the GDPR.
(c) Private bodies:
Dealers, cooperation partners or support personnel to whom data is transferred on the basis of consent, for the execution of a contract with you, or for the protection of legitimate interests, such as Porsche Centres, financing banks, other service providers or transport service providers. Transfer takes place on the basis of article 6 subparagraph 1. points (a), (b) and/or (f) of the GDPR.
6. Data processing in third countries
If individual functions within the Porsche Digital Service Infrastructure are performed on our behalf by service providers whose registered location or place of data processing is not located in a Member State of the European Union or another state that is a signatory to the Agreement on the European Economic Area, we ensure before disclosure that there is either an adequate level of data protection and privacy within the recipient’s organization (e.g. through self-certification on the recipient’s part for the EU-US Privacy Shield or agreement of “EU standard contractual clauses” with the recipient) and/or that your consent has been received in sufficient form.
You can contact us to receive an overview of the recipients in third countries and a copy of the specific contractual provisions that have been agreed to ensure an adequate level of data protection and privacy. To do this, please use the information stated in Sec. 1.
7. Further services for My Porsche
7.1 Handling payment information
To process payments for paid offers within the framework of My Porsche and Porsche Connect, we use a payment service provider assigned by us. For this purpose, we process your credit card details and the respective payment information. Management of your credit card information as well as the processing of payments is carried out via systems of the payment service provider on behalf of Porsche Smart Mobility GmbH. If you enter your credit card information, this is done directly via an input field of the payment service provider, who stores this information independently, encrypted on your end device. The encrypted information is then transferred from Porsche/from us to the payment service provider where it is stored and used for your payment. The legal basis for processing is fulfilment of the contract.
7.2 Care through the Contact Centre
You have the opportunity to be supported by our contact centre when using the Porsche Digital Service Infrastructure. For example, you can have changes made to your personal customer data, as well as online service bookings, and other services through our telephone contact centre. To do this, you must provide your Porsche ID to the contact centre. After identifying yourself by naming your Porsche ID or other security features, the contact centre accesses your Porsche ID user account or My Porsche directly and makes the desired changes/activities on your behalf. The contact centre staff only perform the tasks that you explicitly want. In addition, if you have consented to be contacted through the appropriate channels, the contact centre may actively contact you by phone/SMS/E-mail/instant messaging as required, to assist with registration, service activation and use.
The legal basis for processing your data via the Contact Centre is fulfilment of the contract.
7.3 Contact via Live Chat
In certain areas of our website, we offer the possibility of contact and advice via live chat. The live chat function allows you to communicate with one of our consultants by means of text messages. When you open and use the live chat, your browser will automatically send the data listed below at the start of use for technical reasons, whereby this data is stored by us separately from other data that you may transfer to us:
- Date and time of access,
- Duration of visit to our website,
- Type of web browser, including version,
- Operating system used,
- Amount of data transmitted,
- Type of event,
- IP address (anonymised).
The legal basis for this data processing is Article 6, para. 1, lit. f) GDPR, whereby our legitimate interest is based on guaranteeing and maintaining the operation and security of our offering as well as rectification of faults. In this context, the data is also processed by us for analysis purposes without being assigned to a specific person.
If you provide us with other personal data by means of the live chat, this takes place on a voluntary basis. If personal data is required to clarify your request, we will point this out to you and ask you for this data. The texts entered by you in the input screen as part of the live chat will be stored on our behalf on the server of an external service provider. The legal basis for this data processing is Article 6, para. 1, lit. b) GDPR.
7.4 Provision of service and warranty information
In order to provide you with information about your vehicle, ongoing warranties and recall campaigns in My Porsche, we process equipment and vehicle master data, such as the vehicle identification number, ongoing warranties, the model year and a model image. The processing of your personal data takes place for fulfilment of our contract with you. The aforementioned data is provided to us for this purpose for the duration of the existence of your vehicle relationship.
7.5 Service appointment request
To request service appointments with Porsche dealers and service companies via My Porsche, we may provide customer and vehicle data to companies of your choice at your request. If you provide us with your consent to do so as part of a service request via My Porsche, we will provide your name, address, telephone number, e-mail address, Porsche ID, vehicle identification number, vehicle model, the service dates you have selected, the scope of service you desire, and a supplementary message to your inquiry from you, as well as the desired contact channels for the dealer or service company chosen by you for the relevant inquiry. The transfer of your personal data is based on your consent once, within the context of the relevant service request.
We store your respective service request for fulfilment of our contract with you for the duration of the existence of your user account.
8. Rights of data subjects
As the subject of data processing, you have numerous rights. Specifically:
Right to information:
You have the right to receive information regarding the data we store regarding you personally.
Right of rectification and cancellation:
You may demand the correction of incorrect data, and insofar as the legal requirements are met, the deletion of your data.
If you have provided us with data based on a contract or consent, you may, subject to legal requirements, require that you receive the data you provide in a structured, common and machine-readable format, or that we transfer it to another person in charge.
Objection to data processing in the case of the ”legitimate interest” legal basis:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of data by us, insofar as this is based on the legal basis ”legitimate interest”. If you make use of your right of objection, we will stop processing your data, unless we can prove, in accordance with the legal requirements, compelling legitimate reasons for further processing that outweigh your rights.
Opposition to cookies:
Revocation of consent:
To the extent that you have issued a statement of consent to the processing of your data to us, you can revoke it at any time, with effect for the future. The legality of the processing of your data up until the time of revocation will be unaffected by this.
Right to complain to the supervisory authority:
You can also file a complaint with the relevant supervisory authority if you believe the processing of your data violates applicable law. To do this, you can contact the data protection authority with jurisdiction over your place of residence or country or the data protection authority that has jurisdiction over us.
Your contact with us:
In addition, you can contact us free of charge if you have any questions regarding the collection and/or processing of your personal data, your rights as a data subject, and/or any consent that may have been granted. To exercise any of the rights mentioned above, please contact email@example.com or use the mailing address specified in Sec. 1 above. When contacting us, please make sure we are able to clearly identify you personally.
9. Data security
We provide for all necessary technical and organizational measures, in accordance with the state of the art, in order to ensure a level of protection appropriate to the risk in compliance with the applicable statutory requirements.
10. Links to offers from third parties
Websites of other providers that are linked to from this website were and are designed and provided by third parties. We have no influence over the design, content, or functionality of these linked websites. We expressly distance ourselves from all content of all linked websites. Please note that the third-party websites linked to from this website may install cookies of their own on your end device and/or collect personal data. We have no influence over this. Please contact the providers of these linked websites directly as appropriate for information in this regard.
Last updated: 01.08.2019
Specific Data Protection and Privacy Statement
My Porsche Services and Porsche Connect Services
In My Porsche or the Porsche Connect store, you can request My Porsche services or Porsche Connect services and activate service licenses. To do this, you must be registered with My Porsche and have a Porsche ID user account. Depending on the service, you can use and manage My Porsche services and Porsche Connect Services via various Porsche apps and My Porsche, and if available for your vehicle, in your vehicle via wireless network connection.
1. Requesting and activating services
You can request individual or multiple My Porsche services and Porsche Connect services and activate service licenses. When you select the respective service or service package, you can also view the specific information on the collection, processing, and use of data within the scope of the service in question under the product descriptions for the individual services. To perform and fulfill a request and the contractual relationship with you that is associated with it, we process and use not only the relevant request information, but also your personal data that were collected upon registration. You can change your billing address before the request process is complete. In this case, we will use this address information that you have provided for billing and invoice processing purposes.
After the request process is complete, you can activate the services. When you do this, the authorization for use will be stored by the system, and the list of available services will be updated accordingly.
In order to use certain Smart Mobility Services (e.g. charging station offers), a personalised card (Porsche ID Card) containing RFID chips is sent by post in many countries when purchasing a product. After delivery, the card needs to be activated on the My Porsche portal and can then be used for authentication with the supported infrastructure (e.g. public charging station). An identification number is stored on the card, which can be used to assign you to your user account. No personal data, in particular your name or address, is stored digitally on the card itself, beyond the identification number.
If lost, the card can be blocked on the My Porsche portal by the user.
After delivery, the Porsche ID card can be used directly with the supported infrastructure (e.g. public E-charging pedestals). Unless stated otherwise, we carry out the processing described in this section for fulfilment of our contract with you on the basis of article 6 subparagraph 1. point (b) of the GDPR.
2. Use of the My Porsche services and Porsche Connect services
You can use the My Porsche services and Porsche Connect services that have been requested, depending on the service, in your vehicle (to the extent available for your vehicle) via wireless network connection or via further end devices in My Porsche, your Porsche Connect app, and the Porsche Car Connect app and, where applicable, also from multiple or all access points. To this end, your vehicle or the respective end device will connect to the Porsche Digital Service Infrastructure.
If you use the online services requested via My Porsche or the Porsche Connect store in your vehicle or on further end devices, we will process personal data of yours for purposes of enabling the use of the online services, for support purposes, and for further specifically defined purposes. Unless otherwise noted, we collect, process, and use your personal data only within the scope necessary to enable the use of the respective My Porsche service or Porsche Connect service.
When you use the individual My Porsche services or Porsche Connect services, the following categories of personal data will be processed, depending on how the relevant service works, in order to provide you with the services in this context and to fulfil the associated contractual relationship with you.
(a) Identification information, such as the vehicle information number, your Porsche ID, and device and system IDs of your end devices and mobile radio modules that are needed in order to identify you personally or to identify your end device or vehicle to establish connections, for the use of services, or for access to content.
(b) Authorization information that includes the fact that the vehicle or the relevant end device has been activated for the respective Porsche Connect service and that can be associated with your registration data from the Porsche Digital Service Infrastructure.
(c) Login information that is needed when you wish to use services of other providers that require a login in your vehicle or on further end devices.
(d) Communication information that is necessary in order to establish a connection between your vehicle and/or other end devices and our servers or with the servers of third-party providers of content for Porsche Connect services.
(e) Location and movement information required to use location-related content.
(f) Voice data that enable voice control and voice entries in certain Porsche Connect services. Voice data are transferred to us from the vehicle or an end device in recording form for the purpose of conversion to text. The text that is then generated by a service provider is transferred back to the vehicle, and the recording is subsequently deleted at our end.
(g) Contact information that is used in communication services, for example to send an e-mail or text message.
(h) Billing data such as an itemised bill from charging operations: If necessary, we will combine this information with your address and payment information for individual billing purposes.
(i) Further content that must be exchanged with us or with service providers in order to be able to perform a service for you.
For detailed information on which data are collected and processed within the scope of which online service, please see the relevant online service descriptions at https://connect-store.porsche.com/gb/en/.
We store the service call in connection with your vehicle identification number and a time stamp for a period of 12 months as a database for creating anonymised use statistics.
Unless otherwise stated here or indicated in a specific description, we will process your personal data in each case in order to fulfil the contractual relationship with you.
3. Use of services of a third-party provider
If you use services of third-party providers that you cannot request via My Porsche or the Porsche Connect store, content from these services may be displayed in your vehicle or on your end device, and information may be exchanged between your vehicle or end device and the service provider. By linking a mobile end device with your vehicle, content will only be reflected in your vehicle’s built-in infotainment system (Porsche Communication Management, or PCM). We do not access these services of third-party providers, nor do we take note of any content. Therefore, please note the relevant data protection and privacy information provided by the third-party provider.
When you use such third-party services, it is possible that personal data will also be used beyond the scope necessary to perform the service and for the proper functioning of the service.
We have no influence over the processing of data by these third-party providers or over the location of data processing. Therefore, please consult the relevant third-party providers for information on the nature, scope, and purpose of the collection and use of personal data with regard to the respective online service.
We perform all of the data processing described in this section, namely the transfer to the third-party provider, in order to fulfill our contract with you.
4. Special notes on using the Porsche Connect services in the vehicle
Depending on the model and the equipment installed, your vehicle can be connected to the Porsche Digital Service Infrastructure via a mobile phone connection, e.g. by means of the PCM integrated in your vehicle, or via the wireless interface for vehicle-related services ("Connected Gateway" or cGW for short). This enables you to use Porsche Connect services booked through our Porsche Connect Store in your vehicle, as well as any third-party services you may have booked elsewhere, separately from our offering.
Depending on the equipment installed in your vehicle, connectivity may be established by dialling into the vehicle interfaces using a WiFi connection provided by an external terminal or by means of one or more wireless modules in your vehicle. Depending on your vehicle equipment, the wireless network modules in your vehicle may have an pre-installed or pre-assigned plug-in SIM card or a permanently installed SIM card.
Unless expressly noted otherwise, we perform all of the data processing described in this section to fulfill our contract with you.
a) Installed insertable SIM card
Depending on the features of your vehicle, you can establish connectivity in your vehicle yourself by way of a SIM card that you install in the vehicle and that you have received from your respective wireless network provider (“installed insertable SIM card”). Your respective wireless network provider is responsible for your own installed insertable SIM card and the data-processing processes associated with it. Please contact your respective wireless network provider for information on the nature, scope, and purpose of the collection, processing, and use of data and on data security during signal transmission.
b) Pre-installed insertable SIM card
Depending on the features of your vehicle, connectivity can be provided by an insertable SIM card that the manufacturer has already pre-installed for you (“pre-installed insertable SIM card”). For more information on country availability, please see https://connect-store.porsche.com/gb/en/.
c) Permanently installed SIM card
Depending on the features of your vehicle, connectivity can be established by a SIM card that has already been installed directly in your vehicle by the manufacturer and that is not replaceable (“permanently installed SIM card”). A permanently installed SIM card cannot be removed manually to stop connectivity. For information on responsibilities for the data-processing processes in connection with the permanently installed SIM card, please see Sec. 4.1.3 below.
d) Network operator and virtual network operator
The (telecommunication) “network operator” operates a telecommunication network and provides the respective participants with access to this network. The “virtual network operator” puts together individual network solutions based on the infrastructures and technologies of various network operators without possessing a network infrastructure of its own.
4.1.2 Data storage during vehicle production
If your Porsche vehicle is equipped with a pre-installed insertable SIM card or a permanently installed SIM card, we store the SIM card numbers (ICCID, IMSI, MSISDN), in conjunction with the respective device and vehicle identification number, during the vehicle production process. This data storage takes place for the purpose of managing SIM card numbers and to match the vehicle with a SIM card number in the event that government agencies request information from Porsche Smart Mobility GmbH, for example.
4.1.3 Data exchange in the case of permanently installed SIM cards
Wireless network modules in Porsche vehicles with permanently installed SIM cards that are active dial in, where available, to wireless networks of the respective network operator – regardless of whether you are registered for Porsche Connect or have requested Porsche Connect services. Telecommunication data (data collected, processed, and used based on the provision of the telecommunication service or to establish connectivity) may be exchanged for the purpose of the wireless network connection or to establish connectivity and, where applicable, to perform the relevant online functions of the Porsche Connect services you have requested in your vehicle via the wireless networks of the respective network operator, e.g. with wireless cells.
Within the scope of the wireless network connection, it is not impossible that when signals are transmitted via public telecommunication networks outside your vehicle, third parties, especially network operators, can access certain information and potentially determine your location. In addition to the respective network operator, virtual network operators may also have access to this information in the process.
Provision of connectivity via permanently installed SIM cards takes place through the following virtual network operator:
- CUBIC Telecom, Cubic Telecom Limited, Corrig Court, Corrig Rd, Sandyford Industrial Estate, Dublin 18, Ireland.
- Vodafone GmbH, Ferdinand-Braun-Platz 1, 40549 Düsseldorf, Germany.
Please contact the virtual network operator for information on the nature, scope, and purpose of the collection, processing, and use of data and on data security during signal transmission.
4.1.4 Data processing within the scope of telecommunication services
We collect, process, and use your inventory data (such as your name, address, and date of birth) that are collected during registration for My Porsche or the Porsche Connect store or indicated when you request a telecommunication service in My Porsche or the Porsche Connect store to establish, amend, or terminate a contractual relationship regarding telecommunication services or to design the content thereof. The aforementioned data are stored for these purposes until the end of the calendar year following termination of the contractual relationship at the latest.
Traffic data generated within the scope of the activity of the wireless network connections (such as the start and end of the respective connection), location data on the mobile connection, the end points of the connection and dynamic IP addresses, are not collected, processed, or used within the Porsche Digital Service Infrastructure, with the exception of SIM card and device numbers and the volume of data used. Please contact the respective network operator for information on the nature, scope, and purpose of its collection, processing, and use of data.
4.1.5 Data processing within the scope of further connectivity services
If you request or have requested expanded connectivity services, such as Wi-Fi packages, activation and deactivation information is exchanged between our system, your vehicle’s wireless network interface, and the virtual network operator for the purpose of activating and deactivating the data packages of the permanently installed SIM card in Porsche vehicles.
To manage the pre-installed insertable SIM cards and permanently installed SIM cards in Porsche vehicles and to calculate the volume of data available to you and the volume of data used within the scope of any data package you may have requested, the vehicle identification number, your SIM card numbers, the associated SIM card status and, where applicable, the volume of data used and remaining in the respective period are additionally exchanged between our system, your vehicle’s wireless network interface, and the virtual network operator and stored by us for the duration of the respective contractual relationship. We also store the aforementioned data for a period of 12 months as a basis for generating anonymized use reports.
4.1.6 Further data processing due to legal obligations
Beyond the data processing described in Sec. 4.1.3 through 4.1.5 above, we collect, process, and use telecommunication data (data that are collected, processed, and used based on the provision of the telecommunication service and/or to establish connectivity) only based on and in compliance with applicable legal obligations that apply to us – for example, to fulfill our statutory obligations to store personal data for, and release personal data to, security and law enforcement agencies.
The legal basis for the processing of your data is the fulfillment of a legal obligation that applies to us and/or our legitimate interest in complying with statutory requirements.
4.1.7 Joint responsibility for identity checks
The laws in some countries, may require an identity check based on identity papers documents in order to book certain telecommunications services. In relation to data processing when carrying out such identity checks, we are jointly responsible with
Here, together with IDnow GmbH, we wish to set down the purpose of processing personal data and the means used. To enable the identity check to be carried out, you will be forwarded to the external page of the service provider, IDnow as part of the service booking procedure. As part of the process, we will, at your request, send the service provider the information to be verified (your name, address and date of birth) and, in order to be able to trace the identity check result at a later point, a reference number. As part of the identity check, the service provider will compare the aforementioned data with your identity document and store the data, as well as an optoelectronic copy of the identification document, a photo of the verified person and an audio record of the session. Following the identity check, the service provider will inform us of the identity check result, using the reference number. Personal data resulting from this identity check will only be shared with third parties if we are legally obliged to do so. Only in such cases will we obtain access to a copy of your identification document from the service provider, for the purpose of fulfilling our legal obligations. If your Porsche ID account is deleted, the relevant data shall be automatically deleted at the end of the following calendar year.
The legal basis for our processing of your personal data in order to carry out an identity check is Article 6 paragraph 1 letter c) and/or f) GDPR (General Data Protection Regulation), as the identity check is the fulfilment of a legal obligation by which we are bound, or reflects to our legitimate interest in complying with legal requirements.
As the jointly responsible party together with IDnow GmbH, we have determined in an agreement according to Article 26 GDPR how the respective functions and relationships in the processing of personal data are to be structured and who is to satisfy which data protection obligations, in particular with regard to ensuring an adequate level of security, the implementation of your rights as a data subject, the fulfilment of data protection obligations, as well as the monitoring of potential data protection incidents, including the assurance of reporting or notification obligations (as required). You can use the contact details provided at 8. (General Data Protection and Privacy Statement) to request further information about this agreement; we shall then supply you with the key provisions.
You are welcome to contact either of the jointly responsible parties with questions or to exercise your rights as a data subject. In the spirit of the aforementioned agreement, we will consult with IDnow GmbH in accordance with Article 26 GDPR in order to answer your inquiry and, if necessary, to fulfil your wish to exercise your rights as a data subject.
Personal data is exchanged between the jointly responsible parties takes place on the basis of Article 6 (1) (f) GDPR, as we have a legitimate interest in the effective implementation of identity checks in cooperation with IDnow GmbH.
4.2. Setting up a vehicle and establishing a vehicle connection
To be able to use services in your vehicle, your vehicle must be stored in your Porsche ID user account. To this end, you need to enter the vehicle identification number in My Porsche or have this done by your authorized dealer. We will process your vehicle identification number for the purpose of verification, to establish a vehicle connection and to identify the vehicle in the context of the use of services, and also to activate and provide services and for other purposes defined and explained in detail in the respective place, as well as the identified legal basis. To ensure that you can connect your vehicle to the Porsche Digital Service Infrastructure, our system creates and stores a “pairing code” that is displayed to you in My Porsche.
For verification purposes, you will also have to upload a copy of an identification document and proof of ownership and – if you are not the owner of the vehicle – a power of attorney from the vehicle owner after entering your vehicle identification number or present these items to your authorized dealer. These documents will be reviewed based on our verification criteria. As proof of successful verification, we will also store the names, dates of birth, places of birth, addresses, and validity information of the documents shown in the respective identification documents and the vehicle identification numbers, owner names, and addresses shown in the ownership documentation. After the verification process is complete, the copies of the documents will be deleted.
After your vehicle has been matched with your Porsche ID for the first time or a subsequent time, the vehicle must be connected to the Porsche Digital Service Infrastructure. To do this, enter the “pairing code” shown in My Porsche in your vehicle’s PCM. Your vehicle then registers on our system with the "pairing code" and the vehicle identification number. We require this information in order to be able to identify your vehicle during use, for example when it calls up a service, so that we can check your Porsche ID user account and its entitlement to use services. After successful identification, our system will send a list of currently available services to your vehicle. To use services that are especially critical to safety and security, you will have to enter a separate four-digit PIN. You can set up your personal PIN in My Porsche and change it there at any time. The PIN is stored with encryption. When you enter the PIN in your vehicle, it is also encrypted and transmitted to our system for the purpose of checking authorization.
Unless otherwise indicated, we will process your data under the conditions described in this section to fulfil our contract with you.
4.3 Retrieving the list of available services and accessing services
Whenever you start or finish a journey and when you select some services, your vehicle first registers in the Porsche Digital Service Infrastructure with the vehicle identification number. We require this information in order to assign your vehicle to your Porsche ID user account and to allow us to check that you are entitled to use the services. When you log on at the start or end of a journey, an up-to-date list of the available services will also be sent to your vehicle. We will process your data in order to fulfil our contract with you.
We store and use the retrieval of the list of available services and the service call in connection with your vehicle identification number and a time stamp for a period of 12 months as a database for creating anonymised use statistics.
4.4 Deactivating services and data exchange
Depending on the type of wireless network connection, the vehicle model, the equipment in your vehicle and the activated services, the data exchange of the vehicle may:
a) removing the SIM card or disconnecting your end device, if the wireless network connection is established via an installed or pre-installed insertable SIM card or a Wi-Fi connection; or
b) adjusting the settings accordingly in the options menu of your vehicle’s PCM. Individual services may not function in full or at all if this is done.Depending on the vehicle model and the equipment installed, vehicle occupants can deactivate data exchange by the PCM or the vehicle's Connected Gateway via the wireless connection in the system settings, e.g. by switching off the PCM wireless module or by activating "private mode".
Depending on the vehicle model and equipment, services and functions can also be deactivated individually or in groups.
Any legally required functions and services present and in operation, such as the traffic emergency call system "SOS-Call" or other emergency call systems, as well as the basic functions required for this purpose, shall be excluded from operation.
In order for us to provide these services and functions on a case-by-case basis, if your vehicle has these services, it may be necessary for the vehicle to maintain a wireless network connection to wireless cells of the relevant mobile operator (see section 4.1 in relation to data exchange in the context of connectivity) and in individual cases, to exchange data via a wireless connection, as described in the relevant service descriptions at www.porsche.com/connect . Services that cannot be deactivated are marked as such in the vehicle's Options menu under "Private Mode".
4.5 Use of the online services by unregistered drivers
If other persons use your vehicle, then, depending on the vehicle model and equipment, as well as the activated services, the data mentioned in section 2 a) to a) may also be gathered, processed and used in relation to these persons. If the other person does not have a Porsche ID user account, this information will be gathered and stored under your Porsche ID user account for technical reasons.
4.6 Online software update
If you have activated Online Software Updates in My Porsche, data may be exchanged between our systems and your vehicle for the purpose of updating the software of your vehicle systems and for troubleshooting software failures as part of service activities. For this purpose, your vehicle identification number, device identifications and their current software version, your Porsche ID and authorisation information are exchanged with our systems at regular intervals. In individual cases (e.g. update actions), information about the vehicle equipment as well as information about the technical condition of your vehicle are transferred to our systems. You can terminate Online Software Update and the associated processing of personal data by deactivating the function in My Porsche.
4.7. Product analysis, improvement and processing of swarm data
Depending on your vehicle's equipment, your vehicle may transfer infotainment system usage data, technical vehicle data and related environmental data, along with a temporary identification key, to our systems, providing you agree to transfer data as part of the vehicle installation in the PCM of your vehicle, or activate the function in the PCM of your vehicle. We use the data transferred for the purpose of analysing and improving our products and services.
Individual services, such as real-time traffic or safety radar, rely on providing information about, for example, the location, the environment and the movement of your vehicle, as well as data from other vehicles, in order to obtain new and more accurate information, such as current traffic and road conditions (swarm services). For this purpose, as part of vehicle use, the location, vehicle and environmental data and movement information from your vehicle may be transferred. We provide the aforementioned data to third parties in aggregated form only, and without reference to you or your vehicle.
The processing of this data for product analysis and improvement, as well as the processing of swarm data is based on our legitimate interest in the analysis and improvement of our products and services, as well as the provision of more precise content in the context of swarm services.
You can deactivate the transfer of data for these purposes at any time in the settings of the PCM of your vehicle under "Porsche Connect". Please note that this may limit the functionality of individual services when deactivated, in particular swarm services such as real-time traffic or safety radar. The exchange of data can also be prevented by setting "Privacy mode" into operation in accordance with paragraph 4.4.
5. Rights of data subjects
As the subject of data processing, you have numerous rights. Please see Sec. 9 of the General Data Protection and Privacy Statement for My Porsche and the Porsche Connect Store for information on this.
6. Amendments to this data protection and privacy statement
We reserve the right to amend this data protection and privacy statement. The current version of the data protection and privacy statement can always be accessed at https://connect-store.porsche.com/gb/en/t/privacy.
Last updated: 01.08.2019