Data Privacy Declaration

We, Dr. Ing. h.c. F. Porsche AG (hereafter "we" or "Porsche AG"), appreciate your visit to our online shop and your interest in our company and our products. Your privacy is extremely important to us. We therefore take the protection of your personal details very seriously, and treat them in strictest confidence. Your personal data is processed only within the scope of the legal provisions of the EU's data protection law, in particular the General Data Protection Regulation (hereafter "GDPR").

In this privacy policy we provide you with information about the processing of your personal data and your rights as a data subject within the scope of the use of our online shop. For information on other products and services offered by other companies in the Porsche Group, please consult the respective privacy policy for these services or Porsche companies.

If we provide a link to this data privacy declaration on external social media websites, the following conditions only apply insofar as the data processing procedures for such social media websites are actually within our area of responsibility and unless such social media websites contain more specific data privacy information that takes precedence.

1. Controller and data protection officer for data processing; contact

Controller for data processing within the meaning of the data protection legislation is:

Dr. Ing h.c. F. Porsche AG
Porscheplatz 1
70435 Stuttgart
Germany
Tel: (+49) 0711 911-0

Please do not hesitate to contact us if you have questions or ideas relating to data protection.

You can contact our data protection officers at the following address

Dr. Ing. h.c. F. Porsche AG
Beauftragter für Datenschutz
Porscheplatz 1
70435 Stuttgart
Germany
Contact: www.porsche.com/international/privacy/contact/

2. Subject matter of data protection

The subject matter of data protection is the protection of personal data. This is all the information that relates to an identified or identifiable natural person (known in the legislation as the data subject). This covers, for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our online shop, such as details about the start, end, and scope of use, and the communication of your IP address.

3. Type, scope, purposes of, and legal basis for automated data processing

Partially, it is possible to use our online shop without registering. Even if you use our online shop without registering, personal data can still be processed.

An overview of the type, scope, purposes of, and legal bases for automated data processing via our online shop is provided below. For information on the processing of personal data when using the individual services and functions, please refer to the following section 4.

3.1 Provision of our online shop

When you access our online shop using your device, we process the following data:

  • date and time of access
  • duration of your visit
  • type of device
  • operating system used
  • functions that you use
  • quantity of data sent
  • type of event
  • referrer URL
  • IP address
  • domain name

We process this data on the basis of Article 6 (1) (f) GDPR to provide the online shop, to ensure the technical operation, and to identify and rectify faults. In this way, we pursue the interest of facilitating and ensuring the long-term use of our online shop and its technical functional capability. When our online shop is selected, this data is automatically processed. You cannot use our online shop unless this data is provided. We do not use this data for the purpose of drawing conclusions about you or your identity.

3.2 Cookies

When you visit our online shop, "cookies", which are small files, may be stored on your device in order to provide you with a comprehensive scope of functions, make it easier to use our service, and optimize our offerings. If you do not wish to allow the use of cookies, you can prevent them from being stored on your device by configuring the relevant settings in your Internet browser or using the specific opt-out options. Please note that the functional capability and functional scope of our offering could be restricted as a result. Please refer to our Cookie Policy for details on the type, scope, purposes of, legal basis for, and opt-out options for data processing in relation to cookies.

4. Individual services and functions

When using our online shop, you can voluntarily enter personal data or register for orders with an individual user profile on our online shop. You can use this user profile as part of the following offers: other webshops, newsletter registration, contact requests, requests for information, web specials, Car Configurator, pre-owned vehicle searches (including search agent, for example) and dealer contact. Without registering, it may not be possible to use some of the services mentioned above or only with a limited scope of functions.

4.1 Registration process and setup of user profile

(a) Mandatory data for registration
An input field marked with a "*" indicates that the data entered in the relevant field is mandatory for registration and usually includes the following: salutation, first name and surname, postal and e-mail address. It is not possible to register and setup a user profile without entering the mandatory data.

(b) Voluntary data for registration
When registering, you also have the option of voluntarily entering other information such as company contact details, profession, date of birth, etc. Please note that this information is not required for registration and you alone must decide whether you wish to provide us with this data. However, if you do not provide this data, in certain circumstances we may not be able to respond to your needs in the best possible way when using our offers as indicated in Sections 4.2 and 4.3.

We will process the personal data you provide during the registration process to create your profile and identify you every time you subsequently log in. The applicable legal basis for these data processing procedures is Article 6 1 (b) and (f) GDPR. Other data may be collected and then linked with your profile data, depending on the service and function you wish to register for.

4.2 Usage of individual functions with registration

The functions within the online shop as well as the respective processed personal data, purposes and legal bases are described below.

Orders in the Online Shop
When placing orders you have the choice whether you register or log in or whether you want to place the order as a guest buyer, i.e. without registration and login. If you log in or register in the online shop to place an order, the personal data mentioned in Section 4.1 will be processed. In addition, your payment data (bank account data) are processed as mandatory data for an order. You also have the option of providing additional personal data on a voluntary basis.

When placing an order as a guest buyer, the following mandatory data will be processed: Title, first name, surname, address, e-mail address and payment data (bank account data). On a voluntary basis, as a guest buyer, you can also provide further information, such as company name and telephone number; however, these are not required for the execution of the order.

The personal data provided by you in the context of the order will be used by us to carry out and process orders and payment transactions placed via the Online Shop. In the case of a credit card payment, the card number, expiry date of the card, the holder name and the card verification number are also processed.

The applicable legal basis for these data processing operations is Article 6(1)(b) GDPR. For the processing of payment transactions, we may pass on your relevant data to the payment service provider commissioned by us, who processes this data on our behalf for payment processing.

4.3 The usage of the funktions without registration

The functions within the online shop as well as the respective processed personal data, purposes and legal bases are described below.

4.3.1 E-mail newsletter

You do not need to register with a user profile to use this function.

In order to subscribe to our newsletter, you only need to specify your name (incl. salutation), your e-mail address and your country of residence. We only send newsletters to individuals who have subscribed, i.e. given their consent based on Article 6 (1) (a) GDPR. The contents of a newsletter are relevant for the scope of the consent, provided they are actually described during the subscription process. In addition, our newsletters contain information about our products, offers, campaigns and company.

Subscription is carried out using the so-called double opt-in process, i.e. after subscribing, you receive an e-mail prompting you to confirm your subscription to prevent misuse of your e-mail address. We make a record of all newsletter subscriptions so that we can provide evidence of the subscription process and associated consent in line with legal requirements. Subscriptions are always logged and the mandatory processing of data you entered during the subscription process is performed accordingly on the basis of our legitimate interests according to Article 6 (1) f) GDPR. You can withdraw your consent to receive our newsletter at any time by unsubscribing from the newsletter, for example. You can exercise this right using the unsubscribe link at the end of each newsletter.

We use the Salesforce Marketing Cloud service to distribute our newsletter, which is operated by salesforce.com Inc., The Landmark@One Market, Suite 300, San Francisco, California 94105, USA. To make our newsletter as interesting as possible for you, Salesforce evaluates user behavior on our behalf without drawing conclusions about you or your identity. In this way, we can find out how many of our readers have opened our newsletters and which links are used the most frequently, for example. Commercial technologies such as cookies or tracking pixels integrated in our newsletters are used for this purpose. Data is processed on the basis of our legitimate interests according to Article 6 (1) f) GDPR, namely our interests in the analysis and content optimization of our newsletter. Further information on the Salesforce Marketing Cloud and processed data can be found at: www.salesforce.com/uk/company/privacy/.

4.3.2 Other contact

If you provide us with personal data by e-mail or via a contact form, this is always done on a voluntary basis. Your details will be processed by us for processing your contact request and its handling in accordance with Article 6 paragraph 1 letter b) or f) GDPR and in this context may also be passed on to third parties (e.g. Porsche centres).

4.3.3 Live Chat

Within the scope of using our online shop, we offer contact and advice via live chat. With the help of the live chat you can communicate with one of our consultants via text messages. When you access and use the live chat, for technical reasons your browser automatically transmits the following data at the beginning of usage, which we process separately from other data that you may transmit to us:

  • date and time of access
  • duration of your visit of our online shop
  • type of web browser including version
  • operating system used
  • quantity of data sent
  • type of event
  • IP address.

The legal basis for this data processing is Article 6 paragraph 1 letter f) GDPR, whereby our legitimate interest is directed towards guaranteeing and maintaining the operation and safety of our offer as well as the elimination of malfunctions. In this context, the data is also processed by us for analysis purposes - without assignment to a specific person.

If you provide us with additional personal data via the live chat, this is done on a voluntary basis. We do not actively request personal data from you. The texts you enter in the input mask during the live chat are stored on the server of an external service provider on our behalf. The legal basis for this data processing is Article 6(1)(b) GDPR.

4.3.4 Psyma User Survey

When you visit our online shop, you can be selected to participate in an anonymous online survey. By clicking on the link displayed, you will be taken directly to the online questionnaire. Personal data will only be processed by Psyma on our behalf and only if you voluntarily provide it within the scope of the survey; an indication of personal data is not required for participation in the survey.

Data processing is carried out on the basis of our legitimate interests pursuant to Article 6 paragraph 1 letter f) GDPR, namely exclusively for market research purposes. The survey results communicated to us by Psyma are anonymous and are processed by us exclusively anonymously. If you do not wish to participate in the survey, we will use an opt-out cookie on your end device to prevent you from being selected again. This cookie information is used for about 30 days during the current survey. You can find further information on data protection law regarding Psyma in the Psyma data protection information under the following link: scripts.psyma.com/documents/privacy/privacy.php.

5. Safeguarding of legitimate interests

We will process your personal data for the purpose of safeguarding our legitimate interests. In addition to the interests specified in the description of individual services and offers in Section 4, data processing procedures are performed on our online shop or after completing registrations, in particular against the background of the following interests:

  • Further development of products, services and care offers as well as other measures for controlling business cases and processes;
  • Improvement of product quality, rectification of faults and malfunctions by analyzing customer feedback;
  • Processing warranty and goodwill cases as well as non-contractual prospect and customer inquiries and issues;
  • Risk management and coordination of recall campaigns;
  • Processing data on a central prospect and customer service platform as well as upstream and downstream systems for customer loyalty and sales purposes to provide customers and prospects with personalized support;
  • Needs analysis and customer segmentation, e.g. calculation and evaluation of affinities, preferences and potential;
  • Ensuring actions are lawful, preventing and protecting against legal violations (in particular criminal offenses), asserting and defending against legal claims;
  • Guaranteeing the availability, operation and safety of technical systems as well as technical data management.

The relevant data is processed on the basis of Article 6 (1) (f) GDPR.

6. Consent

If you have given consent to perform certain data processing procedures, this consent always relates to a specific purpose included in the content of the actual declaration of consent. In this case, data is processed on the basis of Article 6 (1) (a) GDPR. We cannot accommodate the request covered by the consent until you give your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on the consent given before its withdrawal.

Based on any declarations of consent you may have given, the companies listed in the declaration of consent can use data for a specific purpose, such as providing support for customers and prospects, for example, and contact you along one of your preferred communication channels. Your data is used within this framework to offer an exciting brand and service experience with Porsche and ensure that communication and interaction with you is as personal and relevant as possible.

Which of your data items are actually used to provide a personalized service to customers and prospects essentially depends on which data was collected based on requests, orders and consultations (e.g. when purchasing Porsche products) and which data (e.g. your personal interests) you have disclosed to the relevant contact points (e.g. via this online shop). The scope and purpose of the consent you have given actually depends on the formulation of the declaration of consent at the contact point.

7. Recipients of personal data

Internal recipients: Within Porsche AG, the only people who have access are those who need it for the purposes named.

External recipients: We only forward your personal data to external recipients outside Porsche AG if this is necessary for the administering or processing of your issue, if another legal authorization exists, or if we have your consent to forward the data. External recipients can be:

a) Processors
Group companies in Porsche AG or external service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance for the Porsche AG offering or the provision of content. We carefully select and regularly inspect these processors to make sure that your privacy is protected. The service providers may use the data only for the purposes we have specified and in accordance with our instructions.

b) Public bodies
Authorities and public institutions, such as public prosecutors, courts, or financial authorities to which we must transfer personal data for legal reasons. The data is transferred on the basis of Article 6 (1) (c) GDPR.

c) Private bodies
Porsche dealers and service companies, cooperation partners, service providers or persons to whom the data is transferred on the basis of consent, to execute a contract with you or to safeguard legitimate interests, for example, other Porsche Dealerships and Porsche Service Centers, financing banks, providers of other services or transport service providers. The data is transferred on the basis of Article 6 (1) (a), (b) and/or (f) GDPR.

8. Data processing in third countries

If data is transferred to bodies whose headquarters or whose place of data processing is not located in a member state of the European Union or in another country outside of the European Union who is a signatory to the treaty, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between the European Union and the recipient) or you give sufficient consent for the transfer of the data.

We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact the address specified in Section 1.

9. Automated decision making and profiling

We do not use automated decision making according to Article 22 GDPR for the preparation, establishment and execution of business relationships. Profiling is only conducted to protect our legitimate interest in the context of the processing purposes described in this document.

10. Duration of storage and deletion

If the description of the individual services and offers do not contain any specific information about the storage duration or deletion of data, the following applies:

We store your personal data only for the length of time necessary to fulfill the intended purposes, or – in the case of consent – until you withdraw your consent. If you withdraw your consent to process your personal data, we will delete it unless relevant legal provisions stipulate that it can be processed further. We will also delete your personal data if we are obliged to do so for other legal reasons.

In line with these general principles, we will usually delete your personal data immediately

  • after the legal grounds cease to apply and provided that no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
  • if we no longer need the data for the purposes of preparing and executing a contract or legitimate interests and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
  • if the purpose of collecting the data no longer applies and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply

11. Rights of data subjects

As the data subject affected by the data processing, you have several rights. Specifically,

Right of access: You have the right to obtain information from us about the data that we have stored about you.

Right of rectification and erasure: You have the right to demand that we rectify incorrect data and – provided the legal requirements are met – that we delete your data.

Restriction of processing: You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.

Data portability: If you have provided us with data on the basis of a contract or consent, you have the right, in accordance with the legal requirements, to obtain the data you have provided in a structured, standard, and machine-readable format or you can demand that we transfer this data to another controller.

Objection to the processing of data on the legal grounds of "legitimate interest": You have the right to object at any time, on grounds relating to your particular situation, to our processing of your data, provided this objection is based on the legal grounds of "legitimate interest". If you exercise your right to object, we will cease the processing of your data unless we can – pursuant to the legal requirements – prove compelling legitimate reasons for the further processing, which override your rights.

Withdrawal of consent: If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data remains unaffected up until the time of the withdrawal of consent.

Objection to cookies: You can also object to the use of cookies at any time. For details on how to object, please refer to our store.porsche.com/gb/en/cookiepolicy.

Right to lodge a complaint with a supervisory authority: You can also submit a complaint to the competent supervisory authority if you believe that the processing of your data is in breach of the legislation. To do so, you can apply to the data protection authority that is responsible for your town/city or country or the data protection authority that is responsible for us.

Contacting us: Please do not hesitate to contact us if you have any questions regarding the processing of your personal data, your rights as a data subject, and any consent that you may have given. To exercise all of these previously mentioned rights, please contact the postal address specified above in Section 1. In doing so, please ensure that it is possible for us to uniquely define you.

12. Integration of third-party offerings

Websites and services delivered by other providers that are linked to our online shop have been and are structured and provided by third parties. We do not have any influence over the structure, content, or role of these third-party services. We explicitly distance ourselves from all content in all linked third-party offerings. Please note that the third-party offerings linked to our online shop may install their own cookies on your device or collect personal data. We have no influence over this. Please contact the providers of these linked third-party offerings as required for the relevant information.

The above also applies to the recommendation option, where a link to our online shop or to individual offers from our online shop can be sent through services of various providers, such as Twitter, Digg or Pinterest. With the selection of the individual provider you will be forwarded directly by linking to the respective offer of this third party. The terms of use and data protection notices of the respective provider, which are provided on the corresponding websites of the third party offer, apply.

Offerings from third parties also include offerings from other Porsche subsidiaries and Porsche Dealerships that are linked to our online shop or otherwise integrated in our online shop, such as:

  • Porsche Classic Online Shop
  • Porsche Tequipment / TEQ Finder
  • Porsche Lizenz- und Handelsgesellschaft mbH & Co. KG

The names of the relevant provider and person responsible are included, in particular, in the legal notice and relevant data protection information on the corresponding websites.

13. Status

The latest version of this privacy policy applies.

Date 07.26.2018

Download Data Privacy Declaration (pdf) lass="button-ghost__label">Download Data Privacy Declaration (pdf)