Data privacy

I. Introduction

Thank you for visiting our website and your interest in our company. We want you to feel safe and secure when visiting our website. We therefore take the protection as well as the confidentiality of your personal data very seriously.

This privacy notice is to inform you about when and for which purpose we process personal data that we collect when you use our website.

Of course, your personal data will be processed in compliance with the provisions of the EU General Data Protection Regulation („GDPR“), the German Federal Data Protection Act (Bundesdatenschutzgesetz, („BDSG“), the German Federal Telecommunications and Telemedia Data Protection and Privacy Act („TTDSG“) and any other applicable regulations on data protection.


II. Data controller

The Controller, i.e., the body responsible for processing personal data, is:

Porsche Automobil Holding SE
Porscheplatz 1
70435 Stuttgart
Telephone +49 711 911 244 20
Telefax +49 711 911 118 19

Our data protection officer can be contacted by email at or by post by adding „For the attention of the data protection officer“ to the address.


III. Processing of personal data when you visit our website

1. Contact

On the one hand, your personal data will be collected when you communicate them to us; e.g. if you write to us via the contact form or if you send us an inquiry. As far as certain input fields are marked as „mandatory“, we collect with these fields only the data that is necessary for the fulfillment of the contract or the execution of the desired action. Of course, you can provide us with additional information.

The processing of this personal data is based on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as this is necessary for the execution of the requested measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).


2. Technical and functional provision of the website

Other data is collected automatically by our IT systems when you are visiting the website.

a. Logs

By visiting our site our server stores your access data. This includes e.g. the type and version of your browser, the kind of your used operating system, the domain name of the internet service provider, the IP address of the computer used, the website from which you are visiting us, date and time of the server request as well as the client's file request (file name and URL).

The data processing is absolutely necessary to ensure the retrievability and correct display of the website on your device. In addition, the log files can be used to identify cyber attacks and thus ensure the accessibility of our websites. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

On some pages we have integrated small and imperceptible image files, so-called "tracking pixels". If such a page is called up, we can use the tracking pixel to track the total number of all calls (so-called "reach analysis"). The IP-address transmitted to retrieve the pixel-code is immediately anonymized by us before storage. A combination with other user data does not take place, so that the coverage analysis is purely statistical. Third parties have no access to the coverage analysis. We have a legitimate interest in tracking the relevance of content on certain websites and thus improving the attractiveness of our online presence. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

b. Consent Management Tool

Our website uses the Consent Management Tool ("CMT") of Brainworxx GmbH ("Brainworxx") to obtain and document your consent to data processing by various services.

When you open our website, you can use the CMT to provide declarations of consent for individual data processing, which are stored by the CMT. For this purpose, Brainworxx places cookies, i.e. small text files, on your computer on our behalf. These are the following cookies:

  • cookieconsent_status // status of this cookie message
  • cookieconsent_preference // settings for the use of cookies on this site
  • cookieconsent_date // date of consent / change of setting

Cookies can be used to track which data processing by which services you have or have not consented to when you re-open the website. This means that you do not have to make your cookie settings again each time you visit the site. Of course, you can also change your selection subsequently via the settings. You can open the settings at any time by clicking the "Change Cookie Settings" button in the footer of our website.

We use the CMT to allow you to consent to different data processing operations and to revoke consent once given. We are required by law to obtain and document your consent. In order to comply with this legal obligation, the CMT is absolutely necessary. The legal basis for data processing by the CMT is § 25 para. 2 no. 2 TTDSG.

For more information about the CMT and data protection at Brainworxx, please visit:

3. Further processing of personal data on the website

a. Matomo (formerly Piwik)

If you have consented, we use the open source web analytics software "Matomo" on our website.

With Matomo, we collect and process personal data for optimization and marketing purposes. In particular, this involves the - immediately anonymized - IP address, a randomly assigned user ID, date and time of the first, last and current access to our website, total number of visits to our website, location and the visitor's language settings. The data collection takes place via so-called device fingerprinting. When a website is accessed, information about the browser, the operating system used, location, time and audio settings, screen resolution or installed browser plug-ins is automatically retrieved. This results in a unique device fingerprint that can be used to identify visitors.

The data collected is used to create and evaluate pseudonymous usage profiles. The pseudonymous usage profiles only refer to our website. Tracking across services and websites does not take place. Likewise, no personal identification of the individual visitor takes place.

The legal basis for the access to stored information as well as the storage of information on your terminal device by the service is your consent (§ 25 para. 1 sentence 1 TTDSG). 

Based on the collected data, pseudonymous usage profiles are created and evaluated. The pseudonymous usage profiles relate only to our website. Tracking across services and websites does not take place. Likewise, no personal identification of the individual visitor takes place. The legal basis for the creation of the pseudonymous usage profiles is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

You can revoke your consent at any time with effect for the future via our Consent Management Tool (CMT).

For more information on data processing by Matomo, see:


IV. Processing of personal data when visiting our online presence on the social media platform LinkedIn

As Joint Controller we operate a company site on the LinkedIn platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“), where we inform about news from our company and events.

Data processing on our LinkedIn site and legal basis for this

As a provider of an online presence on the social media platform LinkedIn, we process personal data when you contact us directly via the platform (in a personal message or via the public comment function). Which data is collected depends on the content of your message and the contact details you have provided or released.

Beside that LinkedIn uses cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to collect information that allows LinkedIn to recognize users and to conduct broad analysis of user behavior. LinkedIn provides us with relevant information to analyze the user behaviour of our online presence in anonymized form. This enables us to statistically evaluate the use of our LinkedIn site and thus to control the marketing of our activities in a targeted manner.

With the help of this data the provider of the social media platform can also create user profiles. This enables him to display interest-related advertising to the user within and outside the respective social media presence. If you are also logged into your social media account with the browser you use for our LinkedIn site, the name of the account is also forwarded. This allows the social media provider to match the visit of this website to your user account.

The processing of personal data collected via the platform by us is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to present Porsche SE to the outside world in a variety of ways and to make the most effective use of the communication opportunities with our customers. If you are asked by LinkedIn to give your consent to the above-mentioned data processing, the legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

Joint Controller Agreement according to Art. 26 DSGVO

We have concluded a Joint Controller Agreement with LinkedIn pursuant to Art. 26 DSGVO in which the data protection obligations arising from the operation of our company site are divided between us and LinkedIn. LinkedIn has thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12 et seq. GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the notification and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to LinkedIn. We are obligated to do this under the agreement with LinkedIn.

For more information on the agreement between us and LinkedIn, please visit:

Disclosure of personal data

Please note that we cannot track all data processing activities on LinkedIn, nor do we have any control over it. Accordingly, we cannot control or exclude the possibility that the information collected by LinkedIn may be transferred to a third country, specifically to a server of LinkedIn's parent company, LinkedIn Corporation, located in 1000W. Maude Ave. Sunnyvale, California 94085, USA. In such cases, the information is submitted to LinkedIn Corporation on the basis of EU-Standard Contractual Clauses.

Rights of the data subject

In principle, you can assert your data protection rights with regard to data processing by our LinkedIn site both against us and against LinkedIn. However, we would like to point out that these can be most effectively claimed on LinkedIn. Because only LinkedIn, as the provider, has access to the users' data and can therefore take appropriate measures and provide information directly.

For further information on the processing of your personal data through LinkedIn, possibilities of adjustment and contradiction please refer to the websites of LinkedIn, for example:


V. Recipient(s) of your personal data

Within Porsche SE, only authorised staff with relevant competencies will have access to your personal data.

We are authorised to mandate third parties, for example website administrators, to provide certain services, such as IT services. Furthermore, we retain legal advisors, management consultants and auditors, among other professionals. These third parties perform services on our behalf and under our supervision as well as in accordance with our instructions and they may have access to personal data to the extent required for them to render their services.

We require all of our employees, agencies and service providers to act in the strictest of confidence.

In addition, we can – to the extent legally permissible – transmit your personal data to authorities, courts and other governmental authorities both in Germany and abroad in order to comply with statutory duties or if this is in the company's best interest.

Your data will not be sold, hired out or traded in.


VI. Obligation to erase data

We will erase the data gathered in this connection once their storage is no longer necessary (usually after the request has been finally dealt with), the personal data is no longer required for any administrative or court proceedings, if any, and no other statutory obligations to furnish evidence or record retention requirements apply or any reasons justifying the storage exist.


VII. Security

Porsche SE employs technical and organisational security measures to protect your personal data that we process against random or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with developments in technology.


VIII. Your rights

1. Disable cookies

Previously explained processing operations use cookies. Most browsers accept cookies automatically. If you do not want this, you can disable the storage of cookies on your hard drive in your browser settings. You can also delete cookies from your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.

2. Right of withdrawal

Some of the processing operations explained above are only carried out with your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. In this case, you may no longer be able to use our services as usual until you have again consented to the respective data processing. You can exercise your right of withdrawal via our Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time by clicking the "Change Cookie Settings" button in the footer of our website."

4. Right of access, rectification, erasure or restriction and portability

Subject to the statutory requirements, you have the right to access information about your processed personal data (Art. 15 GDPR), to require rectification (Art. 16 GDPR) or erasure of your personal data (Art. 17 GDPR), the restriction of processing (Art. 18 GDPR) or the portability of your personal data (Art. 20 GDPR) by using the contact information indicated above. In some cases, however, we are not permitted to completely erase user data, due to legal retention requirements.

4. Right to object (Art. 21 GDPR)

If we process your data for the purposes of the legitimate interests pursued by us (Art. 6 para. 1 sentence 1 lit. f GDPR), at any time with effect for the future you may object to such processing on grounds relating to your particular situation that oppose such data processing. Please submit your objection to the contact address indicated above.

5. Right of appeal

We would also like to draw your attention to the possibility to file a complaint with a responsible supervisory authority. The responsible supervisory authority for us is the Baden-Württemberg State Commissioner for the Protection of Data and Freedom of Information, Lautenschlagerstraße 20, 70173 Stuttgart, Germany.


IX. Contact us

If you have any questions, comments or suggestions about this privacy notice or our data protection policies, please contact Porsche SE's data protection officer under



Status 4 May 2022