Data privacy

I. Introduction

Thank you for visiting our website and your interest in our company. We want you to feel safe and secure when visiting our website. We therefore take the protection as well as the confidentiality of your personal data very seriously.

This privacy notice is to inform you about when and for which purpose we process personal data that we collect when you use our website.

Of course, your personal data will be processed in compliance with the provisions of the EU General Data Protection Regulation („GDPR“), the German Federal Data Protection Act (Bundesdatenschutzgesetz, („BDSG“) and any other applicable regulations on data protection.

 

II. Data controller

The Controller, i.e., the body responsible for processing personal data, is:

Porsche Automobil Holding SE
Porscheplatz 1
70435 Stuttgart
Germany
Telephone +49 711 911 244 20
Telefax +49 711 911 118 19
E-Mail: investorrelations@porsche-se.com

Our data protection officer can be contacted by email at datenschutzbeauftragter@porsche-se.com or by post by adding „For the attention of the data protection officer“ to the address.

 

III. Processing of personal data when you visit our website

1. Contact

On the one hand, your personal data will be collected when you communicate them to us; e.g. if you write to us via the contact form or if you send us an inquiry. As far as certain input fields are marked as „mandatory“, we collect with these fields only the data that is necessary for the fulfillment of the contract or the execution of the desired action. Of course, you can provide us with additional information.

The processing of this personal data is based on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as this is necessary for the execution of the requested measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).
 

2. Technical and functional provision of the website

Other data is collected automatically by our IT systems when you are visiting the website.

a. Logs

By visiting our site our server stores your access data. This includes e.g. the type and version of your browser, the kind of your used operating system, the domain name of the internet service provider, the IP address of the computer used, the website from which you are visiting us, date and time of the server request as well as the client's file request (file name and URL). We use these data anonymously for statistical evaluations, whereby no attribution is made to the respective user.

Purpose of this data processing is to enable the availability and the correct presentation of our website on your device and to optimize our website. In that regard, we have legitimate interests. Legal basis for the processing of the personal data is Art. 6 para. 1 sentence 1 lit. f GDPR as well as § 15 TMG.

b. Consent Management Tool

Our website uses the Consent Management Tool ("CMT") of Brainworxx GmbH ("Brainworxx") to obtain and document your consent to data processing by various services.

When you open our website, you can use the CMT to provide declarations of consent for individual data processing, which are stored by the CMT. For this purpose, Brainworxx places cookies, i.e. small text files, on your computer on our behalf. These are the following cookies:

  • cookieconsent_status // status of this cookie message
  • cookieconsent_preference // settings for the use of cookies on this site
  • cookieconsent_date // date of consent / change of setting

Cookies can be used to track which data processing by which services you have or have not consented to when you re-open the website. This means that you do not have to make your cookie settings again each time you visit the site. Of course, you can also change your selection subsequently via the settings. You can open the settings at any time by clicking the "Change Cookie Settings" button in the footer of our website.

We use the CMT to allow you to consent to different data processing operations and to revoke consent once given. We are required by law to obtain and document your consent. The legal basis for data processing by the CMT is Art. 6 para. 1 sentence 1 lit. c GDPR.

For more information about the CMT and data protection at Brainworxx, please visit: https://www.brainworxx.de/datenschutz


3. Further processing of personal data on the website

a. Matomo (formerly Piwik)

If you have consented, we use the open source web analytics software "Matomo" on our website.

With Matomo, we collect and process personal data for optimization and marketing purposes. In particular, this involves the - immediately anonymized - IP address, a randomly assigned user ID, date and time of the first, last and current access to our website, total number of visits to our website, location and the visitor's language settings. The data collection takes place via so-called device fingerprinting. When a website is accessed, information about the browser, the operating system used, location, time and audio settings, screen resolution or installed browser plug-ins is automatically retrieved. This results in a unique device fingerprint that can be used to identify visitors.

The data collected is used to create and evaluate pseudonymous usage profiles. The pseudonymous usage profiles only refer to our website. Tracking across services and websites does not take place. Likewise, no personal identification of the individual visitor takes place.

The processing of your personal data by Matomo only takes place if you have consented. The relevant legal basis in this respect is Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via our Consent Management Tool (CMT).

For more information on data processing by Matomo, see:

 

b. MONOTYPE Web Fonts

For the standardized presentation of fonts on our website we use so-called web fonts, which are provided by Monotype GmbH, Spichernstraße 2, 10777 Berlin, Germany, in cooperation with its parent company Monotype Imaging Holdings Inc., headquartered at 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA („Monotype“).

For this purpose your browser loads the required web fonts from the local server of our hosting provider into your browser cache when you visit our website. In order to enable Monotype to invoice the license fees for the use of the Web Fonts to us and to count the number of page views, the project identification number of the Web font (anonymized), the URL of the licensed website linked to a customer number and the URL of the previously visited page will be collected and forwarded to Monotype. It cannot be ruled out that the information collected may also be transmitted to a Monotype server in a third country, in particular to a server of Monotype Imaging Holdings Inc., USA. According to Monotype, it is not possible to draw any conclusions about the affected website visitor.

These web fonts are used in the interest of a standardized and attractive presentation of our website.

For further information on the data processing through Monotype please refer to the following websites of Monotype:

 

IV. Processing of personal data when visiting our online presence on the social media platform LinkedIn

As Joint Controller we operate a company site on the LinkedIn platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“), where we inform about news from our company and events.

Data processing on our LinkedIn site and legal basis for this

As a provider of an online presence on the social media platform LinkedIn, we process personal data when you contact us directly via the platform (in a personal message or via the public comment function). Which data is collected depends on the content of your message and the contact details you have provided or released.

Beside that LinkedIn uses cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to collect information that allows LinkedIn to recognize users and to conduct broad analysis of user behavior. LinkedIn provides us with relevant information to analyze the user behaviour of our online presence in anonymized form. This enables us to statistically evaluate the use of our LinkedIn site and thus to control the marketing of our activities in a targeted manner.

With the help of this data the provider of the social media platform can also create user profiles. This enables him to display interest-related advertising to the user within and outside the respective social media presence. If you are also logged into your social media account with the browser you use for our LinkedIn site, the name of the account is also forwarded. This allows the social media provider to match the visit of this website to your user account.

The processing of personal data collected via the platform by us is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to present Porsche SE to the outside world in a variety of ways and to make the most effective use of the communication opportunities with our customers. If you are asked by LinkedIn to give your consent to the above-mentioned data processing, the legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

Joint Controller Agreement according to Art. 26 DSGVO

We have concluded a Joint Controller Agreement with LinkedIn pursuant to Art. 26 DSGVO in which the data protection obligations arising from the operation of our company site are divided between us and LinkedIn. LinkedIn has thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12 et seq. GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the notification and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to LinkedIn. We are obligated to do this under the agreement with LinkedIn.

For more information on the agreement between us and LinkedIn, please visit:


Disclosure of personal data

Please note that we cannot track all data processing activities on LinkedIn, nor do we have any control over it. Accordingly, we cannot control or exclude the possibility that the information collected by LinkedIn may be transferred to a third country, specifically to a server of LinkedIn's parent company, LinkedIn Corporation, located in 1000W. Maude Ave. Sunnyvale, California 94085, USA. In such cases, the information is submitted to LinkedIn Corporation on the basis of EU-Standard Contractual Clauses.

Rights of the data subject

In principle, you can assert your data protection rights with regard to data processing by our LinkedIn site both against us and against LinkedIn. However, we would like to point out that these can be most effectively claimed on LinkedIn. Because only LinkedIn, as the provider, has access to the users' data and can therefore take appropriate measures and provide information directly.

For further information on the processing of your personal data through LinkedIn, possibilities of adjustment and contradiction please refer to the websites of LinkedIn, for example:

 

V. Recipient(s) of your personal data

Within Porsche SE, only authorised staff with relevant competencies will have access to your personal data.

We are authorised to mandate third parties, for example website administrators, to provide certain services, such as IT services. Furthermore, we retain legal advisors, management consultants and auditors, among other professionals. These third parties perform services on our behalf and under our supervision as well as in accordance with our instructions and they may have access to personal data to the extent required for them to render their services.

We require all of our employees, agencies and service providers to act in the strictest of confidence.

In addition, we can – to the extent legally permissible – transmit your personal data to authorities, courts and other governmental authorities both in Germany and abroad in order to comply with statutory duties or if this is in the company's best interest.

Your data will not be sold, hired out or traded in.

 

VI. Obligation to erase data

We will erase the data gathered in this connection once their storage is no longer necessary (usually after the request has been finally dealt with), the personal data is no longer required for any administrative or court proceedings, if any, and no other statutory obligations to furnish evidence or record retention requirements apply or any reasons justifying the storage exist.

 

VII. Security

Porsche SE employs technical and organisational security measures to protect your personal data that we process against random or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with developments in technology.

 

VIII. Your rights

1. Disable cookies

Previously explained processing operations use cookies. Most browsers accept cookies automatically. If you do not want this, you can disable the storage of cookies on your hard drive in your browser settings. You can also delete cookies from your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.

2. Right of withdrawal

Some of the processing operations explained above are only carried out with your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. In this case, you may no longer be able to use our services as usual until you have again consented to the respective data processing. You can exercise your right of withdrawal via our Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time by clicking the "Change Cookie Settings" button in the footer of our website."

4. Right of access, rectification, erasure or restriction and portability

Subject to the statutory requirements, you have the right to access information about your processed personal data (Art. 15 GDPR), to require rectification (Art. 16 GDPR) or erasure of your personal data (Art. 17 GDPR), the restriction of processing (Art. 18 GDPR) or the portability of your personal data (Art. 20 GDPR) by using the contact information indicated above. In some cases, however, we are not permitted to completely erase user data, due to legal retention requirements.

4. Right to object (Art. 21 GDPR)

If we process your data for the purposes of the legitimate interests pursued by us (Art. 6 para. 1 sentence 1 lit. f GDPR), at any time with effect for the future you may object to such processing on grounds relating to your particular situation that oppose such data processing. Please submit your objection to the contact address indicated above.

5. Right of appeal

We would also like to draw your attention to the possibility to file a complaint with a responsible supervisory authority. The responsible supervisory authority for us is the Baden-Württemberg State Commissioner for the Protection of Data and Freedom of Information, Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

 

IX. Contact us

If you have any questions, comments or suggestions about this privacy notice or our data protection policies, please contact Porsche SE's data protection officer under datenschutzbeauftragter@porsche-se.com.

 

 

Status 23 August 2021

Imprint