Privacy Statement for the Online Annual and Sustainability Report

‍

We, Dr. Ing. h.c. F. Porsche AG (hereinafter referred to as "we" or "Porsche AG"), are pleased that you are interested in our online offer under the URL → www.reports.porsche.com (hereinafter referred to as the "Online Offer"). We take the protection of your personal data very seriously. The processing of your personal data is carried out exclusively within the framework of the legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter referred to as "GDPR"). With this privacy policy, we inform you about the processing of your personal data and about your rights as a data subject in the context of the online offer. For information on the processing of personal data in other areas, please refer to the respective specific privacy statement.

‍

If we refer to this data protection declaration from external social media profiles, the following explanations only apply to the extent that the processing takes place in our area of responsibility and unless more specific and therefore priority information on data protection is provided in the context of such social media profiles.

‍

1. Controller and Data Protection Officer

The person responsible for data processing within the meaning of the data protection laws is:

‍

Dr. Ing. h.c. F. Porsche AG

Porscheplatz 1

70435 Stuttgart

Germany

Tel: +49 (0) 711 911-0

E-mail: info@porsche.de

If you have any questions or suggestions about data protection, please feel free to contact us. You can contact our data protection officer as follows:

‍

Dr. Ing. h.c. F. Porsche AG

Product for Data Protection

Porscheplatz 1

70435 Stuttgart

Germany

‍

Contact: ↗ https://www.porsche.com/privacy-contact/

‍

2. Subject of data protection

The subject of data protection is the protection of personal data. This is any information relating to an identified or identifiable natural person (so-called data subject). This includes information such as name, postal address, e-mail address or telephone number, but also other information that arises in the course of using the online offer, in particular information about the beginning, end and scope of use as well as the transmission of your IP address.

‍

3. Purposes and legal basis of data processing‍

Below you will find an overview of the purposes and legal bases of data processing in the context of the online offer. In any case, we process personal data in accordance with the legal requirements, even if a different legal basis is relevant in individual cases than stated below.

‍

The provision of personal data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will inform you separately if you are obliged to provide personal data and what possible consequences the non-provision would have (e.g. loss of claims or our indication that you will not provide the requested service without providing certain information). The use of the online offer is generally possible without registration. The use of individual services and functions may require prior registration. Even if you use our online offer without registration, personal data may still be processed.

‍

3.1. Compliance with legal obligations

We process your personal data in order to comply with legal obligations to which we are subject. Data processing is carried out on the basis of Article 6 (1) (c) GDPR. The obligations can arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; the processing usually serves the purpose of complying with government control and information obligations.

‍

3.2. Safeguarding legitimate interests

We also process your personal data to protect the legitimate interests of us or third parties, unless your interests, which require the protection of your personal data, outweigh the interests. Data processing is carried out on the basis of Article 6 (1) (f) GDPR. The processing for the purposes of legitimate interests is carried out for the following purposes or for the protection of the following interests:

‍

• Further development of products, services, services and support services as well as other measures for the control of business transactions and processes;
• Improving product quality, eliminating errors and malfunctions, including through the analysis of vehicle data and customer feedback;
• Processing of data in a central prospect and customer care platform as well as upstream and downstream systems for customer loyalty and sales purposes;
• Needs analysis and customer segmentation, e.g. calculation and evaluation of affinities, preferences and customer potentials;
• Processing of non-contractual inquiries and concerns;
• handling of warranty and goodwill cases;
• risk management and coordination of recalls;
• Credit check by exchanging data with credit agencies (e.g. SCHUFA);
• Ensuring legally compliant action, prevention of and protection against legal violations (esp. criminal offences), assertion and defence against legal claims, internal and external compliance measures;
• Ensuring the availability, operation and security of technical systems as well as technical data management;
• Answering and evaluating contact requests and feedback.

‍

When you access the online offer, data relating to your device and your use of the online offer will be processed and stored in a so-called log file. This applies in particular to technical data such as date and time of access, duration of the visit, type of device, operating system used, functions used, amount of data sent, IP address and referrer URL. We process this data to ensure technical operation and to identify and eliminate faults. In doing so, we pursue the interest of ensuring the technical functionality in the long term. We do not use this data for the purpose of drawing conclusions about your person.

‍

When we send customer and prospect support emails, we may use commercially available technologies such as web beacons or click-through links. This allows us to analyze which or how many emails are delivered and/or rejected and/or opened. The latter is done in particular by means of tracking pixels. For example, it is not possible to fully measure the opening rate of our e-mails using tracking pixels if you have deactivated the display of images in your e-mail program. In this case, you will not see the email in its entirety. However, we are still able to track whether an email has been opened when you click on text or graphic links in the email. By using click-through links, we can analyze which links are clicked on in our emails and infer what interest there is in certain topics. When you click on the corresponding link before calling up the target page, you will be guided through our separate analysis server. Based on the analysis results, we can make emails more relevant, send them in a more targeted manner or prevent emails from being sent. If you do not want such data to be collected and tracked, do not click on text or graphic links in emails. The controller for the processing of your data is the respective company named in the e-mail.

‍

As part of the further development of products, services, services and support services, you may be selected from time to time to participate in a survey when you visit our online offering. Participation is voluntary. We do not use the data collected during the surveys for the purpose of drawing conclusions about you or your person. To draw their identity. Data directly linked to your identity will only be processed if you provide it on a voluntary basis as part of the survey. The controller for the processing of your data is the respective company named in the survey.

‍

3.3. Consent

We process your personal data on the basis of appropriate consent. Data processing is carried out on the basis of Article 6 (1) (a) GDPR. If you give your consent, it is always earmarked; the purposes of the processing result in each case from the content of your declaration of consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

‍

If you have given your consent, the companies listed in the declaration of consent can use the data on the basis of this, e.g. for individual customer and prospective customer support, and contact you for these purposes via the communication channels you have requested. Your data will be used in this context to offer you an inspiring brand and support experience with Porsche and to make communication and interaction with you as personal and relevant as possible. Which of your data is specifically used for individual customer and prospective customer support depends in particular on which data was collected on the basis of orders and consultations (e.g. when purchasing or servicing Porsche products) and which data you have provided at the respective contact points (e.g. in the Porsche Centre) (e.g. your personal interests).

‍

We send newsletters after you have registered, i.e. with your consent. If the contents of the newsletter are specifically described in the context of a registration for the newsletter, these are decisive for the scope of the consent. In addition, our newsletters contain information about our products, offers, promotions and our company. The controller for the processing of your data is the respective company named in the registration process. Registration is carried out by means of the so-called double opt-in procedure, i.e. After your registration, you will receive an e-mail asking you to confirm your registration in order to prevent misuse of your e-mail address. We log the registrations for the newsletter in order to be able to prove the registration process and the consent contained therein in accordance with the legal requirements. The logging of the registration and the necessary processing of the data entered by you during registration is accordingly carried out on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. You can revoke your consent to receive our newsletters at any time, e.g. by unsubscribing from the newsletter. An unsubscribe link to exercise this right can be found at the end of each newsletter.

‍

3.4. Change of purpose

To the extent that we process your personal data for a purpose other than that for which the data was collected beyond a corresponding consent or a mandatory legal basis, we take into account the compatibility of the original purpose and the purpose now being pursued, the type of personal data, the possible consequences of further processing for you and the guarantees for the protection of the personal data in accordance with Article 6 (4) GDPR.

‍

3.5. Profiling

We do not carry out automated decision-making or profiling in accordance with Article 22 GDPR. A profile is only created to protect our legitimate interests as described above.

‍

4. Access authorizations in the end device

Insofar as functions of our online offer require the granting of authorizations to access your device (e.g. access to location data or photos), the granting of authorizations is voluntary. However, if you want to use the corresponding functions, the granting of the appropriate permissions is required, otherwise you will not be able to use these functions. The permissions remain active as long as you have not reset them in your device by deactivating the respective setting.

‍

5. Cookies and similar technologies

In the context of the online offer, we use cookies and comparable technologies that serve to communicate with your device and exchange stored information (hereinafter collectively referred to as "cookies"). These cookies are primarily used to make the functions of the online offer usable. General examples in which the use of cookies in this sense is technically necessary are the storage of a language selection, login data or a shopping or watch list. Accordingly, we may use technically necessary cookies to enable the processing described in Section 3.1 and to ensure the proper and secure operation of the online offer. The data processing is then carried out on the basis of Article 6 (1) (b) and (f) GDPR, as it is necessary to implement the functions you have selected or to safeguard our legitimate interest in the functionality of the online offer.

‍

To the extent that we should also use cookies in order to analyse the use of the online offer and to be able to tailor it to your interests and, if necessary, also to be able to provide you with interest-based content and advertisements, this will be done exclusively on the basis of your voluntary consent in accordance with Article 6 (1) (a) GDPR. You then have the option of making your corresponding settings via consent management as part of the online offer. You can revoke your consent at any time with effect for the future. Further information on cookies and their function in detail, as well as on setting and revocation options, can be found directly in the corresponding areas of consent management. Please note that we only provide consent management as part of the online offer if consent-based cookies are to be used in addition to the technically necessary cookies mentioned above.

‍

If you do not want the use of cookies altogether, you can also prevent their storage by making the appropriate settings on your device. You can delete stored cookies at any time in the system settings of your device. Please note that blocking certain types of cookies may lead to impaired use of our online offer.

‍

6. Embedded Third-Party Services

Insofar as we integrate services from other providers as part of our online offer in order to offer you certain content or functions (e.g. playing videos or route planning) and we process personal data in the process, this is done on the basis of Article 6 (1) (b) and (f) GDPR. This is because the data processing is then necessary to implement the functions you have selected or to safeguard our legitimate interest in an optimal range of functions of the online offer. Insofar as cookies may be used in the context of these third-party services, the explanations under section 5 apply. With regard to third-party services, please also refer to the privacy policy of the respective provider.

‍

Services of other providers that we integrate or refer to are provided by the corresponding third parties. In principle, we have no influence on the content and function of the third-party services and are generally not responsible for the processing of your personal data by their providers, unless the third-party services are designed entirely on our behalf and then integrated by us under our own responsibility. Insofar as the integration of a third-party service leads to us establishing joint processes with its provider, we determine with this provider in an agreement on joint responsibility in accordance with Article 26 GDPR how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which obligations under data protection law. If cookies are also to be set on the basis of your consent, you can find further information on the responsibility for the setting of these cookies or any associated third-party services in the corresponding area of consent management.

‍

Unless otherwise stated, profiles on social media are generally only integrated into our online offer as a link to the corresponding third-party services. After clicking on the embedded text/image link, you will be redirected to the offer of the respective social media provider. After the transfer, personal data may be collected directly by the third-party provider. If you are logged into your user account of the respective social media provider during this time, they may be able to assign the information collected from the specific visit to the personal user account. If you interact via a "share" button of the respective social media provider, this information can be stored in the personal user account and published if necessary. If you want to prevent the collected information from being directly assigned to your user account, you must log out before clicking on the embedded text/image link.

‍

7. Sources and data categories in the case of third-party collection

We also process personal data that we receive from third parties or from publicly available sources. Below is an overview of the relevant sources and the categories of data obtained from these sources.

‍

• Group companies, Porsche sales companies, Porsche Centres and service companies: Information about your products, services and interests;
• Cooperation partners and service providers: for example, creditworthiness data from credit agencies.

‍

8. Recipients of personal data

Within our company, only those persons have access to your personal data who need it for the purposes stated in each case. We only pass on your personal data to external recipients if there is a legal permission to do so or if we have your consent. Below you will find an overview of the corresponding recipients:

‍

• Processors: Group companies or external service providers, for example in the areas of technical infrastructure and processing, maintenance and payment processing, which are carefully selected and reviewed. The processors may only use the data in accordance with our instructions.
• Public bodies: Authorities and state institutions, such as tax authorities, public prosecutor's offices or courts, to which we (have to) transmit personal data, e.g. to comply with legal obligations or to protect legitimate interests.
• Private entities: Group companies, Porsche Centres and service companies, cooperation partners, service providers (not bound by instructions) or commissioned persons such as Porsche Centres and Service Companies, financing banks, credit agencies or transport service providers.

‍

9. Data processing in third countries

If a data transfer takes place to bodies whose registered office or place of data processing is not located in a member state of the European Union, another state party to the Agreement on the European Economic Area or a state for which an adequate level of data protection has been determined by a decision of the European Commission, we ensure before the transfer that the data transfer is covered by either a legal permission there are guarantees for an adequate level of data protection with regard to the data transfer (e.g. through the agreement of contractual guarantees, officially recognised regulations or binding internal data protection regulations at the recipient) or you have given your consent to the data transfer.

‍

Insofar as the data transfer is carried out on the basis of Article 46, 47 or 49 (1) subparagraph 2 GDPR, you can obtain from us a copy of the guarantees for the existence of an adequate level of data protection with regard to the data transfer or an indication of the availability of a copy of the guarantees. Please use the information under section 1 for this purpose.

‍

10. Storage period, deletion

If there is legal permission to do so, we will only store your personal data for as long as is necessary to achieve the purposes pursued or as long as you have not withdrawn your consent. In the event of an objection to the processing, we will delete your personal data, unless further processing is still permitted by law. We also delete your personal data if we are obliged to do so for other legal reasons. Using these general principles, we will usually delete your personal data without undue delay

‍

• after the legal basis has ceased to exist and unless another legal basis (e.g. retention periods under commercial and tax law) applies. If the latter applies, we will delete the data after the other legal basis no longer applies;
• if your personal data is no longer required for the purposes pursued by us and no other legal basis (e.g. retention periods under commercial and tax law) applies. If the latter applies, we will delete the data after the other legal basis no longer applies.

‍

11. Rights of data subjects

Right of access: You have the right to obtain information about the data we have stored about you.

‍

Right to rectification and deletion: You can demand that we correct incorrect data and - provided that the legal requirements are met - delete your data.

‍‍

Restriction of processing: You can request that we restrict the processing of your data - provided that the legal requirements are met.

‍

Data portability: If you have provided us with data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used and machine-readable format or that we transmit it to another controller.

‍

Objection: You have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as this is based on the safeguarding of legitimate interests. If you make use of your right to object, we will stop processing unless we can prove compelling legitimate grounds for further processing that outweigh your rights and interests.

‍

Objection to direct marketing: If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the data processing by us for this purpose. If you make use of your right to object, we will stop processing for this purpose.

‍

Revocation of consent: If you have given us consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.

‍

Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. To do this, you can contact the supervisory authority responsible for your place of residence or your country or to the supervisory authority responsible for us.

‍

Your contact with us and the exercise of your rights: Furthermore, you can contact us free of charge if you have any questions about the processing of your personal data and your rights as a data subject. Please contact ↗ https://www.porsche.com/privacy-contact/ or by post at the addresses given above under number 1. Please make sure that we are able to uniquely identify you. When revoking your consent, you can alternatively choose the contact method you used when giving your consent.

‍

‍12. Links to third-party offers

Websites and services of other providers to which links are provided from our online offer are designed and provided by third parties. We have no control over the design, content and function of these third-party services. We expressly distance ourselves from all content of all linked offers of third parties. Please note that the third-party offers linked from our online offer may install their own cookies on your device or collect personal data. We have no influence on this. If necessary, please contact the providers of these linked third-party offers directly in this regard. In principle, third-party offers also include those of other Porsche companies and Porsche Centres that are linked to from our online offer or that are otherwise integrated.

‍

The respective provider and responsible person can be seen in particular via the imprint and the respective data protection notices on the corresponding websites.

‍

13. Status

The most current version of this Privacy Policy applies.

‍

Last update: February 6, 2025