1. Data Processor and Data Protection Officer – contact details
The Processor as defined in data protection legislation is:
Dr. Ing. h.c. F. Porsche AG
Phone: (+49) 0711 911-0
If you have any questions or suggestions about data protection, please feel free to contact us.
Dr. Ing. h.c. F. Porsche AG
Data Protection Officer
2. Object of data protection
The object of data protection is the protection of personal data in the sense of any information relating to an identified or identifiable natural person (a so-called data subject). This includes details such as your name, postal address, email address and phone number, as well as other details that are necessarily created while using SCOPES, such as the beginning, end and extent of your use as well as your IP address.
3. Type, scope, purposes and legal bases for automated data processing
The use of SCOPES is to some extent possible without registration. However, although you can use SCOPES without registration, personal data may nevertheless be processed
Below you will find an overview of the type, scope, purposes and legal bases of automated data processing in the use of SCOPES. For information about the processing of personal data when using individual services and functions, please refer to clause 5 below.
3.1 Provision of SCOPES
When you access SCOPES on your device, we process the following data:
- Date and time of access
- Length of visit
- Type of device
- Your operating system
- Functions that you use
- Volume of data sent
- IP address
- Referrer URL
- Domain name
4. Access rights to your device
The individual services and functions described below, in clause 5, do not require any access rights to be issued for your device.
5. Individual services and functions
When you use the services and functions described below, we collect, process and use personal data in the way specified below.
5.1 INFORMATION ON BOOKED EVENTS
This function allows you to view any of your events you have booked in SCOPES.
When you see an event in SCOPES where you would like to take part, you can book the relevant tickets. Upon selecting this function, SCOPES always sends you a link to the website of the external service provider Eventbrite, where you can then book tickets. Once you have reached the Eventbrite site, you first need to register before you can book a ticket for an event. For details about this service provider and the use of its external service, please refer to clause 13, below.
Eventbrite receives the personal data you specify through your registration and booking of event tickets on the Eventbrite site. No additional personal data are processed by us other than those specified in clause 3.
5.2 Email newsletter
To subscribe to our regular newsletter, all you need to do is give us your email address. We will not start sending you the newsletter until we have received your instruction. This is because we need your consent, based on GDPR Article 6 (1) point a. Provided that a newsletter subscription clearly specifies the content of the newsletter, then this determines the scope of your consent. Our newsletters also contain details on the SCOPES events as well as on other, similar events.
When you subscribe, you do so under a double opt-in procedure. This means that we send you an email in response to your subscription request, asking you to confirm your subscription, so that your email address cannot be abused. Furthermore, to meet legal requirements, we keep records of all newsletter subscriptions, so that we have documentary proof of the subscription procedure and of the consent we receive from each subscriber. When we record your subscription and process the data that you entered and which are necessary for this purpose, we do so on the basis of our legitimate interest under GDPR Article 6 (1) point f. You can revoke your consent at any time, e.g. by unsubscribing from our newsletter. You will find an unsubscription link at the end of each newsletter, enabling you to exercise this right.
When we send out newsletters, we do so through an external contractor: Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.
6. Safeguarding of legitimate interests
We process your personal data in order to safeguard our legitimate interests. In addition to the interests specified for the services and facilities detailed in clauses 3 and 5, data are processed under SCOPES with the following interests in mind, in particular:
- 1. Further development of products, services, support options and other measures to control business transactions and processes
- 2. Improvement of product quality and removal of faults and malfunctions. These are carried out by analysing customer feedback, among other things.
- 3. Processing of warranty claims, instances of goodwill, non-contractual enquiries and concerns presented by existing and prospective customers
- 4. Risk control and coordination of product recalls
- 5. Ensuring legal compliance of activities, prevention and protection against legal violations (especially criminal offences), making legal claims and defence against them 6. Ensuring availability, operation and security of technical systems and technical data management
If you give your consent to specific data processing activities, your consent is always tied to certain purposes, and the purposes that are involved can be gathered from each declaration of consent. In such a case, data are processed on the basis of GDPR Article 6 (1) point a. We cannot meet your request unless and until you have given your consent. You can revoke your consent at any time, yet your consent will not affect the legitimacy of processing conducted under your consent prior to the date of your revocation.
8. Recipients of personal data
Internal recipients: Within Porsche AG, access is limited to persons requiring data for the purposes specified in each instance.
External recipients: We only share your personal data with external recipients outside Porsche if this is required for managing or processing your request, if some different legitimate permission is in place or if you have given us your consent for this purpose.
External recipients may be:
- a) Processors Affiliates within Porsche AG or external service providers we use for the provision of services, for instance in the technical infrastructure and maintenance of Porsche AG’s own website or for the provision of content. We carefully select such processors and regularly check them to safeguard the security and confidentiality of your personal data. Service providers may only use data for the purposes we specify, and according to the instructions we provide.
- b) Public bodies Public authorities and state institutions, such as public prosecutors, courts of law and fiscal authorities, to which we need to send personal data for mandatory legal reasons. Data transmission takes place on the basis of GDPR Article 6 (1) point c.
- c) Private bodies Porsche dealers and service companies, cooperation partners, service providers or authorised representatives, to whom data are sent on the basis of your consent, enabling them to execute a contract concluded with you or to safeguard legitimate interests. These include Porsche centres and Porsche service centres, lending banks, credit agencies, providers of other services and transport service providers. Data are processed on the basis of GDPR Article 6 (1) points a, b and/or f.
9. Data processing in third countries
If data are transmitted to bodies that have their head offices or data-processing locations outside EU member states and outside states forming part of the EEA, we ensure before disclosure that – except for certain legally permitted exceptions – the recipients either have your adequate consent to data processing or they provide an adequate level of data protection (for example, through an adequacy decision taken by the European Commission, through suitable guarantees such as the recipient’s self-certification for the EU-US Privacy Shield or through the agreement of so-called standard EU contractual clauses with the recipient), or you give your consent to the data transfer .
You can request from us a list of recipients in third countries and a copy of the provisions that have been agreed in each case to ensure an adequate level of data protection. To do so, please use the contact details given in clause 1.
10. Automated decision-making and profiling
We do not apply automated decision-making (GDPR Article 22) to prepare, establish or implement business relations. When profiling is conducted, it only serves the purpose of our legitimate interests within the parameters of the processing purposes described in this document.
11. Retention period and erasure
The following shall apply if the description of individual services and functions does not include details of specific retention periods or data erasure:
We only store your personal data for as long as they are required to fulfil their intended purposes or – if you have given your consent – until you revoke your consent. If you revoke your consent to data processing, we erase your personal data, unless their further processing is permitted under the relevant applicable statutory provisions. Also, we erase your personal data if we are under an obligation to do so on other legal grounds.
Applying these general principles, we generally erase your personal data without undue delay in the following instances:
- If a legal basis has ceased to apply and provided that there is no other legal basis (e.g. retention duties under commercial or tax law). Should this be the case, we shall erase all data as soon as that other legal basis ceases to be applicable.
- If they are no longer required for the purpose pursued by us in preparing and executing a contract or legitimate interest and provided that there is no other legal basis (e.g. retention duties under commercial or tax law). Should this be the case, we shall erase all data as soon as that other legal basis ceases to be applicable.
- If our purpose of data collection has ceased to be applicable and provided that there is no other legal basis (e.g. retention duties under commercial or tax law). Should this be the case, we shall erase all data as soon as that other legal basis ceases to be applicable.
12. Rights of data subjects
As a data subject impacted by our data processing, you are entitled to numerous rights. These are:
Right to information:
You have a right to access the data we have stored about you as a person.
Right to rectification and erasure
You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
Restriction of processing
Provided that the legal grounds are in place, you can require us to restrict the processing of your data
If you have provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.If you have provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.
Revocation of consent: If you have given us your consent to the processing of your data, you can revoke the same at any time with future effect. This, however, does not affect the legitimacy of processing your data until the date of revocation.
Right to lodge a complaint with the supervisory authority:
You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data has breached applicable law. To do so, you can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for ourselves.
Your contact with us
In addition, if you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us without incurring any charge. To exercise any of the aforementioned rights, please contact http://por.sc/privacycontact, or write to the postal address specified in clause 1, above. When you do so, please make sure that we can clearly identify you.
13. Links to third-party websites
If websites and services of other site owners are linked to SCOPES, they have been and will continue to be designed and supplied by third parties. We have no influence on the design, content or operation of such third-party services, and we expressly distance ourselves from any content provided by linked third-party websites. Please remember that third-party sites linked to SCOPES may have their own cookies, which are installed on your device and may collect personal data. We have no influence over this. In such cases you may wish to obtain more information directly from the owners of the third-party websites linked to this site.
Third-party facilities and services also include: The option of booking tickets for events via Eventbrite. Eventbrite is operated by Eventbrite Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA (“Eventbrite”).
- https://www.eventbrite.de/security/, https://www.eventbrite.de/support/articles/de/Troubleshooting/nutzungsbedingungen-von-eventbrite?lg=de
- https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinien-von-eventbrite?lg=de https://www.eventbrite.de/support/articles/de/Troubleshooting/cookie-richtlinien-von-eventbrite?lg=de
14. Update status