Data Privacy Information for Connect Services

We, Porsche Hong Kong Ltd. (hereinafter referred to as “we” or “PHK”), are pleased about your use of the Porsche Digital Service Infrastructure and other of our digital offers (hereinafter individually or jointly also referred to as “services” and jointly “Porsche Digital Service Infrastructure”). This Privacy Policy provides information about the processing of your personal data and your privacy rights as a data subject in connection with your use of the Porsche Digital Service Infrastructure and our services. For information on the individual services, please refer to the further Special Data Protection Notices of the respective service.

Unless otherwise expressly stated in this Privacy Policy and, if applicable, in the further Special Data Protection Notices of the respective service, the data user responsible for data processing is:

Porsche Hong Kong Ltd

Unit B, 11/F,

163 Queen's Road East,

Wan Chai,

Hong Kong

E-mail: privacy_support@porsche.cn

You can reach our data protection officer at the above address with the addition “Data Protection Officer” .

This privacy policy for Porsche Connect Services in the vehicle describes not only processing under the responsibility of PHK, but also processing which (also) falls under the responsibility of Dr. Ing. h.c. F. Porsche AG (hereinafter: Porsche AG) as the manufacturer of the vehicle. Where this is the case, reference is made to this in the relevant sections.

The entity responsible for this data processing is:

Dr. Ing. h.c. F. Porsche AG

Porscheplatz 1

70435 Stuttgart

Germany

Tel: +49 (0) 711 911-0

E-mail: info@porsche.de

You can reach the data protection officer of Porsche AG at the above address with the addition “Data Protection Officer” or at https://www.porsche.com/privacy-contact/.

In relation to certain processing operations, we may be joint data users with Porsche AG, its group companies and/or third parties (“we” then also stands for these joint data users). In relation to such joint processes, we jointly determine the purposes and means of processing personal data. In such cases, we accordingly also define the respective tasks and responsibilities in the processing of personal data and the responsible parties to fulfil data protection obligations. In particular, we define how an appropriate level of security and your rights as a data subject can be ensured, how we can jointly comply with information obligations under data protection law and how we can monitor potential data protection incidents. This also includes ensuring that we can fulfil our reporting and notification obligations. Insofar as you contact us, we will come to an agreement in order to answer your enquiry and guarantee your data subject rights. We will provide information on the existence and circumstances of joint responsibility on a case-by-case basis in the relevant section of this Privacy Policy or in the Special Data Protection Notices for each service.

The object of data protection is the protection of personal data. This is any data relating directly or indirectly to a living individual (so-called data subject) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and in a form in which access to or processing of the data is practicable . This includes, for example, information such as the name, postal address, e-mail address or telephone number, but also other information that is generated in the course of using the online offer, in particular information about the start, end and scope of its use as well as the transmission of your IP address.

This Privacy Policy hereinafter provides you with an overview of the purposes of data processing in the context of registering, creating and using your Porsche ID user account as well as of other data processing during your customer relationship. We process your personal data in particular if this is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures that take place at your request.

We also process your personal data, insofar as this is necessary, to comply with legal obligations to which we are subject. The obligations may result, for example, from commercial, tax, money laundering, financial or criminal law. The processing generally serves the purpose of complying with state obligations with regard to monitoring and duty of disclosure.

The provision of personal data by you may be required by law or contract when using the services or may be necessary for the conclusion of a contract. We will inform you separately if you are obliged to provide personal data and what the possible consequences of not doing so would be (e.g. a loss of claims, or we might have to inform you that we cannot provide the requested service without being provided with certain details).

Registration and creation of a Porsche ID user account on My Porsche are required for full use of the Porsche Digital Service Infrastructure and the services offered under it. Here, personal data is processed and, if necessary, transmitted to third parties as described below in order to fulfil our contractual obligations in this context.

You can choose to register and create your Porsche ID user account either through your authorised dealer or as part of the self-registration process.

Both in the case of self-registration and of registration through an authorised dealer, your e-mail address, a password, your name and name suffixes, contact and address data, mobile phone number, e-mail address and, if applicable, the language in which you want to communicate with us are processed. This personal data is required to set up and manage your Porsche ID user account for you so that you can use the full range of our services as part of the Porsche Digital Service Infrastructure. In selected countries, you can also use our offer as an interested party. In this case, you only need to provide your name, e-mail address and a password. Last but not least, we also need this and possibly other personal data in order to be able to respond to requests, questions and criticism. We also save the time of your last log-in. When you register and create your Porsche ID user account, we check your name and address data by means of a plausibility check.

If you want to use services that require vehicle ownership, you must also submit a copy of an identification document and proof of ownership and, in case you are not the owner of the vehicle, a power of attorney from the vehicle owner after entering your vehicle identification number. These documents are forwarded to Porsche Connect Support or, in countries where the official language is not supported by Porsche Connect Support, directly to the dealer selected by you and are then checked locally using our verification criteria. As proof of successful verification, we also save the names, dates and places of birth and addresses shown in the relevant identification documents along with the validity dates of the documents, as well as the vehicle identification numbers, owner names and addresses shown in the proof of ownership. After verification is complete, the copies of the documents will be deleted. Alternatively, you can use the video identification procedure for verification by our Porsche Connect Support.

Self-registration requires the upload of images from the terminal. You will therefore be asked to grant permission for the app to access your device's camera or photo library. The permissions can be revoked at any time by changing the respective system settings.

Failure to provide the mandatory data as stated in this section to us will affect our ability to provide the relevant services to you.

When registering and creating your Porsche ID user account, you also have the option of entering additional voluntary details such as additional name information (e.g. academic title, etc.), company contact details, date of birth, additional telephone numbers, credit card information (this is only stored by the payment service provider), your vehicle registration number and a personal vehicle name. In addition, you can provide information about your interests, preferences and the contact channels you would like to use. Please note that this information is not required when registering and creating your Porsche ID user account and that you alone decide whether you want to disclose this personal data to us. Our interest lies in achieving the best possible alignment of our offers with your preferences and interests, as well as in providing the most comprehensive range of functions possible for our offers.

After registering for a Porsche ID, you have the option of using various services that require a Porsche ID, such as our My Porsche App or functions within your vehicle.

For authentication within the framework of these services, you must always log in with your Porsche ID and your password. We process this data in order to be able to provide you with the services you desire.

In some cases, we also enable cooperation partners to offer a registration and login procedure involving the Porsche ID. This means that you do not have to remember any new login data for the third-party offer. If you decide to use the registration and login procedure involving the Porsche ID as part of the third-party offer, you will be redirected to the PHK login/registration screen for the Porsche ID. Here you log in with your user name and password for the Porsche ID. We will then send a message to our cooperation partner that you have successfully registered. As part of the registration and login process, you can confirm to us that the cooperation partner may access the profile data of your Porsche ID user account. This then also applies to the payment data stored there, if applicable. This means that you do not have to re-enter or maintain your profile data and, if applicable, payment data (e.g. if your address changes) in order to create your user profile for the third-party offer. Conversely, changes to the profile data in the user account of the third-party offer are then also synchronised accordingly in your user account for the Porsche ID.

Data processing within the scope of the registration and login procedure involving the Porsche ID is carried out in order to register you for the third-party offer using your user account or to identify you when you register. In addition to carrying out your desired procedure, we are interested in making the registration and application process efficient and convenient. We and our cooperation partner are jointly responsible for this.

In the following, we provide general information on data processing in connection with the use of individual features within our vehicles. Detailed information about individual services can be found in the additional Special Data Protection Notices for the relevant services.

You can book individual or several My Porsche Services and Porsche Connect Services and activate service licences. When selecting the respective service or service package, you can also view the respective information on the processing of personal data within the scope of the services concerned under the offer details. In order to carry out and fulfil a booking and the associated contractual relationship, we process, in addition to the respective booking information, your personal data collected during registration and creation of your Porsche ID user account as well as data that you provide in the course of booking the service (for example your date of birth, a security question for verification in the event of theft, your vehicle's colour or your licence plate). You can change your billing address before completing the booking process. In this case, we use the address data provided by you for invoicing and processing.

We use a payment service provider to process payments for our paid services and products within the framework of My Porsche, Porsche Connect and the Online Marketplace. For this purpose, we and the payment service provider used will process your credit card information and the respective payment information. The payment service provider's systems are used to manage your credit card information and to process payments. When you enter your credit card information, it is done directly via an input field from the payment service provider, which encrypts, stores and uses this information independently for your payments. The encrypted information is then transferred from Porsche / from us to the payment service provider, where it is stored and used for your payment.

The payment service provider commissioned will process your customer and contact information (for example name, address, email address, Porsche Connect customer number, and if applicable, company and affiliates) and the vehicle identification number shown in the proof of ownership for the sole purpose of accounts receivable management (including compliance checks, where legally required) and to carry out credit checks.

When purchasing through online shops, our payment service provider determines the fraud risk using customer data (e.g. name and identifier, sales history, etc.). The transaction data is checked and examined for abnormalities (e.g. frequency of password changes, delivery address differing from the invoicing address).

After completing the booking, you can activate the services. This saves the authorisation for use on the system side and updates the list of available services accordingly.

The laws in some countries may require an identity check based on identification documents in order to book certain telecommunications services. In relation to data processing when carrying out such identity checks, we are jointly responsible with

IDnow GmbH, Auenstr. 100, 80469 Munich, Germany.

You can view the privacy policy of our cooperation partner IDnow GmbH via the following link: https://idnow.io/privacy/

There are two methods available for performing identity verification. One method is that, as part of the service booking procedure, you can be redirected to the external page or app of the above-mentioned service provider, who supports us in performing the person verification. As part of the process, we will, at your request, transmit the information to be verified (your name, your address and your date of birth) as well as a reference number to the service provider that will allow us to assign the test result at a later point. As part of the identity check, the service provider will compare the aforementioned data with your identification document and store the data, as well as an optoelectronic copy of the identification document, a photo of the verified person and an audio record of the session. The service provider will then inform us of the result of the identity check, using the reference number.

Your other option is to have identity verification performed at a participating Porsche Centre. This involves staff at the Porsche Centre verifying your identity on the basis of an identification document and sending the verified information (your name, address and date of birth) and a reference number to the service provider via a Porsche system. By entering this reference number, you can use the service provider's app to submit an optoelectronic copy of your identification document to the service provider at your convenience. The service provider will then inform us of the result of the identity check, using the reference number.

Personal data resulting from this identity check will only be shared with third parties if we are legally obliged to do so. Only in such cases will we obtain access to a copy of your identification document from the service provider, for the purpose of fulfilling our legal obligations.

In order to be able to activate Porsche Connect Services and functions in your vehicle for the first time, you first have to create a Porsche ID user account and then register your vehicle in your Porsche ID user account (see Section 3.1 Porsche ID user account). To create your vehicle, it is necessary for you to enter the vehicle identification number shown in the proof of ownership in My Porsche, or to have this done for you by your authorised dealer in accordance with the registration process described in Section 3.1, and to create a Porsche ID user account.

We will process your vehicle identification number for the purpose of verification, to establish a vehicle connection and to identify the vehicle in the context of the use of services, as well as to activate and provide such services and for the purposes defined and explained in detail in the respective place.

Depending on the service, you can use your booked My Porsche Services and Porsche Connect Services in your vehicle (if available for your vehicle) via a radio network connection or via other terminal devices in My Porsche or in your Porsche Connect app. For this purpose, your vehicle or the respective end device connects to the Porsche Digital Service Infrastructure.

A separate 4-digit pin code must be entered in order to use particularly safety-critical services. You can also access your personal PIN code in My Porsche and change it at any time. The PIN code is stored in encrypted form. When the PIN code is entered in the vehicle, it will also be encrypted and transmitted to our system for the purposes of authorisation checks.

Personal settings for the Porsche Connect Services or vehicle functions (for example, favourite radio stations, navigation destinations, favourite weather stations) will also be saved after you log onto My Porsche. After the user has been identified by means of the Porsche ID, these personal settings are called up at the start of the journey and set in the PCM. Settings made during the trip are also saved and can be recalled the next time a vehicle is used (also available in other vehicles).

Some services require you to pair an end device with your vehicle. In this case, personal data (e.g. the Porsche ID you used to log into the app as well as the vehicle identification number of your vehicle) can be transmitted to us during initial pairing in order to enable the connection (e.g. Bluetooth connection) between the device and the vehicle. If personal data is processed over and above the pairing, we will inform you accordingly in the data protection information for the respective services, and if such processing involves use of your data for a purpose not stated in this Privacy Notice or a Special Data Protection Notice for the relevant services, or otherwise notified to you on or before collecting your personal data, we will obtain your express consent before doing so.

Whenever you start or finish a journey and when you select some services, your vehicle first logs in to the Porsche Digital Service Infrastructure with the vehicle identification number. We process this personal data in order to assign your vehicle to your Porsche ID user account and to allow us to check that you are entitled to use the services. When you log in at the start or end of a journey, an up-to-date list of the available services will also be sent to your vehicle.

When you use the services booked via My Porsche or the Porsche Connect Store in your vehicle or on other devices, your personal data will be processed by us for the purpose of enabling the use of services, for support purposes and for other individually defined purposes. Unless otherwise stated here or in the further Special Data Protection Notices, we will only process your personal data to the extent necessary to enable the relevant My Porsche Service or Porsche Connect Service to be used.

If you also use the vehicle services activated by the main user as a secondary or guest user, we will process the aforementioned personal data to ensure the cross-customer provision of central services for non-registered users of the respective vehicle.

If the vehicle functions are used by people who have not been authenticated via a Porsche ID (guest users), information from the use of certain services is technically collected and stored under the Porsche ID user account of the linked main user.

If you use the services of a third-party provider with whom you have your own contractual relationship, the content of these services may be displayed in your vehicle or on your terminal device and information may be exchanged between your vehicle or your end device and the respective service provider.

We have no influence over data processing by this third-party provider or over the location of the data processing. Therefore, please consult the respective third-party provider about the type, scope and purpose of the processing of personal data with regard to the respective service in their separate Data Protection Notices.

If you have activated online software updates in My Porsche, data may be exchanged between our systems and your vehicle for the purpose of updating the software of your vehicle systems and for troubleshooting software bugs as part of service activities. Insofar as the updates do not affect the Connect Services but the vehicle itself, Porsche AG shall be responsible for the data exchange. PHK may then be involved as a processor bound by instructions.

For the purpose of preparing and conducting updates, the vehicle identification number shown in the proof of ownership, device identifications and their current software version, your Porsche ID and authorisation information are exchanged with our systems at regular intervals. In individual cases (e.g. update actions, as when updating the battery management system), information about the vehicle equipment as well as information about the technical condition of your vehicle are transferred to our systems. You can terminate the online software update and the associated processing of personal data by deactivating the function in My Porsche.

Private emergency call services may be offered for your vehicle. When this function is used, the following categories of data will be processed and transferred to the relevant control centres:

Vehicle identification number;

(Technical) vehicle data;

Vehicle interior and vehicle environment information;

Vehicle status and vehicle analysis data; and

Location data (such as GPS position, position obtained using radio network location, movement information, vehicle direction).

Depending on the equipment installed in your vehicle, connectivity may be established by dialling into the vehicle interfaces using a WiFi connection provided by an external end device or by means of one or more wireless modules in your vehicle. Depending on the equipment installed in your vehicle, the wireless network modules in your vehicle may be operated with a user-supplied or pre-assigned plug-in SIM card, or a permanently installed SIM card.

In the context of vehicle production, we link the SIM card numbers (ICCID, IMSI, MSISDN) with the relevant device number and the vehicle identification number shown on the proof of ownership. The data is stored for the purpose of managing the SIM card numbers and assigning the vehicle to a SIM card number.

Active wireless modules in Porsche vehicles with permanently installed SIM cards tune into the mobile service networks of the respective network operator, if available — regardless of whether you are registered for Porsche Connect or have booked Porsche Connect Services. In this case, telecommunications data (data processed in order to provide telecommunications services or to establish connectivity) can be exchanged via the wireless networks of the respective network operator, e.g. with wireless cells, for the purpose of wireless connections or establishing connectivity and, where appropriate, for the purpose of implementing the corresponding online functions of the Porsche Connect Services you booked for your vehicle.

Within the context of the wireless network connection, during signal transmission using public telecommunications networks outside your vehicle, it is not possible to prevent third parties, in particular network operators, from accessing certain information and, possibly, from identifying your location. In addition to the relevant network operator, virtual network operators may also have access to this information.

Connectivity is provided by the respective network operators and virtual network operators via permanently installed SIM cards.

Please refer to your network operator and/or virtual network operator for information regarding the type, scope and purpose of data processing, data security while the signal is being transferred and your rights as a data subject.

We shall process the stock data you provide when you register for My Porsche or Porsche Connect Store or when you book a telecommunications service in My Porsche or in the Porsche Connect Store (such as your name, address and date of birth) in order to establish, organise, modify or terminate a contract for telecommunications services.

With the exception of SIM card and device numbers and the volume of data consumed, traffic data (such as the beginning and end of each connection) generated by the activity of the radio network connections, location data of the mobile connection, the end points of the connection and dynamic IP addresses are not processed within the Porsche Digital Service Infrastructure. Please consult the relevant network operator for information regarding the type, scope and purpose of data processing.

When you book or have booked advanced connectivity services, such as vehicle hotspot data packages, activation and/or deactivation information (such as the vehicle identification number shown in the proof of ownership) will be exchanged between our system, the wireless network interface of your vehicle and the respective network operators and/or virtual network operators for the purpose of activating and deactivating the data packets of the permanently installed SIM card in your Porsche vehicle.

In order to manage the SIM card permanently installed in your Porsche vehicle and in order to invoice the data volume provided and used in the context of a data package you may have booked, the vehicle identification number shown in the proof of ownership, your SIM card numbers, the associated SIM card status and, where appropriate, the data volume used and remaining in the relevant period will be exchanged between our system, the wireless network interface of your vehicle and the virtual network operators and stored by us for the duration of the contractual relationship.

In addition to the data processing described, we shall only process telecommunications data (personal data processed for the purpose of providing the telecommunication service or for establishing connectivity) on the basis of and in accordance with the legal provisions to which we are subject — for example to fulfil our statutory obligations to store personal information and to disclose this to security and judicial authorities and/or on the basis of security regulations.

Depending on the equipment installed in your vehicle, radio interfaces may be used to transfer data to our systems, for example data from your infotainment system, data from your vehicle's control systems, or technical vehicle and environmental data gathered by means of sensors. This includes the following information in particular:

IDs and identification data;

Basic data;

Usage and operating data;

Connection and transaction data;

Status data;

Analysis data;

Data on vehicle history, maintenance and repair;

Location and movement data;

Location-based environmental and traffic data ; and

Image data from vehicle cameras

We transfer such vehicle, service and product data in particular for the provision and delivery of services and other support, as well as for the fulfilment of legal obligations. In addition, the transfer takes place if you have given the appropriate consent. With regard to the transmission of vehicle, service and product data, this concerns not only the processing of personal data, but also the storage of information in the end devices of the end user, or access to information already stored in the end devices.

Whenever vehicle, service and product data is transferred and processed for service-related purposes, PHK is responsible. Whenever the vehicle, service and product data is transferred and processed for vehicle-related purposes, Porsche AG is responsible. Whenever the vehicle, service and product data is transferred and processed for both service-related and vehicle-related purposes, PHK and Porsche AG are jointly responsible. Vehicle, service and product data may be transferred between PHK and Porsche AG in order to pursue the respective purposes.

Further information on the processing of personal data in the context of the provision of services can be found in Section 3.2 of this Privacy Policy and in the respective Special Data Protection Notices for the individual services.

We, or Porsche AG, process vehicle, service, and product data (including image data from vehicle cameras) as described below, to gain insights into Porsche products, components, and services, as well as their usage, which are used for the development and improvement of products, troubleshooting, and error analysis and resolution in products and services. For these purposes, the vehicle, service and product data is in some cases also shared with service providers and other bodies, in particular with other affiliated companies of Porsche AG or Volkswagen AG and with manufacturers of components and product parts. For this purpose, the required data from vehicles previously selected for each purpose is transmitted to our servers. Data processed in this manner typically does not include any details about you or your vehicle identification number. If necessary, processing is carried out only with a pseudonymised identification number and/or user ID to analyse technical information on the behaviour of components not only statically but also over a certain period. If, in exceptional cases, it is necessary to achieve specific purposes, the derived data will also be processed along with your vehicle’s location, vehicle identification number, and/or user ID, as well as other data stored by us or Porsche AG regarding your product (such as your vehicle model and its equipment). The data collected in this way will never be used to create movement profiles. As part of the development of our mobility offer, we, or Porsche AG, also process personal data from electric vehicles and their charging operations in connection with your vehicle identification number and the location of the charging operation, for the purposes of product and service development, improvement, troubleshooting, error analysis and repair in Porsche vehicles and the charging infrastructure. In particular, the following data is processed: - your vehicle identification number; - the geoposition of your vehicle; - the duration of the parking and charging session; and - other technical data, such as status data of the charge and your vehicle (current mileage, battery and ambient temperature, etc.). Some data processing is absolutely necessary in order to be able to provide you with our full range of services or to ensure the functionality and safety of our products and fleet. This may also involve the further processing of previously collected data, to the extent that it is essential for the functionality of services and legally permissible. To the extent that we are legally required, vehicle, service, and product data may be shared with other entities, especially authorities.

In certain countries, in order to prevent tampering with odometers, for example, vehicles with the appropriate technical capability are required to report vehicle data regularly to the responsible registration authorities.

The following categories of personal data will be processed to fulfil this obligation:

Vehicle identification number; and

Current mileage.

In order to record real consumption values, so-called onboard fuel consumption monitoring (OBFCM) data must be read from the vehicle and transmitted to government agencies for certain vehicles with internal combustion engines (incl. plug-in hybrids) in certain countries. Data processing, transmission and storage are carried out within the framework of this legal obligation and can be refused prior to the readout process at the contract workshop.

The following categories of personal data will be processed to fulfil this obligation:

Vehicle identification number; and

Fuel consumption and mileage driven (OBFCM data).

Porsche AG is responsible for implementing the corresponding processing operations.

Where applicable, the recipients are PHK as processor, as well as the respective responsible institutions, e.g. importers, authorised bodies. There is no intention to transfer personal data to third countries or territories outside Hong Kong or the European Economic Area.

In complying with the Personal Data (Privacy) Ordinance (Cap. 486), there is an obligation to take all practicable steps to ensure that any personal data held by PHK in connection with providing the services is protected against unauthorised or accidental access, processing, erasure, loss and use.

If anomalies occur during vehicle operation that indicate potential cybersecurity attacks, the following data is forwarded to a back-end for further analysis.

- Vehicle identification number;

- IP address;

- Time stamp;

- Error information, if applicable (diagnostics, control unit-related, network-related data); and

- Information about the type of end devices used.

Porsche AG is responsible for implementing the corresponding processing operations. This enables us to identify and treat weaknesses in our products, make future attacks more difficult and improve the security of our vehicle systems in the long term.

If a security threat should be identified, the data collected will be forwarded to our Incident Response Team for further processing. Insofar as this is necessary for the analysis and/or containment of a security risk, the data will also be forwarded to other companies in the VW Group.

Porsche AG, Audi AG (Auto-Union-Strasse 1, 85045 Ingolstadt) and Volkswagen AG (Berliner Ring 2, 38440 Wolfsburg) are jointly responsible for collaboratively processing and preventing security incidents across the VW Group. The parties have defined their respective obligations and tasks. In particular, they have agreed that applications from data subjects that fall within the aforementioned scope can be asserted against any of the parties involved. As part of this cooperation, it is possible for Audi AG and Volkswagen AG also to have access to threat data in order to effectively detect cross-group security incidents.

As part of the treatment of specific abnormalities, the above- mentioned data can be transmitted in pseudonymised form to a specialised security service provider based in Israel.

You can use various communication channels to contact us, in particular the service hotline if you wish to contact us by telephone, but also e-mail or live chat. If you contact our contact centre, we process personal data to the extent necessary to provide the contact centre service and to process your request. We may ask you to provide personal data that is necessary for the preparation and implementation of the contact to process your respective request. Without this data, we will not be able to process your request or fulfil your request. The purposes of processing arise specifically from your request and the services you have booked. These encompass, in particular, the processing of requests from interested parties, customers and dealers in relation to products and services from PHK. This includes, for example,

Technical support services;

Assistance when purchasing services or products;

Answering general questions about sales & marketplace

Technical support for customers and dealers, in particular through the provision of a service hotline for telephone contact.

We also process your personal data to comply with legal obligations to which we are subject. Obligations may arise, for example, from commercial, tax, telecommunications, money laundering, financial or criminal law. The purposes of processing arise from the respective statutory obligation; the processing generally serves the purpose of complying with state obligations with regard to monitoring and duty of disclosure.

If we collect data on the basis of a legal obligation or in the public interest, you need to provide the personal data that is required to comply with the legal obligation. Without this, we might not be able to process your request or fulfil these obligations.

If you use support services in a Porsche Centre, your dealer can also retrieve this data. To facilitate this service, we also transmit the aforementioned data to the relevant dealer.

In the following, we would like to provide you with further information on data protection in the context of the implementation of customer and prospect management at Porsche. The purpose of the measures is to safeguard customer- and interest-oriented management.

Joint customer and prospect management at Porsche

The measures mentioned in this section within the framework of customer and prospect management (in particular service and support, implementation of legal requirements, needs analyses, individual support via the desired communication channels) are not, in principle, carried out by the person responsible alone. In addition to PHK, the parties involved in customer and prospect management under the Porsche brand include Dr. Ing. hc F. Porsche AG as manufacturer, the responsible Porsche centres, the responsible importer – in particular Porsche Deutschland GmbH – and other companies affiliated with Porsche in the areas of financial and mobility services, digital services and lifestyle products.

By using a central platform, we avoid situations in which information about your products, contact details and interests is not available to your contact person at Porsche, which would result in your being referred to another company involved. This also applies if the operating company of your respective Porsche Centre changes. By exchanging and comparing data, we ensure that you receive optimal support and advice. Of course, only the companies involved have access to your data, which they also need for operational purposes.

In certain cases, joint customer and prospect management can lead to joint responsibility. The participating companies have therefore defined the respective tasks and responsibilities in the processing of personal data and the parties responsible for fulfilling data protection obligations. In particular, stipulations have been made as to how an appropriate level of security can be achieved and how your data subject rights and data protection information obligations can be guaranteed. Alongside the other companies involved, PHK is available to you as a central point of contact.

Individual customer and prospect management

We intend to use your data – contact data, support and contract data (e.g. on purchase, leasing or financing), service information and data on interests, vehicles and the services and products that you use of the companies participating in the joint customer and prospect management to send you personally tailored information and offers about vehicles, services and other products from Porsche, invitations to events and surveys on satisfaction and expectations via the desired communication channels and to create an individual customer profile, and we require your consent (which includes an indication of no objection) to the individual customer and prospect management (to the extent that this constitutes direct marketing under Hong Kong law) in order to do so. We also intend to provide the aforementioned data to [PHK’s affiliates] in order to enable them to send direct marketing messages to you in relation to [the same types of goods and services], and we require your written consent in order to do so.

Which data is actually used for this depends on which data was collected on the basis of assignments, orders and consultations or made available by you (e.g. in the consultation at the Porsche Centre or as part of your activities under your Porsche ID at My Porsche). The data can also come from assignments or orders that are processed in collaboration with cooperation partners (e.g. insurance companies) and from whom we may then receive the information. If appropriate approvals have been granted, other data sources may also be included. This can be data from the vehicle (e.g. on your driving behaviour) or on the use of digital media (e.g. on website use). You will receive further information on the merging of the data with the corresponding release.

To offer you an inspiring brand and support experience with Porsche and to make our communication and interaction with you as personal and as relevant as possible, the data mentioned is used for needs analyses and customer segmentation. On this basis, it is possible to determine affinities, preferences and potentials within the framework of the individual customer and prospect management by the participating companies. Key figures regarding your probable product interests and your level of satisfaction are examples of such measures to individualise support. The corresponding information and analysis results are stored in your customer profile and are then available for designing the customer and prospect management. The personal evaluation and assignment in a customer profile only takes place if you have given your voluntary consent to the individual customer and prospect management. We do not offer individual customer and prospect management without these optimisation and personalisation measures.

If you do not give your consent, we only use the data mentioned in the context of customer and prospect management to carry out general evaluations on the basis of aggregated data from customers and prospects, with the aim of optimising our offers and systems and aligning them with overarching interests. Please note that your data may also be evaluated outside the scope of customer and prospect management; this is then based on your specific consent.

When we send e-mails within the context of the individual customer and prospect management, we may use commercially available technologies such as tracking pixels or click-through links. This allows us to analyse which or how many e-mails are delivered and/or rejected and/or opened. The latter is carried out in particular by tracking pixels. If you have deactivated the display of images in your e-mail program, it is not possible to measure the opening rate of our e-mails in full using tracking pixels. In this case, the e-mail will not be displayed completely. It is nevertheless still possible for us to determine whether an e-mail has been opened if you click on the text or graphic link in the e-mail. Using click-through links, we can analyse which links have been clicked in our e-mails and determine the interest in certain topics. If you click on the corresponding link, you will be guided through our separate analysis server before accessing the target page. Based on the analysis results, we can make e-mails more relevant within the scope of the individual customer and prospect management, send them in a more targeted manner or prevent e-mails from being sent. We only send e-mails to you and evaluate their use if you have given your voluntary consent to the individual customer and prospect management. We do not offer individual customer and prospect management without the described evaluation for optimisation.

In principle, we only process your data for the purposes for which we collect it from you. In individual cases, however, it may be necessary to process data that has already been collected for other purposes at an earlier stage. Of course, this is only done if you have given your consent.

Where we process your personal data for a purpose other than that for which it was collected, beyond appropriate consent, we will take into account the compatibility of the original purpose and the purpose now pursued, the nature of the personal data, the possible consequences for you of further processing and the guarantee of the protection of the personal data. We will obtain your express consent where required by applicable laws.

Some functions of our online offer require you to grant access to your end device (e.g. access to location data). Granting permissions is voluntary. However, if you wish to use the corresponding functions, you must grant the corresponding authorisations, otherwise you will not be able to use these functions. Permissions remain active unless you revoke them in your device by deactivating the relevant setting.

Unless you choose another setting, your vehicle is always in so-called private mode. This option prevents data transmission for most vehicle services, especially for the services from the Connect portfolio. You have the option at any time to deactivate private mode in whole or in part in order to unlock the full range of functions of your Connect Services.

Certain services remain active even if you choose to activate private mode. This includes services that we are obliged to use due to legal regulations. Private mode also has no effect on the functionality of security-related functions. If, during vehicle setup, you have activated the implementation of updates, these will be downloaded and prepared for installation despite private mode being activated.

We also process personal data that we receive from third parties or from publicly available sources. Below is an overview of the relevant sources and the categories of data obtained from these sources.

Group companies, Porsche sales companies, Porsche centres and service companies: information about your products, services and interests

Cooperation partners and service providers: for example, creditworthiness data from credit agencies.

Within our company, the only people who have access to your personal data are those who need this for the purposes named above. We only pass on your personal data to external recipients if a legal licence exists or if we have your consent. Below you will find an overview of the corresponding recipients:

Porsche AG and PHK are part of the Porsche group of companies. Within the scope of our business, we have outsourced certain processing operations within the group of companies. In certain circumstances, data may therefore be transferred within our group of companies, for example in the context of customer relationships, for analysis and market research purposes or in the area of marketing. This is always done on the basis of an order processing relationship or within the framework of joint responsibility. This also applies to the exchange of data with the Porsche Centres, insofar as this is necessary for maintaining active customer relationships as part of customer and prospect management or for processing support cases.

We transmit data from our customer relationship to the following recipients in particular:

Processors: Porsche AG and its group companies or external service providers, for example in the areas of technical infrastructure and maintenance, who are carefully selected and checked. The processors may only use the data in accordance with our instructions.

Public bodies: authorities and public institutions, such as public prosecutors, courts or tax authorities to which we (must) transfer personal data, e.g. to fulfil legal requirements.

Private entities: Porsche AG and its group companies, Porsche sales companies, dealerships and service companies, cooperation partners, service providers (not bound by instructions) or authorised persons such as Porsche Centres and Porsche Service Centres, financing banks, credit agencies or transport service providers.

If data is transferred to bodies whose headquarters or place of data processing is not located in Hong Kong or a member state of the European Union, another country outside of the European Union that is a signatory to the Agreement on the European Economic Area or a state for which an appropriate level of data protection has been determined through a decision of the European Commission, we will ensure, before disclosure, that the data transfer is either covered by a legal authorisation, that there are guarantees for an adequate level of data protection with regard to the data transfer (e.g. through the agreement of contractual warranties, officially recognised regulations or binding internal data protection regulations applied by the recipient) or that you have given your consent to the data transfer.

The following shall apply if the description of the individual services does not provide information about the specific duration of storage or the deletion of the personal data:

We store your personal data, if a legal permission exists for this, only as long as necessary to achieve the purposes pursued. We will also delete your personal data if we are obligated to do so for other legal reasons. Pursuant to these general principles, we will usually erase your personal information immediately if your personal data is no longer required for our purposes.

Right of access: you have the right to receive information about and obtain a copy of your personal data stored by us.

Right to correction: you may request us to correct incorrect data

Objection to direct marketing: if we process or transfer your personal data for the purpose of direct marketing, you have the right to object to our processing or transferring of your data for this purpose at any time. If you exercise your right to object, we will stop processing or transferring for this purpose.

Withdrawal of consent: if you have given us consent to the processing of your personal data, you can revoke this at any time with effect for the future. The withdrawal of consent will not affect the lawfulness of processing before its withdrawal.

Right of appeal to the supervisory authority: you can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the supervisory authority responsible for your place of residence or country or territory (which, in the case of Hong Kong, is the Privacy Commissioner for Personal Data) or the supervisory authority responsible for us.

Your contact with us and exercising your rights: furthermore, you can contact us free of charge with questions about the processing of your personal data and to exercise your rights as a data subject. Please contact our data protection officer by e-mail at privacy_support@porsche.cn, via the website at http://www.porsche.com/international/privacy/contact/ or by post at the address provided in Section 1 above.

When doing so, please make sure that we can clearly identify you. If you wish to withdraw your consent, you can alternatively use the method of contact that you used when you gave your consent.

Status: 01.06.2025