Porsche Smart Mobility GmbH
Should you have questions or suggestions regarding data protection or privacy, please feel free to contact us.
You can reach our data protection officer as follows:
Porsche Smart Mobility GmbH
Data Protection Officer
The subject-matter of data protection is the protection of personal data. This means all information concerning an identified or identifiable natural person (known as the “data subject”). This includes information such as name, postal address, email address or phone number, as well as information that necessarily arises during the use of our Porsche Digital Service Infrastructure.
To use the Porsche Digital Service Infrastructure and the Services offered within it in full, it is necessary to register and create a Porsche ID user account in My Porsche. After completing the registration process and creating your Porsche ID user account you will also receive your Porsche ID (username for the Porsche ID user account). During registration and when creating and using your Porsche ID user account personal data is processed and may be transferred to third parties as depicted hereinafter in order to fulfil our contractual obligations in this context. Except where indicated otherwise, we carry out all processing operations described in this section in order to perform the contract existing between you and us on the basis of Article 6(1)(b) GDPR.
You can choose one of two ways to register and create your Porsche ID user account:
If you wish, your authorised dealer will enter the personal data you have provided for you via the dealer’s access to our systems. You will then receive a link by email, for example, that you will have to use to confirm your registration and the creation of your Porsche ID user account. Please note that the authorised dealers are independent companies and we have no influence over them. A second factor will be used for additional verification, for example a code sent via text message that you then enter as part of the process of registering and creating your Porsche ID user account.
If you have not registered and created your Porsche ID user account via an authorised dealer, you can register and create your Porsche ID user account yourself and enter your personal data independently. In selected countries you can also add a vehicle and use further digital Services for which vehicle ownership is required. To do so you will also have to upload a copy of an identification document and proof of ownership and, if you are not the owner of the vehicle, authorisation from the vehicle owner after entering your vehicle identification number. These documents will be reviewed based on our verification criteria. As proof of successful verification we also store the names, dates of birth, places of birth, addresses and validity dates for the documents as shown in the relevant identification documents and the vehicle identification numbers, owner names and addresses shown in the proof of ownership. Once verification is complete the copies of the documents are deleted. If you add a vehicle and a specific vehicle is assigned to you under your Porsche ID user account as a result, there is what is known as a vehicle link (hereinafter “Vehicle Link”). After a successful review, you will receive a link by email, for example, that you will have to use to confirm your registration and the creation of your Porsche ID user account. A second factor will be used for additional verification, for example a code sent via text message that you then enter as part of the process of registering and creating your Porsche ID user account.
Self-registration requires that you upload pictures from your device. This means you will be asked for authorisation to access your device’s camera or photo library. Granting authorisation is voluntary. However, if you wish to use the self-registration feature, granting the relevant authorisation is required, as you will be unable to use self-registration otherwise. The authorisation remains active until you reset it in your device and/or internet browser by deactivating the relevant setting.
(a) Required information when registering and creating your Porsche ID user account
When registering and creating your Porsche ID user account you are required (in the case of self-registration) to enter your email address, a password, your name and any suffixes, contact and address information, mobile phone number, email address and, where applicable, the language in which you wish to communicate with us, or (in the case of registration and creation of your Porsche ID user account via an authorised dealer) to confirm this personal data during the process of registering and creating your Porsche ID user account. This personal data is required in order to set up and manage your Porsche ID user account for you so that you can use the full range of our Services offered within the scope of the Porsche Digital Service Infrastructure. In selected countries, you can also use our offerings as a prospective customer. In this case all you are required to provide is your name and email address and a password. We also need this and, where applicable, further personal data not least in order to be able to respond to requests, questions and criticism. In addition we store the time of your most recent log-in. During registration and creation of your Porsche ID user account we perform a plausibility check of your name and address information.
(b) Voluntary information when registering and creating your Porsche ID user account
When registering and creating your Porsche ID user account you also have the option to voluntarily enter further information, such as additional name information (academic titles, etc.), company contact information, date of birth, other phone numbers, credit card information (which is stored exclusively with the payment service provider) and your vehicle registration number and a personal vehicle name. In addition you can provide information on your interests and preferences and your desired contact channels. Please note that this information is not required in order to register and create your Porsche ID user account, and it is entirely up to you whether you wish to communicate this personal data to us.
If you have registered and created your Porsche ID user account we will share fundamental information regarding your Porsche ID user account and your vehicles with Porsche dealers that provide service in order to be able to provide you with service via our dealer organisation as well, as needed. This is done in order to perform the contract with you on the basis of Article 6(1)(b) GDPR. To this end, we will transfer not only your vehicle identification number, but also your username (Porsche ID), the technical and/or sales-related availability of Services and product offerings for your Porsche ID user account or vehicle and relevant events within the scope of the creation, modification or deletion of your Porsche ID user account, links to vehicles, the selection of dealers or the activation or deactivation of Services.
If you have selected an authorised dealer and granted your consent, the personal data stored in your Porsche ID user account, particularly contact information, customer service, contract and Service information and information on your interests, vehicles and Services used, will also be shared with the authorised dealer and synchronised with any personal data concerning you that may be stored by the authorised dealer. If you no longer wish this sharing of data to take place in the future, you can adjust the user settings for your Porsche ID user account accordingly. The aforementioned personal data will no longer be shared with the authorised dealer from then on. The legal basis for the processing of your personal data in this context is your consent pursuant to Article 6(1)(a) GDPR.
If you delete your Porsche ID user account, the personal data stored in your Porsche ID user account will also be erased upon termination of the contractual relationship, but not before the end of the term of your existing Service licences. To the extent that personal data must be stored for legal reasons, this data will be blocked (this is known as “restriction of processing”). The personal data is then no longer available for further use, particularly for the use of Services. The Services may no longer function in full or at all as a result. You will then no longer be able to use the Porsche Digital Service Infrastructure in full either. If further controllers within the Porsche group of companies and its sales organisation process personal data on their own responsibility, the processing of this personal data will not be affected by this. To the extent that personal data has been shared with a dealer of your choice based on your consent pursuant to Article 6(1)(a) GDPR, we will notify the dealer of the deletion of your Porsche ID user account.
You can book individual or multiple My Porsche Services and Porsche Connect Services and activate Service licences. When selecting the relevant Service or Service package you can also view the relevant information included in the offer details on the processing of personal data within the scope of the Services in question. To perform and fulfil a booking and the contractual relationship associated with it we process not only the relevant booking information, but also your personal data that has been collected during the process of registering and creating your Porsche ID user account. You can change your billing address before the booking process is concluded. In this case we will use this address information that you provide for purposes of billing and settling the account.
We contract with a payment service provider to handle payments for paid Services within the scope of My Porsche, Porsche Connect and Porsche Drive. To this end, we process your credit card information as well as the relevant payment information and your IP address. For example, during the process of booking paid Services we transfer the invoiced amount, your IP address and a unique transaction key that can be used to allocate your payment for the purposes of handling payment. The management of your credit card information and the handling of payment are carried out via systems of the payment service provider on behalf of PSM GmbH. When you enter your credit card information this takes place directly via an entry field of the payment service provider, which encrypts this information independently on your device. The encrypted information is subsequently transferred by us to the payment service provider, where it is stored and used for your payment. The legal basis for this processing is the performance of a contract pursuant to Article 6(1)(b) GDPR.
Exclusively for the purpose of accounts receivable management (including compliance checks, to the extent required by law) and to perform credit checks, the payment service provider used processes your customer and contact information (name, address, email address, Porsche Connect customer number; if applicable, company name and affiliated companies) and the vehicle identification number shown in the proof of ownership on our behalf. The legal basis for the processing of the personal data mentioned for the purposes stated above is, pursuant to Article 6(1)(c) GDPR, compliance with a legal obligation to which we are subject or, pursuant to Article 6(1)(f) GDPR, our legitimate interest in complying with legal requirements.
After the booking is complete, you can activate the Services. This will store your use authorisation in the system and cause the list of available Services to be updated accordingly.
To use certain Services (such as charging station offers), a personalised card containing RFID chips (Porsche ID Card, Porsche Charging Card) is sent out by mail in numerous countries where the Services are offered when a product is purchased. An identification number is stored on this card; this number can be used to associate the card with your Porsche ID user account. No personal data other than the identification number, particularly not your name or address, is stored digitally on the card itself. If the card is lost, you can block it within your Porsche ID user account.
Once delivered, the Porsche ID Card can be used directly in dealings with supported infrastructure (such as public charging stations).
Unless otherwise indicated, we carry out the processing operations described in this section in order to perform our contract with you on the basis of Article 6(1)(b) GDPR.
You can use the My Porsche Services and Porsche Connect Services that have been booked, depending on the Service, in your vehicle (to the extent available for your vehicle) via mobile radio connection or via further devices in My Porsche or your Porsche Connect app and, where applicable, also from multiple or all access points. To this end, your vehicle or the relevant device will connect to the Porsche Digital Service Infrastructure.
When you use the Services booked via My Porsche or the Porsche Connect Store in your vehicle or on other devices, we process personal data concerning you for the purposes of enabling the use of the Services, for support purposes and for further, specifically defined purposes. Unless otherwise indicated, we process your personal data only within the scope necessary to enable the use of the relevant My Porsche Service or Porsche Connect Service.
When you use the individual My Porsche Services or Porsche Connect Services the following categories of personal data may be processed, for example, depending on how the specific Service works:
a) identification information, such as the vehicle identification number, your Porsche ID and the device and system IDs for your devices and mobile radio modules, which is needed to identify you personally, your device or your vehicle in order to establish connections, use Services or access content;
b) authorisation information, including that the vehicle or the relevant device has been activated for the relevant Porsche Connect Service, which can be linked to your personal data that you entered during the process of registering and creating your Porsche ID user account;
c) login information that is needed if you wish to use services from other providers that require a login in your vehicle or on other devices;
d) communication information that is required in order to establish a connection between your vehicle and/or other devices and our servers or the servers of third-party providers of content for Porsche Connect Services;
e) location and movement information, such as GPS or speed data, that is needed in order to use location-based content;
f) language information that enables voice control and voice entries in certain Porsche Connect Services. Voice data is transferred to us from the vehicle or a device as recordings for the purpose of conversion to text. The text that is then generated by a service provider is transferred back to the vehicle and the recording is then deleted at our end;
g) contact information that is used in communication services, for example to send email or text messages;
h) billing data, such as individual connection records regarding charging processes. We may combine this information with your address and payment information for individual billing purposes;
i) further content that must be shared with us or with service providers in order to be able to provide a Service for you.
For detailed information on which personal data is processed within the scope of which Service, please see the relevant Service descriptions at https://connect-store.porsche.com/se/en/.
Unless otherwise mentioned here, in one of the Specific Privacy Policies or, where applicable, in the further specific privacy notices pertaining to the relevant Service, we process your personal data in each case on the basis of Article 6(1)(b) GDPR in order to provide you with the Services in this context and perform the contract associated therewith.
If you use services provided by a third-party provider with which you have a contractual relationship of your own, content of these services may be displayed in your vehicle or on your device and information may be shared between your vehicle or device and the service provider in question.
We have no influence over the processing of data by this third-party provider or the location of the data processing. Therefore please see the relevant third-party provider’s separate privacy notices for information on the nature, scope and purpose of the processing of personal data with regard to the relevant service.
We transfer the necessary personal data to the relevant third-party provider on the basis of Article 6(1)(b) GDPR to perform the contract existing between you and us.
The relevant data processing takes place on the basis of Article 6(1)(f) GDPR in this regard.
Should you grant us consent to certain data processing operations, this consent is always associated with a specific purpose; the purposes arise in each case from the content of the specific declaration of consent. In this case, the processing of data takes place on the basis of Article 6(1)(a) GDPR. If you do not consent, we are not able to comply with your request that is covered by the consent. You can withdraw consent, once granted, at any time without this affecting the lawfulness of processing that has taken place based on consent before its withdrawal.
On the basis of any consent that may have been granted by you, the companies listed in the declaration of consent may use the data for specific purposes, e.g. to provide individual care for customers and prospective customers, and may contact you via your desired communication channels.
If we use your data to provide individual care for customers and prospective customers within this scope, this takes place in order to provide you with an exciting brand and customer care experience with Porsche and to make our communications and interactions with you as personal and relevant as possible. Which of your data is specifically used to provide individual care for customers and prospective customers depends in particular on which data has been collected on the basis of inquiries, orders and advising (e.g. when purchasing Porsche products) and which data (e.g. your personal interests) you have provided at the relevant contact points (e.g. via this website or at the Porsche Zentrum).
In these cases, the specific scope and intended purpose of the consent granted by you arise from the wording of the declaration of consent at the point of contact.
Internal recipients: Within PSM GmbH access is restricted to those persons who require it for the specific purposes mentioned.
External recipients: We do not disclose your personal data to external recipients outside PSM GmbH except where necessary in order to provide and carry out the relevant Service, where there is another legal authorisation or where we have your consent to do so.
External recipients may be the following:
Dr. Ing. h.c. F. Porsche AG or its affiliates or external service providers with which we contract for the provision of services, for example in the areas of technical infrastructure and service/maintenance for the offerings of PSM GmbH or the provision of content. We select these processors carefully and subject them to regular reviews to ensure that your privacy is safeguarded. The service providers are not permitted to use the personal data other than for the purposes specified by us and according to our instructions.
b) Public bodies:
Government agencies and state institutions, such as tax authorities, public prosecutors’ offices or courts, to which we transfer (and/or are required to transfer) personal data for mandatory legal reasons or to safeguard legitimate interests. In these cases the transfer takes place on the basis of point(s) (c) and/or (f) of Article 6(1) GDPR.
c) Private bodies
Porsche dealers and service businesses, cooperation partners, service providers or persons to which or whom personal data is transferred on the basis of consent, to perform a contract with you or to safeguard legitimate interests, such as Porsche centres and Porsche service centres, financing banks, providers of further services or transportation service providers. In these cases the transfer takes place on the basis of point(s) (a), (b) and/or (f) of Article 6(1) GDPR.
If data is transferred to bodies whose registered office or location of data processing is not located in a Member State of the European Union or another state that is a signatory to the Agreement on the European Economic Area, we ensure before forwarding the data that, apart from in exceptional cases permitted by law, there is either an adequate level of data protection at the recipient’s end (e.g. through an adequacy decision by the European Commission, appropriate safeguards such as self-certification by the recipient under the EU-US Privacy Shield or an agreement on “EU standard contractual clauses” with the recipient) or that you grant your consent to the transfer of the data.
We do not only process personal data that we receive from you directly. We also receive some personal data from third parties to the extent that we have a legal basis for this.
For details regarding collection of data by third parties, please see the Specific Privacy Policies and, where applicable, the further specific privacy notices pertaining to the relevant Service.
Except where information on the specific duration of the storage and/or erasure of personal data is provided in the description of the specific Services, the following applies:
We store your personal data only as long as is necessary to fulfil the intended purposes or – in the case of consent – unless and until you withdraw consent. In the event of an objection to processing, we erase your personal data unless the continued processing thereof is permitted pursuant to the relevant statutory provisions. We also erase your personal data if we are obligated to do so for other statutory reasons.
Applying these general principles, we generally erase your personal data without delay
As the data subject affected by data processing, you have numerous rights at your disposal. Specifically:
Right of access: You have the right to obtain information regarding the personal data concerning you that is stored by us.
Right of rectification and erasure: You can request that we rectify incorrect data and – provided that the statutory prerequisites are met – erase your data.
Restriction of processing: You can request – provided that the statutory prerequisites are met – that we restrict the processing of your data.
Data portability: Should you have provided data to us on the basis of a contract or consent, you can, if the statutory prerequisites are met, request that you receive the data provided by you in a structured, commonly used and machine-readable format or that we transfer it to another controller.
Objection to data processing in the case of “legitimate interest” as the legal basis: You have the right to object, on grounds relating to your particular situation, at any time to the processing of data by us to the extent that this processing has “legitimate interest” as its legal basis. If you exercise your right to object, we will discontinue the processing of your data unless we can demonstrate – in accordance with the statutory specifications – compelling legitimate grounds for continued processing which override your rights.
Withdrawal of consent: To the extent that you have granted us consent to the processing of your data, you can withdraw it at any time with effect for the future. This does not affect the lawfulness of the processing of your data prior to the withdrawal of consent.
Right to lodge a complaint with the supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. To this end, you can contact the data protection supervisory authority with jurisdiction over your place of residence or your country or the data protection supervisory authority with jurisdiction over us.
Contacting us: You can also contact us free of charge if you have any questions regarding the processing of your personal data, your rights as a data subject and/or any consent that may have been granted. To exercise any of your rights as outlined above, please contact us by email, to email@example.com, or by post, using the address mentioned in section 1 above. When contacting us, please ensure that it is possible for us to identify you clearly.
We utilise all the necessary technical and organisational measures in keeping with the state of the art in order to ensure a level of security appropriate to the risk, in accordance with the applicable statutory requirements.
Services of other providers linked to by our Services have been and are designed and provided by third parties. We have no influence over the design, content and/or functioning of these services. We expressly distance ourselves from all content of all services linked to. Please note that these services, such as third-party websites, may install cookies on your device or collect personal data. We have no influence over this. In this regard, please obtain information directly from the providers of these services linked to as necessary.
Last updated: 1 November 2019
In the My Porsche or Porsche Connect store on our My Porsche and Porsche Connect Store website (hereinafter also referred to as the "site"), you can book My Porsche services, Porsche Connect services, Porsche Drive services and Function on Demand (FoD) and activate the relevant licences. This requires you to be registered with My Porsche and to have a Porsche ID user account. Depending on the service, you can use and manage the above services through our website, various Porsche apps, and, if available for your vehicle, in your car via a wireless network connection.
Parts of our website can be used without registration. Even if you use the website without registering, your personal data may be processed.
When you access our website through your device the following data will be processed by us:
We process this data on the basis of Article 6(1)(f) of the General Data Protection Regulation ("GDPR") to provide the website, to safeguard its technical operation and for the purpose of identifying and rectifying faults. In so doing, our aim is to enable use of our website and to permanently ensure its technical functionality. When you access our website this data is processed automatically. Without providing this data you cannot use our website. We do not use this information to identify you.
The automatically collected data referred to in section 1.1.1 is also processed to improve the performance of our services, ensure their availability and to optimise the user experience as well as to evaluate your use of the website, compile reports on website activity for us and provide other services associated with use of the website.
We process your data in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in the performance and availability of our products and in the analysis of the user behaviour of visitors to our website. We do not use this information to identify you.
As part of the processing described here we also store cookies. For more details on this, please refer to paragraph 1.1.3.
To use certain functions, you may be required to grant access to your location.
The granting of permissions is voluntary. However, if you want to use the functions in question, granting the relevant permissions is necessary, as otherwise you cannot use these functions.
Permissions will remain active unless they are reset by deactivation of the relevant setting in your device and/or internet browser.
When using our website you may voluntarily provide personal data or register for services or functions. When you register for and use the services and functions described below, personal information will be processed by us as set out below.
Prior registration and the creation of a Porsche ID user account are required for use of the services and functions of our website set out in paragraph 1.3.2. Use of the services and functions set out in paragraph 1.3.3 does not require prior registration.
The functions that form part of our products and services on our website as well as the personal data processed in each case together with the underlying purposes and legal basis are set out below.
Where necessary, we provide additional information on the processing of personal data for our bookable services in the additional specific privacy notices for the relevant service.
Prior registration and creation of a Porsche ID user account are required to use this function.
In order to be able to provide information about your vehicle, current warranties and recalls in the My Porsche section of our website, we process equipment and vehicle master data, such as the vehicle identification number, current warranties, model year and model image that appear on the vehicle registration certificate.
The legal basis for the processing of your personal data is, in accordance with Article 6(1)(b) GDPR, the performance of the existing contract between you and us.
Prior registration and creation of a Porsche ID user account are required to use this function.
To request service appointments with Porsche dealers and service companies through the My Porsche section of our website, we can at your request provide customer and vehicle data to the relevant companies selected by you. If you give us your consent as part of a service request, we will transmit your name, address, telephone number, email address, Porsche ID, the vehicle identification number as it appears on the vehicle registration certificate, your vehicle model, the service appointments that you have chosen, your chosen service and your additional message relating to your request, as well as the methods of contact requested by you to the dealer or service company selected by you for the relevant request.
Transmission of your personal data occurs once in connection with the relevant service request; the legal basis for transmission is Article 6(1)(a) GDPR, i.e. your consent. We store your service request to perform the existing contract between you and us in accordance with Article 6(1)(b) GDPR.
The functions on our website as well as the personal data processed in each case together with the underlying purposes and legal basis are set out below.
Prior registration and creation of a Porsche ID user account are not required to use this function.
In certain areas of our website we offer live chat as a method to make contact and receive advice. Using live chat you can communicate with one of our consultants via text messages. When you open and use live chat, for technical reasons your browser automatically transmits the following data at the start, which is stored by us separately from other data that you may provide to us in other circumstances:
The legal basis for this data processing is Article 6(1)(f) GDPR, our legitimate interest being to safeguard and maintain the operation and the safety of our products and services and to rectify faults. In this context the data is also processed by us – without identifying a specific person – for analytical purposes.
If you then disclose further personal data to us via the live chat, this is done on a voluntary basis. Where personal data is required to solve your issue, we will inform you of this and ask you for it. The texts entered by you into the input screen during live chats are stored on our behalf on the server of an external service provider. The legal basis for this data processing is Article 6(1)(b) GDPR.
Non-technically necessary cookies: By contrast, non-technically necessary cookies are used, for example, to improve the convenience and performance of our website or to save any settings you have specified. We also use non-technically necessary cookies to obtain information about the frequency of use of certain areas of our website so we can make targeted adjustments in the future to meet your needs. We do not store non-technically necessary cookies until you have confirmed by clicking on the appropriate box that you have acknowledged our cookie notice and continue to use our website.
Session cookies: Most cookies are required only for the duration of your current website visit or your session, and are then deleted or become invalid as soon as you leave our website or your current session expires (so-called "session cookies"). Session cookies are used, for example, to maintain certain information during your session, such as your registration for the website or the contents of your shopping basket.
Persistent cookies: Cookies are only occasionally stored for a longer period, for example in order to recognise you and access your saved settings when you visit the website again at a later date. This allows you to access our websites more quickly or conveniently without having to reselect certain settings, such as your preferred language. Persistent cookies are automatically deleted after a predefined period of time from when you visit the website or domain on which the cookie was used.
Flow cookies: These cookies are used for communication between various internal Porsche servers. They are set at the beginning of a user interaction and deleted again once it ends. Flow cookies receive a unique identification number during the interaction but this does not contain any identifying information about the customer or user.
Provider cookies: When you visit our website, cookies are generally placed on your browser by the operators we use for our website.
We use the following services for the purpose of web analytics and audience measurement:
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses third-party cookies to identify the frequency of use of certain areas of our website and preferences. The information generated by the cookie about your use of the website (including your truncated IP address) will be transmitted to and stored on a Google server in the United States. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website and internet usage.
The legal basis for the use of services for web analytics and audience measurement, such as Google Analytics, is Article 6(1)(f) of the General Data Protection Regulation ("GDPR"); our legitimate interest arises from the purposes set out above, in particular the analysis, optimisation and efficient operation of our website.
The acceptance of cookies when using our website is not mandatory; if you do not want cookies to be stored on your device, you can disable the relevant option in your browser's system settings. You can also delete previously stored cookies from your device at any time. If you do not accept cookies, however, this can lead to functional restrictions of our site.
Additionally, you can disable the use of Google Analytics cookies using a browser add-on if you do not want website analysis. This can be downloaded here: http://tools.google.com/dlpage/gaoptout?hl=en.
In this case "opt-out" information is stored on your device, which is used to identify your deactivation of Google Analytics. Please note that such opt-out information will deactivate Google Analytics only on the device and browser on which it was installed.
You may also need to reinstall it if you delete cookies from your device. As an alternative to the browser add-on, for example on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on the following link: http://optout.networkadvertising.org/?c=1#!/. This sets an opt-out cookie that prevents the future collection of your data. The opt-out cookie is valid only for the browser used when it was set and only for our website, and is stored on your device. If you delete the cookies in your browser, you must set the opt-out cookie again.
You can also activate the "Do Not Track function" on your device. When this function is enabled, your device informs the relevant service that you do not want to be tracked.
Specifically, the following cookies may be stored when accessing our website: