2. Subject matter of data protection
The subject matter of data protection is personal data. This is all the information that relates to an identified or identifiable natural person (known in the legislation as the data subject). This covers, for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates from the use of our website, such as details about the start, end, and scope of use, and the communication of your IP address.
3. Type, scope, purposes of, and legal basis for automated data processing
In general, it is possible to use our website without registering. Even if you use our website without registering, personal data can still be processed.
An overview of the type, scope, purposes of, and legal bases for automated data processing via our website is provided below.
3.1 Provision of our website
When you access our website using your device, we process the following data:
- date and time of access
- duration of your visit
- type of device
- operating system used
- functions that you use
- quantity of data sent
- type of event
- referrer URL
- IP address
- domain name
We process this data on the basis of Article 6 (1) (f) GDPR to provide the website, to ensure the technical operation, and to identify and rectify faults. In this way, we pursue the interest of facilitating and ensuring the long-term use of our website and its technical functional capability. When our website is selected, this data is automatically processed. You cannot use our website unless this data is provided. We do not use this data for the purpose of drawing conclusions about you or your identity.
|Name||Duration of storage||Purpose|
|PHPSESSID||End of session||This cookie is used to identify the session.|
|_utma||2 years from the last update||Google Analytics cookie for distinguishing users and sessions. Contains a unique identifier.|
|_utmb||30 days from the last update||Google Analytics cookie for determining new sessions and visits. Contains a unique identifier.|
|_utmc||End of session||Google Analytics cookie used in conjunction with the cookie _utmb to determine new sessions and visits. Contains a unique identifier.|
|_utmt||10 minutes||Google Analytics cookie used to throttle the request rate.|
|_utmz||6 months from the last update||Google Analytics cookie that stores the source or campaign that explains how the user reached the website.|
|ga-disable-UA-4303498-1||Permanent||Google Analytics cookie: Is used when tracking with Google Analytics is to be prevented and the link to the Google Analytics opt-out was therefore called.|
4. Individual services and offers
You can voluntarily enter personal data or register for services with an individual profile at several locations on our website, e.g. as part of the following offers: webshops, newsletter registration, contact requests, requests for information, participation in competitions, web specials, Car Configurator, pre-owned vehicle searches (including search agent, for example) and dealer contact. Without registering, it may not be possible to use some of the services mentioned above or only with a limited scope of functions.
4.1 Registration process
An input field marked with a "*" indicates that the data entered in the relevant field is mandatory for registration and usually includes the following: salutation, first name and surname, postal and e-mail address. It is not possible to register without entering the mandatory data. When registering, you also have the option of voluntarily entering other information such as company contact details, profession, date of birth, etc. Please note that this information is not required for registration and you alone must decide whether you wish to provide us with this data. However, if you do not provide this data, in certain circumstances we may not be able to respond to your needs in the best possible way when using our offers.
We will use the personal data you provide during the registration process to create your profile and identify you every time you subsequently log in. The applicable legal basis for these data processing procedures is Article 6 1 (b) GDPR. Other data may be collected and then linked with your profile data, depending on the service you wish to register for. When the services and offers described below in detail are used, other personal data may also be collected and processed (e.g. payment information specified when placing orders) and disclosed to third parties so that these services and offers can be made available to you.
We will carry out all the processing procedures described in this section either based on your consent, to fulfill our contract with you or on the basis of our legitimate interests – as far as indicated.
You can find out more information about other services and offers in the following section:
4.2 Porsche Classic Online Shop
In order to use this online shop and place orders, you must register with an individual profile, whereby the principles shown in Section 4.1 apply accordingly. When an order is placed, the following data is processed: salutation, first name, surname, postal address, e-mail address. You can also provide other information voluntarily, although this information is not required to place and execute the order.
We will use the personal data you provide when placing the order to execute and process orders and payment transactions initiated via the online shop. If a credit card is used for payment, the card number, card expiration date, cardholder's name and card verification number are collected. The applicable legal basis for these data processing procedures is Article 6 1 (b) GDPR. In order to process payment transactions, we may pass certain relevant items of your data to the payment service provider appointed by us, who will process this data on our behalf or on behalf of the relevant Porsche Dealership in order to execute the payment.
We will delete the data you provided when placing an order as soon as the purpose of collecting the data no longer applies, subject to further storage of the data for the purpose of fulfilling the contract completely (e.g. during ongoing periods of limitation) and existing commercial law and tax law archiving obligations.
4.3 Magazine orders | subscriptions
Registration with an individual profile is required to order a magazine or subscription, e.g. Porsche Times. The principles outlined in Section 4.1 apply accordingly here. When an order is placed, the following data is processed: salutation, first name, surname, postal address, e-mail address. You can also provide other information voluntarily, although this information is not required to place and execute the order.
We will use the personal data you provide when placing the order to execute and process orders and payment transactions initiated. If a credit card is used for payment, the card number, card expiration date, cardholder's name and card verification number are collected. The applicable legal basis for these data processing procedures is Article 6 1 (b) GDPR. In order to process payment transactions, we may pass certain relevant items of your data to the payment service provider appointed by us, who will process this data on our behalf in order to execute the payment.
We will delete the data you provided when placing an order as soon as the purpose of collecting the data no longer applies, in particular when canceling a subscription, subject to further storage of the data for the purpose of fulfilling the contract completely (e.g. during ongoing periods of limitation) and existing commercial law and tax law archiving obligations.
4.4 E-mail newsletter
In order to subscribe to our newsletter, you only need to specify your name (incl. salutation), your e-mail address and your country of residence. We only send newsletters to individuals who have subscribed, i.e. given their consent based on Article 6 (1) (a) GDPR. The contents of a newsletter are relevant for the scope of the consent, provided they are actually described during the subscription process. In addition, our newsletters contain information about our products, offers, campaigns and company.
Subscription is carried out using the so-called double opt-in process, i.e. after subscribing, you receive an e-mail prompting you to confirm your subscription to prevent misuse of your e-mail address. We make a record of all newsletter subscriptions so that we can provide evidence of the subscription process and associated consent in line with legal requirements. Subscriptions are always logged and the mandatory processing of data you entered during the subscription process is performed accordingly on the basis of our legitimate interests according to Article 6 (1) f) GDPR. You can withdraw your consent to receive our newsletter at any time by unsubscribing from the newsletter, for example. You can exercise this right using the unsubscribe link at the end of each newsletter.
4.5 Live chat
If we offer contact and advice via live chat in certain areas of our website, you can communicate live with one of our consultants. When you open and start using the live chat window, for technical reasons your browser automatically transmits the following data, which we store separately from other data that you may communicate to us:
- date and time of access
- duration of your visit to our website
- type of web browser including version
- operating system used
- quantity of data sent
- type of event
- IP address (anonymous)
The legal basis for this data processing is Article 6 (1) f) GDPR, whereby our legitimate interest is aimed at safeguarding and maintaining the operation and security of our website as well as rectifying faults. Within this context, we also process the data anonymously for analytical purposes.
Any additional personal data communicated via live chat is done so voluntarily. We will not actively ask you to provide your personal data. The text you enter in the input mask during the live chat is stored on the server of an external service provider on our behalf. Legal basis for this data processing is Article 6 1 (b) GDPR.
4.6 Psyma user survey
When visiting our website, you may be selected to take part in an anonymous online survey. You can access the online questionnaire by clicking the link displayed. Psyma will only process personal data on our behalf if this data was provided voluntarily as part of the survey; providing your personal data is not a requirement to take part in the survey.
Data is processed on the basis of our legitimate interests according to Article 6 (1) f) GDPR exclusively for the purpose of market research. The survey results provided by Psyma are anonymous and we will always process them anonymously. If you do not wish to take part in the survey, we will set an opt-out cookie on your end device so that you are not selected again. This cookie information is used for 30 days during the course of the survey.
4.7 Other contact
Any personal data communicated via e-mail or a contact form is always done so voluntarily. In order to manage and process your contact request according to Article 6 (1) b) or f) GDPR we will process and possibly disclose your information to third parties (e.g. contracted service providers) within this context. Where there is a possibility of registering, the principles described above in Section 4.1 apply accordingly.
5. Safeguarding of legitimate interests
We will process your personal data for the purpose of safeguarding our legitimate interests. In addition to the interests specified in the description of individual services and offers in Section 4, data processing procedures are performed on our website or after completing registrations, in particular against the background of the following interests:
- Guaranteeing the availability, operation and safety of technical systems as well as technical data management;
- Further development of products, services and care offers;
- Processing data on a central prospect and customer service platform as well as upstream and downstream systems for customer loyalty and sales purposes to provide customers and prospects with personalized support;
- Needs analysis and customer segmentation, e.g. calculation and evaluation of affinities, preferences and potential.
The relevant data is processed on the basis of Article 6 (1) (f) GDPR.
If you have given consent to perform certain data processing procedures, this consent always relates to a specific purpose included in the content of the actual declaration of consent. In this case, data is processed on the basis of Article 6 (1) (a) GDPR. We cannot accommodate the request covered by the consent until you give your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on the consent given before its withdrawal.
Based on any declarations of consent you may have given, the companies listed in the declaration of consent can use data for a specific purpose, such as providing support for customers and prospects, for example, and contact you along one of your preferred communication channels. Your data is used within this framework to offer an exciting brand and service experience with Porsche and ensure that communication and interaction with you is as personal and relevant as possible.
Which of your data items are actually used to provide a personalized service to customers and prospects essentially depends on which data was collected based on requests, orders and consultations (e.g. when purchasing Porsche products) and which data (e.g. your personal interests) you have disclosed to the relevant contact points (e.g. via our website or in the Porsche Dealership). The scope and purpose of the consent you have given actually depends on the formulation of the declaration of consent at the contact point.
7. Recipients of personal data
Internal recipients: Within the Porsche Dealership, the only people who have access are those who need it for the purposes named.
External recipients: We only forward your personal data to external recipients outside the Porsche Dealership if this is necessary for the administering or processing of your issue, if another legal authorization exists, or if we have your consent to forward the data.
External recipients can be:
Dr. Ing. h.c. F. Porsche AG, its Group companies or external service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance for the Porsche AG offering or the provision of content. We carefully select and regularly inspect these processors to make sure that your privacy is protected. The service providers may use the data only for the purposes we have specified and in accordance with our instructions.
b) Public bodies
Authorities and public institutions, such as public prosecutors, courts, or financial authorities to which we must transfer personal data for legal reasons. The data is transferred on the basis of Article 6 (1) (c) GDPR.
c) Private bodies
Service companies, cooperation partners, service providers or persons to whom the data is transferred on the basis of consent, to execute a contract with you or to safeguard legitimate interests, for example, other Porsche Dealerships and Porsche Service Centers, financing banks, providers of other services or transport service providers. The data is transferred on the basis of Article 6 (1) (a), (b) and/or (f) GDPR.
8. Data processing in third countries
If data is transferred to bodies whose headquarters or whose place of data processing is not located in a member state of the European Union or in another country outside of the European Union who is a signatory to the treaty, we ensure before forwarding the data that, outside of legally permitted exceptional cases pertaining to the recipient, either an appropriate level of data protection exists (e.g. through an adequacy decision of the European Commission, through suitable guarantees such as self-certification by the recipient for the EU-US Privacy Shield, or the agreement of EU standard contractual clauses between the European Union and the recipient) or you give sufficient consent for the transfer of the data.
We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. To obtain these, please contact the address specified in Section 1.
9. Duration of storage and deletion
If the description of the individual services and offers do not contain any specific information about the storage duration or deletion of data, the following applies:
We store your personal data only for the length of time necessary to fulfill the intended purposes, or – in the case of consent – until you withdraw your consent. If you withdraw your consent to process your personal data, we will delete it unless relevant legal provisions stipulate that it can be processed further. We will also delete your personal data if we are obliged to do so for other legal reasons.
In line with these general principles, we will usually delete your personal data immediately
- after the legal grounds cease to apply and provided that no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
- if we no longer need the data for the purposes of preparing and executing a contract or legitimate interests and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
- if the purpose of collecting the data no longer applies and no other legal grounds apply (e.g. commercial law and tax law retention periods). If the latter is the case, we will delete the data once the other legal grounds cease to apply.
10. Rights of data subjects
As the data subject affected by the data processing, you have several rights. Specifically:
Right of access: You have the right to obtain information from us about the data that we have stored about you.
Right of rectification and erasure: You have the right to demand that we rectify incorrect data and – provided the legal requirements are met – that we delete your data.
Restriction of processing: You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.
Data portability: If you have provided us with data on the basis of a contract or consent, you have the right, in accordance with the legal requirements, to obtain the data you have provided in a structured, standard, and machine-readable format or you can demand that we transfer this data to another controller.
Objection to the processing of data on the legal grounds of "legitimate interest": You have the right to object at any time, on grounds relating to your particular situation, to our processing of your data, provided this objection is based on the legal grounds of "legitimate interest". If you exercise your right to object, we will cease the processing of your data unless we can – pursuant to the legal requirements – prove compelling legitimate reasons for the further processing, which override your rights.
Withdrawal of consent: If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data remains unaffected up until the time of the withdrawal of consent.
Right to lodge a complaint with a supervisory authority: You can also submit a complaint to the competent supervisory authority if you believe that the processing of your data is in breach of the legislation. To do so, you can apply to the data protection authority that is responsible for your town/city or country or the data protection authority that is responsible for us.
Contacting us: Please do not hesitate to contact us if you have any questions regarding the processing of your personal data, your rights as a data subject, and any consent that you may have given. To exercise all of these above-mentioned rights, please use the contacts specified in Section 1. In doing so, please ensure that it is possible for us to uniquely define you.
11. Integration of third-party offerings
Websites and services delivered by other providers that are linked to our website have been and are structured and provided by third parties. We do not have any influence over the structure, content, or role of these third-party services. We explicitly distance ourselves from all content in all linked third-party offerings. Please note that the third-party offerings linked to our website may install their own cookies on your device or collect personal data. We have no influence over this. Please contact the providers of these linked third-party offerings as required for the relevant information.
Offerings from third parties also include offerings from other Porsche subsidiaries that are linked to our website or otherwise integrated in our website, such as:
- My Porsche
- Porsche Connect
- Porsche Financial Services
- Porsche Classic Online Shop (see Section 4.3 above)
- Porsche Classic Parts Explorer
- Porsche Tequipment | TEQ Finder
- Porsche Driver's Selection
- Porsche Design
- Porsche E-Performance
- Porsche Drive
The names of the relevant provider and person responsible are included, in particular, in the legal notice and relevant data protection information on the corresponding websites.
Scope of application
What are cookies?
We use "cookies" in order to provide you with a comprehensive scope of functions, make it easier to use our service, and optimize our offerings. Cookies are small files, which are stored on your device by your Internet browser.
Categories of cookies
Cookies required for technical reasons: We use certain cookies because they are required for our website and its functions to work properly. These cookies are set automatically when our website is opened or a specific function is activated, unless you have disabled cookies in your browser settings.
Duration of storage
Session cookies: Most cookies are required only for the duration of your current service call or session and are deleted or become invalid as soon as you exit our website or your current session expires. Session cookies are used, for example, to retain certain information during your session such as your login details for our website.
Permanent cookies: Cookies are occasionally stored over a longer period for the purposes of recognizing you when you subsequently access our website again and retrieving saved settings. This makes it faster and easier for you to access our website and means that you do not have to repeat settings such as your selected language, for example. Permanent cookies are deleted automatically at the end of a predefined period when you visit the page or domain from which the cookie was set.
Flow cookies: These cookies are used for communication between various internal Porsche servers. They are created at the start of a user interaction and deleted again when it is ended. Flow cookies are assigned a unique identification number during the interaction. However, this does not allow any conclusions to be drawn with respect to the identity of the actual customer or user.
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses third-party cookies to identify the frequency of use of certain areas of our website as well as preferences. The information on your use of our website (including your shortened IP address) generated by the cookie is transferred to a server operated by Google in the USA and stored there. Google uses this information on our behalf and on the basis of a contract for order processing to analyze your use of our website to compile reports on our website activities for us, and to provide other services relating to the use of the service and Internet usage. The legal basis for the use of Google Analytics is Article 6 (1) (f) GDPR; our legitimate interests arise to this extent from the above-mentioned purposes.
The acceptance of cookies is not obligatory when using our website; if you would prefer not to have cookies saved on your device, you can disable the relevant option in the system settings of your browser. Saved cookies can be deleted at any time in the system settings of your browser. If you choose not to accept any cookies, this can, however, lead to restrictions in the functions offered on our website.
You can also disable the use of Google Analytics cookies with a browser add-on if you do not wish to have web analysis. You can download it here: https://tools.google.com/dlpage/gaoptout?hl=en. "Opt-out" information, which is used for the purposes of assigning your deactivation of Google Analytics, is stored on your device. Please note that this opt-out information only leads to the deactivation of Google Analytics on the device and the respective browser from which it was set. Furthermore, you must set it again when you delete cookies from your device. As an alternative to the browser add-on, you can also prevent data collection by Google Analytics on mobile devices by clicking on the following link. An "opt-out cookie" is then created, which prevents the future collection of your data. The opt-out cookie is valid only for the browser used to set it and only for our website and is stored on your device. You must set the opt-out cookie again when you delete cookies from your browser.
You can also enable the "Do Not Track function" on your device. If this function is enabled, your device informs the respective service that it does not wish to be tracked.