In the following, we would like to inform you about the collection and processing of your personal data. Personal data (hereinafter "Data") means any information concerning an identified or identifiable natural person. With this data protection and privacy information, we inform you about the type, scope, and purpose of the collection of Data by Porsche Financial Services and how we process this Data. In addition, we inform you about the rights you have with respect to the processing of your Data.
Porsche Financial Services GmbH & Co. KG is a leasing company and sole "controller" within the meaning of the GDPR for the processing of your Data required for the conclusion, performance and termination of leasing contracts and any related purposes. Within the scope of its operations, Porsche Financial Services GmbH & Co. KG is supported by Porsche Financial Services GmbH as "processor" within the meaning of the GDPR.
Porsche Financial Services GmbH is the sole "controller" within the meaning of the GDPR for the processing of your Data required for the brokerage of and/or assistance in financings (Porsche Finance), insurances (e.g. Porsche CarPolicy Flex, Porsche Approved, Porsche Assistance), credit cards (e.g. Porsche Card S) and renting within the scope of Porsche rental products (e.g. Porsche Drive Rental, Porsche Drive Abo and Porsche Drive Flex) and any related purposes.
The following summary of our data protection and privacy information is intended to give you an overview of the processing of your Data. On the pages following this summary, please find the complete data protection and privacy information. The corresponding sections of the complete data protection and privacy information can also be accessed through a link at the end of each of the following sections.
For consolidated information on the processing of your Data, the processing purposes and legal bases in connection with specific rental products of Porsche Financial Services GmbH, please refer to Section 6 of this summary.
1. Scope
With respect to the processing of your Data by Porsche Financial Services GmbH & Co. KG, this data protection and privacy information shall apply to the conclusion, performance and termination of leasing contracts with Porsche Financial Services GmbH & Co. KG and any related purposes (e.g. sureties).
With respect to the processing of your Data by Porsche Financial Services GmbH, this data protection and privacy information shall apply to the brokerage of and/or assistance in financings, insurances, credit cards and renting within the scope of Porsche rental products (e.g. Porsche Drive Rental, Porsche Drive Abo and Porsche Drive Flex) and any related purposes. For further information, please refer to Paragraph I, Section 1 of the complete data protection and privacy information or use the following link.
2. Contact
If you wish to exercise your rights as a data subject or have any questions about this information, you can email the controller at financial.services@porsche.de or the controller's data protection officer directly at pfs-datenschutz@porsche.de , stating wherever possible the relevant controller's name. For further information, please refer to Paragraph I, Section 2 of the complete data protection and privacy information or use the following link.
First, we process Data that you provide us in connection with the initiation and conclusion of the contract. Which Data is processed in detail and how it is used primarily depends on the individual services applied for by you and/or agreed with you. This may be the following Data in particular: Your name and other master and identification data, your contact data, contract data, vehicle data, your bank details, your income and assets situation, information on your personal circumstances (e.g. employer), corporate customer data and other data in connection with the performance of the respective business relationship, if applicable. For further information with respect to Porsche Financial Services GmbH & Co. KG, please refer to Paragraph II, Section 1 (link) and with respect to Porsche Financial Services GmbH to Paragraph III, Section 1 (link) of the complete data protection and privacy information.
The processing purposes shall be largely determined by the individual services applied for or agreed upon. Your Data can be processed for the following purposes: Drafting and performance of contracts (e.g. leasing contracts and/or guarantee contracts), credit standing checks, scoring and rating, identity checks, prevention of and protection against violations of law (in particular criminal offenses), prevention of fraud and money laundering, fight against terrorist financing, customer inquiries including complaint management, refinancing by sale and assignment of receivables, audit, accounting and taxes, ensuring legally compliant action, assertion of and defense against legal claims, retention and archiving, ensuring availability, operation and safety of technical systems as well as technical data management, controlling, business/risk control, process and product improvement (including development and enhancement of systems (including artificial intelligence) for process improvement), disclosure within the scope of official/court measures and customer and prospect are/advertising. For further information with respect to Porsche Financial Services GmbH & Co. KG, please refer to Paragraph II, Section 2 (link) and with respect to Porsche Financial Services GmbH to Paragraph III, section 2 (link) of the complete data protection and privacy information.
We process your Data only if an appropriate legal basis is in place. For further information with respect to Porsche Financial Services GmbH & Co. KG, please refer to Paragraph II, Section 2 (link) and with respect to Porsche Financial Services GmbH to Paragraph III, Section 2 (link) of the complete data protection and privacy information.
Porsche Financial Services GmbH processes Data that you provide us in connection with the reservation, initiation and conclusion of the contract as well as the performance of the contract. This is the following Data in particular: master data, contact data, communication data, Identification data and driver's license data, bank details and/or credit card data, inquiry and contract data, vehicle and driving data as well as, in exceptional cases, location data of the vehicle, data on the provision of a security, insurance and adjustment of damages data, investigative data, corporate customer data, if applicable, and other data. Your Data can be processed for the following purposes: Sale and redemption of vouchers, conclusion and performance of the leasing contracts (including reservations) and vehicle handover, credit standing checks, scoring, rating, registration by credit bureau, taking back of vehicles during or after the end of the rental period, identity checks, ensuring accuracy of the Data, prevention of fraud and prevention of and protection against violations of law (in particular criminal offenses), law enforcement and prosecution of criminal offenses and administrative offenses, disclosure within the scope of official/court measures, customer inquiries including complaint management, audit, accounting and taxes, assertion of and defense against legal claims, retention and archiving, ensuring availability, operation and safety of technical systems as well as technical data management, controlling, business/risk control, process and product improvement (including development and enhancement of systems (including artificial intelligence) for process improvement), customer and prospect care/advertising. For further information on the respective rental product, please refer to Paragraph IV (link).
At Porsche Financial Services, only those departments needing your Data within the scope of their activity do actually receive it. We disclose your Data to recipients outside Porsche Financial Services (e.g. dealers, credit bureau, marketing agencies) only if this is required for the handling or processing of your inquiry or for the performance of the contract or if otherwise permitted under statutory law (e.g. a prevailing legitimate interest exists) or if we have obtained your valid consent. For further information, please refer to Paragraph V, Sections 2 (link) and 5.1 (link) of the complete data protection and privacy information. Further data protection information on the implementation of customer and prospect care at Porsche can be found in Paragraph V, Section 3 (link) of the full data protection information.
In the context of assessing your creditworthiness, we use, among other things, a scoring procedure. This is based on a mathematically and statistically recognized and proven procedure. Within the scope of processing existing customer inquiries, in particular when checking and evaluating your creditworthiness documents, we make use of automated decision-making to a certain extent in order to be able to make a fair and responsible decision. To this end, we use the information you provide to us via the self-disclosure form and substantiate with supporting documents, external creditworthiness information from reputable service providers (e.g. SCHUFA), and information about your previous payment history. For the Porsche rental products Porsche Drive Abo and Porsche Drive Flex, our experience from previous business relationships and certain information from credit bureaus (SCHUFA, Creditreform) are taken into account in the creditworthiness decision. Currently, we only carry out fully automated decision-making processes in the event of an indicative assessment of a positive decision on your request. You can find more information on this under Paragraph V, Section 5 (link).
We will delete your Data as soon as it is no longer needed for the purposes for which it was initially collected or if this is required in accordance with the applicable statutory provisions unless there are contractual or statutory storage periods or storage rights in place precluding the erasure. For further information, please refer to Paragraph V, Section 6 of the complete data protection and privacy information or use the following link.
According to the applicable statutory provisions in each case, you have certain rights, e.g. the right of access to your Data and the right to rectification, erasure or restriction of processing of your Data as well as the right to data portability. If you have any questions, please use the contact details provided in Paragraph I, Section 2 of the complete data protection and privacy information. For further information, please refer to Paragraph V, Section 5 of the complete data protection and privacy information or use the following link.
1. To whom does this data protection and privacy information apply?
With respect to the processing of your Data by Porsche Financial Services GmbH & Co. KG, this data protection and privacy information shall apply to the conclusion, performance and termination of leasing contracts with Porsche Financial Services GmbH & Co. KG and any related purposes, which are in particular described in more detail in Paragraph II, Section 2.
With respect to the processing of your Data by Porsche Financial Services GmbH, this data protection and privacy information shall apply to the brokerage of and/or assistance in financings (Porsche Finance), insurances (e.g. Porsche CarPolicy Flex, Porsche Approved, Porsche Assistance), credit cards (e.g. Porsche Card S) or renting within the scope of Porsche Drive Rental, Porsche Drive Abo, Porsche Drive Flex and any related purposes as well as in the event of the assignment of receivables from Baden-Württembergische Bank, Stuttgart, to Porsche Financial Services GmbH and as in particular described in more detail in Paragraph III, Section 2.
For information on offers of other Group companies of the Dr. Ing. H.c. F. Porsche AG (hereinafter “Porsche Group”), our cooperation partners and credit bureaus, please refer to the respective data protection and privacy statements of these services and/or cooperation partners.
2.1 The independent controller within the scope of leasing contracts is:
Porsche Financial Services GmbH & Co. KG
Porschestraße 1,
74321 Bietigheim-Bissingen, Germany
Phone: +49 711 911-12003
Email: financial.services@porsche.de
2.2 The independent controller within the scope of the brokerage of and/or assistance in financings, insurances, credit cards and rental products is:
Porsche Financial Services GmbH
Porschestraße 1,
74321 Bietigheim-Bissingen, Germany
Phone: +49 711 911-12003
Email: financial.services@porsche.de
With regard to processing within the scope of intra-group administration and division of responsibilities by way of centralized systems, we are generally joint controllers together with other Group companies of Dr. Ing. h.c. F. Porsche AG. Joint processes in particular relate to the operation and use of jointly used databases, platforms and IT systems. For information on joint controlling in relation to customer and prospect care, please refer to Paragraph V, Section 3.1.
Joint controlling of Porsche Financial Services GmbH exists with Dr. Ing. h.c. F. Porsche AG and the Porsche Centres with regard to the processing of personal data in the context of the contract management of Porsche Assistance and Porsche Approved with respect to the joint use of the central IT systems “World Warranty System”, which is provided and operated by Dr. Ing. h.c. F. Porsche AG.
Joint control with Porsche Sales and Marketplace GmbH (Porscheplatz 1, 70435 Stuttgart, Germany) as regards the processing of personal data exists on the part of
The exchange of personal data between us and further Group companies as joint controllers is usually based on Article 6 (1) point (f) GDPR, because we have a legitimate interest in the effective implementation of the processing within the scope of the intra-group administration and division of responsibilities by way of centralized systems. The exchange of personal data between us and the Baden-Württembergische Bank as joint controllers is generally based on Article 6 (1) point (f) GDPR. We have a legitimate interest in a practicable organization of the processes within the joint business relationship and the exchange of data for the fulfillment of legal requirements for the performance of creditworthiness or credit checks of customers as well as the protection against criminal acts endangering assets.
With respect to the joint processes, we determine the purposes and means of the processing of personal data together with the respective Group companies In an arrangement on joint control pursuant to Article 26 GDPR, we have determined with the relevant companies the way the respective tasks and responsibilities in the processing of personal data are designed and who is to comply with which obligations under data protection laws. In particular, we determined how an adequate level of security and your rights as a data subject can be ensured, how we can jointly comply with the duties to provide information under data protection laws, and how we can monitor potential data protection incidents. This also includes that we can ensure compliance with our reporting and notification obligations (to the extent we are subject to such obligations). You can request further information on this arrangement via the above-mentioned contact details. In legitimate cases, we will provide you with the relevant regulations.
Porsche Financial Services remains at your disposal as your central point of contact. You can, however, also assert your rights with respect to any processing under joint control vis-à-vis a jointly responsible Group company. To the extent you contact us, we will coordinate with the relevant companies within the meaning of the arrangement pursuant to Article 26 GDPR in order to answer your inquiries and guarantee your rights as a data subject.
Please do not hesitate to contact our data protection officer if you have any data protection-related questions, stating wherever possible the name of the controller addressed. You can write them to the controller's address provided above, adding "Data Protection Officer, PFS Group Data Protection" or email them at pfs-datenschutz@porsche.de.
We would like to inform you that any communication by email will not be encrypted, and that authenticity and integrity of the data is, thus, not warranted. Please feel free to submit your documents in encrypted format. For information on the various options, please visit our website at www.porsche.de/pfs/datenaustausch. In case you do not want to make use of these options, we kindly ask that you send sensitive information by mail to the above-mentioned address.
1. Where is your Data from and which Data will be processed?
We process your Data in accordance with the principles of data reduction and data economy only to the extent that this is required, we are permitted to do so under applicable legal requirements, we are required to do so by statutory law, or you have given your consent.
Subject to compliance with the legal requirements and for purposes of investigating addresses, performing credit standing checks, collecting receivables or perform risk management, information on your person may also be requested from third-party sources (e.g. Data from credit bureaus, sanctions/money laundering/terrorist financing databases, Data from lists of debtors, land registers, commercial registers and registers of associations, press, media or other public bodies as well as Data from address investigation companies and collection agencies). For more information on the use of external creditworthiness information from reputable service providers (SCHUFA, Creditreform Boniversum, possibly GRIF Bürgel), please refer to Paragraph V, Section 5.1 link.
Moreover, we also receive further Data from third parties (in particular from dealers) such as vehicle data (e.g. vehicle identification number, license plate number, information on the condition). To the extent that the vehicle is not otherwise trackable, the seizure of the vehicle offers the opportunity to have the service provider determine the location of the vehicle via GPS tracking in order to enforce our claim for surrender in the event of theft or misappropriation.
2. For what purposes and on which legal basis will your Data be processed?
We process your Data always for a specific purpose and only to the extent this is necessary to accomplish that purpose. Your Data is processed based on the following legal bases:
after balancing of interest
of leasing contracts
of payments, answering of inquiries, return
process (vehicle value determination, seizure,
and recycling of vehicles), handling of all
services included (e.g. maintenance processes,
CO2 compensation), assistance in adjustment
of claims, coordination of recall actions
contract (Article 6 (1) point (b) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR
within the scope of the business
relationship
scoring and rating (for more
information in this context,
please see Paragraph V,
Section 5)
(e.g. SCHUFA, Creditreform, CRIF Bürgel) as
well as subsequent internal use of Data for the
purpose of creditworthiness checks (within the
scope of the application consideration and
contract performance), testing of Data quality
and score card development/validation,
reporting of contract-infringing or fraudulent
behavior
(Article 6 (1) point (c) GDPR);
balancing of interests
(Article 6 (1) point (f) GDPR)
(e.g. SCHUFA) is in our legitimate interest
and serves the purpose of compliance with
statutory requirements to perform credit
standing and/or creditworthiness checks
with respect to customers (section 505a
German Civil Code (Bürgerliches Gesetzbuch;
BGB), section 18a German Banking Act
(Kreditwesengesetz; KWG)).
Reduction of default risks
note of the additional data
protection information
concerning the use of the
video identification
procedure (Video-IdentProcedure)
Authentication control, verification
of legal competency, legitimation
under anti-money laundering laws
contract (Article 6 (1) point (b)
GDPR); compliance with legal
obligations (Article 6 (1) point (c)
GDPR), consent (Article 6 (1) point
(a) GDPR)
protection against violations
of law (in particular
criminal offenses),
prevention of fraud and
money laundering, fight
against terrorist financing
suspected cases within the scope of leasing
contracts
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
including complaint
management
inquiries and requests of prospects and
customers, processing of complaints
(exchange with dealers and other Group
companies to clarify facts and circumstances,
as applicable)
contract (Article 6 (1) point (b)
GDPR); balancing of interests (Article 6
(1) point (f) GDPR)
within the scope of the business
relationship
assignment of receivables
refinancing of the leasing contracts, aliased and encrypted
transfer of the Data to a trustee who will store
them until the occurrence of a defined risk
(trigger event); transfer of Data in the case of
assignment of receivables.
assurance of continuity of contracts,
improved conditions for customers
(Article 6 (1) point (c) GDPR)
Balancing of interests (Article 6 (1)
point (f) GDPR)
management, in particular of the internal
control mechanism, correctness and
efficiency of activities and processes
accounting, statistics, and comparative
calculation, as well as budgeting), statutory
documentation, consolidated accounting
(Article 6 (1) point (c) GDPR)
action, asserting of and
defending against legal
claims
receivables, seizure of vehicles (by using
GPS tracking, as applicable), Authentication of
signatures
(1) point (b) GDPR); balancing of
interests (Article 6 (1) point (f)
GDPR), Assertion and defense of
legal claims (Article 9 (2) point f
GDPR)
under tax, trade and regulatory laws
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
defending our rights (e.g. collection of receivables)
operation and safety of
technical systems as well as
technical data management
reporting, tests and analysis
of weaknesses
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
safety objectives (integrity and
confidentiality, availability and
transparency
control
concerning corporate management, reporting
concerning economic parameters
(Article 6 (1) point (c) GDPR)
Balancing of interests (Article 6 (1)
point (f) GDPR)
processes, cost control
and products (including
development and
enhancement of systems
(including artificial
intelligence) for process
improvement)
aftersale services, as well as other measures for
steering business transactions and processes,
improvement of the product quality,
development and use of new technologies for
task automation, training of data processing
artificial intelligence, which should replace the
manual preparation of decision making and
thereby accelerate manual processing
(including decision-making)
point (f) GDPR)
products
of official/court measures
(KWG, German Money Laundering Act
(Geldwäschegesetz; GwG), tax laws) and
reports to public bodies (e.g. financial services
authorities, Deutsche Bundesbank and the
Federal Financial Supervisory Authority)
required under statutory law, forwarding of
contact data in case of tickets, fines, fees or the
like, to the respective authorities
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
and compliance with statutory requirements,
assertion and defense of our rights
care/advertising
GDPR), balancing of interests
(Article 6 (1) point (f) GDPR) to the
extent admissible under statutory
law
care
III. Data processing by Porsche Financial Services GmbH
Please note: For information on the processing of your Data in connection with rental products of Porsche Financial Services GmbH, such as Porsche Drive Rental, Porsche Drive Abo and Porsche Drive Flex, please refer to Paragraph IV.
1. Where is your Data from and which Data will be processed?
We process your Data in accordance with the principles of data reduction and data economy only to the extent that this is required, we are permitted to do so under applicable legal requirements, we are required to do so by statutory law, or you have given your consent.
Relevant Data usually includes:
In particular within the scope of any vehicle financing and assignment of receivables from Baden-Württembergische Bank, Stuttgart, to Porsche Financial Services GmbH, these may also include
If you have already registered Data on the "My Porsche" portal, this Data is automatically inserted in the "Personal Data" fields of the electronic application.
Subject to compliance with the legal requirements and for purposes of investigating addresses or collecting receivables, information on your person may also be requested from third-party sources (e.g. Data from address investigation companies and collection agencies, Data from lists of debtors, land registers, commercial registers and registers of associations, press, media or other public bodies). Moreover, we also receive further Data from third parties (in particular from dealers) such as vehicle data (e.g. vehicle identification number, license plate number).
2. For what purposes and on which legal basis will your Data be processed?
We process your Data always for a specific purpose and only to the extent this is necessary to accomplish that purpose. Your Data is processed based on the following legal bases:
after balancing of interest
implementation of
brokerage of and/or
assistance in financings,
insurances and credit cards
of payments, answering of inquiries, assistance
in adjustment of claims
contract (Article 6 (1) point (b) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR
within the scope of the business
relationship
services for credit cards
("convenience services")
provided to the customer by service providers,
answering inquiries
contract (Article 6 (1) point (b)
GDPR)
note of the additional data
protection information
concerning the use of the
video identification
procedure
competency, creation of an advanced electronic
signature
contract (Article 6 (1) point (b)
GDPR); compliance with legal
obligations (Article 6 (1) point (c)
GDPR), consent (Article 6 (1) point
(a) GDPR)
including complaint
management
inquiries and requests of prospects and
customers, processing of complaints
(exchange with dealers and other Group
companies to clarify facts and circumstances,
as applicable)
contract (Article 6 (1) point (b)
GDPR); balancing of interests (Article 6
(1) point (f) GDPR)
within the scope of the business
relationship
(Article 6 (1) point (c) GDPR)
Balancing of interests (Article 6 (1)
point (f) GDPR)
management, in particular of the internal
control mechanism, correctness and
efficiency of activities and processes
accounting, statistics, and comparative
calculation, as well as budgeting), statutory
documentation, consolidated accounting
(Article 6 (1) point (c) GDPR)
action, asserting of and
defending against legal
claims
relationships for protection against and
prevention of legal violations, defense in legal
disputes, collection of receivables, seizure of
vehicles (by using GPS tracking, as applicable),
authentication of signatures
(1) point (b) GDPR); balancing of
interests (Article 6 (1) point (f)
GDPR), Assertion and defense of
legal claims (Article 9 (2) point f
GDPR)
assets, assertion and defense of our rights
under tax, trade and regulatory laws
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
defending our rights (e.g. collection of
receivables)
operation and safety of
technical systems as well as
technical data management
reporting, tests and analysis
of weaknesses
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
safety objectives (integrity and
confidentiality, availability and
transparency)
control
concerning corporate management, reporting
concerning economic parameters, Scorecard
development/validation as well as use of
experience from previous business relationships
for reduction of default risks
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6 (1)
point (f) GDPR)
,cost control, reduction of default
risks
and products (including
development and
enhancement of systems
(including artificial
intelligence) for process
improvement)
aftersale services, as well as other measures for
steering business transactions and processes,
improvement of the product quality,
development and use of new technologies for
task automation, training of data processing
artificial intelligence, which should replace the
manual preparation of decision making and
thereby accelerate manual processing
(including decision-making)
point (f) GDPR)
products
of official/court measures
implementing controls required under statutory
law (e.g. tax audit)
(Article 6 (1) point (c) GDPR);
balancing of interests (Article 6
(1) point (f) GDPR)
requirements
care/advertising
GDPR), balancing of interests
(Article 6 (1) point (f) GDPR) to the
extent admissible under statutory
law
support
IV. Product-specific information on rental products (Porsche Drive)
The below information refers to all Porsche Drive Rental, Porsche Drive Flex and Porsche Drive Abo, unless expressly referring to only one of those.
1. Where is your Data from and which Data will be processed?
We process your Data in accordance with the principles of data reduction and data economy only to the extent that this is required, we are permitted to do so under applicable legal requirements, we are required to do so by statutory law, or you have given your consent.
First, we process Data that you provide us in connection with the initiation and conclusion of the contract. Which Data is processed in detail primarily depends on the services applied for by you and/or agreed with you. In case of rental products, the relevant Data generally comprise:
Subject to compliance with the legal requirements and for purposes of investigating addresses, performing credit standing checks, collecting receivables or perform risk management, information on your person may also be requested from third-party sources (e.g. Data from credit bureaus, sanctions/money laundering/terrorist financing databases, Data from lists of debtors, land registers, commercial registers and registers of associations, press, media or other public bodies as well as Data from address investigation companies and collection agencies). For more information on the use of external creditworthiness information from reputable service providers (e.g. SCHUFA), please refer to Paragraph V, Section 5 (link).
2. For what purposes and on which legal basis will your Data be processed?
after balancing of interests
vouchers (at Porsche
Drive Rental)
payment processing
acquirer of the voucher, information for
personalization, as applicable
contract (Article 6 (1)
point (b) GDPR)
performance of rental
contracts (including
reservations) and
handover of vehicles
processing of offers and
reservations, collection of
payments, answering inquires,
handling of all services
included (depending on the
product, e.g. Connect Services,
maintenance processes),
adjustment of claims,
coordination of recall actions
communication data, payment
information for the rental amount,
reservation information, request and
contract data, information on the
provision of a security, vehicle and
driving data
contract (Article 6 (1)
point (b) GDPR); balancing
of interests (Article 6 (1)
point (f) GDPR)
the processes within the
scope of the business
relationship
(for more information in
this context, please see
Section 5) in case of
Porsche Drive Abo and
Porsche Drive Flex
bureaus (e.g. SCHUFA,
Creditreform) as well as
subsequent internal use of
Data for the purpose of
creditworthiness checks
Section 1.2)
contract (Article 6 (1)
point (b) GDPR); compliance
with legal obligations
(Article 6 (1) point (c)
GDPR); balancing of
interests (Article 6
(1) point (f) GDPR)
credit bureaus is in our
legitimate interest and
serves the purpose of
compliance with statutory
requirements to perform
creditworthiness checks
with respect to customers
(sections 505a, 506 BGB).
Reduction of default risks.
bureaus
or fraudulent behavior to
SCHUFA (Paragraph V, Section
5.1)
information, creditworthiness data
(Article 6 (1) (f) GDPR)
over indebtedness of the
applicant, reduction of default risks
applicable, seizure of) a vehicle
at the end of the rental period
or, in case of Porsche Drive
Flex, during the contract
period, valuation and damage
assessment
information for settlement, time of
return, mileage, vehicle condition data.
contract (Article 6 (1)
point (b) GDPR); balancing
of interests (Article 6 (1)
point (f) GDPR)
the processes within the
scope of the business
relationship
accuracy of the Data
check, check that customer
details are correct.
driver's license data
contract (Article 6 (1) point
(b) GDPR), balancing of interests
(Article 6 (1) point(f) GDPR).
Data
protection against
violations of law (in
particular criminal offenses), prevention of fraud
handling of suspected cases
license data, ID card data, inquiry and
contract data
(Article 6 (1) point (f) GDPR).
crimes, Combating
economic crime
prosecution of criminal
offenses and
administrative offenses,
disclosure within
the scope of official/court measures
data as well as driver's license
data to the competent
authorities or a court in case of
a criminal offense or
administrative offense in
connection with the rental
vehicle; assertion of claims in
cases of damage or breaches
of contract by the renter
license data, ID card data, investigation
data, contract data, vehicle as well as
driving data
obligations (Article 6
(1) point (c) GDPR);
balancing of interests
(Article 6 (1) point (f) GDPR)
and claims, protection
against financial crimes
including complaint
management
case may be, extra-contractual
inquiries and requests of
prospects and customers,
Processing of complaints
(exchange with dealers and
other Group companies to
clarify facts and
circumstances, as applicable)
communication data, inquiry and
contract data
contract (Article 6 (1)
point (b) GDPR); balancing
of interests (Article 6 (1)
point (f) GDPR)
the processes within the
scope of the business
relationship
investigations
communication data, inquiry and
contract data, payment information for
the rental amount, driver's license data,
ID card data, information on the
provision of a security, vehicle and
driving data
obligations (Article 6 (1)
point (c) GDPR); balancing of
interests (Article 6 (1)
point (f) GDPR)
appropriateness of risk
management, in particular of
the internal control
mechanism, correctness and
efficiency of activities
and processes
(external and internal
accounting, statistics and
comparative calculation, as
well as budgeting), statutory
documentation, consolidated
accounting
information
obligations (Article 6 (1)
point (c) GDPR)
compliant action,
asserting of and
defending against legal
claims
collection and sale of
receivables, seizure of
vehicles, tracking the location
of the vehicle in case of
justified suspicion of
misappropriation, fraud or
theft (cf. Paragraph IV,
Section 1.2)
(Article 6 (1) point (b)
GDPR); balancing of
interests (Article 6 (1) point
(f) GDPR)
defending our rights;
preventing the loss of the
vehicle, protection against
financial crimes
retention obligations under
tax, trade and regulatory laws
obligations (Article 6
(1) point (c) GDPR);
balancing of interests
(Article 6 (1) point (f) GDPR)
and defending our rights (e.g.
collection of receivables)
operation and safety of
technical systems as
well as technical data
management
and reporting, tests and
analysis of weaknesses.
obligations (Article 6
(1) point (c) GDPR);
balancing of interests
(Article 6 (1) point (f) GDPR)
warranty of safety objectives
(integrity and confidentiality,
availability and transparency)
business/risk control
statistical analyses concerning
corporate management,
reporting concerning
economic parameters.
obligations (Article 6
(1) point (c) GDPR);
balancing of interests
(Article 6 (1) point (f) GDPR)
of business processes, cost control
processes and products
(including development
and enhancement of
systems (including
artificial intelligence) for
process improvement)
services and aftersale
services, as well as other
measures for steering
business transactions and
processes, improvement of
the product quality,
development and use of new
technologies for task
automation, training of data
processing artificial
intelligence, which should
replace the manual
preparation of decision making
and thereby accelerate manual
processing (including
decision-making)
part of the development and
enhancement of systems, also
creditworthiness data (Paragraph IV,
section 1.2.)
(Article 6 (1) point (f) GDPR)
processes and products
care/advertising
communication data, inquiry and
contract data, vehicle as well as driving
data, i.a. (for more information, please
refer to Paragraph V, Section 3 and
here)
(1) point (a) GDPR),
balancing of interests
(Article 6 (1) point (f) GDPR
) to the extent admissible
under statutory law
Within the scope of our business relationship, you will only have to provide the Data required to perform the contract or to take steps prior to entering into the contract, the Data we are obliged to collect under statutory law or the Data required to safeguard the legitimate interests of Porsche Financial Services. If you fail to provide the respective Data to us, it may be impossible to provide certain services. To the extent that the processing of your Data is not mandatory for the conclusion and performance of the contract, you provide such Data on a voluntary basis, and it will be marked as optional.
2. Who will receive your Data?
At Porsche Financial Services, only those departments needing your Data within the scope of their activity do actually receive it. We disclose your Data to third-party recipients only if this is required for the handling or processing of your inquiry or for the performance of the contract or if otherwise permitted under statutory law (e.g. a prevailing legitimate interest exists) or if we have obtained your valid consent.
Your responsible Porsche dealer will receive your Data [in his capacity] as a broker and/or contact partner for the purpose of performing the contract and for the implementation of possible warranty claims (e.g. Paragraph XIII, Section 2 of the leasing agreement), as the case may be. The dealer will receive all information for the purpose of attending and providing advice to you to the necessary extent. For more information, please refer to Paragraph V, Section 3.
Enterprises and/or business units of the Porsche Group will centrally take care of certain Data processing tasks for the Group's affiliates within the scope of a joint control or as processor (such as, e.g., the provision of IT services) on behalf of Porsche Financial Services. If you enter into contracts with us, certain Data may be transferred for internal administrative purposes (for instance, the central administration of address data, dial-in customer service, processing of contracts and services, receivables management, joint processing of the mail or internal audit) within the Porsche Group, and centrally processed by any Porsche Group company. For more information on joint controlling with other enterprises / business units of the Porsche Group, please refer to Paragraph I, Section 2.3.
Moreover, Data (e.g. vehicle identification numbers) may be disclosed to Dr. Ing. h.c. F. Porsche AG for the purpose of joint consolidated accounting in accordance with international accounting standards or also to Porsche Deutschland GmbH for the purpose of subsidizing contracts.
Porsche Financial Services will revert to a number of additional third-party service providers for assistance in the provision of the listed services, which will be commissioned on behalf of Porsche Financial Services within the scope of the strict requirements for data processing under data protection laws. Among the service providers used by, and providing services on behalf of, us are, for instance, IT service providers and other business partners and auxiliary persons (e.g. logistics, call centers, marketing agencies).
In addition, we may disclose your Data to the following categories of recipients acting as controllers under data protection laws, to the extent required to achieve the above- described purposes:
The transmission will then be effected on the basis of compliance with legal obligations (Article 6 (1) point (c) GDPR) or a balancing of interests (Article 6 (1) point (f) GDPR).
Furthermore, in connection with the review and the conclusion of an assumption of contract and/or a guarantee contract, Data may be disclosed to the respective obligor, to the extent necessary for the performance of contract (Article 6 (1) point (b) GDPR) or consent was given (Article 6 (1) point (a) GDPR).
3. How is customer and prospect care implemented at Porsche?
In the following, we would like to provide you with further information on the implementation of customer and prospect care at Porsche in accordance with data protection law. The measures serve to ensure that customer and prospect care is appropriate.
The measures within the scope of customer and prospect care (in particular service and support, implementation of legal requirements, requirement analyses, individual support via the desired communication channels) are generally not carried out by the responsible person alone. In addition to the respective Porsche Centers, Porsche Deutschland GmbH as importer, Dr. Ing. h.c. F. Porsche AG as manufacturer and its affiliated companies in the areas of financial and mobility services, digital services and lifestyle products are also involved in customer and prospect support under the Porsche brand. An up-to-date list of the companies involved with their contact details is available at https://www.porsche.com/germany/joint-customer-care/.
By using a central platform, we avoid the situation where information on your products, contact data and interests is not available from your contact at Porsche and you may therefore first have to be referred to another participating company. By exchanging and comparing data, we ensure that you receive the best possible service and advice. Of course, only the participating companies have access to your data that actually need it for operational purposes.
In certain cases, joint customer and prospect support can lead to joint controlling. For this reason, the participating companies have stipulated in an agreement pursuant to Article 26 of the GDPR how the respective tasks and responsibilities for processing personal data are structured and who fulfills which data protection obligations. In particular, it was determined how an appropriate level of security can be achieved and how your data subject rights and data protection information obligations can be guaranteed. Porsche Deutschland GmbH (Porschestr. 1, 74321 Bietigheim-Bissingen, https://www.porsche.com/international/privacy/contact/) is available to you as a central contact in addition to the other companies involved.
3.2 Individual customer and prospect care.
Insofar as you have given your voluntary consent to individual customer and prospect support, contact data, support and contract data, service information and data on interests, vehicles and services used will be used by the companies involved in joint customer and prospect support to send you personally tailored information and offers on vehicles, services and other products from Porsche, invitations to events and surveys on satisfaction and expectations via the desired communication channels and to create an individual customer profile.
The specific data used for this purpose depends on the data collected on the basis of orders and consultations or provided by you. If appropriate approvals have been given, other data sources (data from the vehicle or on online usage) may also be included. You will receive more detailed information on how the data is combined when the relevant approval is given.
In order to offer an inspiring brand and customer care experience with Porsche and to make communication and interaction as personal and relevant as possible, the aforementioned data is used for needs analyses and customer segmentation. On this basis, affinities, preferences, and customer potential, for example, can be determined by the companies involved as part of individual customer and prospect care. Examples of such measures to individualize support are key figures on your likely product interests and on your satisfaction. This personal evaluation and allocation in a customer profile only takes place if you have given your voluntary consent to individual customer and prospect care. Without your consent, we will use the aforementioned data in the context of customer and prospect care only to perform general evaluations based on the aggregated data of customers and prospects in order to optimize our offers and systems and align them with overarching interests. Please note that evaluations of your data may also be carried out beyond customer and prospect care, in which case this is done on the basis of your specific consent or another legal basis.
When we send e-mails for individual customer and prospect support, we may use standard market technologies such as tracking pixels or click-through links. This allows us to analyze which or how many e-mails are delivered and/or rejected and/or opened. The latter is done in particular by means of tracking pixels. Measuring the opening rate of our e-mails by means of tracking pixels is not fully possible if you have deactivated the display of images in your e-mail program. In this case, the e-mail will not be displayed to you in full. However, it is still possible for us to track whether an e-mail has been opened if you click on text or graphic links in the e-mail. By using click-through links, we can analyze which links in our e-mails are clicked on and deduce what interest there is in certain topics. When clicking on the corresponding link, you are guided through our separate analysis server before calling up the target page. Based on the analysis results, we can make e-mails more relevant as part of individual customer and prospect support, send them in a more targeted manner or prevent them from being sent.
If a data transfer takes place to entities whose registered office or place of data processing is not located in a member state of the European Union, another state party to the Agreement on the European Economic Area or a state for which an adequate level of data protection has been determined by a decision of the European Commission, we will ensure prior to the transfer that either the data transfer is covered by a statutory permit, that guarantees for an adequate level of data protection with regard to the data transfer are in place (e.g., through the agreement of contractual warranties, officially recognized regulations or binding internal data protection regulations at the recipient), or that you have given your consent to the data transfer.
If the data is transferred on the basis of Articles 46, 47 or 49 paragraph 1, subparagraph 2 GDPR, you can obtain from us a copy or reference to the availability of the guarantees for an adequate level of data protection in relation to the data transfer. Please use the information provided under Paragraph I, Section 2.
5. To what extent is there profiling and automated decision-making?
5.1 Data exchange with credit bureaus and scoring/rating
We process all data that is necessary to carry out the credit assessment of the contractual partners (including the personally liable partners and guarantors). This includes the information that you provide to us via the self-disclosure form and prove by means of supporting documents. Depending on the product, information about your income and financial circumstances, including the origin of assets, as well as information about your personal circumstances (e.g. marital status, maintenance obligations, professional status) is collected and processed. Subject to compliance with the legal requirements, information about you may also be requested from third party sources for the purpose of credit assessment.
Depending on the legal form, additional data is taken into account when scoring corporate customers (e.g. sector, company age, business results). In addition, a rating is carried out for corporate customers above a certain business volume, in which the current business figures in the form of annual financial statements and business evaluations are also included. In this case, the rating is used in addition to our own experience of your payment behavior and the information from the credit bureaus when making the credit decision. The aforementioned information is processed in the credit check process.
Data protection and privacy information of SCHUFA Holding AG
Porsche Financial Services shall transfer personal data - collected within the scope of the leasing contractual relationship – regarding the application, development and termination of the business relationship to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany. This also applies to information regarding any behaviour in breach of the contract or fraudulent conduct in leasing, loan or rental agreements. The permissibility of these data transfers is founded upon Article 6 (1) point (b) and Article 6 (1) point (f) GDPR. Data may only be transferred on the basis of Article 6 (1) point (f) of the GDPR if this is necessary to defend the legitimate interests of Porsche financial Services or third parties and does not outweigh the interests or fundamental rights and freedoms of the affected party requiring the protection of personal data. Data is also exchanged with SCHUFA to fulfil legal obligations of Porsche Financial Services or of the cooperation partners concerning the performance of customer credit rating checks (Sections 505a and 506 of the German Civil Code; Section 18a of the German Banking Act). In this respect, the customer also releases the cooperation partners from banking secrecy. SCHUFA shall process the data it receives and also use this for profiling (scoring) purposes, in order to provide its contractual partners in the European Economic Area, Switzerland and any other third countries (provided the European Commission has declared such countries as appropriate or standard contractual clauses have been agreed, which can be viewed at www.schufa.de) with information used for credit rating checks on natural persons and other purposes. More detailed information on SCHUFA’s activities can be found on the SCHUFA-Information in accordance with Article 14 of GDPR, and online at www.schufa.de/datenschutz.
Data protection and privacy information of Boniversum GmbH
Porsche Financial Services transfers personal data such as the name, address, date of birth, previous address, if applicable, as well as the reason for the inquiry for the purpose of credit rating checks to credit bureau Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany. In order to describe your creditworthiness, Creditreform Boniversum GmbH calculates a score based on your data. The legal basis for this transfer is Article 6 (1) point (b) and Article 6 (1) point (f) GDPR. Transfers on the basis of Article 6 (1) point (f) GDPR are only admissible to the extent that this is required to safeguard the legitimate interests of Porsche Financial Services or third parties and unless the interests are overridden by the data subject's interests or fundamental rights and freedoms. The exchange of information with Creditreform Boniversum GmbH also serves the purpose of compliance with legal obligations of Porsche Financial Services or its cooperation partners to perform creditworthiness checks with respect to customers (Sections 505a and 506 of the German Civil Code; Section 18a of the German Banking Act). In this respect, the customer also releases the cooperation partners from banking secrecy. More detailed information on Creditreform Boniversum GmbH's activity as well as their information according to GDPR are available online at https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer- verbraucher/.
Porsche Financial Services shall transfer personal data - collected within the scope of the leasing contractual relationship – regarding the application, development and termination of the business relationship to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany. This also applies to information regarding any behaviour in breach of the contract or fraudulent conduct in leasing, loan or rental agreements. The permissibility of these data transfers is founded upon Article 6 (1) point (b) and Article 6 (1) point (f) GDPR. Data may only be transferred on the basis of Article 6 (1) point (f) of the GDPR if this is necessary to defend the legitimate interests of Porsche financial Services or third parties and does not outweigh the interests or fundamental rights and freedoms of the affected party requiring the protection of personal data. Data is also exchanged with SCHUFA to fulfil legal obligations of Porsche Financial Services or of the cooperation partners concerning the performance of customer credit rating checks (Sections 505a and 506 of the German Civil Code; Section 18a of the German Banking Act). In this respect, the customer also releases the cooperation partners from banking secrecy. SCHUFA shall process the data it receives and also use this for profiling (scoring) purposes, in order to provide its contractual partners in the European Economic Area, Switzerland and any other third countries (provided the European Commission has declared such countries as appropriate or standard contractual clauses have been agreed, which can be viewed at www.schufa.de) with information used for credit rating checks on natural persons and other purposes. More detailed information on SCHUFA’s activities can be found on the SCHUFA-Information in accordance with Article 14 of GDPR, and online at www.schufa.de/datenschutz.
Data protection and privacy information of Boniversum GmbH
Porsche Financial Services transfers personal data such as the name, address, date of birth, previous address, if applicable, as well as the reason for the inquiry for the purpose of credit rating checks to credit bureau Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany. In order to describe your creditworthiness, Creditreform Boniversum GmbH calculates a score based on your data. The legal basis for this transfer is Article 6 (1) point (b) and Article 6 (1) point (f) GDPR. Transfers on the basis of Article 6 (1) point (f) GDPR are only admissible to the extent that this is required to safeguard the legitimate interests of Porsche Financial Services or third parties and unless the interests are overridden by the data subject's interests or fundamental rights and freedoms. The exchange of information with Creditreform Boniversum GmbH also serves the purpose of compliance with legal obligations of Porsche Financial Services or its cooperation partners to perform creditworthiness checks with respect to customers (Sections 505a and 506 of the German Civil Code; Section 18a of the German Banking Act). In this respect, the customer also releases the cooperation partners from banking secrecy. More detailed information on Creditreform Boniversum GmbH's activity as well as their information according to GDPR are available online at https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer- verbraucher/.
In the course of processing inquiries from existing customers, in particular when checking and evaluating your creditworthiness documents, we make use of automated decision- making to a certain extent in order to be able to make a fair and responsible decision. To this end, we use the information you provide to us via the self-disclosure form and substantiate with supporting documents, external creditworthiness information from reputable service providers (SCHUFA, Creditreform, Creditreform-Boniversum, possibly CRIF Bürgel), and information about your previous payment history. For more information, please refer to Paragraph V, Section 5.1. To ensure that the methods used to assess creditworthiness are fair, effective and independent, they are regularly reviewed by us.
We will store your Data as long as necessary for fulfilling the purpose for which we collected your Data. This means that, as a rule, we will store your Data at least for the duration of our business relationship, unless the Data has to be deleted earlier.
Irrespective of the purpose for which we collected your Data we will store your Data to the extent required to comply with our retention and documentation duties. Such duties may inter alia result from the German Commercial Code (Handelsgesetzbuch; HGB), German General Tax Code (Abgabenordnung; AO) as well as KWG and GwG). The periods specified therein for storage and documentation are up to 15 years, taking into account assessment periods and operational necessities.
Finally, the storage period may also be determined by the statutory avoidance and limitation periods, i.e. the time period for which the Data might still be required to satisfy or avoid claims that are not statute-barred (e.g. for the collection of receivables and securing evidence). In accordance with sections 195 et seqq. BGB, these periods may e.g. cover up to thirty years.
Under certain circumstances, it may also be required to store your Data longer, e.g. in connection with official or court proceedings. After that, we will erase your Data from our systems and records and/or take measures to properly anonymize your Data so that you can no longer be identified based on your Data.
7. What rights do you have?
As a data subject, you have the following data protection rights under statutory law:
entitled to claim information on the Data concerning you stored by Porsche Financial Services as well as on the scope of our processing
activities and the Data transfers made by us and to obtain a copy of the stored Data.
This is in particular the case when
-your Data is no longer required for the purposes for which it was collected;
-you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
-you have objected on grounds relating to your particular situation to processing based on the legal basis of legitimate interests
and we are unable to demonstrate compelling legitimate grounds for the processing which override your interests;
-your Data has been unlawfully processed; or
-your Data has to be erased for compliance with a legal obligation.
Where we share your Data with third parties, we will inform such third parties of the erasure to the extent that this is required under statutory
law. Please note that your right to erasure is subject to certain restrictions. We are e.g. not obliged or allowed to erase Data that have t
o be retained to comply with the statutory storage periods. As a rule, your right to erasure does further not apply to Data that we require for the
legitimate establishment, exercise or defense of legal claims
where one of the following applies:
-The accuracy of the Data is contested by you and we need to verify the accuracy of the Data
-the processing is unlawful and you oppose the erasure of the Data and request the restriction of their use instead
-we no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or
defense of legal claims;
you have objected to processing pending the verification whether our legitimate grounds override yours.
Where processing has been restricted, the Data will be marked accordingly and - with the exception of storage - will only be processed with
your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person
or for reasons of important public interest of the EU or of a EU Member State
transfer that Data to another controller without hindrance from us, where the processing is based on your consent or on a contract and the
processing is carried out by automated means. You also have the right to have the Data transferred directly from one controller to another,
where this is technically feasible and does not adversely affect the rights and freedoms of others.
consent. You have the right to withdraw your consent at any time free of charge and with effect for the future. Withdrawals of consent should
be addressed to the contact details indicated under Paragraph I, Section 2 of the complete general data protection and privacy information.
The central contact for consent, revocation and queries regarding the declaration of consent for individual customer and prospect care is
Porsche Deutschland GmbH, Porschestr. 1, 74321 Bietigheim-Bissingen – a short message by mail or via the contact form
https://www.porsche.com/germany/privacy/contact/ is sufficient. When doing so, please ensure that we are able to clearly identify you.
When revoking consent, you can alternatively choose the contact method used when giving your consent.
Please note that the withdrawal only takes effect for the future. A withdrawal of consent does not affect the lawfulness of processing based
on consent before its withdrawal. As a result of your withdrawing your consent, we may no longer be able to perform some or all of our services
without processing this Data. We will erase the Data if you have withdrawn your consent and no other legal basis for processing your Data
applies. If another basis for processing applies, we will erase the Data after that legal basis ceases to apply
advertising
for this purpose. If you exercise your right to object, we will stop processing your data for this purpose
"legitimate interests" (Article 6 (1) point (f) GDPR). This also applies to profiling within the meaning of Article 4 no. 4 GDPR, i.e. the processing
of your Data for credit standing purposes based on the above provision.
If you exercise your right to object, we will no longer process your Data unless we can - in accordance with the statutory requirements -
demonstrate compelling legitimate grounds for processing your Data that demonstrably establish an overriding legitimate interest of Porsche
Financial Services in processing your Data.
The lawfulness of the processing of your Data before the objection remains unaffected thereof
Phone: +49 (0) 7 11/61 55 41-0, fax: 07 11/61 55 41- 15
Email: poststelle@lfdi.bwl.de
In addition, you can contact us free of charge in case of questions with respect to the processing of your Data, your rights as Data subject and a consent given, if applicable. Please contact us at pfs-datenschutz@porsche.de or send a letter to the address specified above in Paragraph I, Section 2 of the complete data protection and privacy information to exercise any of your rights mentioned above or obtain more information on data protection at Porsche Financial Services, stating wherever possible the name of the controller/s addressed. Please ensure that clear identification of your person is possible for us.
We reserve the right to review and update this data protection and privacy notice on a regular basis. Any changes will be published at: www.porsche.de/pfs/datenaustausch.
Therefore, you should visit this website regularly to stay up to date with the latest version of the Data Protection and Privacy Information.
Last updated: 08/2024
Valid as of August, 2024
Porsche Financial Services Websites Porsche Drive
You can use our websites to conclude the products Porsche Drive Rental, Porsche Drive Flex and Porsche Drive Abo (hereinafter also referred to as “Porsche Drive”) This requires you to be registered with My Porsche and have a Porsche ID user account. Some features on our websites are also available without registration. For further details see Point 2.3.
1. Data Controller and Data Protection Officer
Unless otherwise expressly stated in this or a Specific Privacy Policy based thereon and, if applicable, in the further Special Data Protection Notices of the respective service, the entity responsible for data processing within the meaning of the data protection laws is:
Porsche Financial Services GmbH
Porschestraße 1
74321 Bietigheim-Bissingen
Germany
E-mail: financial.services@porsche.de
Data Protection Officer
Porschestraße 1
74321 Bietigheim-Bissingen
Germany
Contact: pfs-datenschutz@porsche.de
The object of data protection is the protection of personal data. This is any information that relates to an identified or identifiable natural person (so-called data subject). This includes details such as name, postal address, e-mail address or telephone number, but also other information that arises in the course of using our Porsche Digital Service Infrastructure and vehicle usage data.
[Registration is not possible without the mandatory data. The mandatory data required for the registration and creation of a user profile are marked with an "*" in the respective input field: salutation, first and last name, address and email address. When creating a user profile, you have the option of voluntarily providing additional information, such as company contact data, profession, date of birth, etc. Please note that these details are not required for registration and that you alone decide whether you wish to provide us with these details. If you do not provide us with this information, we may not be able to fully comply with your wishes when using this function. The data you provide will be used by us to create your user profile and to identify you later on each login. Depending on the function for which you are registering, further data, e.g. a vehicle configuration selected by you, may be collect-ed and then linked to your profile data. When using the functions described in detail below, further personal data may also be collected and processed (e.g. payment data when placing orders) and, if necessary, transmitted to third parties (e.g. Porsche Centers) in order to provide you with these functions.
We process your personal data to comply with legal obligations to which we are subject. The data processing is based on Article 6 paragraph 1 letter c) GDPR. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.
We also process your personal data to pursue the legitimate interests of ourselves or third parties, unless your rights, which re-quire the protection of your personal data, outweigh these interests. The data processing is based on Article 6 paragraph 1 letter f) GDPR. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests.
We process your personal data on the basis of corresponding consent. The data processing is based on Article 6 paragraph 1 letter a) GDPR. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You may revoke any consent you have given at any time, without affecting the legality of the processing that has taken place on the basis of the consent until revocation.
If we process your personal data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, in accordance with Article 6 paragraph 4 GDPR, the compatibility of the original and the now pursued purpose, the nature of the personal data, the possible consequences of further processing for you and the guarantees for the protection of the personal data.
3.6 Profiling
We do not carry out automated decision making or profiling in accordance with Article 22 GDPR. Profiling is only carried out to protect our legitimate interests as described above.
4. Special notes on the use of our website
To a certain extent, it is possible to use this website without logging in. Even if you use the website without registration, personal data may still be processed. Below you will find an overview of the type, scope, purposes of and legal grounds for automated data processing that takes place when using our website. For information on the processing of personal data when using the individual specific features and services, please refer to Point 5 below.
The following data will be processed by us when you access our website with your device:
4.2 Cookies and comparable technologies
We use cookies and similar technologies within the framework of the website, which serve to communicate with your terminal device and to exchange stored information (hereinafter collectively "cookies"). These cookies are primarily used to make the functions of the website usable. General examples in which the use of cookies is technically necessary in this sense are the storage of a language selection, login data or a shopping or watch list. Accordingly, technically necessary cookies may be used by us to enable the processing operations described above and to ensure the proper and secure operation of the website. Data processing takes place on the basis of the GDPR Article 6, Paragraph 1 (b) and (f), as this is necessary for implementation of the functions that you select and in order to safeguard our legitimate interest in the functionality of our website.
If you do not wish to use cookies in general, you can also prevent any storage by means of the relevant settings on your device. Stored cookies can be erased at any time using the system settings of your device. Please note that blocking certain types of cookie may result in impaired use of our website.
When using individual features such as "Closest Porsche Drive Rental location", you may be asked to grant access to your location.
Granting permissions is voluntary. However, if you wish to use the relevant features, you must grant the corresponding permissions, otherwise you will not be able to use these features.
Permissions remain active unless you revoke them in your device and/or Internet browser by deactivating the relevant setting.
You can voluntarily provide personal information or register for services or features when using our website. When registering and using the services and features described below, personal data will be collected, processed and used by us as shown below.
It is necessary to register in advance and to create a Porsche ID user account in order to use the services and features described in Point 5.1. The services and features described in Point 4.1 can be used partly without prior registration.
5.1 Registration process and creation of a Porsche ID user account under joint controlling
We offer a registration and login process for our online services that uses Porsche ID. This means that you do not have to remember any new login data for our online services. The Porsche ID and the corresponding service are provided by Porsche Sales and Marketplace ("PSM GmbH"). Information on the registration process and the creation of your Porsche ID user account can be found in the Privacy Policy of PSM GmbH (https://www.porsche.com/international/connect-privacy/).
The processing of data within the course of the registration and login process using the Porsche ID takes place on the basis of Article 6 (1) (b) and (f) DSGVO so that we can register you with your user account for our online service and/or identify you when you log in. We pursue - in addition to the conduct of the procedure or process requested by you
In an agreement with the relevant Marketplace participants on joint responsibility, we have defined, pursuant to GDPR Article 26, the respective tasks and responsibilities in the processing of personal data and the responsible parties to fulfil data protection obligations. In particular, we have defined how an appropriate level of security and your rights as a data subject can be ensured, how we can jointly comply with data protection information obligations and how we can monitor potential data protection incidents. This also includes ensuring that we can fulfil our reporting and notification obligations. If you have contacted us (for PFS listed under Point 1) or PSM GmbH using the contact information provided, we will consult with each other to address your inquiry and ensure your rights as data subject.
5.2 Using the individual features with registration/login
When using the registration and login procedure using the Porsche ID, you will be redirected to the login/registration screen of the PSM GmbH for the Porsche ID. Here you log in with your User name and password for the Porsche ID, if you are not already logged in via single sign-on.
We then receive a message from the PSM GmbH that you have successfully logged in and the registration or login for our online service is completed. In the process, we ourselves do not come in contact with the User name and password for the Porsche ID. As part of the registration and login process, you confirm to the PSM GmbH that we may access the profile data of your Porsche ID user account for this purpose. This then also applies, if applicable, to the payment data stored there. Thus, you do not have to re-enter or maintain (e.g., if your address changes) your profile data and, if applicable, payment data in order to create your user profile for our online service. Conversely, changes to the profile data in the user account of our service will then also be synchronized accordingly in your user account for the Porsche ID.
The functions within the scope of our service on our website as well as the personal data processed in each case, purposes and legal bases are described below.
Product-specific information about vehicle rental as well as the handling of personal data can be obtained in section IV from the General Data Privacy Information of Porsche Financial Services GmbH & Co. KG and Porsche Financial Services GmbH (https://porschedrive.porsche.com/germany/en-DE/custom-page/privacy).
Insofar as we integrate services of other providers within the framework of our website in order to offer you certain content or functions (e.g. playing videos or route planning) and we process personal data in the process, this is done on the basis of Article 6 Paragraph 1 (b) and (f) GDPR. This is because the data processing is then necessary to implement the functions you have selected or to safeguard our legitimate interest in an optimal range of functions. Insofar as cookies may be used within the scope of these third-party services, the explanations under section 1.1.3 apply. Please also inform yourself about the privacy policy of the respective provider with regard to the third-party services.
Services of other providers that we include or to which we refer are provided by the respective third parties. Third-party services generally also include services offered by Porsche AG and other group companies. As a matter of principle, we have no influence over the content and function of third-party services and are not responsible for the processing of your personal data by their providers, unless the third- party services are designed entirely on our behalf and then integrated by us under our own responsibility. Insofar as integrating a third-party service leads to our establishing joint processes with the service provider, we establish an agreement with this provider on joint responsibility pursuant to GDPR Article 26, defining the respective tasks and responsibilities in the processing of personal data and the responsible parties for fulfilling data protection obligations. Insofar as cookies are also to be set on the basis of your consent, you will receive further information on the responsibility for setting these cookies or any associated third-party services in the corresponding areas of the consent management.
Unless otherwise stated, profiles on social media are only integrated as links to the corresponding third-party services. After clicking on the embedded text/image link, you will be redirected to the service of the respective social media provider. After forwarding, personal data may be collected directly by the third-party provider. If you are logged into your user account of the respective social media provider during this time, the provider may be able to assign the collected information of the specific visit to your personal user account. If you interact via a "Share" button of the respective social media provider, this information may be stored in the personal user account and possibly published. To prevent the collected information from being directly assigned to your user account, you must log out before clicking on the embedded text/image link.
8. Rights of data subjects
As the person whose data is being processed, you have numerous rights at your disposal. For details, please refer to section V, Point 7 from our General Data Privacy Information of Porsche Financial Services GmbH & Co. KG and Porsche Financial Services GmbH, which can be retrieved at https://www.porsche.com/germany/accessoriesandservices/porsche financialservices/contact/. In particular, you may object to the use of cookies or similar technologies at any time. For more information, please refer to point 5 of our Cookie Policy https://www.porsche.com/germany/privacy/cookie-policy/.
9. Changes to this Privacy Policy and version
We reserve the right to modify this Specific Privacy Policy. The current version of the Privacy Policy can always be found at https://porschedrive.porsche.com/germany/en-DE/custom-page/privacy.
Date: 18.07.2024