Data Protection Statement

Porsche Golf Circle App

We, Dr. Ing. h.c. F. Porsche AG (hereinafter “we” or “Porsche AG“), are grateful for your use of our Porsche Golf Circle App (hereinafter "App") and for your interest in our company and our products. Your privacy is important to us. We take the protection and confidential handling of your personal data very seriously. Your personal data is processed only in compliance with the provisions of data protection law, in particular the EU General Data Protection Regulation (hereinafter "GDPR")." We use this data protection statement to inform you about the processing of your personal data and your rights as a data subject when using our app. You can find information on additional services and additional products of the Porsche group in the relevant data protection statement of these services or of Porsche companies.

1. Controller of the Data Processing; Contact

Controller of the data processing within the meaning of data protection laws is:

Dr. Ing. h.c. F. Porsche AG Porscheplatz 1 70435 Stuttgart Germany Tel: (+49) 0711 911-0

If you have questions or suggestions regarding data protection, please contact us.

You can reach our data protection officer as follows:

Dr. Ing. h.c. F. Porsche AG Officer for Data Protection Porscheplatz 1 70435 Stuttgart Germany Contact: http://por.sc/privacycontact

2. Object of Data Protection

The object of data protection is the protection of personal data. This is all information that refers to an identified or identifiable natural person (known as a data subject). Personal data includes, for example, information such as name, mailing address, email address or telephone number, but also information that necessarily arises during the use of our app such as information regarding the beginning, end and scope of the usage as well as the transmission of your IP address and/or device ID.

3. Type, Scope, Purposes and Legal Bases of the Automated Data Processing

The use of our app is possible to some extent without logging in. Even if you use it without logging in, however, personal data may be processed.

You will receive an overview below of the type, scope, purposes and legal basis for the automated data processing during your access to our app. You can find information on the processing of personal data when using the individual services and functions in sections 4 and 5 below.

3.1 Provision of our app

The following data is processed when you access our app via your device:

  • date and time of the access,
  • duration of use,
  • type of mobile device / mobile device version,
  • operating system used,
  • app version used,
  • features that you use,
  • system terminations and comparable events,
  • user authentication token,
  • IP address.

We process this data on the basis of Article 6(1)(f) GDPR for providing the app, for ensuring the technical operation and for purposes of determining and rectifying malfunctions. The interest we pursue is enabling use of our app and ensuring the long-term functionality thereof. When our app is opened, this data is automatically processed. Without providing the data, you cannot use our app. We do not use this data for the purpose of drawing inferences as to your identity.

3.2 Cookies

When using our app, so-called "cookies" and "cookie-like technologies," generally small files, may be stored on your terminal device in order to offer you an extensive array of functions, to make use more convenient and to be able to optimize our offerings. If you do not wish to use cookies or cookie-like technologies, you can block storage of them on your device by appropriate settings of your terminal device, browser or the app and use separate objection options. Please note that this may restrict the functionality and the functional scope of our offerings. You can obtain extensive information on the type, scope, purposes, legal bases and possibilities for objecting to the data processing for cookies and cookie-like technologies from our Cookie Policy.

4. Access Authorizations in the Terminal Device

The functions "Registration process and creating a user profile," "Verification of the user profile," "Community functions," and "Member Moments" support the uploading of pictures from the terminal device. Therefore you are requested to grant authorization for access to the camera or image library in the terminal device.

If you wish to receive push notifications about new content and receive friend requests within the Porsche Golf Circle community, you can use the appropriate setting in your terminal device to grant the authorizations for push notifications on a voluntary basis.

Granting the authorization is voluntary. If you wish to use the above-mentioned features, however, granting the appropriate authorizations is necessary, because you cannot use the features otherwise.

The authorizations remain active for as long as you do not reset them in your terminal device by deactivating the relevant setting.

If you use an iOS device, you can withdraw the authorization in the Data Protection options of your iOS settings. In Android, the authorization is withdrawn via Settings, Apps and Authorizations. This may vary depending on the device manufacturer and Android version.

5. Individual Services and Functionalities

When using our app you can voluntarily enter personal data or register for services or functions. We collect, process and use personal data as follows during the registration and usage of the services and features described below.

Prior registration and the creation of a user profile are necessary for using the services and functions in our app that are described in section 5.3. The services and features described in section 5.4 require a verification in addition to registration.

5.1 Registration process and creating a user profile

(a) Mandatory data for registration

The following mandatory information, which is marked with "*", is requested during registration and creation of your user profile:

  • title,
  • first name,
  • last name,
  • email address,
  • password,

5.2 Verification of the user profile

The Porsche Golf Circle is a purely voluntary customer community, so that the users are able to have themselves verified as customers with Porsche AG. Verified users have access to additional functions of the app, such as the "community functions." The following categories of personal data, in addition to the data indicated in section 5.1, are processed during the registration:

  • ID document (at most 2 pictures can be uploaded, for which the ID number is not relevant),
  • proof of vehicle ownership (no more than 2 pictures can be uploaded),
  • the VIN numbers of the vehicles in question.

The data transmitted in this process is transmitted to Porsche AG or its affiliates in order to check the customer's status. The documents are destroyed after successful verification; the VIN number is stored in the user's profile, but not published. The verification is voluntary. If you do not perform it, however, the features mentioned in section 5.4 will not be available.

We process this data on the basis of Article 6(1)(b) GDPR, in order to verify you as a user/owner of a Porsche vehicle and thus a customer, and to make the desired functions available to you in this regard and thus carry out the related customer relationship with you.

5.3 Usage of the individual functions with registration/log-in

The features within the app and the personal data processed for each function will be described below.

5.3.1 Usage of push notifications

Prior registration and log-in with a user profile are required for using this function.

This function allows you to be informed about new content and friendship requests via push notifications. When push notifications are used, the data listed in section 5.1 for registration, as well as possible extra information relating to the respective push notifications is processed. You can deactivate the receipt of push notifications at any time in the settings of the terminal device, as described in section 4.

We process this data on the basis of Article 6(1)(b) GDPR, in order to make the desired services available to you in this regard and thus carry out the related customer relationship with you.

5.3.2 Email newsletters

Prior registration and log-in with a user profile are required for using this function.

To subscribe to our email newsletters, it is sufficient to check the relevant box during or after your registration. The email newsletters will be sent only after your confirmation of registration and the creation of the user profile (double opt-in procedure). We send email newsletters only after an appropriate subscription request and with your consent, on the basis of Article 6(1)(1) GDPR. If the content is specifically described during registration for the email newsletter, this content determines the scope of the consent. Among other things, our email newsletters contain information about new content of the Porsche Golf Circle community.

When email newsletters are used, the data listed in item 5.1 for registration, as well as possible extra information relating to the respective email newsletter is processed.

You may revoke your consent to receive our email newsletters at any time by unsubscribing from the email newsletter. You can find an unsubscribe link for exercising this right at the end of every newsletter.

Model of at least one Porsche vehicle in your possession. Registration and creation of a user profile are not possible without this obligatory data.

(b) Voluntary data for the registration

As part of your registration you have the opportunity to provide additional information voluntarily at any time:

Your (academic) title, golf handicap, interests by category and subcategory, profile picture, title picture, city, state or country, birth date, cell phone number, land line number, personal profile text, 3 favorite courses you would like to play someday (bucket list), at most 3 Porsche vehicles, and 2 other vehicles you own.

Please note that this data is not necessary for registration and you alone decide whether you would like to communicate it to us.

We use the double opt-in procedure to create your user profile, which means that you receive an email after registration in which you are requested to confirm your registration, in order to prevent improper use of your personal data. The registration is not completed until you have clicked the confirmation link, and you can then use your user profile. We log the registration and creation of your user profile in order to be able to verify the registration process in conformity with legal requirements.

We process the collected data on the basis of Article 6(1)(b) GDPR, in order to create your profile and identify you at each log-in. Depending on the service and function for which you are registering, additional data may be collected and then linked to your profile data.

5.4 Usage of the individual functions with verification

The features within the app and the personal data processed for each function will be described below.

5.4.1 Community features Using this feature requires prior registration and log-in with a user profile and verification

This function allows you to submit requests for contact, filter member lists and view opportunities for contact (to the extent these have been enabled by the user). The Porsche Golf Circle app is the digital home of the community and the central hub for all activities. Information from your personal profile and activities are a good basis for like-minded people from across the world to network with you. After successful registration, your profile will be available to other verified users for interaction. The registration and verification also create a character of exclusiveness and additional privacy.

The following categories of personal data are processed when this function is used.

(a) Profile page

The following data is displayed on the profile page, to the extent that it has been entered in the profile:

  • profile and background picture,
  • title, name and last name,
  • city and state/country,
  • golf club and golf handicap,
  • personal profile text,
  • interests by category and subcategory,
  • top 3 - bucket list,
  • contacts from the community.

Data that you must explicitly enable for it to be visible to other users:

  • email address,
  • cell phone number,
  • landline number.

The information provided regarding your vehicles (Porsche and others) is not displayed to community members.

(b) Leaderboard

The following data of the member in question is displayed in the leaderboard:

  • profile picture,
  • title, name and last name,
  • golf handicap.

(c) Interest in events

We offer information about exclusive golf events in the app. As soon as you, as a verified user, announce your interest on the detail page of the event in question, you can also activate the visibility of your interest in order to link up with other verified visitors.

After that, the following data is displayed in the event field:

  • profile picture,
  • title, name and last name,
  • city and state/country,
  • golf handicap.

This is voluntary information. If you do not provide this data, however, we may not be able to fully satisfy your wishes for using this function.

We process the collected data on the basis of Article 6(1)(b) and (f) GDPR, in order to make your profile in the Porsche Golf Circle available to other users for linking up.

5.4.2 Transmission of a link for application to Porsche Golf Circle events

Using this feature requires prior registration and log-in with a user profile and verification

This function allows you, as a verified user, to obtain information about spectacular Porsche Golf Circle events. If you have announced your interest in the event in the app, you will receive a single email at the email address you have recorded in the profile as soon as application for this event begins, containing an application link to an external reservation platform on which you can make a binding application for the event.

When this function is used, the data indicated in item 5.1, as well as additional information relating to the email notification in question, will be processed.

This is voluntary information. If you do not provide this data, however, we may not be able to fully satisfy your wishes for using this function.

We process this data on the basis of Article 6(1)(b) GDPR, in order to make the desired services available to you in this regard and thus carry out the related customer relationship with you.

5.4.3 Member Moments

Using this feature requires prior registration and log-in with a user profile and verification

This function allows you to create brief content in the form of texts and/or pictures and make it accessible to other users. You can also mark a golf course at which you are currently present. You can select the golf course at which you are present from a golf course database, but the location of your device (geo-data) is not accessed. You also have the opportunity to delete your contribution at any time.

If this function is used, the following categories of personal data, in addition to the data indicated in section 5.1, are processed:

  • your individually authored text,
  • your shared picture,
  • the golf course at which you indicate you are currently present.

This is voluntary information. If you do not provide this data, however, we may not be able to fully satisfy your wishes for using this function.

We process this data on the basis of Article 6(1)(b) GDPR, in order to make the desired services available to you in this regard and thus carry out the related customer relationship with you.

6. Safeguarding legitimate interests

We process your personal data in order to safeguard our legitimate interests. In addition to the interests listed in the description of the individual services and offerings under sections 3 and 5, data processing within the context of using our app, and after successful registration, takes place in terms of the following interests:

1. improvement of products, services, service provision, and customer care offerings, as well as other measures for controlling business events and processes; 2. improvement of product quality, elimination of faults and malfunctions, among other things; 3. handling of warranty and goodwill cases, processing of extra-contractual requests and concerns from interested parties and customers; 4. risk control and coordination of recalls; 5. assurance of legally compliant action, prevention of and protection against violations of law (particularly criminal offenses), assertion of and defense against legal claims; 6. guaranteeing the availability, operation and security of technical systems and technical data management.

The data is processed in each case on the basis of Article 6(1)(f) GDPR.

7. Consent

If you grant consent to certain data processing activities, it is always limited to a purpose; the purposes in each case follow from the contents of the specific declaration of consent. Data is processed in this case on the basis of Article 6(1)(a) GDPR. Without a statement of consent, we cannot fulfill your request covered by the consent. You may at any time revoke consent you have granted, without affecting the lawfulness of the processing done on the basis of the consent prior to the revocation.

8. Recipients of personal data

Internal recipients: Within Porsche AG, access is granted only to those persons who require access for the relevant mentioned purposes.

External recipients: We transfer your personal data to external recipients outside Porsche AG only if it is necessary for handling or processing your concern, if some other legal permission exists, or if we have your consent thereto.

External recipients may include:

a) Contract processors

Group companies of Porsche AG or external service providers we engage for rendering services, for example in the fields of technical infrastructure and maintenance for the offerings of Porsche AG, or for providing content. We carefully select contract processors and regularly review them to ensure that your privacy is safeguarded. The service providers are permitted to use data solely for the purposes we specify and in accordance with our directives.

b) Public entities

Authorities and governmental institutions such as public prosecutors, courts or tax authorities, to which we must transmit personal data for legally compelling reasons. The transmission is then based on Article 6(1)(c) GDPR.

c) Private entities

Porsche sales and service companies, cooperation partners, service providers or persons to whom the data must be transmitted for the performance of a contract with you or to safeguard legitimate interests, for example Porsche Centers and Porsche Service Centers, financing banks, providers of additional services or transport service providers. The transmission is then based on Article 6(1)(a), (b) and/or (f) GDPR.

9. Data processing in third countries

If data is transmitted to entities of which the headquarters or the location of data processing is not in a member state of the European Union or another contractual state in the Agreement on the European Economic Area, we ensure prior to transmission that, apart from legally allowed exceptional cases, the recipient either has an appropriate data protection level (e.g. by an acceptability decision of the European Commission, by suitable guarantees such as a self-certification by the recipient for the EU-US Privacy Shield, or by an agreement to so-called EU standard contractual clauses of the European Union with the recipient) or if you grant your consent to the data transmission.

You may obtain an overview of the recipients in third countries and a copy of the specifically agreed-upon regulations for ensuring the appropriate level of data protection. Please use the information in Section 1 for this purpose.

10. Automated decision-making and profiling

We do not use any automated decision-making within the meaning of Article 22 GDPR for preparing, establishing and conducting business relationships. Any profiling is done only to safeguard our legitimate interest within the scope of the processing purposes described in the present document.

11. Duration of storage, deletion

Insofar as no information as to the specific duration of storage or deletion of data is set forth in the description of the individual services and offerings, the following applies:

We store your personal data only as long as necessary for fulfilling the specified purposes, or – with your consent – as long as you have not withdrawn consent. In the event of a protest against the processing, we will erase your personal data unless further processing is allowed under the relevant provisions of law. We also delete your personal data if we are obligated to do so for other legal reasons.

Applying these general principles, we normally delete your personal data immediately

  • if the legal basis becomes inapplicable, unless another legal basis intervenes (e.g. preservation requirements under trade or tax law), If the latter is the case, we will delete the data when the other legal basis becomes inapplicable.
  • if the data is no longer necessary for our purposes of preparing and performing a contract or for legitimate interests, unless another legal basis intervenes (e.g. preservation requirements under trade or tax law), If the latter is the case, we will delete the data when the other legal basis becomes inapplicable.
  • if our purposes for performing the collection become inapplicable, unless another legal basis intervenes (e.g. preservation requirements under trade or tax law). If the latter is the case, we will delete the data when the other legal basis becomes inapplicable.

12. Rights of data subjects

As a subject of the data processing, you are entitled to a number of rights. In detail:

Right to information: You have the right to obtain information from us regarding the stored personal data relating to your person.

Right to rectification and deletion: You can demand that we rectify incorrect data and – insofar as legal prerequisites are satisfied – delete your data.

Restriction of processing: You can demand – insofar as legal prerequisites are satisfied – that we restrict the processing of your data.

Data portability: If you have provided data to us on the basis of a contract or a consent, then if the legal prerequisites are satisfied you can demand to receive the data provided by you in a structured, commonly-used and machine-readable format or that we transfer this data to another data controller.

Objection to data processing under the legal basis of "legitimate interests": for reasons that result from your particular situation, you have the right to object at any time to data processing by us insofar as it is motivated by the legal basis of "legitimate interest." If you exercise your right to object, we will cease processing of your data unless we can – according to the legal specifications – demonstrate urgent, protection-worthy reasons for further processing that outweigh your rights.

Objection to cookies/cookie-like technologies: You can additionally object at any time to the use of cookies or cookie-like technologies. You can find details in our cookie policy statement.

Revocation of consent if you have granted us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data prior to the revocation shall remain unaffected.

Right to appeal to the supervisory authority: You may submit an appeal to the competent supervisory authority if you believe that the processing of your data infringes on applicable law. For this purpose, you may contact the data protection authority with jurisdiction for your place of residence or state, or the data protection with jurisdiction for us.

Your contact with us: Furthermore, you can contact us free of charge in case of questions regarding the processing of your personal data, your rights as a data subject and any consent that may have been granted. To exercise the rights mentioned above, please contact http://por.sc/privacycontact, or by postal service at the address listed above in section 1. Please ensure that we can unambiguously establish your identity.

13. Links to third-party offerings

Websites and services of other providers that are linked to from our app have been and will be designed and provided by third parties. We have no influence on the design, content and function of these third-party services. We expressly disclaim any responsibility for all content of all linked third-party offerings. Please note that the third-party offerings linked to from our app may possibly install additional cookies on your terminal device or collect personal data. We have no influence on this. In this regard, please obtain information directly from the providers of these linked third-party offerings.

14. Status

The current version of this data protection statement is applicable. Current as of 08/02/2018.

Porsche Cookie Policy

Scope

This Cookie Policy applies as a supplement to the general Data Protection Statement of Porsche AG for our Porsche Golf Circle app and describes the type, scope, purposes and legal bases of, as well as the possibilities for objecting to, the data processing for cookies and cookie-like technologies (hereinafter jointly referred to as "cookies"). With respect to all other information, the general Data Protection Statement for our app applies. Current as of 08/02/2018.

What are cookies?

We use cookies to offer you a wide range of functions, make usage more convenient and optimize our offerings. These are generally small files which are stored on your terminal device with the assistance of your Internet browser or the app.

Categories of cookies

We use cookies for different purposes and with different functions. We distinguish whether the use is technically absolutely necessary (technical necessity), how long the cookie is stored (storage period) and whether it was set by our app itself or by third parties, and according to the providers by which the cookie or cookie-like technology was set (hereinafter jointly also referred to as "cookie providers").

Technical necessity

Technically essential cookies: We use certain cookies because they are essential for the proper functioning of our app and its features. These cookies are automatically set when the app or a certain feature is opened, unless you have prevented the setting of cookies by settings in your terminal device browser or the app. Cookies that are not technically essential: In contrast to these, cookies that are not absolutely essential for technical reasons are set in order to improve convenience and performance, for example, or to save certain settings you have made. We also use technically non-essential cookies to determine information concerning the frequency of use of certain parts of our app so that we can match them more specifically to your needs in the future. We do not store any technically non-essential cookies until you have confirmed in the corresponding box that you have obtained information of our Cookie Notice and continue to use our app.

Storage period Session cookies: Most cookies are required only for the duration of your current usage of the app or your session and are again deleted or lose validity as soon as you leave our app or the current session expires (so-called "session cookies"). Session cookies are used, for example, in order to retain certain information such as your login for our app or your shopping cart during your session.

Permanent cookies: Cookies are only stored over a longer period of time in a few cases, for example in order to be able to recognize you when you open the app again at a later point in time and be able to retrieve stored settings. In this way you can access our app more quickly or more conveniently or do not need to repeatedly reset your preferences such as your selected language. Permanent cookies are automatically deleted after expiration of a predefined period of time.

Flow cookies: These cookies are used for the communication of various internal Porsche servers with one another. They are set at the beginning of a user interaction and deleted after it terminates. Flow cookies receive an unambiguous identification number during the interaction, but it does not allow any inferences as to the actual customer or user.

Cookie provider

Third-party cookies: So-called "third-party cookies" are set and used by other entities or websites, for example by providers of web analysis tools and tools for usage analysis. You can receive further information on the usage analysis tools and audience measurement below in this policy statement. Third party providers may also use cookies to display advertisements or to integrate contents of social networks such as social plug-ins.

Use of Google Analytics for Firebase for usage analysis and audience measurement

We use the following services for usage analysis and audience measurement:

We use Google Analytics for Firebase, a service of Google Inc. ("Google"). Google Analytics for Firebase uses third-party cookies in order to identify the usage of certain portions of our app and preferences. The information generated by the cookie regarding your usage of our app (including your abbreviated IP address) is transmitted to a Google server in the USA and stored there. Google will use this information on our behalf and on the basis of a contract for contract processing in order to evaluate the usage of our app, compile reports for us on the app usage activities and provide additional services related to the use of our services and to Internet usage.

The legal basis for the use of services such as Google Analytics for usage analysis and audience measurement is Article 6(1)(f) GDPR; our legitimate interest, particularly in the analysis, optimization and economic operation of our app, results from the purposes of usage set forth above.

You can find more information on the data protection and security of Google Analytics for Firebase at: https://firebase.google.com/support/privacy/

Deletion and objection to the use of cookies

The acceptance of cookies when using our app is not obligatory; if you do not wish to have cookies stored on your terminal device, you can deactivate the relevant option in the system settings of your terminal device, your browser or our app. You can delete stored cookies in the system settings at any time. If you do not accept any cookies, however, this may result in functional limitations of our offerings.

In addition, you can deactivate the use of Google Analytics for Firebase cookies by means of a browser add-on if you do not wish to have your usage analyzed. You can download the add-on here: http://tools.google.com/dlpage/gaoptout?hl=de.

In this case, so-called "opt-out" information, which is used to assign your deactivation of Google Analytics, will be stored on your terminal device. Please note that such "opt-out" information leads to a deactivation of Google Analytics for Firebase only for the terminal device and the browser from which it was set. You may also have to reset the option if you clear cookies from your terminal device. As an alternative to the browser add-on, on mobile devices for example, you can also prevent collection by Google Analytics for Firebase by deactivating tracking using the slide control at the bottom of this page. Then an opt-out cookie will be set that prevents future collection of your data. The opt-out cookie applies only to the browser used for setting it and only for our app and is stored on your terminal device. If you clear the cookies in the browser, you must reset the opt-out cookie.

You can also activate the "Do not track" function in your terminal device. If this function has been activated, your terminal device informs the service in question that you do not want to be tracked.

The data sent by us and linked to cookies may be deleted as follows:

In detail, the following cookies can be stored during usage of our app:

1. Name of the cookie: JSESSIONID - Technical necessity: Yes - Storage period: End of the session - Cookie provider: Dr. Ing. h.c. F. Porsche AG - Purpose of use and interest: This cookie is necessary for user authentication when resetting a password. - Legal basis: Art. (6)(1)(f) GDPR

2. Name of the cookie: _gat_UA- - Technical necessity: No - Storage period: 1 minute - Cookie provider: Google Analytics - Purpose of use and interest: Art. (6)(1)(f) GDPR - Legal basis: Art. (6)(1)(f) GDPR

3. Name of the cookie: _gid - Technical necessity: No - Storage period: 24 hours - Cookie provider: Google Analytics - Purpose of use and interest: This cookie is used by Google Analytics for distinguishing individual users. - Legal basis: Art. (6)(1)(f) GDPR

4. Name of the cookie: _ga - Technical necessity: No - Storage period: 2 years - Cookie provider: Google Analytics - Purpose of use and interest: This cookie is used by Google Analytics for distinguishing individual users. - Legal basis: Art. (6)(1)(f) GDPR