Data protection notice for progress.audi
Pursuant to Art. 13 and 14 EU GDPR, this data protection notice serves as information on how your personal data is processed by AUDI AG, Auto-Union-Strasse 1, 85057 Ingolstadt, Germany (hereinafter referred to as “we”) in connection with the website www.progress.audi.
On our website www.progress.audi, you will find content relating to the AUDI AG brand.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This data protection notice describes how AUDI AG processes your personal data within the framework of the www.progress.audi website. Separate data protection notices may apply to other websites belonging to AUDI AG or other data processing by AUDI AG (e.g. www.audi.com/connect).
1. Who is responsible for data processing and whom can I contact?
The controller responsible for the processing of your personal data is:
AUDI AG, Auto-Union-Strasse 1, 85057 Ingolstadt, Germany
If you have any concerns about data protection, you can also contact our company’s Data Protection Officer:
AUDI AG, Datenschutzbeauftragter, 85045 Ingolstadt, Germany
Email: datenschutz@audi.de
If you would like to assert your data protection rights, please contact us via
https://betroffenenrechte.audi.de/?lang=en-gb
There, you will find further information on how you can assert your data protection rights.
You can also contact us by post at the following address:
AUDI AG, DSGVO-Betroffenenrechte, 85045 Ingolstadt, Germany
If you have any general questions about this data protection notice or about the processing of your personal data by AUDI AG, please contact us using the following details:
Audi Kundenbetreuung Deutschland, Postfach 10 04 57, 85045 Ingolstadt, Germany
Email: websupport@audi.de
2. What data do we process and what sources does it come from?
2.1 Access to the website
You can generally use the website without providing any personal data. Each time you access the website, your Internet browser automatically transmits certain information, which we store in “log files”.
In particular, the following information is transmitted automatically:
- IP address (Internet Protocol address) of the terminal from which the online service was accessed
- Internet address of the website from which the online service was accessed (the “source URL” or “referrer URL”)
- Name of the service provider used to access the online service
- Name of the files or information retrieved
- Date, time and duration of the access
- Transferred data volume
- Operating system and information about the Internet browser used, including installed add-ons (e.g. Flash Player)
- http status code (e.g. “request succeeded” or “requested file not found”)
The above data is stored in the log files without your complete IP address so that it is not possible to trace the data back to your IP address.
2.2 Content delivery network
We use a “content delivery network” to deliver our website content and to increase the delivery speed and security of our website.
The following data is processed by the content delivery network in log files:
- IT usage data such as the IP address (Internet Protocol address) of the terminal from which the online service was accessed
- URLs of the visited website
- Date and time of the access, location based on the IP address
- Location of the content delivery server
For more information on recipients and any transfers to third countries, please see section 4 and section 5.
3. For what purposes do we process your data and on what legal basis?
We process your personal data for various purposes in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
The processing of your personal data must be supported by one of the following legal bases:
- You have provided your consent (Art. 6, para. 1, sub-para. 1, point (a) GDPR).
- Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Art. 6, para. 1, sub-para. 1, point (b) GDPR).
- Processing is necessary for compliance with a legal obligation pursuant to EU law or the law of an EU member state to which we are subject (Art. 6, para. 1, sub-para. 1, point (c) GDPR).
- Processing is necessary in order to protect your vital interests or the vital interests of another person (Art. 6, para. 1, sub-para. 1, point (d) GDPR).
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6, para. 1, sub-para. 1, point (e) GDPR).
- Processing is necessary for the purposes of the legitimate interests pursued by AUDI AG or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular if you are a child (Art. 6, para. 1, sub-para. 1, point (f) GDPR).
If, in exceptional cases, we process special categories of personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person’s sex life or sexual orientation) pertaining to you, one of the following legal bases must also apply:
- You have provided your explicit consent (Art. 9, para. 2, point (a) GDPR).
- Processing is necessary to protect your vital interests or the vital interests of another person, and the data subject is physically or legally incapable of giving consent (Art. 9, para. 2, point (c) GDPR).
- Processing relates to personal data which you have manifestly made public (Art. 9, para. 2, point (e) GDPR).
- Processing is necessary for the establishment, exercise or defence of legal claims (Art. 9, para. 2, point (f) GDPR).
- Processing is necessary for reasons of substantial public interest, on the basis of EU law or the law of an EU member state which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests (Art. 9, para. 2, point (g) GDPR).
Following on from the above, we process your personal data based on the following legal bases and for the following purposes:
Purposes | Legal basis | Legitimate interest for balancing of interests |
---|---|---|
Provision of the website for the general public and for the purpose of contacting customers and interested parties | Performance of the contract or balancing of interests | We have a legitimate interest in providing an Internet presence, including to non-registered users, in order to provide general information about our company. |
Collecting statistical information about the usage of the website (“web analytics”) | Balancing of interests | We have a legitimate interest in receiving information about the use of the website, in particular for the purposes of improving our services. |
Identification of disruptions and assurance of system security, including detection and tracking of unauthorised access attempts and access to our web servers | Satisfaction of our legal obligations with respect to data security and balancing of interests | We have a legitimate interest in eliminating disruptions, ensuring system security and detecting and tracking unauthorised access attempts. |
Delivery of the website content and increase in the speed of delivery and security of our website. | Balancing of interests | We have a legitimate interest in delivering our website content and increasing the speed of delivery and security of our website. |
Protecting and defending our rights | Balancing of interests | We have a legitimate interest in asserting and defending our rights. |
3.1 Is there an obligation to provide personal data?
Within the scope of our business relationship, you are only required to provide us with personal data that is necessary to commence and conduct a business relationship or that we are legally obliged to collect. Without this data, we would generally have to refuse to conclude the contract or perform the order, or we would no longer be able to carry out an existing contract, meaning that it may have to be terminated.
4. Who receives my data?
Due to the volume and complexity of data processing undertaken by AUDI AG, it is not possible to list every recipient of your personal data individually in this data protection notice. As a general rule, therefore, we specify only categories of recipients.
Recipients within AUDI AG are those entities which require your data in order to fulfil our contractual and legal obligations as well as to pursue our legitimate interests (e.g. IT, sales).
Third-party service providers engaged by us and working on our behalf to support data processing (“processors”) may also receive data for these purposes. Service providers may also be asked to make server capacities available. Specifically, this includes companies in the following categories:
- Tracking service providers
- Web agencies
- Hosting providers and IT service providers
- Content delivery network service providers
We will disclose your personal data to third parties only to the extent necessary for fulfilment of the contract, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent to this. In addition, we may disclose your personal data to the following recipients or categories of recipients who act as data controllers, insofar as this is necessary for the purposes described above:
- External consultants of AUDI AG (e.g. law firms, tax consulting firms, auditing firms)
- Insurers
- Authorities as part of their responsibilities (e.g. tax office, police, public prosecutor’s office, courts)
- Other third parties, insofar as you instruct us to pass on data or give your consent
5. Is data transmitted to a third country?
Data may be transmitted to third countries (that is, countries that are not members of the European Union or the European Economic Area) if doing so is required for the provision of services to you, if it is required by law or if you have given us your consent. In addition, we may also forward your personal data to processors in third countries. This includes the IP address.
Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. AUDI AG will only transmit your personal data to third countries insofar as this is permitted under Art. 44–49 GDPR. Where AUDI AG relies on appropriate safeguards for transfers to third countries pursuant to Art. 46 para. 2 GDPR (e.g. standard contractual clauses or binding corporate rules), AUDI AG will take additional technical and/or organisational measures to the extent necessary to maintain adequate protection of your personal data.
You can obtain from us a copy of the specific applicable or agreed provisions to ensure an adequate level of data protection.
Please use the information in the contact section for this purpose.
When using the content delivery network, your data will be routed via the nearest server for the delivery of the website content. If you access the website from the EU, your data will first be transmitted to a server within the EU. The data is not stored in this process.
In addition, our content delivery network service provider will transmit your data to the following countries: the USA and India.
Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. Our content delivery network service provider secures data transfers to third countries where the level of data protection is not adequate as follows: standard contractual clauses.
In order to maintain an adequate level of protection for your personal data, the content delivery network service provider has taken additional technical and/or organisational measures.
6. How long will my data be stored?
We store your data for as long as this is necessary to provide our services to you or for as long as we have a legitimate interest in continued storage.
In addition, we are subject to various retention and documentation requirements pursuant to, for example, the German Commercial Code (Handelsgesetzbuch – HGB) or the German Tax Code (Abgabenordnung – AO). The retention and documentation periods specified therein last up to ten years. Finally, the storage period is also governed by statutory limitation periods, which can be up to thirty years, for example, pursuant to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), whereby the general limitation period is three years.
In certain circumstances, your data may need to be kept for longer, for example, if a legal hold or litigation hold (i.e. a ban on erasing data for the duration of proceedings) is ordered in connection with official or judicial proceedings.
7. What rights do I have?
As the data subject, you are generally entitled to the following data protection rights:
Access: You have the right to request access to personal data concerning you and stored at AUDI AG and information about the scope of data processing and data transfers performed by AUDI AG and to obtain a copy of your stored personal data.
Rectification: You have the right to request immediate rectification of inaccurate personal data concerning you as well as completion of any incomplete personal data concerning you that is being stored by AUDI AG.
Erasure: You have the right to request the immediate erasure of your personal data stored by AUDI AG if the legal requirements are satisfied.
In particular, this is the case if:
- Your personal data is no longer necessary in relation to the purposes for which it was collected.
- The sole legal basis for processing such data was your consent, and you have withdrawn such consent.
- You have objected to the processing for personal reasons on the legal basis of a balancing of interests, and we cannot prove that there are overriding legitimate interests in favour of the processing.
- Your personal data was processed unlawfully.
- Your personal data must be erased in order to comply with legal requirements.
If we have transmitted your data to third parties, we will inform them about the erasure to the extent required by law.
Please note that your right to erasure is subject to certain limitations. For example, we may not and/or must not erase data that we are still required to retain in line with statutory retention obligations. In addition, your right to erasure does not extend to data that we need in order to establish, exercise or defend legal claims.
Restriction of processing: Under certain conditions, you have the right to request that processing be restricted (i.e. the marking of stored personal data with the aim of restricting its processing in the future). The conditions are that:
- The accuracy of your personal data is contested by you, and AUDI AG must verify the accuracy of the personal data.
- The processing is unlawful, and you reject the erasure of the personal data and instead request the restriction of its use.
- AUDI AG no longer needs your personal data for processing purposes, but you need the data for the establishment, exercise or defence of legal claims.
- You have objected to processing pending the verification of whether the legitimate grounds of AUDI AG override your legitimate grounds.
Where processing has been restricted, such data will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or an EU member state.
Data portability: If we automatically process your personal data that you have provided to us on the basis of your consent or a contract with you (including your employment contract), you have the right to receive the data in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from AUDI AG. You also have the right to have the personal data transmitted directly from AUDI AG to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of other persons are not affected by this.
Objection: If we process your personal data on grounds of legitimate interests or in the public interest, you have the right to object to the processing of your personal data on grounds relating to your particular situation. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes. Please see our separate note in the section entitled “Information about your right to object”.
Withdrawal of consent: If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies with effect for the future only. Processing that occurred before the withdrawal of consent is unaffected.
Complaint: Furthermore, you have a right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies. The address of the data protection supervisory authority responsible for AUDI AG is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany
7.1 Information about your right to object
Right to object for personal reasons
You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balancing of interests. This also applies to profiling.
Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate grounds but will, of course, examine each individual case.
In the event of an objection, we will no longer process your personal data unless either of the following conditions apply:
- We can demonstrate compelling legitimate grounds for the processing of this data that override your interests, rights and freedoms.
- Your personal data serves the establishment, exercise or defence of legal claims.
Exercising the right to object
Objections can be made without requirements as to form and should preferably be made to the contact details provided in this data protection notice.