A. Scope of the Privacy Notice
In this Privacy Notice we are informing you about the automated, electronic processing of your personal data by AUDI AG, a company engaged in the manufacture of luxury motor vehicles, Auto-Union-Straße 1, 85057 Ingolstadt, Deutschland / Germany (”we”, or ”Audi”), in the context of your access to the myAudi Portal (website solution) and the myAudi App (both hereinafter referred to as "myAudi") as well as the Audi ID, for which we use several IT systems in our responsibility. Please note that depending on the country, myAudi may not be available via both touchpoints and the range of functions of the website and app may differ.
Audi manufactures vehicles that communicate with Audi's IT systems in certain countries by means of a mobile radio unit (permanently installed or provided by the user himself) or with systems of service providers via the Internet. Depending on availability, Audi provides information and control services for your vehicle on the IT systems (hereinafter referred to as "Audi Connect Services"). A myAudi account is required to use certain Audi Connect Services. The specific data and purposes of data processing are primarily based on the respective vehicle and the vehicle equipment and the services used. Please note that not all of the services listed may be available in your vehicle or country. The listing and specification of all maximum available functions, regardless of your vehicle model and the specific software version, is only for the purposes of this privacy notice and does not intend or lead to an expansion of the functions or functional scopes of your specific vehicle. Separate data protection information may apply to the use of Audi Connect Services in the vehicle as well as to other websites outside myAudi or other data processing by Audi.
Personal data means any information relating to an identified or identifiable natural person or, if foreseen under local law, legal, including, as the case may be, sensitive personal data as defined under the laws of the country where you are located at the relevant time (‘data subject’); a data subject is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.Controller means the natural or legal person which determines the purposes and means of the processing of personal data.
B. General information
I. Who is the controller for the processing?
1. Audi as sole controller
The controller for the processing of your personal data is:
AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Germany.
Tax identification number / Registration number: DE811115368 / HRB Nr./Commercial Register No.: 1
For further details on Audi, including representatives, please see our legal notice https://www.audi.com/en/legal-notice/
2. Audi as joint controller
Information about data processing under joint control between us and a third party can be found in Section E.
II. Who can I contact?
If you wish to assert your data protection rights, please use the contact options at
https://data-subject-rights.audi.com/
There, you will find further information regarding how you can assert your data protection rights. You may also send your request via mail: AUDI AG, DSGVO-Betroffenenrechte, 85045 Ingolstadt, Germany
We take data subject rights very seriously and will respond to any request that you might have as soon as possible.
If you want to assert your data protection rights against a third party in the context of data processing under joint control (see Annex 1a – List of importers), please use the contact options set forth in this Annex for the respective regional importers.
If there is an Audi Functions Store for the respective country, you will find further contact options regarding joint controllers in Annex 1a – List of importers and Annex 4 – Recipients as independent controllers.
III. Contact details of the data protection officer
For matters concerning data protection, you can also consult our company data protection officer, using your own language:
AUDI AG, Data Protection Officer, 85045 Ingolstadt, Germany
- Email: datenschutz@audi.de
- Telephone number: +49841 890
- Office address of the company data protection officer: AUDI AG, Data Protection Officer, Auto-Union-Straße 1, 85057 Ingolstadt, Germany
IV. Which rights do I have?
All the below described rights concerning the personal data and the processing thereof may be subject to limitations, according to the applicable EU and/ or national laws. Depending on your jurisdiction, as the data subject, you may be entitled to the following data protection rights. Please note: Your data protection rights under the local laws of the country where you are located at the relevant time may differ from the rights described below. Please see Annex 5 for additional, country-specific information, in particular on rights that you might have under local laws. Such rights apply, to the extent the legal requirements are met, in addition to your rights provided under the EU General Data Protection Regulation (“GDPR”).
For more information about rights you may have in connection with our processing of your personal data, please click here:
https://data-subject-rights.audi.com/
1. Right to be informed
You have the right to be informed about the collection and use of your personal data, by us and with whom we share your data, in a readily accessible manner, and in plain and clear language. We are implementing your right to be informed, also through this notice, the content of which may be updated from time to time.
2. Access
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case information on the data concerning you which are stored at Audi and information regarding the data processing as well (i.e. purposes of data processing, envisaged period for which the data is stored, recipients or categories of recipients to whom the personal data is disclosed, data transfer performed by Audi etc.), and to obtain a copy of the personal data stored concerning you.
3. Rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you as well as the completion of incomplete personal data stored concerning you at Audi.
4. Erasure
You have the right to obtain the erasure of the personal data concerning you stored at Audi without undue delay if the statutory requirements are met.
This may be the case, in particular, if
- Your personal data are no longer necessary in relation to the purposes for which they were collected;
- The sole legal ground for the processing was your consent and you have withdrawn it;
- You have objected to the processing based on the legal ground of legitimate interests on grounds relating to your particular situation and we cannot prove that there are overriding legitimate grounds for the processing;
- Your personal data have been unlawfully processed; or
- Your personal data have to be erased for compliance with a legal obligation.
If we have shared your data with third parties, we will inform them about the erasure, insofar as required by law.
Please note that your right to erasure is subject to restrictions. For example, we are not required or allowed to delete data that we are still obligated to retain due to statutory retention periods. Similarly, data that we need for the establishment, exercise or defense of legal claims are excluded from your right of erasure.
5. Restriction of processing
You have the right to obtain, under certain conditions, restriction of processing (i.e. the marking of stored personal data in order to restrict their future processing). The requirements are, in particular:
- The accuracy of your personal data is contested and Audi must verify the accuracy of your personal data;
- The processing is unlawful, but you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
- Audi no longer needs your personal data for the purposes of processing, but you require the data for the establishment, exercise or defense of legal claims or
- You have objected to the processing and the verification is pending whether the legitimate grounds of Audi override yours.
In the event of a restriction of the processing, such data will be marked accordingly and will be – except for their storage – only processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State or of the country where you are located at the relevant time, in each case only to the extent permitted under applicable data protection laws.
Please note that the restriction of the processing of your personal data may be also employed as an alternative to the erasure of your personal data, where permitted by applicable law.
6. Data portability
To the extent that we automatically process your personal data provided to us based on your consent or a contract with you, you have the right to receive the data in a structured, commonly used and machine-readable format and to transfer those data to another controller without hindrance from Audi. You also have the right to have the personal data transferred directly from Audi to another controller where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
7. Objection
If we process your personal data on the basis of legitimate interests or in the public interest, you have the right to object to the processing of your personal data on grounds relating to your particular situation. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes. Please see our separate note in Section B.IV.10. "Information on your right to object".
In certain cases, we also grant you, beyond the privacy settings, an additional unlimited right to object within the scope of legitimate interests. We will inform you about this in connection with the respective feature or service.
8. Withdrawal of consent
If you have given consent to the processing of your personal data, you may withdraw it at any time. Please note that the withdrawal shall only be effective for the future. Processing that occurred before the withdrawal shall not be affected.
9. Complaint
In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The address of the data protection supervisory authority responsible for Audi is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Deutschland / Germany
However, you can also lodge a complaint with any other data protection supervisory authority competent for you within or outside the EU, in particular with the one in the member state of the EU of your habitual residence, place of work or place of the alleged infringement. Please find hereinafter a link where you can find all contact details of the national authorities in all EU member states: https://edpb.europa.eu/about-edpb/board/members_en.
In case you are resident in Japan, you also have the right to lodge a complaint with the Japanese authority, PPC as below:
Personal Information Protection Commission, Government of Japan (PPC),
Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan
TEL:+81-3-6457-9680
See Annex 5 - "Additional rights of data subjects and further country-specific information" for contact details of national supervisory authorities and further country-specific information.
|
1. Information on your right to object a) Right to object on grounds relating to your particular situation You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of legitimate interests. This also applies for any profiling. Insofar as we base the processing of your personal data on legitimate interests, we generally assume that compelling legitimate grounds can be demonstrated, but we will, of course, examine each individual case. In the event of an objection, we will no longer process your personal data, unless - we can demonstrate compelling legitimate grounds for the processing of such data which override your interests, rights and freedoms; or - your personal data are used for the establishment, exercise or defence of legal claims; or - there are grounds permitting the processing of your personal data, notwithstanding your objection, under applicable local laws, provided that such processing is not restricted under the GDPR. b) Objection to the processing of your data for our direct marketing purposes Where we process your personal data for direct marketing purposes, you will be informed at the latest at the time of the first communication with you and have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. c) Objection to the processing of your data for product improvement and general customer analysis As part of the legitimate interests, we grant you a separate right of objection with regard to the processing of your personal data for product improvement and general customer analysis. If you object to the processing for the purpose of product improvement and/or general customer analysis, we will no longer process your personal data for these purposes. Purely statistical evaluations of aggregated or otherwise anonymous data remain unaffected by this. d) Exercise of the right to object The objection can be exercised in any form and should preferably be addressed to the contact details listed in Section B. II. |
C. General Information Data Processing Activities
I. Which data do we process?
1. Access to the myAudi website
Each time you access the website, your internet browser automatically transmits certain information, which we store in so-called “log files”.
In particular, the following information are transmitted automatically:
- IP address (Internet Protocol address) of the terminal from which the online service is accessed;
- Internet address of the website from which the online service was accessed (the so-called “source URL” or “referrer URL”);
- Name of the service provider used to access the online offer;
- Name of the files or information retrieved;
- Date and time as well as duration of the retrieval;
- Transferred data volume;
- Operating system and information about the Internet browser used, including installed add-ons (e.g., Flash Player);
- http status code (for example, “request succeeded” or “requested file not found”).
In the log files, the above data is stored without your complete IP address, so that it is not possible to trace back to your IP address.
We process the aforementioned data to enable you to visit our website using your end device. The legal basis for accessing the information is § 25 (2) (1) German Telecommunications-Digital-Services-Daa Protection-Law (Telekommunikations-Digitale-Dienste-Datenschutz-Gesetz, TDDDG) (the data processing is Art. 6 (1) (b) GDPR. Furthermore, we process this data based on our legitimate interests (Art. 6 (1) (f) GDPR) to offer you our services and to protect our IT infrastructure from attacks. If and to the extent we are required by law to further store the above-mentioned “log-files” data, we perform such storage to comply with our legal obligations (Art. 6 (1) (c) GDPR).
Log files with personal data are stored for 7 days to determine faults and security reasons (e.g. to investigate attempted attacks) and will then be deleted. Log files whose further retention is necessary for evidentiary purposes are exempt from deletion until the respective incident has been finally clarified.
Information on the use of cookies can be found in the cookie policy of myAudi or the respective website.
2. Access to functionalities of your mobile device
In order to use some functions, it is necessary that you grant the app access to additional functions of your mobile device. When you activate the app or access the function for the first time, you are asked to grant the app access to additional functions on your mobile device. For more information, see the individual functions in Section D.
The access is necessary to provide you with the functionalities within the app.
Location data: Some functions require information about your location, e.g. navigation or location display. If you have given permission to do so on your mobile device, Audi will collect the geographical position of your mobile device. Your location data will only be used to process your request and provide the relevant service.
You can also activate the additional functions at any time in the settings of your mobile devide. However, access to these functions will only take place after your activation and with your consent.
3. Data provided by you in the App or when using the Website
You can use individual functionalities without telling us who you are. In this case, we will not process any personal data.
We process the data that you provide during registration or when using the functionalities and services. Details of the relevant data per service/function can be found in Section D and E.
4. Receiving messages (push notifications):
For individual functionalities, the app offers the option of using push notification (push technology or server push describes a type of communication in which data is transmitted although the received app runs in the background) to inform you, for example, if there is new information about the vehicle status, there are warning messages or upcoming appointments, or if there is non-advertising information on vehicle, service and product topics. You can configure this service via the “Settings” menu of the app and activate/deactivate the notifications. For the delivery of the messages the storage of a push token of your mobile device is necessary.
In addition, push notifications can be used for advertising purposes such as advertising communication, customer surveys, personalized customer information. Advertising push notifications are only sent regardless of the operating system (iOS, Android) if you have consented to this (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. This can be done in the myAudi app in the account settings under Declaration of consent/declarations of consent under data protection law.
If you deactivate the push notifications on your smartphone for the myAudi app or log out of the app, you may still receive push notifications from us for a short period of time (usually a few minutes) after deactivation/logout for technical reasons.
5. Contacting in the course of updates to digital services:
Audi is subject to various legal and contractual requirements, e.g. contacting in the course of any updates in connection with digital services in accordance with Section 327 (f) of the German Civil Code (BGB). We do not process any personal data for the purpose of providing such updates.
II. For which purposes do we process your data and which legal bases apply?
We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”) and other local law for various purposes. The specific data processed, and purposes of data processing primarily depend on the services we provide to you. We, in general, may process your personal data based on the following legal grounds for the following purposes. Please note: If the applicable local law of the country where you are located at the relevant time foresees additional requirements regarding the legal bases, we will comply with such additional requirements and will inform you accordingly. This in particular applies, where such local law requires (express) consent for the processing of your personal data.
The specific data and purposes of data processing are primarily based on the respective vehicle and the vehicle equipment and the services used. Please note that not all of the services listed may be available in your vehicle or country.
|
Purpose |
Data Processing Activities |
Legal grounds |
Legitimate interest |
Categories of data |
|
Review and optimisation of products and services |
Product development, testing, testing and quality assurance Product monitoring; Callbacks |
Compliance with a legal obligation, balancing of interests |
Control of product quality and prevention of product damage, preventive complaint management |
See Section C.I |
|
Customer order processing, including vehicle production and provision of digital services |
Provision of products, services and services within the framework of and in advance of contractual relationships Registration and customer accounts Event and complaint analysis |
Contract fulfilment (e.g. service contract, vehicle purchase contract or contract for special equipment), consent |
See Section C.I |
|
|
Prevention of legal violations (especially criminal offences) and abuse |
Compliance checks, fraud and money laundering prevention |
Fulfilment of legal obligations, balancing of interests |
- Compliance with legal and regulatory requirements |
see Section C. I. |
|
Solvency check |
Consent, balancing of interests |
Protection against advance payments to non-creditworthy contractual partners |
See Section C.I |
|
|
IT security |
IT and system security Backup |
Balancing of interests |
Protection of the IT infrastructure against accidental or wilful damage, recovery of data after data loss to maintain the IT infrastructure |
see Section C.I.1 |
|
Operation and administration of and/or support for internally used IT systems |
IT and system security |
Balancing of interests |
Protection of the IT infrastructure against accidental or wilful interference, maintenance of IT systems and security |
See Section C.I |
|
Data trading and management |
Enabling the use of third-party products and services Cooperation within the Volkswagen group, with business partners and third parties in the marketing of products, services and services |
Contract fulfilment , Consent |
See Section C.I |
|
|
Development and testing of components, products and services |
Development, testing of new products and improvement and optimisation of existing products, services and offers Participation in research collaborations Provision of products, services and services within the framework of and in advance of contractual relationships |
Contract fulfilment (e.g. service contract, vehicle purchase contract or contract for special equipment) and consent, balancing of interests |
Improvement of road safety and own products, promotion of science |
See Section C.I |
|
Internal administration |
Quality assurance Information gathering and reporting for corporate management Invoice and cost management |
Contract fulfilment, balancing of interests, fulfilment of legal obligations, consent if necessary |
- Analysis of sales and order data according to sales channel |
see Section C. I. |
|
Legal affairs and compliance |
Fulfilment of legal obligations Compliance checks, fraud and money laundering prevention Fulfilment of legal obligations arising from commercial and tax law Assertion, exercise or defense of legal claims Product monitoring; Callbacks Fulfilment of legal obligations in connection with official requirements from authorities Audits and special audits, internal investigations |
Compliance with a legal obligation, public interest, fulfilment of legal obligations, balancing of interests, fulfilment of contract |
- Compliance with legal and regulatory requirements |
see Section C. I. |
|
Customer and prospective customer care, advertising |
Needs-based design of online services Surveys, market and opinion research Interest-based advertising Newsletter Creation of interest-based user profiles Customer Support (Customer Service) Customer loyalty programs Customer events and events Provision of information about AUDI AG, the Volkswagen Group and their products, services and contact options Sweepstakes and Contests Financing and leasing brokerage Provision of products, services and services within the framework of and in advance of contractual relationships |
Consent, balancing of interests, fulfilment of contract (contract to which your request relates, e.g. vehicle purchase contract, delivery, etc.). |
Representing Audi and providing information about its activities and products, adapting online services to the changing needs of users, maintaining and improving product quality |
See Section C.I.1 |
|
Market and opinion research |
Surveys, market and opinion research |
Consent, balancing of interests |
Maintaining and improving product quality |
See Section C.I |
|
Customer analysis and customer evaluation |
Surveys, market and opinion research Needs-based design of online services Provision of information about Audi, the Volkswagen Group and their products, services and contact options |
Consent, balancing of interests, balancing of interests |
- Analysis of sales and order data according |
See Section C.I |
|
Customer enquiries and customer complaints |
Product development, testing, testing and quality assurance Provision of products, services and services within the framework of and in advance of contractual relationships |
Contract fulfilment (e.g. service contract, vehicle purchase contract or contract for special equipment) and consent, balancing of interests |
Control of product quality and prevention of product damage, preventive complaint management |
See Section C.I |
|
Warranty and goodwill |
Cooperation within the Group, with business and trading partners within the framework of customer service Warranty and Warranty Claims |
Contract fulfilment, consent |
See Section C.I |
|
|
Warranty management including product recalls |
Warranty and Warranty Claims Product monitoring; Callbacks |
Contract fulfilment (service contract), balancing of interests, contract fulfilment |
- Effective and efficient detection and analysis of events and conclusion regarding modifications to the vehicle (tuning, modifications, etc.) in order to remedy customer complaints |
See Section C.I |
Detailed information on individual functions in myAudi and information on data processing for other purposes or on the basis of a different/additional legal basis can be found in Section D.
Please note: We do not process your personal data for automated decision-making on a case-by-case basis (including profiling).
Please kindly refer to the right to object in the event of direct marketing, respectively based on your particular situation and your right to withdraw consent (please refer to Section B. IV.).
III. Is there an obligation to provide personal data?
As part of your interaction with us, you only need to provide the personal information that is necessary for the interaction or that we are legally required to collect. Without this data, we will usually not be able to provide functions on the website/app or will have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and, if necessary, terminate it.
IV. Who receives my data?
Due to the size and complexity of data processing by Audi, it is not possible to list each recipient of your personal data individually in this Privacy Notice, which is why generally only categories of recipients are specified.
Within Audi, those departments receive your data that need the data to fulfil our contractual and statutory obligations and to safeguard our legitimate interests.
1. Processors
Our service providers (so-called processors) that we utilise and engage may also receive data for these purposes.
Service providers which are used and act on behalf of Audi and that do not process data for any of their own purposes (so called “processors”) may receive data for the purposes mentioned above. We utilise processors of the following categories for the provision of specific services, who support us in the execution of our business processes. For details please refer to Annex 3 - Processors.
2. Third parties
We will generally share your personal data with third parties only if this is necessary for the performance of the contract, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent, subject to applicable local laws. In addition, data may be shared with third parties (including investigative or security authorities) to the extent we should be required to do so by law or by enforceable regulatory or judicial orders. For details please see Annex 4 – Recipients as independent controllers.
3. Is data transferred to a third country?
A transfer of data to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area) may take place, to the extent this is required for the provision of services to you, is required by law, or you have given us your consent (in the absence of any other appropriate safeguarding mechanism under applicable law). Please note: Under the applicable local laws of the jurisdiction where you are located at, a transfer to a third country might be defined as a transfer outside of the territory or country where you are located at the relevant time.
Under the same circumstances, we may also share your personal data with processors in third countries.
In individual cases, personal data may also be passed on to authorities and courts in third countries. Please refer to the information provided in Annexes 3 and 4.
Please note that not all third countries have a level of data protection recognised as adequate by the government/ competent authority of the country where you are located at the relevant time (e.g. the European Commission). Audi will only transfer your personal data to third countries to the extent permitted by applicable local law. Insofar as Audi relies on appropriate safeguards in accordance with applicable law (e.g Standard Contractual Clauses or Binding Corporate Rules pursuant to Art. 46 (2) GDPR for third country transfers), Audi will take additional technical and/or organizational measures to the extent necessary to maintain an adequate level of protection of your personal data. An adequate level of protection includes the implementation of reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks, and the loss of any storage medium or device on which personal data is stored.
For more information on the European Commission's adequacy decision, please visit the European Commission's website (ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
You can obtain a copy of the specifically applicable or agreed regulations to ensure the appropriate level of data protection from us. Please use the information in the Section B.II.
Details of data transfers to third countries are set out in the Annex 3 – Processors or Annex 4 – Recipients as independent controllers.
V. How long will my data be stored?
We store your data for as long as is necessary to fulfil the purposes of processing your personal data described in this Privacy Notice (e.g. to provide our services to you or as long as we have a legitimate interest in further storage, in particular for reasons of troubleshooting or for the purposes of service optimisation). We only store the data that we need for the respective purpose or pseudonymise or anonymise the data processed beyond the provision of our services as far as possible.
In addition, we are subject to various retention and documentation obligations, which result, inter alia, from the German Commercial Code (Handelsgesetzbuch, “HGB”) and the German Tax Code (Abgabenordnung, “AO”). The periods specified therein for retention and documentation are up to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example, according to Sections 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch, “BGB”), with the regular period of limitation being three years.
Under certain circumstances, your data may also need to be retained for a longer period of time, such as when a so-called legal hold or litigation hold (i.e. a prohibition of data deletion for the duration of the proceedings) is ordered in connection with administrative or judicial proceedings.
Where specification is possible, you can find more information on retention periods in Section D.
VI. What practices and procedures are implemented to secure my data?
We have implemented and maintain at all times encompassing technical and organisational measures (TOMs) to protect your data in accordance with the high standards of the GDPR and the standards required under other applicable local laws of the jurisdiction you may be located at. This includes, but is not limited to, pseudonymisation and encryption, measures to ensure the ongoing confidentiality, integrity and availability of your data (including the ability to restore data in case of an incident). We are regularly reviewing our TOMs and apply enhancements where needed to keep your data safe and to comply with applicable laws. We have put in place appropriate procedures to deal with any personal data breach (i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed) and will notify you as the data subject and relevant supervisory authority when we are legally required to do so.
VII. Updates of this privacy notice
We might update this Privacy Notice from time to time by making available updates to this Privacy Notice in myAudi.
Version: 01/2026
D. Data processing myAudi
We process your personal data as set forth below to provide and deliver the various services and functionalities of myAudi. The legal basis for this is the fulfilment of our contractual obligations under the myAudi user contract or the Audi Connect user agreement with regard to Audi Connect Services, insofar as you are the contracting party, or the implementation of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR. We specify deviating and additional legal bases separately in the following sections.
If, in individual cases, we process personal data of other drivers, passengers or other occupants of the vehicle, we do so in order to provide the service you are using, to fulfil our contractual obligations towards you under the myAudi user contract or the Audi Connect user agreement, or to safeguard our legitimate interest in fulfilling the contract and providing our contractual services to the respective contractual partner (Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR).
Unless otherwise stated, we collect the data directly from you in the course of using the respective service or function, unless the data is already available from another functions or services.
We list processors used by us in Annex 3 – Processors and third parties to whom we pass on data as independent controllers in Annex 4 – Recipients as independent controllers.
Unless otherwise stated, we will store the data until you delete your Audi ID account or the data itself in the account.
If you do not provide the data that is absolutely necessary for the provision of the service, we may not be able to provide the services.
I. Overarching myAudi data processing
1. Data consolidation
In order to create a consistent, complete and up-to-date customer data record, improve data quality and optimize the provision of this data for specific use cases (e.g., providing efficient and comprehensive customer support in line with high customer expectations or personalized advertising and communication), we consolidate personal data obtained from you in the course of our customer relationship from various sources in one central IT system. In doing so, we consolidate the following data in a central customer data set: Private contact details and identification data (e.g. name, age, gender, address, city, country), Vehicle usage data (vehicle operating values, e.g. information on driving activity such as kilometres driven per day, number and duration of trips, speed), Vehicle master data and vehicle identification data (e.g. VIN), Personal preferences (e.g. consents, browsing behavior or app use (if the customer has given consent), interactions with Audi communications, preferred dealer in myAudi, newsletter and event registrations, specified preferred content or communication channels; Vehicle configuration), Contract data (e.g. purchased products & services, complaints, customer history, test drive requests).
If the consolidated customer record is used in a specific use case, we describe this in more detail in the following sections.
Legal basis/purpose: The data consolidation is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR in providing personal and targeted customer support in line with the high expectations of our customers and in improving our services. This is to ensure that relevant customer information is available in one place and can be used efficiently and quickly. We describe further interests in the context of the specific use cases in the following sections.
2. Customer support
In order to process your request within the framework of Audi customer support, we process the following data every time you contact our customer support: IT usage data (Audi ID, if applicable, Google Play Store or Apple App Store account name, if applicable, installed myAudi app version, if applicable, ratings, screenshots of warning lights/messages), Private contact and identification data (if applicable, salutation, if applicable, nickname, surname, first name, country, language, user name (email address you used to register in myAudi) and, if applicable, address, date of birth, place of birth), if applicable, Vehicle master data and vehicle identification data (VIN), e.g. in the case of vehicle-related complaints, if applicable, Recordings (Impressions , sound Impressions ), if applicable
Depending on the nature of your request, further information may be necessary, such as vehicle history and workshop visits data (e.g. screenshots of error messages), personal preferences (e.g. consents given, preferred dealer in myAudi, newsletter and event registrations), contract data (e.g. purchased products & services, complaints, customer history) or stationary location data (location of your vehicle). Without this data, your request cannot be processed efficiently and conclusively. Any additional information you provide to us in the course of processing your request is voluntary.
As part of customer support, we may also access data in the central customer record (see Section D.I.1) if this is necessary to process your request in a targeted and efficient manner. This includes the following categories of data: Private contact details and identification data, Vehicle master data and vehicle identification data, Personal preferences, Contract data.
For the efficient processing of your request, we use an AI assistant (voice bot). With the help of automatic speech recognition, it converts your request into text form and answers your questions through a conversation module as far as possible. Otherwise, the call is handed over to a human agent. For this purpose, a summary of your request will be created and stored. This contains information about your request, as well as the personal data you provide.
With your explicit consent, we will also create and process a complete and verbatim transcript in order to better understand your request in the event of a repeat call and to improve our voice bot in a targeted manner.
Storage period: The data will be stored for as long as it is necessary for the purpose. The data will be deleted at the latest after 5 years (unless there are any legal retention obligations).
Legal basis and purpose: Performance of a contract or the implementation of pre-contractual measures, insofar as these are necessary for the provision of our contractual services or contract initiation (Art. 6 (1) (b) GDPR). In addition, we process your data in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in a positive presentation of our products, in providing customer-friendly assistance in the event of problems, and for the purpose of quality assurance and continuous improvement of the voice bot. Insofar as we access personal data from the central customer data record that is not directly related to your request, the processing is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR in providing efficient and comprehensive customer support in accordance with high customer expectations. Access ensures that the customer agent has a comprehensive picture of your customer data and processing history and can help you quickly, specifically and tailored to your needs. We process a complete and verbatim transcript of your call with your express consent in accordance with Art. 6 (1) (a) GDPR.
3. Individual customer information
For providing individual customer information or creation of individual customer information by the Audi Partner on the basis of your purchase and order data as well as communicated interests (e.g. contacting you regarding suitable offers for accessories, (successor) products or retrofit solutions), we process the following data whenever this data is provided by you or updated in the course of your interaction with us and transmit it to the Audi Partner or Audi Importer, from which you make use of services or with whom you are in contact with: Private contact and identification data, Contract data and Vehicle master data and vehicle identification data.
Legal basis and purpose: Art. 6 (1) (a) GDPR for the individual customer information and creation of personalized information by Audi partners so that they can provide you with suitable offers for accessories, successor products or retrofit solutions.
4. Data consolidation between Audi and importers
In order to create a uniform and up-to-date data set of customer data for Audi Importers based in the European Union, the European Economic Area and the United Kingdom, we process the following data: IT usage data (Audi ID), Private contact and identification data (surname, first name, email address, address (street, house number, zip code, city). We transmit this data to the respective Audi Importer in the EU, EEA or United Kingdom (see Annex 1a – List of Importers) so that they can use the Audi ID to assign various interactions and purchases in the myAudi Shop to a specific customer, as well as to facilitate statistical evaluations as well as more individual customer communication and thus ultimately the generation of additional sales and registrations with digital Audi Offers.
Legal basis and purpose: Art. 6 (1) (f) GDPR to safeguard the legitimate, economic interest in sales promotion.
5. Analyses for corporate management, product optimization and offer management
In order to optimise our products and services as well as our range of products and services (e.g. range of equipment variants), we process your data in a pseudonymised manner. Pseudonymised means that direct personal identification features are removed (e.g. name, email address, street and house number, telephone number, VIN) and thus the data can no longer be directly traced back to you or your vehicle. Indirectly traceable features are retained. Only after this pseudonymization the data is processed in the analytics systems.
Storage period: We only store direct personal data temporarily for a maximum of 24 hours. After your Audi ID account has been deleted, the data will be removed from the analyses after 24 hours.
Legal basis and purpose: This processing is based on our legitimate interest in meeting the high expectations of our customers with regard to high-quality products and services as well as corresponding offers and processes and in taking into account the customer's request for appropriate advertising (Art. 6 (1) (f) GDPR). We do not use the results to restore a direct personal reference and will not merge the results and data with your personal data if you have not given your appropriate consent to the sending of advertising (Art. 6 (1) (a) GDPR). Please note the further information in the following Section 6.
a) Statistical evaluation for corporate management / sales and performance reporting
For analyses of the market shares of Audi products in comparison with each other, between markets and, if necessary, in comparison with competitors in a market segment, and for the creation of key figures for the continuous improvement of sales management (strategic and operational sales planning, preparation, implementation, controlling), we regularly process the following data pseudonymised (See Section D.I.5 above) when you use our services: IT usage data (Audi ID, last login to services, use of functions from Audi portals and apps such as myAudi, Audi Connect Plug&Play), Legal transactions / Contract data (e.g. purchased products and services including charging, purchase price, vehicle equipment, warranty periods, order information, information on warranty or product liability cases), Vehicle usage data (e.g. comfort settings such as seat adjustment, climate settings, multimedia use, preferred radio stations, navigation settings, use of assistance systems, vehicle operating values), if necessary Location data (e.g., truncated GPS data).
We only process your vehicle data (vehicle usage data, vehicle equipment, location data) if you have linked your vehicle to your myAudi account. Only then we can link the vehicle data via the AUDI ID to your other data.
Legal basis and purpose: Art. 6 (1) (f) GDPR to improve sales management, shorten delivery times and optimize investments in popular services.
b) Customer and interest segmentation based on own data and external data (data and usage analyses)
In order to create pseudonymous customer and interest segments for the individualization of marketing measures and offers as well as for more appropriate interaction with our customers, we regularly process the following data when you use our services: IT usage data (Audi ID, last login to services, use of functions from Audi portals and apps such as myAudi, Audi Connect Plug&Play), Legal transactions / contract data (e.g. purchased products and services including shop, purchase price, vehicle equipment, warranty periods, order information, information on warranty or product liability cases), Vehicle usage data (e.g. comfort settings such as seat adjustment, climate settings, multimedia use, preferred radio stations, navigation settings, use of assistance systems, vehicle operating values), Location data (e.g. shortened GPS data).
We process the data collected directly from you together with data from external sources.
- If you have linked your vehicle to your myAudi account, we will also process the VIN and enrich the data with information on the vehicle equipment.
- If your address is available, we will enrich the data with socio-economic and socio-demographic characteristics (e.g. living environment, income levels in a certain area).
Legal basis and purpose: Art. 6 (1) (f) GDPR to meet our customers' expectations of high-quality products, services and suitable offers as well as Art. 6 (1) (a) GDPR to provide (personalized) advertising and communication after your consent (see also Section 6).
6. Data processing for personalised advertising and communication
For the sending of personalized advertising and communication by Audi in connection with products and services from the Audi World, we only process the following data if you have given your consent: IT usage data (data from the use of Audi World (e.g. myAudi, Audi Connect)), Private contact and identification data (surname, first name, email address, address (street, house number, zip code, city), Vehicle master data and vehicle identification data (production and equipment data), Car usage data (e.g. driving and usage behaviour, functional use, infotainment system, software updates, driver assistance systems, sensor data), Personal preferences (e.g. use of apps or mailings, click behaviour, campaign data, saved vehicle configurations, preferred partner, website usage), Contractdata (e.g. leasing or charging rate agreements), Location data (e.g. GPS location data, saved routes, places visited). This data may also be stored in the central customer record (see Section D.I.1).
Audi World includes all products, services and functions within the Audi brand family (e.g. AUDI AG, Volkswagen Financial Services AG, Elli Mobility GmbH) that you use with your Audi ID or Audi email address.
Audi creates an individual customer profile and may combine your data with socio-economic data (e.g. education, occupation) as well as publicly available information (e.g. weather data) (see Section 5.b).
Audi uses Artificial Intelligence to assess your interests and create personalized advertising/communication.
Segmented data may be shared with publishers for digital advertising purposes (pseudonymised, hashed identifiers only, not traceable to individuals).
We collect the data directly from you through the use of Audi World and the services linked to your Audi ID.
Storage period: Audi will delete your data 5 years after your revocation or as soon as the purpose no longer applies, provided that there are no statutory retention obligations to the contrary.
Legal basis and purpose: Art. 6 (1) (a) GDPR for the creation of an individual customer profile, personalization of advertising and communication.
7. Data processing for personalised advertising and communication by the distribution company responsible for your country (importer)
For the sending of personalized advertising and communication by the importer responsible for your country, we process the following data, if you have given your consent: Private contact and identification data (first name, surname, address, contact options), Personal preferences (e.g. use of the websites of the importer or AUDI AG as well as use of apps or mailings, use of products or services, Click behavior and responses to advertising and other communications, campaign data, preferred service partner, participation information (e.g., participation in events, contests, sweepstakes, loyalty and loyalty programs, challenges, surveys, and similar events)), Contract data (e.g., orders for products and services).In doing so, the aforementioned data can be combined by AUDI AG or the importer to create an individual customer profile, as well as merged, analysed, segmented and statistically evaluated with socio-economic data (e.g., education, occupation, social class) and publicly available information (e.g., weather data).
AUDI AG or the importer may also use Artificial intelligence to best assess your interests and create personalized advertising/communication.
For the sending of personalized advertising and communication by the importer responsible for your country, we transmit the data listed above to your importer on the basis of your consent.
In accordance with your consent, the importer may also transmit selected data to AUDI AG, which will process it as an independant controller for advertising purposes and merge it with existing personal data.
Legal basis and purpose: Art. 6 (1) (a) GDPR for the creation of an individual customer profile and personalization of advertising and communication.
8. Data processing for personalised advertising and communication by Audi Motorsport AG
For the sending of personalised advertising and communication by Audi Motorsport AG in connection with the F1 Team World, we process the following data, if you have given your consent: Private contact and identification data (first name, surname, address, contact options), Personal preferences(e.g., use of the websites of Audi Motorsport AG or AUDI AG as well as their apps or mailings, use of their products or services, click behavior and responses to advertising and other communications, campaign data, preferred service partner, participation information (e.g., participation in events, contests, sweepstakes, loyalty programs, challenges, surveys, and similar events)), Contract data (e.g., orders for products and services).
In doing so, the aforementioned data may be combined by Audi or Audi Motorsport AG to create an individual customer profile, as well as merged, analysed, segmented and statistically evaluated with socio-economic data (e.g., education, occupation) and publicly available information (e.g., weather data).
Audi or Audi Motorsport AG may also use Artificial Intelligence to best assess your interests and create personalised advertising/communication.
We collect the data directly from you and transmit it to Audi Motorsport AG as the independent controller.
For the sending of personalized advertising and communication by Audi Motorsport AG, we transmit the data listed above to Audi Motorsport AG on the basis of your consent.
In accordance with your consent, Audi Motorsport AG may also transmit the above-mentioned data to Audi, which will process it as an independent controller for advertising purposes and merge it with existing personal data.
Legal basis and purpose: Art. 6 (1) (a) GDPR for the creation of an individual customer profile, personalization of advertising and communication, evaluation and improvement of campaigns, products and services.
II. Specific Audi ID data processing
1. Audi ID in Audi World
In order to create an Audi ID and access the Audi World, Audi processes the following data: IT usage data (Audi ID, email address, password), Private contact and identification data (surname, first name, country, language. Optional profile completion and retrieval data: address (street, house number, zip code, city, region, country, address type (work, home, invoice)), telephone number (phone number type (home, work, fax), telephone number), place of birth, date of birth, nickname, academic degree/title, salutation if applicable and, if applicable, nationality), Recordings (photograph).
Controller of processing activities in connection with the myAudi services (see this Section D.III) is Audi, if you register directly through the website https://my.audi.com or access the myAudi services via the app. If you are logged in on an importer's website (with the exception of Canada, see Section D.II.3) with your Audi ID, you can find more information in Section E.I.
2. Use of the Audi ID for third-party services (SSO solution)
At your request, third-party services may be linked to your central Audi ID and the personal data you store there may be shared with the respective service and the third party. The prerequisite is that the service offers login via Audi ID.
The access authorization for individual services can be viewed on the account page under the connected applications and administered (e.g. revoked) by you.
We store changes to the data that you make as part of services back in the Audi ID and also pass on changes to data within the Audi ID to the connected services. This enables you to centrally manage data via the Audi ID.
Legal basis and purpose: We pass on the data for the performance of a contract (Art. 6 (1) (b) GDPR) between you and the third party or Audi for the purpose of providing the service.
3. Use of the Audi ID on the website of Audi Canada Inc.
For the use of the services offered by Audi Canada Inc. on the Canadian website (https://www.audi.ca/ca/web/en.html) when logged in with your Audi ID account, we process the following data every time you log in and use the services: IT usage data (Audi ID, technical tokens), Private contact and identification data (surname, first name, nickname, email address, address), Vehicle master data and vehicle identification data (VIN, model, year of manufacture), Personal preferences (preferred dealer).
We collect the data directly from you and transmit it to Audi Canada Inc. as an independent controller for the purpose of providing these services.
We store changes to the information you make as part of these services back in the Audi ID and also share changes to the information within the Audi ID with Audi Canada Inc. when you log in to the Canadian website again.
Legal basis and purpose: We process this data for the performance of a contract (Art. 6 (1) (b) GDPR) between you and Audi or Audi Canada Inc.
4. Use of the Audi ID on the Audi Motorsport AG website
For the use of the services offered by Audi Motorsport AG on the Audi Formula 1 website when logged in with your Audi ID account, we process the following data every time you log in and use the services: IT usage data (Audi ID, technical tokens), Private contact and identification data (surname, first name, nickname, email address, address).
We transmit this data to Audi Motorsport AG for the purpose of providing these services under the sole responsibility of Audi Motorsport AG.
Legal basis and purpose: We process this data for the performance of a contract (Art. 6 (1) (b) GDPR) between you and Audi or Audi Motorsport AG.
III. Specific myAudi data processing
1. Adobe Analytics
In order to analyse the app behaviour of our users and continuously improve our myAudi app and its user-friendliness we use the Adobe Analytics analysis tool and process the following data every time you use the myAudi app and have given your consent: IT usage data (IP address (anonymized, assignment to the device no longer possible), unique user ID of the device, information on app installations, updates, starts and crashes, myAudi app name and version, click behavior in the app, accessed subpages and functions, device name, operating system version, mobile carrier, screen resolution, device region setting, timestamp), Vehicle master data and vehicle identification data (model, model year, engine).
Storage period: The data will be deleted after 24 months after consent has been given.
Legal basis and purpose: Art. 6 (1) (a) GDPR for the review and optimization of products and services (myaudi app).
2. Main User Verification
In order to verify the main user and to activate safety-relevant Audi Connect Services, Audi processes the following data for each verification – depending on the method chosen (email, SMS, dealer, video support call or ID document): IT usage data (Audi ID), Private contact and identification data (if applicable, salutation, surname, first name, email address, date of birth, place of birth, telephone number, address (street, house number, zip code, city), identification data, if applicable, as well as data visible in the identity document (date of birth, place of birth, date of issue and expiry date, country of issue), biometric data, if applicable), if applicable, Recordings (photograph, video recording for real-time identity verification)). Not all verification methods are available in every country.
Storage period: In the case of verification by ID document: front and back of the document, recorded security features of the ID document, photograph of the face, video recording and an electronic copy of the ID document are stored by our processor for verification purposes and deleted after a maximum period of 72 hours.
Legal basis and purpose: In addition to processing for the performance of the contract, Audi processes your data in accordance with Art. 6 (1) (a) GDPR and Art. 9 (2) (a) GDPR for identity verification for the purpose of activating safety-relevant Audi Connect Services.
3. User management
In order to display the user administration and create additional users for your vehicle, Audi processes the following data every time you use the function: IT usage data (Audi ID), Private contact and identification data (email address, surname, first name, nickname of other users).
App access: When using the "Select contact" function, the contacts selected by you on your mobile device will be accessed for user administration purposes, provided that you have permitted access.
4. Vehicle management and vehicle-specific indications
For vehicle management and the display of vehicle-specific information, we process the following data each time you use the function: Vehicle master data and vehicle identification data (VIN (Vehicle Identification Number), equipment details, extended warranty, additional work, on-board literature, recommended engine oil)), Vehicle history and workshop visits data (digital service plan (incl. information on completed vehicle registrations), service measures)).
5. Wish list
For the storage and display of your configured vehicles or your vehicles selected from the new car and/or used car exchange in the wish list in myAudi, we process the following data every time you use the wish list function: IT usage data (pseudonymised Audi ID), Personal preferences (vehicle configuration (Audi code, generated by the configurator), vehicle internal ID on vehicle transaction platforms).
6. Audi Partner
a) Support for myAudi functions and services
For the support of myAudi functions and services (e.g. creation of the Audi ID and main user verification) by your Audi Partner, we process the following data every time you use this service: IT usage data (Audi ID) and, if applicable, Private contact and identification data (email address, salutation, surname, first name, address (street, house number, postcode, city), date of birth, place of birth), if applicable. Vehicle master data and vehicle identification data (VIN, model year).
We collect the data directly from you or at your request as a customer through your Audi Partner, unless it is already available from other data processing activities.
b) Preferred Audi partner
In order to store an Audi Partner in your myAudi account, we process the following data every time you use this service: IT usage data (Audi ID) and, if applicable, IT usage data, Private contact and identification data (email address, salutation, surname, first name, if applicable, address (street, house number, postcode, city), date of birth, place of birth, if applicable), if applicable, Vehicle master data and vehicle identification data (VIN, model year).
7. Customer folder
In the course of our existing business relationship and for individual support from your Audi Partner, we continuously process the following data (if available): IT usage data (Audi ID, UserID), Private contact and identification data (title, salutation if applicable, name, customer number, address incl. former addresses, date, place and country of birth, telephone numbers, email address, preferred communication channel), if applicable, Vehicle master data and vehicle identification data (VIN, other vehicle master data), if applicable, Legal transactions / contract data (contract identifier, contract history, information on products and services, status of your data protection consent declaration), if applicable. Vehicle usage data (e.g. mileage, warning lights), if applicable, Vehicle history and workshop visits data (e.g. maintenance information), if applicable, Personal preferences (your vehicle interests communicated to Audi, campaign history and response from the CRM system, e.g. direct marketing measures, newsletter subscriptions, event participation).
Legal basis and purpose: Audi processes your data in accordance with Art. 6 (1) (f) GDPR for the purpose of carrying out consultations, contract processing and services by Audi Partners, data consolidation between Audi and Audi Partners to ensure up-to-date and consolidated data records, data minimization and ensuring accuracy, preparation of (sales) recommendations for Audi Partners (e.g. accessories, retrofit solutions, contract options to support Audi Partners) for individual customer support and increasing customer satisfaction. Furthermore, Audi processes your data in accordance with Art. 6 (1) (a) GDPR for the list-based transmission of vehicle interests for the purchase of new vehicles.
8. Service request/booking
For the service request/booking with your selected Audi Service Partner, we process and activate the following data every time you use the function: Private contact and identification data (first name, surname, address (street, house number, postcode, city), depending on the preferred contact channel: email address, telephone number, if applicable), Vehicle master data and vehicle identification data (VIN, license plate) and Vehicle usage data (mileage).
Legal basis and purpose: In addition to the performance of a contract, we will forward your data to your Audi Importer for the purpose of ensuring service provision and customer satisfaction in accordance with Art. 6 (1) (f) GDPR.
9. Data plans
For the activation or booking of data plans for your vehicle, Audi processes the following data every time you use the function: IT usage data (Audi ID), Private contact and identification data (name, email address, country, language, first name, surname, if applicable: address (street, house number, postcode, city), telephone number, date of birth), Vehicle master data and vehicle identification data (VIN).
10. Individual Upgrades
For the individual advice on upgrades (e.g. retrofit products) for your vehicle by your selected Audi Service Partner, as long as they participate in the program, we process the following data every time you use the function: Private contact and identification data (name, email address, telephone number), Vehicle master data and vehicle identification data (VIN, license plate) and Vehicle usage data (approximate mileage).
Legal basis and purpose: In addition to the performance of a contract, we will forward your data to your Audi Importer for the purpose of ensuring service provision and customer satisfaction in accordance with Art. 6 (1) (f) GDPR.
11. Navigation map updates
In order to provide and download vehicle-specific map updates for navigation and driver assistance systems, we process the following data every time you use the function: IT usage data (Audi ID, email address if applicable), Vehicle master data and vehicle identification data (VIN, vehicle model, year of manufacture, vehicle equipment).
12. Pre-filling contract forms
For the pre-filling of contract forms to simplify your leasing enquiry, financing extension request and other contract initiations, we process the following data every time you use the function: Private contact and identification data (email address, salutation if applicable, first name, surname, address (street, house number, postcode, city), telephone number), Vehicle master data and vehicle identification data (VIN, brand, model, model year (model code), delivery date) as well as Vehicle usage data (mileage).
13. Extended warranty
To conclude a warranty extension via myAudi, we process the following data once when you use the function: Vehicle master data and vehicle identification data (VIN, brand, model, model year, model code, if applicable), Private contact and identification data (email address, salutation, if applicable, first name, surname, address (street, house number, postcode, city), telephone number).
14. Maintenance and inspection contract
In order to conclude a maintenance and inspection contract via myAudi, we process the following data every time you use the function: Vehicle master data and vehicle identification data (VIN, brand, model, model year, model code, if applicable), Private contact and identification data (email address, date of birth, salutation, if applicable, first name, surname, address (street, house number, postcode, city), telephone number).
15. Audi Insurance
In order to conclude an Audi insurance via myAudi, we process the following data one-time when you use the function: Vehicle master data and vehicle identification data (VIN, brand, model, model year, model code, if applicable), Private contact and identification data (email address, salutation, first name, surname, address (street, house number, postcode, city), telephone number).
16. Google Maps services
For the integration of Google Maps services and, if applicable, the use of Google Fonts, the following data is collected by Google every time you use the function: IT usage data (IP address, information on the use of the maps, entered search terms (e.g. city, postcode or name of the respective Audi partner)), if applicable, Location data (e.g. current location of your smartphone).
Legal basis and purpose: Art. 6 (1) (a) GDPR for the provision of Google Maps map services.
17. Google Geocoding
The Google Geocoding API converts an address into latitude and longitude coordinates and a Place ID or converts latitude and longitude coordinates or a Place ID into an address. It is used by various myAudi or Connect services (e.g. Carfinder) to display addresses in the myAudi app or in the map services included in the myAudi app. For the provision of the service, we transfer IT usage data (IP address, Client ID, system language) and Location data (geocoordinates) to Google.
Legal basis and purpose: Art. 6 (1) (b) GDPR for the provision of the Google Geocoding service.
18. Audi Assistant
For the use of the Audi Assistant within the myAudi app to answer questions about your vehicle and to interact with the integrated ChatGPT database and for the analysis and optimisation of the Audi Assistant, Audi processes the following data every time you use the function: IT usage data (IP address, user ID, device ID (app-generated UUID), timestamps, user inputs (text inputs incl. transcribed voice commands), smartphone and app metadata (operating system, app version, settings)), Vehicle master data and vehicle identification data (VIN, VIN (shortened), model, model year), Vehicle usage data (list of Connect functions with status).
App access: The iOS/Android voice recognition native to your smartphone is used for operation via voice control. The conversion of your voice input into text and the associated further data processing before transmission to Audi is the sole responsibility of Apple (iOS) or Google (Android). To activate it, you must allow microphone access and audio recording on your smartphone when using it for the first time.
Storage period: For the provision of the service: max. 28 days; For analysis and optimisation: max. 4 years.
Legal basis and purpose: In addition to processing for the performance of a contract, Audi processes your data in accordance with Art. 6 (1) (f) GDPR for the purpose of reviewing and optimising products and services.
19. Order Tracker
In order to display the production and delivery status of your ordered vehicle in myAudi, Audi processes the following data every time you access the status of your vehicle: IT usage data (Audi ID), Private contact and identification data (verified email address for your Audi ID account), legal transactions / contract data (order number of the vehicle, model name, photos of the ordered vehicle, if applicable, information about the production facility, if applicable).
Audi collects the data directly from you and from the Audi partner you placed the order with.
20. myAudi Rewards
For the use of the "myAudi Rewards" function in the myAudi app, we process the following data every time you participate in challenges, collect points, reach levels or redeem your Rewards, depending on availability in your country, your responsible Audi Importer or a preferred Audi Service Partner: IT usage data (Audi ID, app usage data (e.g. number of app openings, interactions with the app)), Private contact and identification data (if applicable, salutation, first name, surname, address, telephone number, date of birth, preferred contact channel), Vehicle master data and vehicle identification data (VIN of your registered vehicles, license plates), Vehicle usage data (status level, license status for Remote & Control, Navigation & Infotainment, live vehicle data such as operating status, speed, recuperation, fuel/energy consumption, use of certain vehicle functions such as air conditioning and charging timer, time between switching on and departure, use of cruise control, environmental data such as outside temperature, charging stations used, mileage), Personal preferences (preferred Audi Partner / Service Partner, consent to data processing, preferred date, alternative date, alternative mobility, service request, level, answers customer satisfaction questions, interactions such as satisfaction answers, information on service requests to dealers) and Location data (stationary location data, location history data, geolocation data)
Storage time: Data without activated challenge is deleted after a few seconds; Challenge tracking data 90 days after activation; Challenge results and redeemed rewards up to 1 year; Points per year and cumulative total points including levels up to 3 years; non-vehicle-specific data (e.g. trophies/badges) as long as the myAudi account exists or the function is active;
Legal basis and purpose: In addition to the performance of a contract, we will forward your data to your Audi Importer for the purpose of ensuring service provision and customer satisfaction, for the primary provision of the service to the main user and for the review and optimization of products and services in accordance with Art. 6 (1) (f) GDPR.
21. Security notification to main users upon purchase
For the purpose of notifying the key user, we process the following data every time a guest user or secondary user makes a purchase: Private contact and identification data (name of the guest user, email address of the key user), Legal transactions / contract data (product information).
Storage period: The data is only stored for the duration of the notification.
Legal basis and purpose: Art. 6 (1) (f) GDPR to ensure that the main user is informed about any safety-relevant changes to the vehicle.
IV. Audi connect services
In order to provide personalized Audi Connect Services in your vehicle, which require you to log in with your myAudi account / Audi ID in the vehicle, Audi transmits the data of your Audi ID (email address and password token) to your vehicle. The Audi Connect Services and license terms available for your vehicle are assigned to your Audi ID and stored in the myAudi system world. For notification functions of the applications, e.g. information about the climate and charge status of your vehicle (in the case of Audi e-tron vehicles), you can specify a preferred notification channel (e.g. email address). Your vehicle also transmits certain data for some Audi Connect Services to the Audi backend (as described in the following sections) so that you can view and retrieve it in myAudi.
In addition to the information on the legal basis of the data processing in Section D the data may be processed for the purposes of development and optimisation to safeguard our legitimate interests (Art. 6 (1) (f) GDPR) in high-quality services and functions.
For more information on the Audi connect Services, see also our privacy notice for Audi Connect.
1. Privacy Settings
In order to implement your privacy settings in the vehicle and to display and manage them in myAudi, we process the following data every time you change the settings or a service/service group is activated/deactivated: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (selected privacy setting, current deactivation/activation status per service or service group).
2. Personal profiles
In order to store and transfer your personal settings as part of the comfort and infotainment functions, we process the following data every time you make settings or link a vehicle to your Audi ID: IT usage data (Audi ID), Private contact and identification data (email address, nickname), if applicable, Recordings (photograph), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (seat and steering wheel positions, chassis and climate control settings, driver assistance systems, driver information systems, settings in the instrument cluster, settings in the infotainment system, individualisations such as interior lighting, multimedia data (e.g. music, films, photographs), address book data (for hands-free device or navigation), navigation destinations entered, data on the use of Internet services).
3. Vehicle Status Report
When using the Audi connect "Vehicle Status Report" service, we process the following data every time the vehicle sends relevant status data – e.g. when switching on, switching off, locking/unlocking, opening/closing doors or when the 12V battery charging status is critical – or when you actively access the data via the app: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (Locking status of the doors, status of windows, flaps, if applicable, folding/sliding roof, spoiler status, fuel and oil level (OK/NOK), maintenance interval data for service and oil change, mileage, total range or individual range, status of the park/parking light, current warning messages, status of the parking brake, battery charge level for e-trons and, if applicable, plug-in hybrid vehicles, AdBlue values for diesel vehicles, if applicable).
4. Remote auxiliary heating
For the Remote auxiliary heating service, we process the following data every time you use the air conditioning of your vehicle before starting your journey and to ensure system security: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (the planned departure timer you entered, heating effect, availability of the parking heater functionality, current status of the air conditioning and – in the case of ongoing air conditioning – the remaining running time).
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR to ensure system security.
5. Remote locking and unlocking
For the Remote Locking and Unlocking service, we process the following data every time you use the function in the myAudi app: IT usage data (user ID of the mobile device used), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (action performed (locking/unlocking), condition of the vehicle doors and flaps, time stamp).
Storage period: The actions performed to lock and unlock your vehicle are stored for up to 5 years to ensure system security as well as theft protection and tracking.
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR to ensure system security, protection against theft and to enable tracking.
6. Remote horn and flashing
For the Remote Horn and Turn Signal service, we process the following data every time you trigger your vehicle's horn and turn signals via your mobile device: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (action performed, time stamp, duration of the action (10s, 20s, 30s)), location data (current position of your vehicle, current position of your mobile device).
We collect the data directly from you, use the data already stored for your Audi ID as well as the data from your vehicle and process it to provide the service.
Storage period: In order to fulfill our contractual services to ensure system security, the last 10 actions are stored.
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR to ensure system security.
7. Push notification for the anti-theft alarm
For the Anti-Theft Alarm System Push Notification service, we process the following data every time the anti-theft alarm system is triggered: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (detected event (triggering event), time stamp).
We collect the data directly from your vehicle.
8. Remote vehicle tracking system
For the provision and use of the "Theft Tracking System" Service, we process the following data when the service is activated and when a manipulation event is detected: Private contact and identification data (name, address (street, house number, postcode, city), up to 3 telephone numbers), Vehicle master data and vehicle identification data (VIN), color, body shape, license plate), Vehicle usage data (Tamper event, mileage, battery voltage, speed, fuel level, ignition status, engine status), location data (current vehicle position, timestamp).
We use the data already stored for your Audi ID as well as the data from your vehicle and process it to provide the service. It is not turned off when the privacy settings are activated.
9. Speed Alert
For the configuration and use of the Audi Connect "Speed Alert" Service, we process the following data every time you save a Speed Alert in myAudi or the vehicle exceeds the defined speed of your Speed Alert and when the violation ends: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (information if the Speed Alerts stored in myAudi are exceeded within the defined times).
We collect the data directly from you and from your vehicle, use data already stored with your Audi ID and process it to provide the service.
10. Geofence Alert
For the configuration and use of the Audi Connect "Geofence Alert" Service, we process the following data every time you save a zone and send it to your vehicle, or when your vehicle enters or leaves a defined zone: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (events when exiting/re-entering from/into the defined permitted geo-area, events when entering/re-exiting in/out of the defined prohibited geo-zones) geoscope), location data (vehicle position, time stamp).
We collect the data directly from you and from your vehicle, use data already stored with your Audi ID and process it to provide the service.
11. Valet Alert
For the configuration and use of the Audi Connect "Valet Alert" Service, we process the following data every time you save a geofence or speed alert and send it to the vehicle, or the vehicle leaves a defined zone or exceeds the defined speed: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (Event exceeding/falling below the stored speed limit, event when exiting/re-entering from/into the defined geo-area), location data (vehicle position, time stamp).
We collect the data directly from you and from your vehicle, use data already stored with your Audi ID and process it to provide the service.
12. Automatic service reminder
For the use of the Audi Connect Service "Automatic Service Reminder", we process the following data every time you have activated the service reminder by entering your contact details and selecting an Audi Partner and an upcoming service interval for your vehicle is detected: Private contact and identification data (name, preferred communication channel (telephone, email), telephone number, email address, if applicable), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (mileage, fuel level, oil level, maintenance interval data, warning lights, event memory entries, status of service activation, stored service partner).
Storage period: The data of a specific service request is anonymized 90 days after closure. The vehicle condition data is stored for 6 months and then deleted.
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR for forwarding to your importer for the purpose of ensuring service provision and customer satisfaction.
13. Predictive maintenance reminder
For the use of the Audi Connect Service "Predictive Maintenance Reminder" for the predictive monitoring of wear parts in the vehicle, we process the following data every time the service has been activated and a relevant vehicle condition is detected: Private contact and identification data (name, telephone number, email address, preferred communication channel (telephone, email)), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (mileage, outside temperature, tire pressure, condition information about the 12V battery and tire pressure monitoring battery, currently active warning lights/warnings for brake fluid level, remaining running distance and running time until the next oil change, maintenance interval data, event memory entries, warning messages, history memory for warning lights/notices, event codes incl. time stamp and mileage), Vehicle history and workshop visits data (date and mileage of the last inspection).
We collect the data directly from you and from your vehicle, use data already stored for your Audi ID and process it to provide the service.
Storage period: The data is stored for up to 4 years.
14. Remote Vehicle Diagnostics
For the use of the Audi Connect "Remote Vehicle Diagnostics" Service to check the vehicle condition remotely and to carry out event diagnostics without a visit to the workshop, we process the following data every time an event memory entry is made in the vehicle, certain conditions are present or cyclically at the start of the vehicle or during a charging process: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (Data collection timestamps, mileage, vehicle status information, environmental conditions, operating states of system components, deviations from system states, event memory entries).
15. Audi incident assistance and Online roadside assistance
For the use of the Audi Connect Services "Audi Incident Assistance" and "Online Roadside Assistance ", we process the following data every time you actively trigger the service in the vehicle or proactively contact the call center in the event of an accident or breakdown: Private contact and identification data (title, salutation, surname, first name, email address, date of birth, address (street, house number, postcode, city, country), telephone number), Vehicle master data and vehicle identification data (VIN, brand, mileage, model name, model year, colour, transmission, drive type, year of manufacture, vehicle type, equipment features, vehicle registration number), Vehicle usage data (remaining range, service date, hit zone, hit severity, accident day, accident time, trigger, warning lights, DTCs, GPS data, correctness of GPS data, direction of travel, type of damage, date of damage record, Preliminary damage calculation), Vehicle history and workshop visits data (service due date, last service), legal transactions / contract data (name of the insurance company, insurance number, type of claim).
We collect the data directly from you and from your vehicle when the service is triggered in the vehicle, via the myAudi app or by telephone and use data already stored for your Audi ID.
Storage period: As long as this is necessary for the provision of the service or as long as there is a legitimate interest in further storage. Reported damage is stored for 6 months and drafts for 48 hours from the time of detection and then deleted.
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR for forwarding to your importer for the purpose of ensuring service provision and customer satisfaction.
16. Audi connect key
For the use of the Audi Connect Service "Audi connect key" to open, start and close the vehicle with your smartphone, we process the following data every time a key is assigned or used, as well as to monitor and ensure the security services: IT usage data (CPLC of the mobile device, device type, app version and OS version, Google Cloud Messaging/ Firebase Cloud Messaging Token), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (Audi connect key, key type, status of the key card, status of the service, changes in the type of use (e.g. change of vehicle keywhen starting the vehicle, key card activated/deactivated, function activated/deactivated), time of use, mileage).
App access: The app allows the Audi connect key to be assigned by selecting users from their address book, if they wish.
Storage period: The data is stored until the assignment of the end device to the Audi connect key is resolved.
Legal basis and purpose: In addition to the performance of a contract, we process your data in accordance with Art. 6 (1) (f) GDPR for logging and ensuring service security.
17. Online Car Care
For the use of the Audi Connect "Online Car Care" Service, we regularly process the following data for vehicle monitoring, information on repair needs and field measures when the vehicle is used, during certain events and when the function is activated by the main user: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (timestamp of data acquisition, mileage, vehicle status information, environmental conditions, operating states of system components, deviations from system states, event memory entries, reactions in special driving situations, state of charge of the high-voltage battery in electric vehicles, estimated range), if applicable. Private contact and identification data (name, email address for notification of predictive information and field actions).
Storage period: The data is stored for a maximum of 5 years.
18. Online logbook
For the use of the Audi Connect "Online Logbook" Service, we process the following data every time you start or complete a journey: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (at the start of the journey (date, time, mileage, GPS position, street name, house number, city, postcode, country), at the end of the journey (date, time, mileage, GPS position, street name, house number, city, postal code, country, name of the main user), category of the logbook entry (business trip, commute, private trip, not categorized), business purpose and business partner (optional, from calendar data of the mobile device).
We collect the data directly from your vehicle as well as from your myAudi account and, if applicable, from the system calendar of your mobile device, if connected.
App access: The myAudi app accesses your calendar if you wish.
Storage period: The data is stored for up to 10 years or until you delete the data in myAudi.
19. Automatic user identification
For the use of the Audi Connect "Automatic User Identification" Service to identify the user in the vehicle on the basis of his myAudi account and the associated automatic transfer of the last personal settings as part of comfort and infotainment functions in the vehicle, we process the following data every time you activate the function or a Bluetooth connection is established between the mobile device and the vehicle: IT usage data (user ID, client ID for unique identification of the installation of the app on the mobile device, software key of the mobile device for secure communication via Bluetooth), Vehicle master data and vehicle identification data (VIN, software key of the vehicle for secure communication via Bluetooth).
We collect the data directly from your mobile device and your vehicle when the function is activated and the Bluetooth connection is established.
App access: The function is activated and controlled via the myAudi app. The connection to the vehicle is via Bluetooth using Automatic User Identification.
20. Remote Park Assist
When using the Audi Connect "Remote Park Assist" Service to park and exit your vehicle with your mobile device via Bluetooth, we process the following data every time you carry out a parking process via the app via Bluetooth: Vehicle usage data (action performed (parking incl. parking the vehicle, exiting a parking space including starting the vehicle), status information about the parking process (status of the parking process, Display of orientation lines for the route during parking)).
App access: The function is activated and controlled via the myAudi app. The connection to the vehicle is via Bluetooth using Automatic User Identification.
Storage period: The data will only be processed for the duration of the use of the service.
21. Lighting technology
For the use of the Audi Connect "Lighting technology" Service to experience the lighting technology installed in the vehicle, we process the following data every time you use the function in the app: Vehicle usage data (action performed (leaving-home/coming-home animation, matrix LED functions), status information about the lighting technology (status of individual light functions).
App access: The function is activated and controlled via the myAudi app. The connection to the vehicle is via Bluetooth using Automatic User Identification.
Storage period: The data will only be processed for the duration of the use of the service.
22. (Basic Service) HV battery data provision
For the use of the Audi Connect Service "(Basic Service) HV Battery data Provision", we process the following data every time you have activated the service, when your vehicle transmits relevant data on the high-voltage battery after the start or end of a journey: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (timestamp of data collection, mileage, state of charge of the high-voltage battery, charging energy, battery capacity, energy consumption, fuel consumption, information on the use and condition of the vehicle and the high-voltage battery).
Storage period: The data on the status of the high-voltage battery is permanently stored when the service is activated in order to be able to be made available flexibly if required, also for subsequent vehicle owners or owners in accordance with the legal information obligations.
23. HV battery data provision
To use the Audi Connect "HV battery data provision" Service, we process the following data every time your vehicle transmits relevant data on the high-voltage battery: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (specific operating data for the HV battery (e.g. state of charge, charging energy, battery capacity, energy consumption)).
24. Themes
For the administration (activation/deactivation) of purchased products in the Audi Shop Themes, we process the following data every time you use access the shop in myAudi: Vehicle master data and vehicle identification data (VIN), legal transactions / contract data (purchased products assigned to VIN, price, time of purchase, validity).
25. Audi rear occupant detection
For the use of the Audi Connect Service "Audi rear occupant detection ", we process the following data every time a warning event is triggered due to people potentially left behind in the rear of the vehicle: Vehicle master data and vehicle identification data (VIN), Private contact and identification data (preferred communication channel (telephone, email), telephone number, email address if applicable, surname, first name for push notification to linked contacts.
V. Audi e-tron services
The following online services are available to you in Audi e-tron vehicles. Again, please note that not all of the services listed may be available in your vehicle or country. For Audi A3 Sportback e-tron vehicles, the mileage must be entered in myAudi to activate the following services. In addition, the vehicle always transmits the mileage to Audi during the ignition process.
1. Audi Wallbox
For the use of the Audi Wallbox and associated online services, we process the following data every time you use the function or link your Wallbox to your Audi ID: IT usage data (Audi ID, Wallbox ID, charging card ID, charging card numbers of the charging cards you have activated, status of the wallbox administration (e.g. administration authorizations), connection status, timestamp of the last communication establishment (history and logging data)), Private contact and identification data (email address) and, if applicable, Location data (location of your charging station, location description (address of the charging point / EVSE)), Vehicle usage data (charging history (e.g. charging volume, duration, time, start/stop of a charging session, charging ID), authorisation and authentication information).
We collect the data directly from you as well as from your wallbox and the associated online services.
2. Remote operation and displaying of charging / charging equipment status
In order to use the service to display and control the charging process of your vehicle, we process the following data every time you use the function or a new data record is sent from the vehicle: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (information and status of the charging process (e.g. charging time, state of charge), characteristics of the charging process (e.g. electricity consumption(energy quantity, charging power, charging rate), selected departure time, remaining charging time, user's own electricity preference, drive type, range, charging timer, planned departure times, charging location).
We collect the data directly from your vehicle as well as from the settings you make in the myAudi app and MMI.
3. Remote air conditioning
For the use of the remote air conditioning service, we process the following data every time a timer changes, air conditioning status, remaining running time or availability: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (current air conditioning status, availability of the stationary air conditioning function (e.g. tank empty, battery empty, system events), remaining running time while air conditioning is running, Air conditioning timer (planned in myAudi), selection of the heating source, special configurations (e.g. heating of the glass surfaces, seat heating, seat air conditioning).
We collect the data directly from your vehicle as well as from the settings you make in the myAudi app and MMI.
4. Audi charging
For the use of the Audi charging service, we process the following data once when concluding a contract with our cooperation partner Elli: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Private contact and identification data (email address, surname, first name).
5. e-tron charging system connect
For the use of the e-tron charging system connect service, we process the following data every time you use the function or the charging system is active: IT usage data (Audi ID, serial number of the charging system, device type, device status, software version, update time, UserID for user assignment), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (Charging statistics, charging status, charging infrastructure information, electricity tariff data, respective time of use of the electronic data processing)
We collect the data directly from your vehicle and your e-tron connect charging system.
6. Plug & Charge
In order to use the Plug & Charge service and to ensure system security, we process the following data every time the vehicle is started or when the functional status is changed: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (availability status, functional status (activated/deactivated/error), hardware information, software information), legal transactions / Contract data (provider information of the charging current contract, contract number, validity period).
We collect the data directly from your vehicle as well as from your charging electricity contract.
Contract data is received by the card provider in the event of changes and forwarded to your vehicle.
7. Driving data
For the use of the Driving Data service, we process the following data every time you use the function or complete a journey or initiate it manually: Vehicle master data and vehicle identification data (VIN), Vehicle usage data (distance travelled, route length, consumption (fuel consumption, electrical consumption), total mileage at the beginning and end of the journey, average speed, journey duration, time of data transmission).
VI. MMI Services
1. Audi Online Music
For the use of Audi Online Music, we process the following data every time you access Amazon Music or the web radio (Audials) in the MMI display of your vehicle: IT usage data (login, password (note: this data is not stored, but transmitted directly to Amazon), tokens (is stored in myAudi for future logins), location data (current position of the mobile device (only when using the radius search on Audials' web radio)), Personal preferences (favorite radio stations (if created by the user, these are stored in myAudi)).
Storage period: The data will only be processed for the duration of the use of the service.
2. News online
For the use of "News online", we process the following data every time you display news online via RSS feeds in the vehicle: IT usage data (Audi ID), Vehicle master data and vehicle identification data (VIN), Vehicle usage data (time of access, type of request).
Storage period: The data will only be processed for the duration of the use of the service.
3. Connected Navigation – Carfinder
For the use of "Carfinder" via Connected Navigation, we process the following data every time you display the last known vehicle position after switching off and locking your vehicle and, if necessary, can be navigated to the location via the myAudi app: Vehicle master data and vehicle identification data (VIN), location data (last known position of the vehicle).
4. Connected Navigation – map display in the myAudi app
For the use of navigation maps via Connected Navigation and MMI Rear Seat Entertainment, we process the following data every time you view a current navigation map in myAudi: IT usage data (session ID, map section data (pseudonymised), metadata (time stamps, SW versions)).
5. Connected Navigation – Traffic Information Online
For the use of "Traffic Information Online" via Connected Navigation in the myAudi app and in the HMI, we process the following data every time you view an up-to-date navigation map and plan a route and up-to-date traffic information and traffic flow data are provided for navigation: IT usage data (session ID, map section data (pseudonymised), metadata (time stamps, SW versions), Map or map tile versions), location data (current position of your vehicle (when used in the vehicle), map section to be displayed (when used in myAudi)), Vehicle usage data (desired destination, settings for traffic information, vehicle speed, direction of travel, metadata on the quality of the sensor data)
Storage period: The data will only be processed for the duration of the use of the service.
6. Connected Navigation – Destination input via Google Maps
For the use of "destination input via Google Maps" via Connected Navigation, we process the following data every time you transmit navigation destinations from Google Maps to your vehicle using myAudi: IT usage data (pseudonymised user ID, pseudonymised vehicle ID) and Vehicle usage data (navigation data, energy consumption data, if applicable).
7. Connected Navigation – myAudi Navigation
For the use of "myAudi Navigation" via Connected Navigation in the myAudi app
, we process the following data every time you configure destinations, favorites and routes and synchronize them between your myAudi account and the vehicle: IT usage data (pseudonymized user ID, pseudonymized vehicle ID) and Vehicle usage data (Navigation data (e.g. destinations, favourites, last destinations), additional data in the e-tron route planner: energy consumption, climate data, climate control settings, charging data).
8. Connected Navigation – e-tron Route Planner (Remote Service)
For the use of "e-tron Route Planner" via Connected Navigation in the myAudi app and
for the validation and optimization of the accuracy and quality of the charging point-of-interest data, we process the following data every time you plan navigation routes taking into account the charging behavior of your vehicle: IT usage data (anonymized ID (no conclusions about owner or vehicle, but assignment over time possible)), Vehicle master data and vehicle identification data (pseudonymised VIN), Vehicle usage data (consumption values for different speed ranges, data on auxiliary consumers, characteristic curves on electrical consumption, climate settings, range calculation mode, current and maximum range, time of data transmission, battery charge level, planned target charge level at charging stop, information on towing mode, set speed limit, Information on the installed charging socket and battery including charging characteristics, individual consumption values, ascent/descent of the route (topographical factor), time stamp, charging parameters (e.g. maximum charging power, target charging current, voltage values, SoC values, remaining charging time, software status of the charger), operating mode of the vehicle (charging scenario, charging type, HV battery preconditioning status, error status, charging schedule creation, charging session ID), EVSE ID, maximum available current, voltage and power values, status of plug detection, temperature values of the charging sockets, HV battery and environment), location data (position data of the vehicle (longitude, latitude, orientation)).
Storage period: To improve the charging experience, all charging processes (AC/DC) are stored for 3 months, the anonymized ID for AC charging processes for a maximum of 7 days and data without anonymized ID for a maximum of 2 years.
E. Data processing under joint control
I. Audi ID Login
If and as long as you are on an Audi Importer's website (except Canada, see Section D.II.3) via the myAudi login, Audi and the respective Audi Importer responsible for the respective website are joint controllers for data processing in connection with myAudi services provided on this website. A list of importers can be found in Annex 1a – List of importers. For more information on the myAudi services, please see the Section D.
In accordance with the legal requirements, the respective Audi Importer and Audi have entered into contractual agreements on which data protection obligations are to be fulfilled by the importer and which by Audi:
|
Task |
AUDI AG |
Importer (website operator) |
|
Contact person for data subjects |
X |
X |
|
Information obligations pursuant to Art. 13 GDPR of data subjects when collecting personal data |
X |
X |
|
Processing of requests for information from data subjects in accordance with Art. 15 GDPR |
X |
X |
|
Processing of correction requests in accordance with Art. 16 GDPR |
X |
X |
|
Processing of deletion requests or restriction of processing in accordance with Art. 17, 18 GDPR |
X |
X |
|
Processing of requests for surrender in accordance with Art. 20 GDPR |
X |
X |
|
Processing of objections in accordance with Art. 21 GDPR |
X |
X |
|
Notification of personal data breaches pursuant to Art. 33, 34 GDPR |
X |
X |
Notwithstanding this agreement, you may exercise your rights as a data subject as described in Section B.IV. both against the importer and against Audi.
Please note that not all services may be available in your country and that the service portfolio may differ, especially between app and website (both https://my.audi.com and the country-specific website).
II. Audi Functions Store
Via the Audi Functions Store, a user can purchase various vehicle-specific, digital products and services such as Audi connect Services (hereinafter: "Digital Products and Services") via a one-time order or on a subscription basis ("Order").
With regard to individual data processing operations in connection with order processes in the Audi Functions Store, Audi is joint controller with the respective operator of an Audi Functions Store (hereinafter referred to as the shop operator) (see also Annex 1a – List of importers) or with other recipients under their own responsibility (see Annex 4 – Recipients as independent controllers). Audi is also the shop operator for the German market.
The following tables show which data processing is in sole control of Audi under data protection law or the joint control of Audi and the shop operators or other recipients under their own responsibility under data protection law.
If you want to exercise your data protection rights vis-à-vis Audi please use the contact options at Section B.II. If you want to exercise your data protection rights vis-à-vis the shop operators please use the contact options set out in Annex 1a – List of importers to the respective regional shop operators. If you want to exercise your data protection rights vis-à-vis the payment provider please use the contact options as described in Annex 4 – Recipients as independent controllers specified.
Internal contractual assignment of tasks within the framework of joint control between Audi and shop operators
From the table below, you can see which of the joint controllers assumes which data protection obligations.
|
Task |
AUDI AG |
Shop Operator |
|
Contact person for data subjects |
X |
X |
|
Information obligations pursuant to Art. 13 GDPR of data subjects when collecting personal data |
X |
X |
|
Processing of requests for information from data subjects in accordance with Art. 15 GDPR |
X |
X |
|
Processing of correction requests in accordance with Art. 16 GDPR |
X |
X |
|
Processing of deletion requests or restriction of processing in accordance with Art. 17, 18 GDPR |
X |
X |
|
Processing of requests for surrender in accordance with Art. 20 GDPR |
X |
X |
|
Processing of objections in accordance with Art. 21 GDPR |
X |
X |
|
Notification of personal data breaches pursuant to Art. 33, 34 GDPR |
X |
X |
Internal contractual assignment of tasks within the framework of joint control between Audi and the payment service provider
From the table below, you can see which of the joint controllers assumes which data protection obligations.
|
Task |
AUDI AG |
Payment Service Provider |
|
Contact person for data subjects |
X |
X |
|
Information obligations pursuant to Art. 13 GDPR of data subjects when collecting personal data |
X |
X |
|
Processing of requests for information from data subjects in accordance with Art. 15 GDPR |
X |
X |
|
Processing of correction requests in accordance with Art. 16 GDPR |
X |
X |
|
Processing of deletion requests or restriction of processing in accordance with Art. 17, 18 GDPR |
X |
X |
|
Processing of requests for surrender in accordance with Art. 20 GDPR |
X |
X |
|
Processing of objections in accordance with Art. 21 GDPR |
X |
X |
|
Notification of personal data breaches pursuant to Art. 33, 34 GDPR |
X |
X |
1. Shopping in the Audi Functions Store
When you make a purchase in an Audi Functions Store, we process the following data every time you process an order: IT usage data (Audi ID, email address), Professional/ Private contact and identification data (surname, first name, date of birth, place of birth (depending on the market), billing address (street, house number, postcode, city, country), personal tax number (depending on the market), company name, VAT ID, if applicable, national Tax ID, if applicable Codice Destinario, if applicable PEC Mail), Vehicle master data and vehicle identification data (VIN), Legal transactions / Contract data (contract identifier, company name (for business customers), VAT ID, national tax ID (depending on the market), purchased product, price, order number, order date, order data, currency, transaction amount, subscription model, voucher codes), Financial data (payment method, card number, expiration date, cardholder, security code).
Storage period: We only store your personal data for as long as is necessary to fulfil the respective purpose or as there are statutory retention obligations (e.g. 10 years for Germany, if applicable).
2. Registration and Payment Processing
For the purpose of registering with the payment service provider and processing payments, we process the following data every time you make a payment: IT usage data (Audi ID, email address), Professional/ Private contact and identification data (surname, first name, date of birth, place of birth (depending on the market), billing address (street, house number, postal code, city, country), personal tax number (market-dependent), company name, VAT ID, VAT ID, if applicable. national tax ID, if applicable, Codice Destinario, if applicable, PEC Mail), Vehicle master data and vehicle identification data (VIN), Legal transactions / Contract data (contract identifier, company name (for business customers), VAT ID, national tax ID (depending on the market), product purchased, price, order number, order date, order data, currency, transaction amount, subscription model, voucher codes), Financial data (payment method, card number, expiration date, cardholder, security code).
We collect the data directly from you via a plug-in of the payment service provider in the Audi Functions Store. Audi does not have access to this payment data.
Storage period: During the business relationship + 3 years after termination (for payment service provider), at Audi according to statutory retention periods.
Legal basis and purpose: In addition, we process your data in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interest in legal defence and risk management.
3. Advertising Mail Campaigns
For the sending of advertising mail campaigns in the context of the Audi Functions Store, we process the following data for each campaign: IT usage data (Audi ID), Private contact and identification data (email address).
Storage period: Your data will be stored until you revoke your consent.
Legal basis and purpose: We process your data based on consent in accordance with Art. 6 (1) (a) GDPR for the implementation of commercial mail campaigns.
III. Customer Support across sales levels
In order to further optimize the customer experience in the context of customer support, in certain countries we transmit the following data from the central customer record to the responsible Audi Importer responsible for your market, or receive access from them to the data listed in Section D.I.2.
A list of importers as possible data recipients or data suppliers can be found in this Privacy Notice in Annex 1b – List of participating importers in customer support across sales levels. Audi or the responsible importer combine the data with their own data, store it in their own central customer data record and use it as part of customer support. The data transfer or use of importer data is based on our legitimate interest in accordance with Article 6 (1) (f) GDPR in providing efficient and comprehensive customer support in line with high customer expectations (see Section D.I.2). The exchange of data ensures that the customer receives the best possible support, regardless of whom the customer contacts. Without data consolidation, the customer may have to be redirected or information would have to be obtained, resulting in delays and inefficient processing of requests.
As part of cross-sales customer support, Audi and the respective Audi Importer responsible act as joint controllers under data protection law within the meaning of Art. 26 GDPR. In order to implement this joint control, we and the respective importers have entered into contractual agreements that specify which data protection obligations are assumed by which party. For an overview of the distribution of responsibilities, see the table below:
|
Task |
AUDI AG |
Importer |
|
Contact person for data subjects |
X |
X |
|
Information obligations pursuant to Art. 13 GDPR of data subjects when collecting personal data |
X |
X |
|
Processing of requests for information from data subjects in accordance with Art. 15 GDPR |
X |
X |
|
Processing of correction requests in accordance with Art. 16 GDPR |
X |
X |
|
Processing of deletion requests or restriction of processing in accordance with Art. 17, 18 GDPR |
X |
X |
|
Processing of requests for surrender in accordance with Art. 20 GDPR |
X |
X |
|
Processing of objections in accordance with Art. 21 GDPR |
X |
X |
|
Notification of personal data breaches pursuant to Art. 33, 34 GDPR |
X |
X |
Notwithstanding this Agreement, you may exercise your rights as a data subject as described in Section B.IV. both against us and against the respective Audi importer.
Annexes
Annex 1a – List of importers
|
Country |
Information regarding the Audi importer |
|
Belgium |
D’Ieteren Automotive SA/NV Audi Import |
|
Brazil |
Audi do Brasil Indústria e Comércio de Veículos Ltda Av. of the United Nations, no. 14261, Tower A, 14th floor, Vila Gertrudes, CEP 04794-000, São Paulo/SP – Brazil |
|
Germany |
AUDI AG Auto-Union-Straße 1 |
|
Denmark |
Audi Denmark Park Alle 355 |
|
Estonia |
Al Mare Auto OÜ Mõisa 4, |
|
Finland |
K Auto Oy,Vantaa Business ID 0154578-2 |
|
France |
Volkswagen Group France S.A. 11, avenue de Boursonne |
|
Greece |
Kosmocar S.A. 566-568, Vouliagmenis Ave. |
|
Great Britain |
Volkswagen Group United Kingdom Limited trading as Audi UK Yeomans Drive |
|
Ireland |
Audi Ireland Block C |
|
Italy |
VOLKSWAGEN GROUP ITALIA S.p.A. Registered office in Viale G.R. Gumpert n.1,37137 |
|
Japan |
Volkswagen Group Japan K. K. 5-10, Akemicho, Toyohashi-shi Aichi, 441-8550, Japan |
|
Canada |
Audi Canada Inc. Bayly Street West 777 |
|
Canary Islands |
DOMINGO ALONSO S.L.U. Avenida Pintor Felo Monzón nº34 B |
|
Croatia |
Porsche Croatia d.o.o. Miroslava Miholića 2 |
|
Latvia |
Moller Baltic Import SE Duntes 3 |
|
Liechtenstein |
AMAG Import AG Alte Steinhauserstrasse 12 |
|
Lithuania |
Moller Baltic Import SE Duntes 3 |
|
Luxembourg |
Losch Import S.à r.l. 5, rue des Joncs |
|
Netherlands |
Pon's Automobielhandel B.V. Zuiderinslag 2, |
|
Norway |
Harald A. Möller AS Frysjaveien 31B, 0884 Oslo |
|
Poland |
Volkswagen Group Polska Sp. z o.o. NEMA 61-037 (UL) Krańcowa 44, Poland |
|
Portugal |
SIVA S.A. Rua do Comércio Nº2, |
|
Romania |
Porsche Romania SRL 077190 Voluntari, Ilfov |
|
Sweden |
Volkswagen Group Sverige Audi Sweden |
|
Switzerland |
AMAG Import AG Alte Steinhauserstrasse 12 |
|
Slovakia |
Porsche Slovakia spol.s r.o. Vajnorska 160 |
|
Slovenia |
Porsche Slovenija d.o.o. Bravnicarjeva 5, |
|
Spain |
Volkswagen Group España Distribución, S.A.U. Av. Parc Logístic, 12-20, Sants-Montjuïc District, 08040 Barcelona, Spain |
|
Czech Republic |
Porsche Czech Republic Porsche Czech Republic s.r.o. Radlicka 740/113 d |
|
Hungary |
Porsche Hungaria Kft. 1139-Budapest, |
|
United Arab Emirates |
Al Nabooda Automobiles LLC Audi Showroom, Between 2nd & Interchange No 3 Sheikh Zayed Rd - Al Quoz - Al Quoz 3, Dubai, United Arab Emirates Ali & Sons Co. LLC Ali & Sons, Audi Abu Dhabi, Building #C40, Airport Road, 18th St - Airport Road, Abu Dhabi, United Arab Emirates |
|
Austria |
Porsche Austria GmbH & Co OG Louise-Piëch-Straße 2 |
Annex 1b – List of participating importers in customer support across sales levels
|
Country |
Information regarding the importer |
|
France |
Volkswagen Group France S.A. |
|
Spain |
Volkswagen Group España Distribución, S.A.U. |
|
Ireland |
Volkswagen Group Ireland Ltd. |
|
Great Britain |
Volkswagen Group UK Ltd. |
Annex 2 – Information on data processing under the sole control of fleet operators
If the vehicle is part of a fleet, the respective fleet operator or a service provider commissioned by him to manage the fleet can access certain vehicle data and extract it from the vehicle.
This includes, among other things, the VIN, maintenance data (e.g. next oil change) when the vehicle is switched on, trip data when the vehicle is switched off, remaining range data, fuel level or battery charge level in e-tron vehicles, as well as warning lights during driving. In addition, the fleet operator may, if necessary, collect the position of the vehicle when the vehicle is switched off.
The fleet operator decides on the extraction and processing of the data on its own responsibility. For information on data processing, please contact the fleet operator.
Please note that the fleet operator can exclude the services required by him for the extraction of the data from deactivation in the privacy settings.
Annex 3 – Processors
|
No |
Processor category |
Name |
Address |
Purpose of processing / purpose of transfer to a third country |
Function |
Country of data processing |
|
1 |
Service provider |
CARIAD SE |
Berliner Ring 2, 38440 Wolfsburg, Germany |
Hosting, IT operations, IT security, IT support, development of services / functions, provision of services, customer analysis & evaluation |
D.I.1 D.III.1 D.III.2 D.III.3 D.III.4 D.III.5 D.III.6 D.III.7 D.III.8 D.III.9 D.III.9 D.III.10 D.III.11 D.III.12 D.III.13 D.III.14 D.III.15 D.III.16 D.III.18 D.III.19 D.III.20 D.III.21 D.IV.1 D.IV.2 D.IV.3 D.IV.4 D.IV.5 D.IV.6 D.IV.7 D.IV.8 D.IV.9 D.IV.10 D.IV.11 D.IV.12 D.IV.13 D.IV.14 D.IV.15 D.IV.16 D.IV.17 D.IV.18 D.IV.19 D.IV.20 D.IV.21 D.IV.22 D.IV.23 D.IV.24 D.IV.25 D.V.1 D.V.2 D.V.3 D.V.4 D.V.5 D.V.6 D.V.7 D.VI.3 D.VI.4 D.VI.5 D.VI.6 D.VI.7 D.VI.8 |
Netherlands, Ireland, Germany, USA |
|
2 |
Service provider |
Valtech Mobility GmbH |
Marsstraße 46, 80335 Munich, Germany |
Provision of digital services, development and testing of products and services |
D.VI.5 |
Germany |
|
3 |
Service provider |
e.solutions |
Despag-Straße 4a, 85055 Ingolstadt, Germany |
Provision of digital services, development and testing of products and services |
D.VI.8 |
Germany |
|
4 |
Service provider |
IDnow GmbH |
Auenstraße 100, 80469 Munich, Germany |
Provision of services |
D.III.2 |
Germany, Bulgaria, Croatia, Romania |
|
5 |
Service provider |
Adobe Systems Software Ireland Limited |
4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland |
Adobe Analytics |
D.III.1 |
Ireland |
|
6 |
Service provider |
TomTom Germany GmbH & Co KG |
Am Neuen Horizont 1, 31177 Harsum, Germany |
Provision of digital services, development and testing of products and services |
D.VI.4 D.VI.5 |
Germany |
|
7 |
Service provider |
HERE Global B.V. |
Kennedyplein 222-226, 5611 ZT Eindhoven, The Netherlands |
Provision of digital services, development and testing of products and services |
D.VI.5 |
Netherlands, Ireland |
|
8 |
Service provider |
mgm technology partners GmbH |
23, 80807 Munich, Germany |
Dev & Support |
D.III.2 |
Germany |
|
9 |
Service provider |
Audi Business Innovation GmbH |
6, 80331 Munich, Germany |
Service and Feature Development, Dev & Support, Customer Analytics/Evaluations, IT Support |
D.I.6 E.II |
Germany |
|
10 |
Service provider |
diconium GmbH |
11, 70376 Stuttgart, Germany |
Development of services and functions |
D.I.6 |
Germany |
|
11 |
Service provider |
salesforce.com Germany GmbH |
Erika-Mann-Str. 31, 80636 Munich, Germany |
Hosting & IT Operations |
D.I.2 D.I.6 E.II E.II.3 |
Germany, Ireland, USA, Indien |
|
12 |
Service provider |
dx.one GmbH |
Berliner Ring 2, 38440 Wolfsburg, Germany |
IT Operations, IT Security, IT Support |
D.I.1 E.II |
Germany |
|
13 |
Service provider |
Volkswagen Group Service GmbH |
Major-Hirst-Str. 11, 38442 Wolfsburg, Germany |
Operations, Support & IT-Support |
E.II |
Germany |
|
14 |
Service provider |
Capgemini Deutschland GmbH |
Olof-Palme Str. 14, 81829 Munich, Germany |
Provision of data on platforms operated by third parties |
D.I.6 E.II |
Germany |
|
15 |
Service provider |
w.e.b. Wirth EDV Beratung OHG |
11, 85049 Ingolstadt, Germany |
Dev. & IT-Support |
D.IV.17 |
Germany |
|
16 |
Service provider |
Cognigy GmbH |
1, 40221 Düsseldorf, Germany |
Provision of services |
D.I.2 |
Germany |
|
17 |
Service provider |
Porsche Informatik GmbH - |
Louise-Piech-Straße 9, 5020 Salzburg, Austria |
Provision of services |
D.III.8 |
Austria |
|
18 |
Service provider |
soft-nrg Development GmbH |
Einsteinring 37, 85609 Aschheim-Dornach, Germany |
Provision of services |
D.III.8 |
Germany, Romania |
|
19 |
Service provider |
HRF GmbH & Co. KG |
Darmstädter Straße 62, 64354 Reinheim, Germany |
Provision of services |
D.III.8 |
Germany |
|
20 |
Service provider |
Cubic Telecom |
14, 60322 Frankfurt am Main, Germany |
Provision of services, hosting, IT operations, IT support |
D.III.9 |
Germany, Ireland |
|
21 |
Service provider |
Accenture Song Build Germany GmbH |
38, 22765 Hamburg, Germany |
Provision of services |
D.II.1 D.III.16 |
Germany |
|
22 |
Service provider |
Concentrix Holding Germany GmbH |
20, 90402 Nuremberg, Germany |
Provision of services, customer analyses / evaluations |
D.I.1 D.III.2 |
Germany |
|
23 |
Service provider |
Concentrix CVG International Sp. z.o.o. (Branch Katowice) |
Global Office Park, Tower A2, Zabrska 17, 40-083 Katowice, Polen |
Provision of digital services |
D.I.2 |
Poland |
|
24 |
Service provider |
Concentrix Services Portugal, Sociedade Unipessoal, LOA |
Confeiteira 11, Cabanas, 4700-048 Braga, Portugal |
Provision of digital services |
D.I.2 |
Portugal |
|
25 |
Service provider |
Volkswagen Group of America Inc (Audi of America LLC) |
2200 Ferdinand Porsche Drive, Herndon, VA 20171, United States |
Hosting, IT-operations, IT-support |
D.III.5 |
United States |
|
26 |
Service provider |
Volkswagen AG |
Berliner Ring 2, 38440 Wolfsburg, Germany |
Provision of digital services, development and testing of products and services |
D.III.4 D.IV.18 |
Germany |
|
27 |
Service provider |
SEAT:CODE |
(Metropolis Lab Barcelona S.A.), the Garage, C/Badajoz 97, 08018 Barcelona, Spanien |
Development, IT operations, IT support and hosting |
D.III.20 |
Spain |
|
28 |
Service provider |
Vodafone Automotive Telematics SA, Switzerland (as well as local service providers, if applicable) |
Via S. Franscini 10, 6850 Mendrisio, Schweiz |
Provision of services |
D.IV.8 |
Switzerland |
|
29 |
Service provider |
PHD Germany GmbH |
Speicherstraße 59, 60327 Frankfurt am Main |
Marketing and advertisement |
D.I.6 |
Germany, Irland, USA |
Annex 4 – Recipients as independent controllers
|
No |
Category of the recipient |
Name |
Address |
Purpose of the processing by the recipient / purpose of the transfer to a third country |
Function |
Country of data processing |
|
1 |
Person in charge |
Google LLC |
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
Connection to Google Maps Provision of services |
D.III.16 D.III.17 |
USA |
|
2 |
Person in charge |
Cubic Telecom |
14, 60322 Frankfurt am Main, Germany |
Provision of services |
D.III.9 |
Germany |
|
3 |
Person in charge |
Audi Service Partner |
Depending on the country and selection by the customer and, if applicable, participation by the Audi partner |
Provision of services |
D.I.3 D.I.4 D.I.6 D.III.2 D.III.6 D.III.7 D.III.8 D.III.10 D.III.19 D.III.20 D.IV.12 |
|
|
4 |
Person in charge |
Sales company (importer) |
Depending on the selected market |
Provision of services, marketing & advertising |
D.I.1 D.I.3 D.I.4 D.I.6 D.I.7 D.II.1 D.III.8 D.III.10 D.III.20 D.IV.12 D.IV.15 E.I E.II E.III |
(see also Annex 1a – List of Importers) |
|
5 |
Person in charge |
VW Financial Services AG |
Gifhorner Straße 57, 38112 Braunschweig, Germany |
Provision of services |
D.III.12 |
Germany |
|
6 |
Person in charge |
VW Leasing GmbH |
Gifhorner Straße 57, 38112 Braunschweig, Germany |
Provision of services |
D.III.12 |
Germany |
|
7 |
Person in charge |
Audi Leasing, branch of Volkswagen Leasing GmbH |
Gifhorner Straße 57, 38112 Braunschweig, Germany |
Provision of services |
D.III.13 |
Germany |
|
8 |
Person in charge |
Audi VersicherungsService, branch of Volkswagen Versicherungsdienst GmbH |
Gifhorner Straße 57, 38112 Braunschweig, Germany |
Provision of services |
D.III.13 D.III.15 |
Germany |
|
9 |
Person in charge |
Amazon EU S.à r.l. (Amazon Music) |
Amazon EU S.à r.l. (Limited Liability Company), 5 Plaetis Street, L-2338 Luxemburg |
Provision of services |
D.VI.1 |
Luxembourg |
|
10 |
Person in charge |
Audials AG (Webradio) |
27, 76133 Karlsruhe, Germany |
Provision of services |
D.VI.1 |
Germany |
|
11 |
Person in charge |
Elli Mobility GmbH |
Mollstraße 1, 10178 Berlin |
Provision of services |
D.V.1 D.V.4 |
Germany |
|
12 |
Person in charge |
J.P. Morgan Mobility Payments Solutions S.A. (MPS) |
161, Rue du Kiem, 8030 Strassen, Luxembourg |
Provision of services |
E E.II.2 |
Luxembourg |
|
13 |
Person in charge |
Insurance |
Provision of services |
D.IV.15 |
Depending on the country and choice by the customer and digital availability of the insurance |
|
|
14 |
Person in charge |
Service provider for messages e.g. www.afp.com, www.tagesschau.de, www.partner.dw.com and, if applicable, other providers of RSS feeds added by the user himself. |
Provision of services |
D.VI.2 |
Depending on the country and availability of the service provider and selection by the customer |
|
|
16 |
Person in charge |
Audi Motorsport AG |
9, 8340 Hinwil, Switzerland |
Marketing & Advertising, Provision of Services |
D.I.7 D.II.4 |
Switzerland |
|
17 |
Person in charge |
Apple |
Provision of services |
D.III.18 |
||
|
18 |
Person in charge |
|
Provision of services |
D.I.6 D.III.17 D.III.18 |
Germany, Ireland, USA |
|
|
20 |
Person in charge |
Audi Canada Inc |
777 Bayly Street West Ajax, Ontario |
Provision of services |
D.II.3 |
Canada |
|
21 |
Person in charge |
Amazon Europe Core SARL |
Limited liability company, 38 avenue John F. Kennedy, L-1855 Luxemburg |
Marketing & Advertising |
D.I.6 |
Germany, Ireland, USA |
|
22 |
Person in charge |
Meta Platforms Ireland Limited |
Merrion Road, Dublin 4, D04 X2K5, Ireland |
Marketing & Advertising |
D.I.6 |
Germany, Ireland, USA |
|
23 |
Person in charge |
Vodafone Limited |
Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN |
Provision of services |
D.III.9 |
Great Britain and Northern Ireland |
|
24 |
Person in charge |
Rogers Communication Canada Inc. |
333 Bloor Street East, 10th Floor, Toronto, Ontario, Canada |
Provision of services |
D.III.9 |
Canada |
Annex 5 – Additional data subject rights and further country-specific information
|
Argentina We process your personal data on the basis of the following legal bases for the following purposes:
You have the right to - access; - rectification; - erasure; - file a complaint regarding the processing of your personal data to THE PUBLIC INFORMATION ACCESS AGENCY, which, depending on the facts of the individual case, in its capacity as the Control Entity of Law No. 25,326, has the power to attend complaints and claims filed by those whose rights are affected due to breaches with applicable regulations on personal data protection. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Australia You have the right to - access; - rectification; - lodge a complaint with both AUDI and the Office of the Australian Information Commissioner (“OAIC”) or any other dispute recognition scheme recognized by the OAIC which can be found on the OAIC website www.oaic.gov.au. If you are concerned with the way we have handled your personal data, you may lodge a privacy complaint with the Office of the Australian Information Commissioner (“OAIC”). However, it is a requirement of the OAIC that prior to lodging a complaint, you have raised your complaint with us. If you are not satisfied with our response or we fail to provide a response within 30 days of receipt, you can lodge a complaint with the OAIC. The contact details for the OAIC are set out below:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Bahrain In addition to your rights set out Section B.IV you have further rights under the Bahraini Personal Data Protection Law (PDPL). You have the right to - be informed. To receive clear information about who is processing your data, the purposes of processing, and any recipients of your data; - access. To request and obtain a copy of all personal data held about you; - request to be notified upon processing. To be notified, free of charge, of all personal data being processed about you; - object to direct marketing. To submit, free of charge, your objection to AUDI AG with respect to processing for the purpose of direct marketing; - object to processing causing material or damage to you; - object to decision based on automated processing. To object to processing based solely on automate processing; - request rectification, blocking, and erasure of data. You may lodge a request accompanied with proof of identity to AUDI AG to rectify, block, or erase personal data relating to you when such processing is in breach of the provisions of the Bahraini Personal Data Protection Law, in particular, if the data is inaccurate, incomplete, outdated, or if its processing is illegal; - withdraw consent at any time. To withdraw your consent to processing at any time and free of charge; - lodge a complaint before the Bahraini Personal Dara Protection Authority if you believe you rights are infringed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Brazil You have the right to - to be informed about the collection and use of your personal data, by us, in a readily accessible manner, and in plain and clear language. You also have the right to be informed about any public or private entity with whom your data has eventually been shared. We are implementing your right to be informed, also through this notice, the content of which may be updated from time to time; - information access; - obtain a copy when the legal basis for processing is consent or performance of a contract; - erasure when consent is the legal basis for processing: please note that exceptions to this right might apply, namely, when the data is needed for (i) compliance with legal obligations; (ii) study by a research organization; (iii) transfer to third parties; (iv) use solely by the controller, as long as the data is anonymized; - rectification; - object to the processing (e.g. if the data is being unlawfully processed); - data portability; - withdraw consent at any time; - anonymize, block or delete unnecessary or excessive personal data or data processed in noncompliance with data protection law; - review decisions made solely on the basis of automated processing; - lodge a complaint before ANPD (Autoridade Nacional de Proteção de Dados) against the data controller; - be informed of the possibility of not providing consent and the consequences thereof; - be informed about the public and private entities with whom the data has been shared. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Canada Please note Personal data may be processed or stored outside of Canada for purposes consistent with this Data Privacy Notice. You acknowledge and agree that, as a result, the personal data that is processed or stored or accessed in other jurisdictions may be subject to the laws of those jurisdictions and may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in such other countries. Under Canadian law, you have the right to - opt out of information handling practices that are not reasonably necessary to provide the services you’ve requested. You can exercise this right by contacting using the contact details set out in Sec.B. II. - be informed of the use by us of technology allowing us to profile, locate or identify you and of the means available to you to activate the functions that allow us to identify, locate or profile you. While Audi takes the security of personal data seriously and uses industry standard security risks associated with transferring and processing personal data contemplated herein. However, no security or processes are fool proof. If personal data is accessed by third parties, it may lead to phishing attempts to get more information from you and/or identify theft. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
France To the extent that the access to the data and the data processing fall within the scope of the data protection laws of France, in addition to the rights listed in Sec. B. IV. you also have the right to define directives concerning the fate of your personal data after your death (post-mortem right). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Hong Kong In addition to your rights set out in Section B. IV., you may withdraw your consent to the use of your personal data. In addition to your rights set out in Section B.IV., you will be informed at the time of the first communication with you in direct marketing without charge to you. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
India You have the right to - access; - rectification; - withdraw consent; - contact the Grievance Officer. The Data Protection Officer is the Grievance Officer for Audi. For the contact details please see Section B. III. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Israel You have the right, subject to Protection of Privacy Law, 5741-1981 and the regulations enacted therefrom, to - be informed if you are under a legal duty to provide the data, the purpose of collection, and details of any third party that will receive the data and for what purpose; - access; - rectification: request correction of the inaccurate or missing data or request deletion or destruction of the data; - object to the processing (e.g. if the data is being unlawfully processed). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Japan You have the right to - request information on purpose of use; - request information on security control measures; - request access; - request correction, addition or deletion; - request discontinuance of use or erasure; and - request explanations on data processing. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Kuwait Legitimate interest is not recognized as a valid legal basis for data processing in Kuwait. You have the right to - grant or withhold your consent to the collection and processing of your personal data. Prior to providing your consent, you should be notified of the purpose for the collection and processing of your personal data; - access, rectify, transport and update the data; - request omission or erasure if you withdraw your consent. Data controllers and data processors are similarly treated under Kuwait law when they collect personal data. For purposes of data protection, they are subject to the same duties and liabilities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Malaysia You have the right to - request access to your personal data; - request correction of your personal data; - prevent processing likely to cause damage or distress; - prevent processing for purposes of direct marketing. Upon exercising your rights stated above in written form addressed to the contact details listed in Section B. II., if you are dissatisfied with our response or we fail to provide a response within 21 days of receipt, you have the right to submit an application to the Personal Data Commissioner to require us to comply with your request. The application to the Personal Data Commissioner can be made to the following address: Commissioner of Personal Data Protection, 6 th Floor, KKMM Complex Lot 4G9, Persiaran Perdana, Presint 4 Federal Government Administrative Center 62100 Putrajaya. In the event of any inconsistencies between the English version and the Bahasa Malaysia version of this Privacy Notice, the English version shall prevail. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Mexico You have the right to: - access; - rectify; - cancel; - oppose; - file data protection measures with the Federal Institute for Access to Information and Data Protection; - request a reconsideration of a decision made via automated decision making in case you are of the opinion that the data processed in this context is (partly) incomplete or incorrect. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
New Zealand You have the right to - know what personal data is held; - request for personal data held and access the personal data; - rectification; - a response to your request within 20 working days, if you make a request for access to or rectification of your personal information. In limited circumstances, AUDI may extend this 20 working day time limit, but we must tell you the period of the extension and the reasons for the extension; - lodge a complaint with both AUDI and the Privacy Commissioner. However, it is a requirement that before you can complain to the Privacy Commissioner you must first raise your complaint with AUDI. If you are not satisfied with AUDI’s response or you do not receive a response, you can lodge a complaint to the Privacy Commissioner. In general, you should wait at least 30 working days for a response before contacting the Privacy Commissioner to lodge a complaint. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Oman You have the right to - revoke your consent to the processing of your personal data, without prejudice to the processing that took place prior to the revocation; - request to have your personal data amended, updated, or blocked; - obtain a copy of your processed personal data; - transfer your personal data to another controller; - request the erasure of your personal data unless such processing is necessary for the purposes of national archiving and documentation; - request that the processing of your personal data be suspended until any of the foregoing requests are decided upon by the controller; - be notified of any breach or infringement of your personal data, and of the actions taken in this regard; - submit a complaint or a report to the competent administration for any violation by the controller on the form prepared for this, within a maximum period of 30 (thirty) days from the date of certain knowledge of the violation. Legitimate interest is not recognized as a valid legal basis for the collection and processing of personal data under the laws of Oman. Accordingly, in situations where AUDI would typically rely on legitimate interest or a balancing of interests to justify processing, an alternative legal basis would be required in Oman. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Qatar In addition to your rights set out Sec. B.IV you have further rights under local Qatari data protection law. Processing of sensitive personal data requires authorization from Qatar’s National Cyber Security Agency Pursuant to Article 16 of Qatar Law No. 13 of 2016 (Qatar’s Protection Data Protection Law). You have the right to object to the processing of your personal data if we process your data for direct marketing purposes, or if such processing is not necessary to achieve the purposes for which such personal data has been collected or where such collected personal data is proven in excess of the amount required, discriminatory, unfair or illegal, as well as the right to request omission or erasure if you withdraw your consent. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Saudi Arabia (KSA) You have the statutory right under the Saudi Arabia Cabinet Decision No. 98/1443 (the “PDPL”) to: - Be informed about the collection, purpose, legal basis, retention period, and mandatory/optional nature of your personal data, including how to exercise your rights and revoke consent. - Access your personal data held by Audi, taking into account the rights of others - Receive a copy of your personal data in a clear, readable, and commonly used electronic format, or printed format where possible. - Request correction, completion, or updating of any inaccurate or incomplete personal data - Request the destruction of personal data that is no longer necessary, subject to statutory requirements. Legal guardians may exercise these rights on behalf of incompetent or incapacitated individuals. Audi has the right to refuse repeated or manifestly excessive requests with justification. Audi will adopt the necessary technical, administrative, and organizational measures to ensure a prompt response to requests and proper documentation, including verbal requests. Audi may transfer personal data to recipients outside the Kingdom of Saudi Arabia only in accordance with the PDPL and its implementing regulations. Such transfers will be conducted with appropriate safeguards to ensure an adequate level of protection for personal data, not less than that prescribed by the law and regulations. Appropriate safeguards may include: - Standard contractual clauses approved by the competent authority; - Binding corporate rules; or - Certification of accreditation. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Serbia You have the right to be informed about appropriate safeguards in case of a data transfer to countries or international organisations outside Serbia that do not provide an adequate level of data protection recognised by a Serbian Government Decision. All EU / EEA Member states provide an adequate level of data protection recognised by a Serbian Government Decision. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Singapore You have statutory rights as provided under Singapore's Personal Data Protection Act 2012, including the rights to - request access to your personal data; - request correction of your personal data; and - withdraw consent to the collection, use or disclosure of your personal data (where applicable), subject to any grounds for the collection, use or disclosure without your consent that are required or authorised under the Personal Data Protection Act 2012 or any other written law of Singapore. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
South Africa You have the right to - not have your personal data processed for the purposes of direct marketing by unsolicited electronic communication; - initiate civil proceedings; - be informed if your personal information has been compromised; - be informed, free of charge and before the information is included in a directory, should you be a subscriber to a printed or electronic directory; - lodge a complaint to the Information Regulator of South Africa by completing this form and sending it to POPIAComplaints@inforegulator.org.za. For further information about your South African data privacy rights, please click here which will take you to the website of the Information Regulator. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
South Korea You (and your legal representative) have statutory rights under the Korean Personal Information Protection Act, in particular the right to - access; - rectification / erasure; - suspension of processing; and - withdrawal of consent. You (or your legal representative) can exercise such rights by contacting us or our data protection officer using the contact details set out in Section B. II. and III. Certain personal data may be retained for compliance with local laws and regulations for certain periods, such as the following: - All transaction records and relevant documentary evidence as prescribed by applicable tax laws: 5 years (as required under the Framework Act on National Taxes and the Corporate Tax Act) - Records of logins: 3 months (as required under the Protection of Communications Secrets Act) - Records on labels and advertisements: 6 months (as required under the Act on Consumer Protection in Electronic Commerce) - Records on revocation of contracts or cancellation of orders/purchases, payments, provision of products and services: 5 years (as required under the Act on Consumer Protection in Electronic Commerce) - Records on handling of customer complaints or disputes: 3 years (as required under the Act on Consumer Protection in Electronic Commerce The process and method for destroying personal data are set forth below. - Process of destruction: We select the relevant personal data to be destroyed and destroy it with the approval of our Data Protection Officer. - Method of destruction: We destroy personal data recorded and stored in the form of electronic files by using a technical method (e.g., low level format) to ensure that the records cannot be reproduced, while personal data recorded and stored in the form of paper documents shall be shredded or incinerated If it is necessary to retain personal data for a period longer than the legal retention periods described herein, to the extent required by the laws of the applicable country, we shall obtain the data subject’s consent for such longer retention of personal data. Domestic Agent: Volkswagen Group Korea Ltd., 14th Fl. YoungPoong Bd., 41, Cheonggyecheon-ro, Jongno-gu, Seoul, Korea Information on legal representatives: https://www.audi.co.kr/ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Spain To the extent that access to and processing of data falls within the scope of data protection laws of Spain, please note that your personal data will be deleted after the statutory retention period has expired if the legal basis for processing your personal data no longer applies (in particular if you withdraw your consent), if the processing of your personal data is no longer necessary for the respective purpose or if the purpose itself no longer applies. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Taiwan (Province of China) You have the right to - make an inquiry of and to review your personal data; - request a copy of your personal data; - supplement or correct your personal data; - demand the cessation of the collection, processing or use of your personal data; - erase your personal data. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Thailand Please note that your right to obtain a copy of the personal data is subject to law or pursuant to a court order and must not adversely affect the rights and freedoms of others. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Turkey You have statutory rights under Art. 11 of the Turkish Data Protection Law, in particular the right to - request reporting of the operations carried out which are rectification of the incomplete or inaccurate data, if any and the erasure or destruction of your personal data) to third parties to whom your personal data have been transferred; - claim compensation for the damage arising from the unlawful processing of your personal data; - object to the occurrence of a result against yourself by analyzing the data processed solely through automated systems; - lodge a complaint with the Turkish Data Protection Authority (Kişisel Verileri Koruma Kurumu) Nasuh Akar Mahallesi 1407. Sok. No:4, 06520 Çankaya/Ankara/Turkey. The objection can be exercised in the forms stated in Article 5/1 of the Comminuque On The Principles and Procedures for the Request To Data Controller. Local representative: Doğuş Otomotiv Servis ve Ticaret A.Ş Şekerpınar Mahallesi, Anadolu Cad. No:22 Çayırova/Kocaeli - Mersis No: 0-3090-1147-1300010 T: 0262 676 90 90 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
United Arab Emirates Legitimate interest is not recognized as a valid legal basis for the collection and processing of personal data under the PPD. Accordingly, in situations where Audi would typically rely on legitimate interest or a balancing of interests to justify processing, an alternative legal basis would be required in the UAE. Your Rights to correct, erase, restrict, or object to processing Under the Federal UAE Data Protection Law (the “PPD”), you may at any time exercise your rights of rectification, erasure, restriction, or objection by submitting a written request to AUDI through our dedicated communication channels. Upon receiving your request, we will verify your identity, assess the legitimacy of your request against the statutory grounds, and respond without undue delay. Right to correct your personal data: you may request the correction or completion of the personal data held with AUDI without undue delay. Right to erase your personal data: without prejudice to the legislation in force or what is required by the public interest, you may request the erasure of your personal data held with AUDI in the following cases: Your personal data is no longer required for the purposes for which it is collected or processed. You have withdrawn your consent on which processing is based. You object to the processing or if there are no legitimate reasons for AUDI to continue the processing. The processing of your personal data is in violation of the PPD and applicable legislation and the erasure process is necessary to comply with applicable legislation. With the exception of what is stated in Item (b), you have no right to request the erasure of your personal data held by Audi if: The request is for the erasure of personal data related to public health and held with private establishments. The request affects investigation procedures, claims for rights and legal proceedings or defense by Audi. The request conflicts with other legislation to which Audi is subject. The request conflicts with other cases set by the Executive Regulations of the PPD. Right to restrict processing: you have the right to oblige AUDI to restrict and stop processing in any of the following cases: If you object to the accuracy of you personal data, in which case the processing shall be restricted to a specific period allowing Audi to verify accuracy of the data. If you object to the processing of your personal data in violation of the agreed purposes. If the processing is made in violation of the PPD and the legislation in force. Notwithstanding the foregoing provisions “Right to restrict processing”, Audi may proceed with the processing of your personal data without your consent in any of the following cases: if the processing is limited to storing your personal data if the processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial procedures. if the processing is necessary to protect the rights of third parties in accordance with the legislation in force. if the processing is necessary to protect the public interest. Right to stop processing: you have the right to object to and stop the processing of your personal data in the following cases: The processing is for direct marketing purposes including profiling related to direct marketing. The processing is for the purposes of conducting statistical surveys unless the processing is necessary to achieve the public interest. The processing is in violation of the processing controls mandated by the PPD. Our actions in the event of a data breach or violation of the PPD If we become aware of any personal data breach or other infringement of the PPD that compromises the confidentiality, integrity, or availability of your personal data, we will immediately activate our incident response procedure. Without delay, and within the specific timeframe set in the Executive Regulations, we will notify the UAE Data Office, providing details such as the nature, scope, and root cause of the breach; categories and approximate number of affected records and individuals; contact details of our Data Protection Officer; likely consequences; remedial and mitigation measures already taken or proposed; and full documentation of the event. Where the breach is likely to result in a serious risk to your privacy, we will also notify you, describing the breach in clear language and advising you on protective steps. At the same time, we will isolate the incident, contain further exposure, preserve forensic evidence, and implement technical and organisational measures to prevent recurrence. In the event of any violation of the PPD, whether identified internally or following a regulatory inquiry, we will cooperate fully with the UAE Data Office, undertake a root-cause analysis, update our policies, and, where necessary, conduct a data-protection impact assessment to validate continued compliance. |