Why do we process your data?

For the fulfillment of a contract or for the performance of pre-contractual measures.

For the financing of motor vehicles within the scope of leasing or loan financing, maintenance products, the maintenance of savings accounts for capital investment at the customer's request by Porsche Bank AG and for the provision of insurance services by Porsche Versicherungs AG. This also includes the associated customer service and the handling of inquiries as part of the application and quotation process.

For the fulfillment of legal obligations

Your data is also stored for the fulfillment of documentation and retention obligations under commercial and tax law by our accounting and bookkeeping department. Further legal bases on the basis of which your data is processed and/or transmitted result, for example, from the Financial Market Money Laundering Act (FM-GwG), the associated due diligence requirements for the prevention of money laundering and terrorist financing, the Common Reporting Standard Act (GMSG), the Deposit Guarantee and Investor Compensation Act, the Capital Adequacy Regulation, Regulation (EU) No. 575/2013, the Consumer Credit Act and the Banking Act. For our auditing, and reporting as well as risk management or risk assessment.

For the protection of legitimate interests of us or third parties.

To exercise or defend legal claims

We also process personal data in case of need for the exercise or defense of legal claims. Our legitimate interest in this respect is the enforcement of legal claims arising from the financing-insurance contract, the securing of vehicles and the settlement of outstanding accounts. In this respect, it is also a matter of minimizing the following economic risks: object risk, default risk and liquidation risk.Credit assessment

We also process personal data for credit assessment and risk assessment of financing and leasing products in the contractual and pre-contractual area. The basis for this data processing is the Consumer Credit Act and the legitimate interest. The legitimate interest here is creditor protection and risk minimization.

For the credit assessment and processing of the application, we are entitled to obtain the information about the customer necessary to protect our legitimate interests within the legal provisions from the Kreditschutzverband 1870 (KSV) and the information network system of consumer credit records operated by it.

In order to protect our legitimate interests in the assessment of creditworthiness, risk minimization or to protect creditor interests, in the context of financing, the following data may also be collected: First and last name, address, date of birth, lease amount, industry, telephone number and bank details. be forwarded to CRIF GmbH, Diefenbachgasse 35/1, 1150 Vienna, Bisnode Austria GmbH, Geiselbergstraße 17-19, 1110 Vienna.

Refinancing

For refinancing by Porsche Bank AG in the context of other legitimate economic interests, information on the customer and the contractual relationship may also be transmitted in encrypted form to a data trustee by way of a silent assignment. This is done to ensure additional data security measures in the course of an assignment of receivables or transfers of the contractual relationship. Non-personal data will also be transmitted to a debt purchaser if this is necessary for the purposes of a debt assignment or transfer from a contractual relationship. Personal data will only be disclosed to the debt purchaser if corresponding seizure events occur and these reflect a legitimate interest.

Compliance, including fraud and corruption prevention

Porsche Bank AG also processes the personal data made available to it when necessary to check the integrity of business partners as part of a business partner check and to prevent corruption and fraud. In this context, donations and gifts to and from third parties are documented in a database based on the compliance regulations of Volkswagen AG. Fraud prevention is also carried out to prevent possible misuse of financing and insurance benefits.

Marketing activities and market research

Depending on the use case, we process your data for marketing as well as for market research in order to promote our products. Our legitimate interest is to offer existing or potential customers financing and insurance products tailored to their customer needs. You have the right to object to the processing of personal data for direct marketing purposes at any time. (E-mail address: [email protected]. Controlling and reporting

On the basis of customer and/or contract information, customer and contract-related evaluations can be created for controlling and reporting purposes. This is done primarily in connection with the data processing purposes we pursue, but also in order to be able to improve our products and/or services and customer processes.

Group-wide customer data management

In the context of an existing customer relationship, data may be exchanged within the group of companies between Porsche Bank AG or Porsche Versicherungs AG and Volkswagen Versicherungsdienst VVD GmbH if necessary. This is done for internal administrative purposes or group-wide customer relationship management. This provides customers with better service, including faster processing of inquiries.

Use of online services

Please note that when using our online services, these can be connected to the CarLog customer portal. This way, your category master data (contact & identification data) will be retrieved directly from the carLOG application. Our partner Porsche Porsche Konstruktionen GmbH & Co KG (Louise-Piëch-Straße 2, 5020 Salzburg) provides access via carLOG.

Within the scope of a consent granted by you

If you have given us your explicit consent for our marketing activities and market research.

If you have given us your express consent for the processing of sensitive data as health data. In general, processing of this data is carried out exclusively within the framework of §§ 11a-d of the Insurance Contract Act.

In other cases, please do not provide us with sensitive data, such as data on trade union membership or health data, in the documents you make available to us.

In order to fulfill the stated purposes, your data will be transmitted to the following recipients or categories of recipients as processors in case of need:

• Porsche Informatik GmbH
• Porsche Constructions GmbH & Co KG
• Supplier or agent of the vehicle, custody dealer
• Scanpoint GmbH
• Excon Controlling Austria GmbH
• Printkom GmbH
• Advertising agencies, market research institutes
• Raiffeisen Bank International AG
• R-IT (Raiffeisen IT) GmbH
• Thomson Reuters Austria Ges.m.b.H.
• Porsche Corporate Finance GmbH
• NTT Data GmbH
• Audatex Austria GmbH
• Other web, print, scan, service and IT service providers

The data thus transferred may only be used by processors to fulfill their specified task. Your data may also be transferred to the following recipients or categories of recipients in case of need on the basis of the stated legal basis:

• To: Porsche Holding GmbH, Volkswagen AG - Why: Legitimate interest, internal auditing, compliance reporting
• To: Co-applicants - Why: Legal information requirements
• To: Cardif Allgemeine Versicherung AG, Volkswagen Versicherungsdienst VVD, UNIQA Österreich Versicherungen AG, Generali Versicherungs AG, Wiener Städitsche Versicherung AG - Why: Conclusion of an insurance contract
• To: Insurance companies, partner workshops, experts and reinsurers - Why: Insurance claim, justified interest in the preparation of expert opinions, risk assessment
• To: Kreditschutzverband 1870 (KSV), CRIF GmbH, Bisnode Austria GmbH - Why: Legitimate interest in assessing creditworthiness and/or minimizing risk
• To: legal representatives, courts - Why: in case of need, legitimate interest in defending and asserting legal claims
• To: debt collection companies - Why: in case of need, justified interest in settling outstanding accounts, securing property
• To: Austrian National Bank, auditors, Einlagensicherung der Banken und Bankiers GmbH, state authorities - Why: within the scope of statutory reporting obligations
• To: banks, payment service providers - Why: for processing payment transactions, for contract performance
• To: mineral oil companies - Why: if a fuel card is requested in addition to the contract
• To: external consultants - Why: to fulfill legal obligations
• To: shipping and transport service providers - Why: to ship goods, for contract fulfillment.

We only store your personal data for as long and to the extent that this is necessary for the stated purposes or we are legally obliged to do so.

In order to fulfill the commercial and tax documentation and storage obligations, data is stored for the duration of the contract plus seven years. If your request does not lead to the conclusion of a contract, your data will be deleted again. As part of our duty of care to prevent money laundering and the financing of terrorism, we are obliged to store data for a period of 10 years after the end of the business relationship. As part of the defense and assertion of legal claims, we store your data within the framework of the general statutory limitation periods.

If the processing is based on consent, you as the data subject have the right to withdraw this consent at any time.

In principle, you have the right to information, correction, deletion, restriction of processing and objection as well as, insofar as provided for by law, a right to data portability. For this, please contact us. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can lodge a complaint with the supervisory authority. In Austria, the data protection authority is responsible.

You can assert these rights by sending an email to [email protected].

Announcement of data protection officer according to Article 37 (7) General Data Protection Regulation (GDPR) for Porsche Bank AG and Porsche Versicherungs AG:

Mr. Werner Krumpschnabel, LLM.oec., LL.M.

[email protected]