Privacy Policy Audi ID
A.Scope of the privacy policy
In this Privacy Policy, we are informing you about the processing of your personal data by AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Deutschland / Germany (" We", or " Audi") in connection with the Audi ID.
The Audi ID allows you to use the myAudi App and the myAudi Portal (provided by Audi VolkswagenVolkswagenGroup Korea Ltd. (hereinafter " AVKVWGK " )) which are parts of the myAudi system world (hereinafter " myAudi"), which allows you to use personalized Audi connect Services and other applications by AVKVWGK (hereinafter " Services") related to your vehicle. Die Audi ID is used for the registration and login system for myAudi.
Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
B.General Information
I.Who is the controller for the processing?
The controller for the processing activities within the meaning of Art. 4(7) GDPR - as described below in section C - is the AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Deutschland / Germany.
Under Korean law AUDI AG is classified as a "data handler" for the AUDI ID.
II.Who can I contact?
If you want to assert your data protection rights, please use the contact options on
https://betroffenenrechte.audi.de
On this page, you will find further information on how you can assert your data protection rights. You can also contact us by post at the following address:
AUDI AG, DSGVO-Betroffenenrechte / GDPR Data Protection Rights, Auto-Union-Straße 1, 85057 Ingolstadt, Deutschland / Germany.
If you have general questions about this privacy policy or about the processing of your personal data by Audi, please use the following contact options:
E-Mail: master@audi-ccc.co.kr
Audi Kundenbetreuung Deutschland, Postfach 10 04 57, 85045 Ingolstadt / Germany
III.Contact details of the data protection officer
If you have concerns about data protection, you can also contact our company data protection officer :
AUDI AG, Datenschutzbeauftragter / Data Protection Officer, Auto-Union-Straße 1, 85057 Ingolstadt, Deutschland / Germany
E-mail: datenschutz@audi.de
IV.Which rights do I have?
Depending on your jurisdiction, as the data subject, you may be entitled to the following data protection rights:
1.Access
You have the right to obtain information on the data stored concerning you at Audi and the scope of data processing and data transfer performed by Audi, and to obtain a copy of the personal data stored concerning you.
2.Rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you as well as the completion of incomplete personal data stored concerning you at Audi.
3.Erasure
You have the right to obtain the erasure of the personal data concerning you stored at Audi without undue delay if the statutory requirements are met.
This may be the case, in particular, if
-Your personal data are no longer necessary in relation to the purposes for which they were collected;
-The sole legal ground for the processing was your consent and you have withdrawn it;
-You have objected to the processing based on the legal ground of a balancing of interests on grounds relating to your particular situation and We cannot prove that there are overriding legitimate grounds for the processing;
-Your personal data have been unlawfully processed; or
-Your personal data have to be erased for compliance with a legal obligation.
If We have shared your data with third parties, We will inform them about the erasure, insofar as required by law.
Please note that your right to erasure is subject to restrictions. For example, We are not required or allowed to delete data that We are still obligated to retain due to statutory retention periods. Similarly, data that We need for the establishment, exercise or defence of legal claims are excluded from your right of erasure.
4.Suspension
You have the right to obtain the suspension of the processing of your personal information. Please note that the processing of personal data is necessary for the provision of the AUDI ID service to data subjects and that this is effected by deleting the AUDI ID account.
5.Withdrawal of consent
If you have given consent to the processing of your personal data, you may withdraw it at any time. Please note that the withdrawal shall only be effective for the future. Processing that occurred before the withdrawal shall not be affected.
6.Complaint
In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The address of the data protection supervisory authority responsible for Audi is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Deutschland / Germany
7.How to exercise your rights
Requests for the exercise of your rights should be submitted in writing to the email address listed above in section II "Who can I contact?".
V.Which data do We process for which purposes and which legal bases apply?
We process your personal data in regards to the Audi ID in accordance with the provisions of the General Data Protection Regulation (" GDPR") and the German Federal Data Protection Act (Bundesdatenschutzgesetz, " BDSG") and other local law for various purposes. In addition to the purposes for which we use your personal data in the context of the Audi ID (see section C), We may process your personal data based on the following legal grounds for the following purposes:
| Purpose | Legal grounds | Legitimate interest in the balancing of interests |
|---|---|---|
| Prevention of fraud and money laundering | Compliance with our legal obligations (Art. 6(1)(c) GDPR), Legitimate interest (Art. 6(1)(f) GDPR) | Fulfilment of legal and regulatory requirements |
| Prevention, combat and investigation of financing of terrorism and asset threatening crimes, comparisons with European and international anti-terror lists | Compliance with our legal obligations (Art. 6(1)(c) GDPR), Legitimate interest (Art. 6(1)(f) GDPR) | Fulfilment of legal and regulatory requirements |
| Fulfilment of control and reporting obligations under applicable tax law, archiving of data | Compliance with our legal obligations (Art. 6(1)(c) GDPR), Legitimate interest (Art. 6(1)(f) GDPR) | Fulfilment of legal and regulatory requirements |
| Disclosure within the scope of administrative/judicial measures for the purposes of evidence, prosecution and enforcement of civil law claims | Compliance with our legal obligations (Art. 6(1)(c) GDPR), Legitimate interest (Art. 6(1)(f) GDPR) | Fulfilment of legal and regulatory requirements |
| Accounting and tax evaluation of operational performances | Performance of a contract (Art. 6 (1)(b) GDPR), Legitimate interest (Art. 6(1)(f) GDPR), Compliance with our legal obligations (Art. 6(1)(c) GDPR) | Fulfilment of legal and regulatory requirements |
| Audits and special audits, internal investigations | Legitimate interest (Art. 6 (1)(f) GDPR) | Review and compliance with contractual and legal obligations by Audi, its employees and distribution partners, suppliers, etc., if necessary by using the vehicle identification number |
| Statistical evaluations for management control, cost finding and controlling | Legitimate interest (Art. 6 (1)(f) GDPR) | We have a legitimate interest in carrying out evaluations for the management of our business processes and cost control on the basis of the analysis of sales and order data according to the model sales channel, order status, analysis of requested versions and equipment, reporting on business indicators, if necessary by using the vehicle identification number. |
| Enforcement of legal claims and defence in legal disputes | Legitimate interest (Art. 6 (1)(f) GDPR) | We have a legitimate interest in the establishment, exercise or defence of legal claims. |
Notwithstanding what is indicated in this Privacy Policy, We will obtain consent for the processing of your personal data as required under applicable laws unless such processing may be done pursuant to legal bases other than consent.
For your information, please refer to Our Cookie Policy (https://identity.ap.vwgroup.io/signin-service/v1/87d17f6e-f896-49fd-b06d-b5e9a8f8c151@apps_vw-dilab_com/cookiePolicy-page?relayState=4d7fad7318bd98b52416d7c1fe0401b33ccce60a) for matters concerning the installation, operation, and the right to refuse a device that automatically collects personal data (e.g., cookies).
VI.Who receives my data?
Within Audi, those entities receive your data that they need to fulfil our contractual and statutory obligations and to safeguard our legitimate interests. Our service providers (so-called processors) that We utilise and engage may also receive data for these purposes. We will generally share your personal data with third parties only if this is necessary for the performance of the contract, if We or the third party have a legitimate interest in the disclosure, or if you have given your consent. In addition, data may be shared with third parties (including investigative or security authorities) to the extent We should be required to do so by law or by enforceable regulatory or judicial orders. Details of the processors We use and the other recipients who receive personal data are included in the following section B. VI. 1.
1.Processors
Service providers which are used and act on behalf of Audi (so called processors) may receive data for the following purposes. We utilise processors of the following categories for the provision of specific services, who support us in the execution of our business processes. Specifically, this includes undertakings in the following categories:
-Hosting providers
-Operations and Support
2.Third parties
Third parties may receive data for the purposes set out in section B. V. Regarding additional processors and third parties within the framework of the Audi ID We will inform you in section C.
3.Is data transferred to a third country?
A transfer of data to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area) may take place, to the extent this is required for the provision of Services to you, is required by law, or you have given us your consent. In addition, We may also share your personal data with processors in third countries.
Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. For data transfers to third countries where there is no adequate level of data protection, We ensure that, prior to disclosure, the recipient has either an adequate level of data protection (e.g. adequacy decision of the EU Commission or agreement of so-called EU Standard Contractual Clauses of the European Union with the recipient), or We have obtained express consent from our users.
You can obtain a copy from us of the specific applicable or agreed rules to ensure the adequate level of data protection. Please use the information in the Contact section for this purpose.
Details of data transfers to third countries, where relevant, are given in this section or in section C. with regards to individual Services.
VII.How long will my data be stored?
We store your data as long as it is necessary for the provision of our services to you or We have a legitimate interest in the further storage, in particular for reasons of troubleshooting.
1.Retention of personal information
In addition, We are subject to various retention and documentation obligations, which result, inter alia, from the German Commercial Code (Handelsgesetzbuch, " HGB") and the German Tax Code (Abgabenordnung, " AO"). The periods specified therefore for retention and documentation are up to ten years. Furthermore, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example, according to Sections 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch, " BGB"), with the regular period of limitation being three years. Finally, we have to fulfil local obligations under South Korean law which may require us to retain your personal data for longer periods such as in the following cases:
-Records of logins: 3 months (as required under the Protection of Communications Secrets Act)
Under certain circumstances, your data may also need to be retained for a longer period of time, such as when a so-called legal hold or litigation hold (i.e. a prohibition of data deletion for the duration of the proceedings) is ordered in connection with administrative or judicial proceedings.
You will find further specific information regarding the Audi ID on retention obligations in section C.
2.Destruction of personal information
According to PIPA, the process and method for destroying personal data are set forth below.
(1) Process of destruction
We select the relevant personal data to be destroyed according to the relevant requirements or decision by the customer.
(2) Method of destruction
We destroy personal data recorded and stored in the form of electronic files by using a technical method (e.g., low level format) ensuring that the records cannot be reproduced, while personal data recorded and stored in the form of paper documents shall be shredded using a paper shredder or incinerated.
VIII.How is my data being protected?
We take technical, managerial and physical measures necessary to ensure the security of personal data as stipulated under the Personal Information Protection Act (" PIPA"), which includes (but are not limited to) the following measures:
(1) Managerial measures: Designation of a data privacy officer, establishment and implementation of an internal management plan, regular training of employees on personal data protection, etc.
(2) Technical measures: Management of the right to access the personal data processing system, installation of an access control system, installation of security programs, etc.
(3) Physical measures: Restriction on access to personal data storage medium such as the computer room and data storage room, etc.
IX.Who is Our domestic agent?
We have designated a domestic representative to handle questions and complaints related to the processing of the personal data of users in Korea. The domestic representative may be contacted by using the following information.
• Domestic Representative: Audi VolkswagenVolkswagen Group Korea (AVKVWGK), Representative: Peter Christian Fäth
-Address: [Audi VolkswagenVolkswagen Group Korea Ltd., 7Fl., Shinyoung Bldg. 731, Yeongdon-daero, Gangnam-gu, Seoul Korea 06072]
-Email: support@myAudiGo@audi.co.kr
-Telephone: [+82-2-6009-0098]
C.AUDI ID
1.Access to the website
Each time you use the Audi ID website, your internet browser automatically transfers certain information which We store in so-called log files. In particular, the following information is transferred automatically:
-IP address (Internet protocol address) of the device from which the online offering is accessed;
-Internet address of the website from which the online offering was accessed (so-called origin or referrer URL);
-Name of the service provider via which the online offering is accessed;
-name of the files or information retrieved;
-date, time, and duration of retrieval;
-volume of data transferred;
-Operating system and information on the Internet browser used, including installed add-ons (e.g. for the Flash Player);
-http status code (e.g. "request successful" or "requested file not found").
In the log files, the above data is stored without your complete IP address, so that no attribution to your IP address is possible.
We process your personal data for the access and use of the website on the basis of the European General Data Protection Regulation (GDPR) as well as on the Korean data protection law (PIPA) and for the following purposes:
| Purpose | Legal grounds | Legitimate interest in the balancing of interests |
|---|---|---|
| Provision of the Website for the general public and for the purpose of contact possibilities for customers and prospective customers | Performance of a contract (Art. 6(1)(b) GDPR), Legitimate interest (Art. 6(1)(f) GDPR) | We have a legitimate interest in the provision of a website, including to unregistered users, in order to provide general information about our company. |
| Collection of statistical information on the use of the Website (so-called web analysis) | Legitimate interest (Art. 6(1)(f) GDPR) | We have a legitimate interest in receiving information on the use of the Website, in particular to improve our offering. |
| Identification of disruptions and maintaining system security, including detection and tracking of inadmissible access attempts and access to our web servers | Compliance with our legal obligations in the area of data security (Art. 6(1)(c) GDPR) and Legitimate interest (Art. 6(1)(f) GDPR) | We have a legitimate interest in eliminating disruptions, maintaining system security, and detecting and tracking inadmissible access and access attempts. |
Notwithstanding what is indicated in this Privacy Policy, We will obtain consent for the processing of your personal data as required under applicable laws unless such processing may be done pursuant to legal bases other than consent.
2.Creation and use of the Audi ID
With the creation of an Audi ID account you automatically have access to the myAudi system world which is provided by AVKVWGK (Third Party from AUDI AG) and allows you to access your Audi connect Services. The Audi ID is the login functionality for the myAudi system world.
In order to create the Audi ID for your myAudi access you are requested to provide the following personal data: username (your e-mail address), password, salutation, surname (also saved as a nickname), given name, country and language. Without this data, we will have to refuse the creation of the Audi ID, which is needed to access to the myAudi system world.
Therefore, AUDI AG will require your consent according to the Korean law.
-
According to GDPR we collect your data for the performance of the contract (Art. 6 (1) (b) GDPR).
-
According to PIPA we collect your data on the basis of the consent of the customer (Art. 39-3 of PIPA)
After consent agreement we will send you a Double-Opt-In email (DOI) to the email address which you provided. If you do not confirm your account via clicking the link in the email, your username and password will be deleted after 5 days.
As soon as the Audi ID is created (your confirmation of the DOI) we collect additional personal data, requested in the profile completion and we will safe this data in the Audi ID.
By completing your profile AVKVWGK processes your personal data as data handler. AUDI AG processes your personal data and transfer the Audi ID data to AVKVWGK in order to enable AVKVWGK to provide myAudi and the services to you.
Hence, you agreed on the consent for the Provision of Personal Information to Third Parties for AUDI AG (provision of personal information from AUDI AG to AVKVWGK).
-
According to GDPR we provide your data to third parties for the performance of the contract (Art. 6 (1) (b) GDPR).
-
According to PIPA we provide your data to third parties on the basis of the consent of the customer (Art. 17 of PIPA)
We will provide AVKVWGK with the following items of personal data: email address, password, country, language, salutation, first name (used as nickname as well), and last name. AVKVWGK will retain this personal data as long as necessary to achieve the above-mentioned purposes of use, unless a longer retention period is otherwise required or permitted by law.
If you update your profile data in your myAudi account later, AVKVWGK will transfer this data to us in order to update your Audi ID profile data, as you agreed on the consent of (cross-border) Provision of Personal Information to Third Parties for AVKVWGK(provision of personal information from AVKVWGK to AUDI AG).
-
According to GDPR we collect your data from a third party for the performance of the contract (Art. 6 (1) (b) GDPR).
-
According to PIPA we collect your data from a third party on the basis of the consent of the customer (Art. 39-12 of PIPA)
Audi might use the Audi ID data based on your consent for its own business purposes (such as reporting, etc.).
For your information, all personal data that We collect and use, as described above, will be transmitted via the internet, upon its collection to Audi AG (address: Auto-Union-Straße 1, 85057 Ingolstadt, Germany, Contact information of the person in charge of the management of personal information : datenschutz@audi.de) for storage. Audi AG will store such personal data as long as it is necessary for the provision of our services to youunless a longer retention period is otherwise required or permitted by law.
We use the following processors for the Audi ID:
- Volkswagen AG (Contact information of the person in charge of the management of personal information: data protection office (datenschutz@volkswagen.de) Berliner Ring 2, 38440 Wolfsburg, Germany for the operation and hosting of Audi ID. We will transfer the following items of personal data to Volkswagen AG via interface upon its collection: email address, password, country, language, salutation, first name (used as nickname as well), and last name. Volkswagen AG will retain this personal data as long as necessary to achieve the above-mentioned purposes of use, unless a longer retention period is otherwise required or permitted by law.
-CARIAD SE (Contact information of the person in charge of the management of personal information: data protection office (privacy@cariad.technology)) Berliner Ring 2, 38440 Wolfsburg, Germany for the operation and hosting of Audi ID. We will transfer the following items of personal data to CARIAD SE via interface upon its collection: email address, password, country, language, salutation, first name (used as nickname as well), and last name. CARIAD SEwill retain this personal data as long as necessary to achieve the above-mentioned purposes of use, unless a longer retention period is otherwise required or permitted by law.
-Amazon Web Services Korea LLC, Tower (12-13F), 508 Nonhyeon-ro, Gangnam-gu, Seoul Korea 06141. The storage takes place on cloud servers in South Korea. (As AWS is located in South Korea, no cross-border data transfer is done).
After 12 months of inactivity, we will delete your data and you will no longer be able to use the Audi ID or access your myAudi and your services.
Operations and support myAudi and Audi Connect Services as AVKs data processor