We, Dr. Ing. h.c. F. Porsche AG (hereinafter referred to as "we" or "Porsche AG"), are happy about your interest in our online service Porsche Golf Circle App (hereinafter referred to as the "Online Service"). We take the protection of your personal data very seriously. Your personal data will be processed exclusively in accordance with the statutory provisions of data protection law. With this Privacy Policy, we inform you about the processing of your personal data and about your rights as a data subject as affected in connection with the Online Service. For information on the processing of personal data in other areas, please refer to the respective specific privacy policies.

If we refer to this Privacy Policy from external social media profiles, the following explanations apply only insofar as the processing takes place in our area of responsibility and insofar as no more specific and therefore prior information on data protection is provided in the context of such social media profiles.

1. Controller and data protection officer

Responsible for the data processing as controller in terms of data protection law is:

Dr. Ing. h.c. F. Porsche AG

Porscheplatz 1

70435 Stuttgart

Germany

Phone: +49 (0) 711 911-0

Email: info@porsche.de

If you have any questions or suggestions regarding data protection, please feel free to contact us. You can reach our data protection officer as follows:

Dr. Ing. h.c. F. Porsche AG

Data Protection Officer

Porscheplatz 1

70435 Stuttgart

Germany

Contact: https://www.porsche.com/privacy-contact/

2. Subject of data protection

The subject of data protection is the protection of personal data. This is all information relating to an identified or identifiable natural person (so-called data subject). This includes information such as name, postal address, email address or telephone number, but also other information that may be generated when using the Online Service, in particular information about the beginning, end and extent of use as well as the transmission of your IP address.

3. Purposes and legal basis of data processing

In the following, you will find an overview of the purposes and legal basis of data processing in connection with the Online Service. In any case, we process personal data in accordance with the legal requirements, even if in individual cases a different legal basis should be relevant than that stated below.

The provision of personal data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will point it out separately if you are obliged to provide personal data and what possible consequences the non-supply would then have (e.g. a loss of claims or our position not to provide the requested service without providing certain information). The use of the Online Service is generally possible without registration. The use of individual functions may require prior registration. Even if you use the Online Service without registration, personal data may still be processed.

3.1 Performance of a contract and pre-contractual measures

We process your personal data if this is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken in response to your request. The data processing is based on Article 6 paragraph 1 letter b) GDPR. The purposes of processing include enabling the use of our specific products and services within the scope of the Online Service. Please also note the details in the respective documents describing our products and services further to this Privacy Policy.

In particular, these are the following functions:

· Registration and login: Registration takes place using your Porsche ID. You can find more information on the processing of your data as part of Porsche ID in the general Privacy Policy for the Porsche Digital Service Infrastructure and Porsche ID. The data will be used by us to create your user account and later to identify you each time you log in. As part of the registration process of the Porsche Golf Circle App, your vehicle identification number is also processed

· Your user profile: As part of the app, you can supplement the information based on your Porsche ID with further details to create an individual user profile. In particular, you can add the following information: profile picture, display name, location, badges, handicap, home club and other golf clubs used and other. Your user profile can be accessed by us and other users and searched for the information it contains.

· Posting user content: You may post your own content such as posts, comments and or distribute "Likes" and “Comments” for other user posts which will then be linked to your user profile. If the content is posted in a language other than the set device language of the end device, an automatic translation is performed. An external service provider is used for this purpose. This The user content can be accessed by us and the other users.

· Chat between users: You may use the chat function to chat with other users. For the use of our chat, you need a username that is unique to you and is not used by anyone else. To ensure this, your name from your Porsche ID will be used. You can change this username at any time in your profile under settings.

· Organization of events: The events themselves are created by the Porsche AG or its other group companies, Porsche Centers or also by the users. If you participate in the events, your participation and possibly also your score may be published as part of the app and assigned to your user profile.

· Location: The user is able to look up golf courses worldwide and see which other community members have played there and what they recommend. The locations feature POI (Point of interest) gives users the possibility to find general information about the golf course as well as to write reviews and exchange recommendations with others. They will be able to post pictures and tag the corresponding location. An added value will be that if the user accept to share their geo location the feature can show them relevant results close to their area.

· Porsche ID

We offer a registration and login procedure for our online offer that includes the Porsche ID. This means that you do not have to remember any new login data for our online offer. The Porsche ID and the corresponding service are provided by Porsche Sales & Marketplace GmbH ("PSM GmbH"). Details on how to register a user account for a Porsche ID can be found in the privacy policy of PSM GmbH.

If you decide to use the registration and login procedure with the integration of the Porsche ID, you will be redirected to the login/login mask of PSM GmbH for the Porsche ID. Here you log in with your username and password for the Porsche ID. We will then receive a message from PSM GmbH that you have successfully registered and the registration or login for our online offer will be completed. We do not come into contact with the username and password for the Porsche ID ourselves. As part of the registration and login procedure, you can confirm to PSM GmbH that we may access the profile data of your Porsche ID user account. This may also apply to the payment data stored there. This means that you do not have to re-enter or maintain your profile data and, if applicable, payment data to create your user profile for our online offer (e.g. your address). Conversely, changes to the profile data in the user account of our online offer will then also be synchronised accordingly in your user account for the Porsche ID.

The data processing within the framework of the registration and login procedure with the integration of the Porsche ID is carried out on the basis of Article 6 (1) (b) and (f) GDPR in order to register you with your user account for our online offer or to register you. Identify you when you sign up. In addition to carrying out the procedure or procedure you have requested, we pursue the interest of making the registration and login process efficient and convenient. We are joint controllers with PSM GmbH and jointly determine the purposes and means of the processing of personal data in relation to the process. In an agreement on joint controller in accordance with Article 26 GDPR, we have defined how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations. In particular, we have determined how an appropriate level of security and your rights as a data subject can be ensured, how we can jointly comply with the information obligations under data protection law and how we can monitor potential data protection incidents. This also includes ensuring that we can ensure that we comply with our reporting and notification obligations. If you contact us, we will coordinate in accordance with Article 26 GDPR in accordance with the above-mentioned agreement in order to answer your inquiry and guarantee your rights as a data subject.

3.2 Compliance with legal obligations

We process your personal data to comply with legal obligations to which we are subject. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.

3.3 Safeguarding of legitimate interests

We also process your personal data to pursue the legitimate interests of ourselves or third parties, unless your rights, which require the protection of your personal data, outweigh these interests. The data processing is based on Article 6 paragraph 1 letter f) GDPR. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests.

· User content and networking: Insofar as your personal data are affected by other users’ content or in the context of their use of the networking functions (e.g., when your picture is included in another user’s post), our legitimate interest in processing such data follows from enabling the use of our services within the framework of the Terms of Use.

· Supplementing the customer data: We may use the information from your user profile to supplement your customer data record if it is linked to your Porsche ID. We use this supplemented customer data record as specified in the general Privacy Policy for the Porsche Digital Service Infrastructure and Porsche ID for customer loyalty and sales purposes, for the further development of products and for customer segmentation.

· Technical evaluation: When you access the app, data relating to your terminal device and your use of the app is processed and stored in a so-called log file. This concerns in particular technical data such as date and time of access, duration of the visit, type of end device, operating system used, functions used, amount of data sent, IP address and referrer URL. We process this data to ensure technical operation and to identify and eliminate malfunctions. In doing so, we pursue the interest of ensuring technical functionality on a permanent basis. We do not use this data for the purpose of drawing conclusions about your person.

· Further development of products, services and support offers as well as other measures to control business transactions and processes;

· Improvement of product quality, elimination of errors and malfunctions;

· Handling of non-contractual inquiries and concerns;

· Ensuring legally compliant actions, prevention of and protection against legal violations (especially criminal offences), assertion of and defence against legal claims, internal and external compliance measures;

· Ensuring availability, operation and security of technical systems as well as technical data management;

· Answering and evaluation of contact requests and feedback.

3.3.1 Retrieval of the online offer

When you call up the Online Service, data relating to your end device and your use of the online offer are processed and stored in a so-called log file. This concerns in particular technical data such as date and time of access, duration of the visit, type of terminal device, operating system used, functions used, amount of data sent, IP address and referrer URL. We process this data to ensure technical operation and to determine and eliminate faults. In doing so, we pursue the interest of permanently ensuring technical operability. We do not use this data for the purpose of drawing conclusions about your person.

3.3.2 Studies and surveys

As part of the further development of products, services and support offers, you may be selected from time to time to participate in a study or survey when visiting our Online Service. Participation is voluntary. We process your personal data if this is necessary for the initiation, implementation and evaluation of a study or survey. This also includes the further processing of the results. The processing is carried out to generate insights into individual customer satisfaction or general preferences and ideas of (potential) customers. In this respect, please also refer to the description of the study or survey and the accompanying information beyond this Privacy Policy. We do not use the collected data for the purpose of drawing conclusions about your person or your identity. Data directly related to your identity will only be processed if you provide it on a voluntary basis as part of the study or survey. If a company other than Porsche AG is responsible for processing your data, this will be indicated accordingly. We may use agencies bound by instructions as order processors to carry out the studies and surveys (see Section 8).

3.4 Consent

We process your personal data on the basis of corresponding consent. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You may revoke any consent you have given at any time, without affecting the legality of the processing that has taken place on the basis of the consent until revocation.

· Newsletter: Porsche AG sends newsletters after corresponding registration, i.e. with your consent. If the contents of the newsletter are specifically described in the registration, these are decisive for the scope of the consent. In addition, our email newsletters contain information on new content from the Porsche Golf Circle, Porsche GT Circle and Porsche. Registration takes place by means of the so-called double opt-in procedure, i.e. after your registration you will receive an email in which you are asked to confirm your registration in order to prevent misuse of your email address. We log the registrations for the newsletter in order to be able to prove the registration process and the consent contained therein in accordance with the legal requirements. The logging of the registration and the processing of the data entered by you during registration that is necessary for this purpose is accordingly carried out on the basis of our legitimate interests. You can revoke your consent to receive our newsletter at any time, e.g. by unsubscribing from the newsletter. You will find an unsubscribe link to exercise this right at the end of each newsletter.

· Photos of events: In order to provide users with impressions of the events, we may publish photos and video recordings of past events as part of the app. Corresponding consent is obtained on site at the respective events. Please also note our data protection information in this regard at the respective event location.

3.5 Change of purpose

If we process your personal data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, in accordance with Article 6 paragraph 4 GDPR, the compatibility of the original and the now pursued purpose, the nature of the personal data, the possible consequences of further processing for you and the guarantees for the protection of the personal data.

3.6 Profiling

We do not carry out automated decision making or profiling in accordance with the statutory provisions of data protection law. Profiling is only carried out to protect our legitimate interests as described above.

4. Access authorizations in the end device

To the extent functions of the Online Service require the granting of authorization to access your end device (e.g. access to location data or photos), the granting of these authorizations is voluntary. However, if you wish to use the corresponding functions, you must grant the appropriate authorizations, otherwise you will not be able to use these functions. The permissions remain active as long as you have not reset them in your device by deactivating the respective setting.

5. Cookies and comparable technologies

We use cookies and comparable technologies in connection with the Online Service which serve to communicate with your end device and exchange stored information (hereinafter collectively referred to as "Cookies"). These Cookies are primarily used to make the functions of the Online Service usable. General examples in which the use of Cookies is technically required in this sense are the storage of a language selection, login data or a shopping or watch list. Accordingly, technically required Cookies may be used by us to enable the processing described in section 3.1 and to ensure the proper and secure operation of the Online Service. The data processing is then carried out on the basis of Article 6 paragraph 1 letters b) and f) GDPR, as it is necessary to implement the functions you have selected or to protect our legitimate interest in the functionality of the Online Service.

Insofar as we should also use Cookies in order to analyse the use of the Online Service and to be able to target it to your interests and, if necessary, to provide you with interest-based content and advertisements, this is done exclusively on the basis of your voluntary consent in accordance with Article 6 paragraph 1 letter a) GDPR. You will then have the opportunity to make the appropriate settings within the Online Service via the consent management. You may revoke any consent you have given at any time with effect for the future. Further information on Cookies and their function in detail as well as on setting and revocation options can be found directly in the corresponding areas of the consent management. Please note that we only make available the consent management in the context of the Online Service if, in addition to the above-mentioned technically required Cookies, consent- based Cookies are to be used.

If you do not wish to use Cookies in general, you can also prevent their storage by adjusting the settings of your end device accordingly. Stored Cookies can be deleted at any time in the system settings of your terminal device. Please note that blocking certain types of Cookies can lead to impaired use of the Online Service.

Furthermore, we use other technologies which, like cookies, serve to ensure the secure and user-friendly usability of the website (e.g. by protecting against misuse or evaluating usage). Technically, these additional technologies differ from cookies, as they do not store any information on your end device or access information already stored there. Insofar as these additional technologies process data that is subject to data protection law (e.g. IP addresses), we process this data on the basis of Article 6 paragraph 1 letters b) and f) GDPR to provide the website, to ensure technical operation and for the purpose of identifying and eliminating faults. In doing so, we also pursue the interest of permanently ensuring the technical functionality of the website, improving its performance and optimising the user experience. When you access our website, this data is automatically processed. Without the provision of this data, you will not be able to use our website. We do not use this data for the purpose of drawing conclusions about your person or identity.

We use Analytical cookies and tracking technologies to understand how you interact with our website and what content interests you most. This means we can improve the performance of our website and adapt the content to your interests. These cookies and tracking technologies are also used to permit website functions that enable you to use it as conveniently as possible.

To do this, we use the services of third-party providers that receive information about your use of our website and may, for their own purposes, also combine this with other data that they have received from you and possibly from elsewhere.

Google Analytics

This is an analysis service to optimise our digital offers. For more information please see our Cookie Policy.

6. Integrated third-party services

Insofar as we integrate services of other providers within the scope of the Online Service in order to provide you with certain content or functions (e.g. playing videos or route planning) and we process personal data in the process, this is done on the basis of Article 6 paragraph 1 letters b) and f) GDPR. This is because the data processing is then necessary to implement the functions you have selected or to protect our legitimate interest in an optimal range of functions of the Online Service. Insofar as Cookies may be used within the scope of these third-party services, the statements under Section 5 apply. Please also refer to the privacy policy of the respective third-party provider with regard to the third-party services.

Services of other providers which we integrate or to which we refer are provided by the respective third parties. We have no influence on the content and function of the third-party services and are generally not responsible for the processing of your personal data by their providers, unless the third-party services are completely designed on our behalf and then integrated by us on our own responsibility. Insofar as the integration of a third-party service results in us establishing joint processes with its provider, we will define with this provider in an agreement on joint controllership pursuant to Article 26 GDPR how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations. Insofar as Cookies are to be set on the basis of your consent, you will receive further information on the responsibility for setting these Cookies and any associated third-party services in the corresponding area of the consent management.

Unless otherwise stated, profiles on social media are generally only included in the Online Service as a link to the corresponding third-party services. After clicking on the integrated text/image link, you will be redirected to the offer of the respective social media provider. After the redirection, personal data may be collected directly by the third-party provider. If you are logged in to your user account of the respective social media provider, the provider may be able to assign the collected information of the specific visit to your personal user account. If you interact via a "share" button of the respective social media provider, this information can be stored in the personal user account and published if necessary. If you want to prevent the collected information from being assigned directly to your user account, you must log out before clicking the included text/image link.

7. Recipients of personal data

Within our company, only those persons who need your personal data for the respective purposes mentioned have access to it. Your personal data will only be passed on to external recipients if we have legal permission to do so or have your consent. Below you will find an overview of the corresponding recipients:

· Commissioned processors: Group companies or external service providers, for example in the areas of technical infrastructure and maintenance, which are carefully selected and reviewed. The processors may only use the data in accordance with our instructions.

· Public bodies: Authorities and state institutions, such as tax authorities, public prosecutors' offices or courts, to which we (must) transfer personal data, e.g. to fulfil legal obligations or to protect legitimate interests.

· Private bodies: Group companies, Porsche sales companies (incl. companies offering services in the area of Porsche Connect and Smart Mobility), dealer and service operations, cooperation partners, service providers (not bound by instructions) or commissioned persons such as Porsche Centres and Porsche Service Centres, financing banks, credit agencies or transport service providers.

8. Customer and prospect care

In the following, we would like to provide you with further data protection information on the implementation of customer and prospect care at Porsche. The measures serve to ensure customer and interested party-oriented support.

9.1 Joint customer and prospect care at Porsche

The measures mentioned under point 3 in the context of customer and prospect support (in particular service and support, implementation of legal requirements, needs analyses, individual support via the desired communication channels) are generally not carried out by the controller alone. Involved in the customer and prospect care are in addition to the Porsche Centre responsible, Porsche importers as the importer, as part of international support, the respective local importers, Dr. Ing. h.c. F. Porsche AG as manufacturer and its affiliated companies in the areas of financial and mobility services, digital services and lifestyle products.

By using a central platform, we avoid situations where information about your products, contact data and interests would not be available for your respective Porsche contact and where you would therefore have to be referred to another company. This also applies in the event that the operating entity of your Porsche Center changes. By exchanging and verifying data, we ensure that you receive the best possible service and advice. It goes without saying that only the companies involved that actually need access to your data for operational purposes have such access.

Joint customer and prospect care can lead to joint control in certain cases. For this reason, the companies involved have set out in an agreement pursuant to Article 26 GDPR how the respective tasks and responsibilities for processing personal data are structured and who fulfills which data protection obligations. In particular, it was determined how an appropriate level of security can be achieved and how data subject rights and data protection information obligations can be guaranteed. Dr. Ing. h.c. F. Porsche AG is available to you as a central contact in addition to the other companies involved. 

9.2 Individual customer and prospect care

Insofar as you have given your voluntary consent to individual customer and prospect care, contact data, support and contract data (e.g. on purchases, leasing or financing), service information as well as data on interests, vehicles and services or products used will be used by the companies involved in joint customer and prospect care to send you personally tailored information and offers on Porsche vehicles, services and other products, invitations to events and surveys on satisfaction and expectations via the desired communication channels. 

For the individual design of customer and prospective customer support, we will create a customer profile of you.

The specific data used for this purpose depends on the information collected on the basis of orders and consultations or provided by you (e.g. in the consultation at the Porsche Centre or as part of your activities under your Porsche ID at My Porsche). The data may also originate from orders or purchases that are processed in cooperation with partners (e.g. insurance companies) and from which we then receive the information, if applicable. Insofar as corresponding consents have been granted, other data sources may also be included. This can be data on usage behaviour or vehicle condition in relation to the vehicle data assigned to you (e.g. on your driving behaviour, identification, basic, usage, analysis, environmental and traffic data, as well as location and movement data) or on the use of digital media (e.g. website use). You will receive more information on the merging of the data with the corresponding consent. 

In order to offer an inspiring brand and customer care experience with Porsche and to make communication and interaction as personal and relevant as possible, the aforementioned data is used for needs analyses and customer segmentation. On this basis, for example, affinities, preferences and potentials can be determined by the companies involved as part of individual customer and prospect care. Examples of such measures for individualization are classification numbers on your likely product interests and on your satisfaction. The corresponding information and analysis results are stored in your customer profile and are then available for the individual configuration of customer and prospect care. The personal analysis and individual allocation in a customer profile will only take place if this serves your individual customer and prospect care. Individual customer and prospect care without these measures for optimization and personalization is not offered. 

Beyond the individual measures relating to direct communication with you, we will only use the aforementioned data within the framework of general measures of customer and prospect care to carry out general evaluations based on the aggregated data of customers and prospects in order to optimize our offers and systems and align them with overarching interests. Please note that data on usage behaviour or vehicle condition in relation to the vehicles assigned to you or on the use of digital media may also be used for this purpose if you have given the appropriate consent. Please also note that your data may also be evaluated beyond the scope of customer and prospect support; this will then be done on the basis of your specific consent or another legal basis. 

When we send emails for individual customer and prospect care, we may use market standard technologies such as tracking pixels or click-through links. This allows us to analyze which or how many emails are delivered, rejected and/or opened. The latter is particularly done by means of tracking pixels. Measuring the opening rate of our emails by means of tracking pixels is not fully possible if you have deactivated the display of images in your email program. In this case, the email will not be displayed to you in full. However, it is still possible for us to track whether an email has been opened if you click on text or graphic links in the email. By using click-through links, we can analyze which links in our emails are clicked on and deduce what interest there is in certain topics. When clicking on the corresponding link, you are guided through our separate analysis server before calling up the target page. Based on the results of the analysis, we can make emails more relevant in the context of individual customer and prospect care, send them in a more targeted manner or prevent them from being sent. The sending of emails and the evaluation of their use will only take place if you have given your voluntary consent to individual customer and prospect care. Individual customer and prospect care without the described evaluation for optimization is not offered. 

10. Data processing in third countries

If a data transfer takes place to entities whose registered office or place of data processing is not located in a member state of the European Union, another state party to the Agreement on the European Economic Area or a state for which an adequate level of data protection has been determined by a decision of the European Commission, we will ensure prior to the transfer that either the data transfer is covered by a statutory permit, that guarantees for an adequate level of data protection with regard to the data transfer are in place (e.g., through the agreement of contractual warranties, officially recognized regulations or binding internal data protection regulations at the recipient), or that you have given your consent to the data transfer.

If the data is transferred on the basis of appropriate safeguards, you can obtain from us a copy or reference to the availability of the guarantees for an adequate level of data protection in relation to the data transfer. Please use the information provided under Section 1.

11. Storage duration, erasure of data

We store your personal data, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as you have not revoked your consent. In the event of an objection to processing, we will delete your personal data, unless further processing is still permitted by law. We will also delete your personal data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually delete your personal data immediately

· after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply;

· if your personal data is no longer required for the purposes we pursue and no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter is the case, we will delete the data after the other legal basis has ceased to apply.

12. Rights of data subjects

Right to access: You have the right to receive information about your personal data stored by us.

Right to rectification and erasure: You can demand that we correct incorrect data and, if the legal requirements are met, delete your data.

Restriction of processing: You can demand that we restrict the processing of your data, provided that the legal requirements are met.

Data portability: If you have provided us with data on the basis of a contract or consent, you may, if the legal requirements are met, demand that the data you have provided us with are handed over in a structured, common and machine-readable format or that we transfer it to another controller.

Objection: You have the right to object at any time to data processing by us based on the safeguarding of legitimate interests for reasons arising from your particular situation. If you make use of your right to object, we will stop processing the data unless we can prove compelling reasons for further processing worthy of protection which outweigh your rights and interests.

Objection to direct marketing: If we process your personal data for the purpose of direct marketing, you have the right to object to our processing of your data for this purpose at any time. If you exercise your right to object, we will stop processing your data for this purpose.

Revocation of consent: If you have given us your consent to process your personal data, you can revoke it at any time with effect for the future. The legality of the processing of your data until revocation remains unaffected.

Right to lodge a complaint with a supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the supervisory authority responsible for your place of residence or your country or the supervisory authority responsible for us.

Your contact with us and the exercise of your rights: Furthermore, you can contact us free of charge if you have questions regarding the processing of your personal data and your rights as a data subject. Please contact us at https://www.porsche.com/privacy-contact/ or by letter mail to the address provided under Section 1. Please make sure that we can definitely identify you. If you revoke your consent, you can alternatively choose the contact method that you used when you gave your consent.

13. Effective date

The latest version of this Privacy Policy applies. Version 6 - This version dates from 30.09.2024.

***