(Last updated: September 2024 – the current version can always be found at https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacycar/latest/html)
This Privacy Policy informs you about the processing of your personal data by us when using vehicles of the “ID. family”. Please also refer to the “Notes on data use when using the V2X technology function”. If you wish to use the Volkswagen AG mobile online services in the vehicle, please also observe the “Privacy Policy for the use of Volkswagen AG's ‘We Connect, VW Connect’ mobile online services in vehicles of the 'ID. family’”. Both Privacy Policies are available in the vehicle under “Legal information” or online at https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacycar2x/latest/html and https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacy/latest/html.
Please note that, as a German company, we are bound by German law and by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) even in cases where we process personal data of individuals who are permanently resident outside Germany. Part I of this Privacy Policy contains information on the processing of your data as required by German law and the GDPR.
To some extent, we may also be bound by national legislation of other countries. If you are permanently resident in one of the countries specified in Part II of this Privacy Policy, you will find further information in that section.
The office responsible for processing your personal data to the extent specified below is Volkswagen AG (hereinafter also referred to as “we” or “us”).
You can reach Volkswagen AG at the following address:
Volkswagen AG
Berliner Ring 2
38440 Wolfsburg
Germany
Tel.: +49-5361-9-0
connect-support@volkswagen.de
Register of companies number HRB 100484 (Braunschweig district court)
Our Data Protection Officer is your point of contact for all matters relating to data protection.
Please direct your enquiries to:
Data Protection Officer at Volkswagen AG
Berliner Ring 2
38440 Wolfsburg
Germany
dataprivacy@volkswagen.de
To exercise your rights, please contact info-datenschutz@volkswagen.de (Germany) and privacy@volkswagen.de (outside of Germany) directly.
For further information about your rights, see Part D of this Privacy Policy.
Control units are installed in the vehicle. Control units process data that they receive from vehicle sensors, generate themselves or exchange with other control units, for example. Some control units are required for the safe functioning of the vehicle, others support you while driving (driver assist systems), and others enable convenience or infotainment functions. The vehicle also has one or more connection units in which a SIM card is installed allowing the vehicle to be used online. This allows data to be sent from the vehicle for specific purposes. In addition, the vehicle is equipped with an on-board diagnosis interface, which enables data to be read out from the control units, e.g., by vehicle service centres.
Each vehicle is identified with a unique vehicle identification number. This vehicle identification number ("VIN") can be used to trace the present and former owners of the vehicle by submitting an enquiry to the responsible authority in your country. There are also other ways of tracing data collected from the vehicle back to the owner or driver, e.g. via the vehicle registration number. Therefore, the data generated or processed by control units can be personal – or can be considered personal under certain conditions. Depending on the vehicle data available, it may be possible to draw conclusions, for example, about your driving behaviour, your location, your driving route or your usage behaviour.
As soon as personal data is retrieved from the vehicle and transmitted to us, we are responsible for it under data protection legislation. This Privacy Policy contains information about how we process this data.
The data stored in the control units can be read out by employees of the service network (e.g., vehicle service centres, manufacturers) or third parties (e.g., roadside assistance services) via the legally required OBD connection in the vehicle. The operating data that is read out documents technical statuses of the vehicle or individual components and helps, for example, with fault diagnosis, compliance with warranty obligations and quality improvement. This data, particularly information on component stress, technical events, operating errors and other faults, is transmitted to us for this purpose (together with the VIN where necessary).
Contact your Volkswagen authorised workshop for information on how we process read-out data.
The vehicle is equipped with a V2X technology function. If you activate this function, the vehicle is able to exchange important information about road traffic, e.g. about accidents or traffic jams, with other road users or the traffic infrastructure, provided that these also support the V2X technology function. This makes your participation in road traffic even safer. Communication takes place directly between the vehicle and other road users or the traffic infrastructure at close range – about 200 m to 800 m. This range can vary depending on the environment, e.g., in tunnels or in the city.
Please also note the "Notes on data use when using the V2X technology function", which is available in the vehicle under "Legal information" or online at https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacycar2x/latest/html.
The vehicle is equipped with a radio network connection that enables the exchange of data between the vehicle and other systems (such as the Volkswagen data server or third-party provider servers). The radio network connection is made possible by one or more on-board connection units. Telecommunication and online functions can be used via this radio network connection. These include the "eCall Emergency System" required by law, as well as online services and applications/apps.
You can set the vehicle to online or offline mode at any time using the privacy settings.
If the vehicle is in offline mode, no personal data is usually sent from the vehicle to the Volkswagen data server or other recipients. In this case, data processing only takes place locally in the vehicle. Exceptions may exist in the case of the provision of safety-relevant functions (e.g., the "eCall Emergency System" or in connection with the use of mobile keys); you will be informed of these exceptions in this Privacy Policy or in the Privacy Policy for the respective function.
In online mode, you can also choose whether or not location data based on the GPS signal from the vehicle may be sent (only available on certain models and equipment).
To provide the vehicle with online capability, a SIM card is installed at the factory. To ensure proper connectivity, the telecommunications service provider (Cubic Telecom GmbH, Landshuter Allee 8-10, 80637 Munich, Germany) receives a notification as soon as the SIM card is installed in the vehicle to inform them which SIM card has been assigned to which vehicle identification number (VIN).
The vehicle also connects to the Volkswagen data server once (usually before it is handed over to you at the dealership, but no later than when the vehicle has an initial mileage of 25 km), regardless of current privacy settings, so that software certificates can be updated; the vehicle is then registered on the Volkswagen data server. The vehicle mileage (km), the vehicle identification number (VIN) and the SIM card details are processed for this purpose. The purpose of this update process is to enable the vehicle for the Internet. Only then does it become possible to use the vehicle’s online functions (such as the eCall Emergency System). If the vehicle was in offline mode immediately before the start of the update process, it will automatically return to offline mode after completion of the update process. On our data server, we also record whether the update and registration process was successful or whether errors occurred so that our Customer Care team can provide you with the best possible assistance in the event of technical problems.
Data processing is carried out for the purpose of performing the sales contract for the Internet-enabled vehicle between the vehicle purchaser and the dealership, and on the basis of our legal obligation to provide the eCall Emergency System (Article 6(1)(b) and Article 6(1)(c) GDPR).
If the vehicle is in online mode, certain data (including personal data, see below) is sent from the vehicle to the Volkswagen data server in order to ensure a secure connection and to allow online functionalities and V2X technology functions to run in a technically secure and flawless manner (detailed information on data processing in connection with V2X technology functions can be found in the separate Privacy Policy "Notes on data use when using the V2X technology function" under "Legal information" in the infotainment system). This is a necessary prerequisite to ensure secure communication with the Volkswagen data server to combat cyber attacks by third parties and to identify and eliminate malfunctions.
Data exchange also takes place between the vehicle and the Volkswagen data server so that you can activate Volkswagen AG's “We Connect, VW Connect” (in the following, they will be combined under “VW Connect”) mobile online services for your vehicle at any time at your request.
We process the personal data specified below for the aforementioned purposes:
Whenever the vehicle enters online mode, it has to authenticate itself on the Volkswagen data server. The VIN, the IP address and the SIM card number of the vehicle are processed. The vehicle must also have the correct time in order to check the validity of the certificates transmitted from the vehicle for secure communication. Therefore, the time of the vehicle systems is synchronised with the time of the Volkswagen data server when switching on and operating the ignition.
In addition, log files containing the VIN, IP address, time stamp and, where applicable, fault information are created and evaluated so that faults, technical malfunctions and security threats can be detected and eliminated early on. Data processing is based on the overriding legitimate interest to warrant the integrity, availability and capacity of the vehicle systems and thereby vehicle security (Section 6(1)(f) GDPR). In the event of a fault being detected, we may process the contact details we hold on file for you if we need to contact you.
Data processing is carried out for the purpose of fulfilling the sales contract for the Internet-enabled vehicle between the vehicle purchaser and the dealership and, if applicable, for initiating the contract or fulfilling the “VW Connect” contract (Section 6(1)(b) GDPR).
The "eCall Emergency System" required by law works in both online and offline mode. However, if the vehicle is in offline mode, a data connection will be established only if you are involved in a traffic accident with the vehicle, a medical emergency is detected (Emergency Assist) or if you make an emergency call using the control that is located in the roof console inside the vehicle.
If you have a traffic accident or a medical emergency is detected – regardless of the selected privacy settings – an automatic emergency call will be made. The vehicle detects when an accident has occurred by means of sensors and activates the legally required “eCall Emergency System” in such an event. Using the control located in the roof console (or in the infotainment system) of your vehicle, you can also manually report an emergency involving your own vehicle at any time via the “eCall Emergency System” or request assistance for other road users who are in an emergency situation. In the event of activation of the emergency call system, a voice connection will be established with the emergency services control centre, via which – depending on the individual case – additional personal data may also be requested and transmitted (e.g., in relation to the type and severity of injury).
In addition, the following personal data will be sent directly from the vehicle to the emergency services control centre using an automated process and without the involvement of the Volkswagen data server: vehicle identification number (VIN), type of activation, vehicle type, drive type, time of emergency call, vehicle location, direction of travel, direction of accident, speed reduction in case of an accident in longitudinal direction, speed reduction in case of an accident in cross direction, number of people inside the vehicle.
Data is automatically transmitted to the emergency services control centre on the basis of a legal obligation and to protect vital interests [Article 6(1)(c) GDPR in conjunction with Regulation (EU) 2015/758 of the European Parliament and of the Council of 29 April 2015 concerning type-approval requirements for the deployment of the eCall in-vehicle system based on the 112 service and commencement of Regulation (EU) 2018/858; Article 6(1)(d) GDPR, Article 6(1)(f) GDPR (Protection of legitimate interests)].
If you get into a traffic accident with your vehicle or a medical emergency is detected, an automatic emergency call is sent to the Volkswagen Emergency Call Centre via the “Emergency Call Service” – provided the vehicle is in the online mode. The vehicle recognises when an accident has occurred via sensors and activates the “Emergency Call Service” in this case. Using the control located in the roof console (or in the infotainment system) of your vehicle, you can also manually report an emergency involving your own vehicle at any time via the “Emergency Call Service” or request assistance for other road users who are in an emergency situation.
If the vehicle is in offline mode (maximum privacy setting), the compulsory “eCall Emergency System” will be activated, which will make an emergency call via the 2G/3G mobile network. If, due to switched off mobile networks, the compulsory “eCall Emergency System” is not available, an emergency call will be made via the “Emergency Call Service”, regardless of the privacy setting. A complete deactivation of the manufacturer “Emergency Call Service” requires the deactivation of the individual service.
Personal data: Vehicle identification number (VIN), vehicle type, time, location, direction of travel, number of persons in the vehicle, temperature in the vehicle, selected Infotainment system language, severity of accident, direction of accident (e.g. frontal or side collision), type of other party involved in the accident, triggering event, drive type, possibly other information communicated via the voice connection
Legal basis: Art. 6(1)(d) GDPR (protection of interests that are essential for life), Art. 6(1)(f) GDPR (protection of legitimate interests)
Other data recipients: Bosch Service Solutions GmbH, Mainzer Landstraße 193, 60326 Frankfurt am Main, Germany. (This recipient will process data only on our behalf and in accordance with our instructions.)
Using the control located in the roof console of your vehicle, you can initiate the information call and contact customer service at the Customer Interaction Center (CIC) for vehicles of Volkswagen AG.
Volkswagen AG is constantly striving to improve business processes as part of corporate management and to optimise the associated costs. This requires a well-founded analysis of web analysis, offer, sale and order data. For this reason, Volkswagen AG processes data from web analysis, offer, sale and ordering systems as well as data from services that are linked to the Volkswagen ID. Details on processing this data (e.g. exactly what data is processed and how) are provided in the Volkswagen ID Privacy Policy at https://vwid.vwgroup.io/data-privacy.
The Breakdown Call function can be triggered both by breakdown events (with or without a warning lamp lighting up) and by minor accidental damage below the level required to trigger the restraint systems (such as the airbag and belt tensioner). If the airbag control unit has detected such an impact, the infotainment system will provide you with an audio connection to a call centre. Data is not automatically transferred from the vehicle to the call centre if no “VW Connect” contract has been concluded for the vehicle. Information on data processing for the purposes of handling a Breakdown Call when a “VW Connect” contract is in place can be found in the Privacy Policy for the use of Volkswagen AG's “VW Connect” mobile online services in vehicles of the “ID. family”, which is available under “Legal information” or online at https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacy/latest/html.
Personal data: Telephone number of the integrated SIM card in the vehicle and other personal data that you share during the call
Legal basis: Article 6(1)(b) GDPR (contract performance)
Other data recipients: ARC Europe S.A., Avenue des Olympiades 2, 1140 Brussels, Belgium and its authorised local service provider; where applicable, your Volkswagen authorised workshop or a towing company.
You can purchase data packages for the use of the Wi-Fi hotspot from our partner mobile service provider Cubic Telecom GmbH (Landshuter Allee 8–10, 80637 Munich, Germany; "Cubic") and use them in the vehicle. It is required that you register with Cubic for this. Data processing in connection with the purchase and use of a data plan is the sole responsibility of Cubic. We transmit the VIN and SIM card data to Cubic as soon as you choose to purchase a data plan. The data is transmitted because it is necessary for the conclusion and performance of the contract between you and Cubic (Article 6(1)(b) GDPR).
The “Free charging stations” in-car app from “We Charge” enables charging stations to be displayed when using the navigation system and – with certain models and equipment – is available without the “VW Connect” mobile online services. It shows you which charging stations are available and which ones are not. You can also see the charging speed.
The in-car app can only be used if we are able to access and process the vehicle's position. Your positioning data will only be processed for the “Free charging stations” service if you have consented to the processing of location data in the In-Car App. You can revoke your consent for future processing at any time and without stating a reason via the settings in the in-car app. If you revoke your consent, you will no longer be able to use the service.
Personal data: Position
Legal basis: Article (6)(1)(a) GDPR (consent)
Other data recipients: depending on the In-Car App version: HERE Europe B.V., Kennedyplein 222–226, 5611 ZT Eindhoven, Netherlands or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
If you contact our We Charge Customer Care team, we will process the details of/personal data associated with your request (e.g., name, email address, telephone number, language and – depending on the request – details such as language settings and fault analyses) in an electronic ticket for the purpose of contacting you and dealing with your request.
You can reach our Customer Care department at wecharge-support@volkswagen.de or by phone:
Hungary: 001800-43347328
Finland: 990800-43347328
Rest of the world: 00800-43347328
You can find information on data protection in connection with customer service in the Privacy Policy at https://cic-legal.volkswagen.com.
The vehicle comes enabled with online functionalities (such as the digital User Guide) without the need to conclude a separate contract. Information about how data is processed when you use these functions online can be found in the settings for the relevant function. You can view the most recently downloaded versions of the corresponding data privacy statements even when the vehicle is in offline mode.
The vehicle may be equipped with the online services “VW Connect” and “VW Connect Plus” (some of which may incur a charge), other online services and digital products of Volkswagen AG (such as certain in-car apps or mobile keys) or with the fleet management system of Volkswagen AG “We Connect Fleet, Connect Pro”. For information on data protection, please refer to the relevant Privacy Policies of Volkswagen AG or your fleet company.
Except for our “VW Connect” customers, we do not make software updates (e.g. for control unit software) available to anyone via the vehicle’s online connection (“Online Software Updates”) for legal reasons. All other registered keepers will continue to receive essential software updates exclusively via their authorised workshop. This means that it is necessary to identify those vehicles for which a “VW Connect” contract has been concluded before we make an online software update available. For this purpose, it is necessary to verify the VIN of all ID. vehicles that could potentially be eligible to receive a software update by checking their “VW Connect” contract status. The VIN of vehicles that cannot be provided with an online software update, because no “VW Connect” contract is in place, will then be immediately deleted from the online software update lists. In the case of “VW Connect” customers, data processing is carried out for the purpose of contract fulfilment (section 6(1)(b) GDPR). For all other registered keepers, it is carried out on the basis of our legitimate interest in being able to provide our “VW Connect” customers with the “Online Software Update/Online System Update” service in the proper manner and with online software updates in conformity with the law (section 6(1)(f) GDPR). Where this instance of data processing is concerned, we are assisted by CARIAD SE, Berliner Ring 2, 38440 Wolfsburg, Germany; personal data is processed solely on our behalf and in accordance with our instructions. Further information on the “Online Software Update” service can be found in the Privacy Policy for the use of Volkswagen AG's “VW Connect” mobile online services in vehicles of the “ID. family”, which is available under “Legal information” or online at https://consent.vwgroup.io/consent/v1/texts/WeConnect/cy/en/dataprivacy/latest/html.
The personal data is stored on our behalf and in accordance with our instructions on servers of the following service providers:
CARIAD SE
Berliner Ring 2
38440 Wolfsburg
Germany
WirelessCar Sweden AB
Vädursgatan 6
412 50 Gothenburg
Sweden
Amazon Web Services, Inc. (“AWS”)
410 Terry Ave. North
Seattle WA 98109
USA
Amazon Web Services EMEA SARL
Avenue John F. Kennedy 38
1855 Luxembourg
Luxembourg
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
We also use various IT service providers. These assist us with the maintenance of our IT systems and with technical support, for example. Insofar as the service providers have access to your personal data, they will process this data only on our behalf and in accordance with our instructions. IT support is provided in particular by the following service provider:
CARIAD SE
Berliner Ring 2
38440 Wolfsburg
Germany
Where we transfer your personal data to recipients and processors located outside the EU, we have entered into EU standard contract provisions with these recipients to ensure an adequate level of protection for your personal data. If required by the applicable data protection legislation, other protective measures (such as encryption and additional contractual provisions) are also put in place in order to ensure that your personal data is adequately protected. You can access the EU standard contract provisions used in the EU languages via the URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.
If you make use of the option to use online services of other providers (third parties), these services are subject to the responsibility of the respective provider, as well as their Privacy Policy and terms of use. Therefore, please inform yourself about the type, scope and purpose of the collection and use of personal data within the scope of third-party services from the respective service provider.
Insofar as legal regulations apply, we are obliged to hand over data stored by us to the necessary extent at the request of government agencies (e.g., in the investigation of a criminal offence). The legal basis for the transfer of data to the respective government agency is provided by the respective legal obligation (Article 6(1)(c) GDPR in conjunction with the respective legal obligation).
Within the framework of the applicable law, public authorities may also be authorised to read data from vehicles themselves in individual cases. For example, in the event of an accident, information can be read from the airbag control unit that can help to resolve the details of an accident.
You can assert your rights below against Volkswagen AG at any time and free of charge, insofar as personal data is processed by us.
Please note that we do not identify the respective vehicle user, meaning that in the case of multiple vehicle users, we do not know which driver which data relates to. If you assert data subject rights, we will have to check your identity and may ask you to provide additional information or clarification where necessary (in particular, information relating to the period or other circumstances of vehicle use). We can request this additional information so that we can identify the personal data relating to you and make it available to you. We must also ensure when we provide personal data that we do not infringe the rights of other vehicle users.
More information on asserting your rights can be found at: https://datenschutz.volkswagen.de/.
You have the right to request confirmation from us as to whether or not personal data concerning you is being processed and – if it is – to be informed what personal data concerning you is being processed, and also which third parties within and outside the EU have had your data forwarded to them. You also have the right to obtain a copy of the personal data concerning you that is being processed by us.
You have the right to have incorrect or incomplete personal data concerning you rectified by us.
You have the right to demand erasure of your data if the requirements stated in Article 17 GDPR are met. According to this, you can request, for example, that your data be erased if it is no longer necessary for the purposes for which it was collected. In addition, you can request erasure if we process your data on the basis of your consent and you withdraw this consent.
You have the right to request restricted processing of your data if the requirements stated in Section 18 GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can request that processing is restricted for the period during which the accuracy of the data is being checked.
You have the right to object to the processing of your personal data in the following cases:
• If processing takes place for direct marketing purposes (including profiling for direct marketing purposes).
• If processing (including profiling) takes place on one of the following legal bases:
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Article 6(1)(e) GDPR).
• Processing is necessary for the protection of our legitimate interests and those of a third party (Section 6(1)(f) GDPR). If you do raise any objection of this kind, we kindly request that you inform us of the reasons why you are objecting to data processing. . If you object, we will no longer process your data unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If data processing is based on consent or contract performance and processing takes place using automated means, you have the right to obtain your data in a structured, commonly used and machine-readable format and to transmit this data to another controller. In addition, you have the right to have the personal data transmitted directly by us to another controller.
Where data processing is based on consent, you have the right to withdraw your consent, free of charge, at any time with effect for the future by sending an email to info-datenschutz@volkswagen.de (Germany), privacy@volkswagen.de (outside of Germany), at our Volkswagen Privacy Portal https://www.datenschutz.volkswagen.de or through the contact details in the site notice.
You also have the right to lodge a complaint with a supervisory authority or another competent data protection authority about our processing of your data. This can, for example, be the data protection authority in your country of residence. A list of all data protection authorities in the European Union can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-cy
Besides, from the legal bases described in Part I the legal bases for processing personal data under Albania law is a consent given by the data subjects. The consent of the data subjects is given by using the vehicle in knowledge of the data processing. Data controller representative in Albania:
Porsche Albania Sh.p.k
Autostrada Tirane-Durres
Km. 3, Tirane,1051
dataprotection@porsche.al
In deviation from the legal bases described in Part I the legal bases for processing personal data under the law of Bosnia and Herzegovina is a consent given by the data subjects. The consent of the data subjects is given by using the vehicle in knowledge of the data processing.
Data controller representative in Bosnia and Herzegovina:
PORSCHE BOSNA I HERCEGOVINA
Porsche BH d.o.o. Sarajevo
Porsche Inter Auto BH d.o.o. Sarajevo
BIH-71000 SARAJEVO | Bulevar Meše Selimovića 16
zastita.podataka@porschebh.ba
Personal information obtained from residents in Japan (“Personal Data”) shall be handled in accordance with the following rules in addition to the rules set forth in Part I of this Privacy Policy.
1. Purpose: We will handle the Personal Data in accordance with the Purposes set forth in Part I of this Privacy Policy (“Purposes”), and not use Personal Data for any purpose other than such Purposes. We shall promptly notify the relevant data subjects, or disclose to the public of the Purposes (and any subsequent changes thereof), unless the Purposes have already been disclosed to the public;
2. Collection: We will not obtain any Personal Data through any deceptive, fraudulent, or other wrongful means;
3. Accuracy: We will make reasonable efforts to ensure that Personal Data handled by us is accurate and up to date and within the scope necessary to achieve the Purposes;
4. Retention: We will retain Personal Data in accordance with Section A.IV of Part I, and cease retention as soon as it is reasonable to assume that the Purposes are no longer being served by retention of Personal Data;
5. Protection: We will protect Personal Data in its possession or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, damage, loss or similar risks. We will adequately supervise processing of Personal Data by our officers, employees, third party vendors and any other parties who process Personal Data on our behalf;
6. Transfer: Without obtaining the prior consent of the relevant data subjects, we will not transfer or provide any part of Personal Data to any individual or entity unless an exception under the APPI applies.
7. Extraterritorial Transfer: Without obtaining the prior consent of the relevant data subjects, we will not transfer or provide any part of Personal Data to any individual or entity located outside Japan, European Union or the United Kingdom unless (a) a transferee is located in a country or area certified by the Personal Information Protection Commission of Japan ("PPC") as having data protection standards equivalent to those of Japan or (b) the transferee has data protection standards equivalent to the standards specified by the PPC; and,
8. Data Subject's Right: If a data subject requests pursuant to the APPI disclosure of Purposes, access to, correction, or deletion of any of Personal Data relevant to such data subject, or lodge a complaint, we will respond to such request or complaint promptly and in accordance with the APPI. Any fee charged to data subjects shall be reasonable.
To the extent data processing falls within the scope of the Swiss Federal Act on Data Protection (FADP), (a) the scope of "personal data" shall be determined in accordance with the FADP, and (b) references to the GDPR shall be understood as references to the FADP.