A. Data controller/responsible authority
Thank you for using the mobile application Volkswagen (‘app’). The responsible authority for the app is Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany, vw@volkswagen.de, telephone: +49-5361-9-0, entered in the Commercial Register of the District Court of Brunswick under No. HRB 100484 (‘Volkswagen AG’ or ‘we’, ‘us’ or ‘our’).
In the following, we provide information on how your personal data is collected, processed and used when you use the app. Please note that you can use various functions via the app. Some functions are provided by Volkswagen AG. We provide you with information about these functions below.
Certain functions are not provided by us, but by the relevant provider on their own responsibility. Please note that Volkswagen AG is not responsible for data processing for such third-party functions and we will inform you of this in the relevant function. Privacy information for third-party functions can be found in the relevant function and the relevant provider’s privacy policy at the link provided there.
B. Processing of your personal data when using the app
I. General information on using the app
a. General functions and module services
The app provides you with individual functions for your Volkswagen vehicle. In the app, for instance, you can create a Volkswagen user account (‘Volkswagen ID’) and change your details (e.g. profile picture) or log in with your Volkswagen ID (Volkswagen ID user account, B.II.a.), select a preferred service partner and store it in your Volkswagen ID (Service partner, B.II.b.), view and manage vehicles in your own garage (Garage and general vehicle management, B.II.c.) or use various functions of our charging service (‘We Charge’) (e.g. find and share available charging stations, plan a route with multiple charging stops and use the Charging at Home/Charging on the Go (We Charge, B.II.d.). If you have any queries about using the app or individual functions, of course you can also contact Volkswagen customer support at any time and send us your customer feedback (Customer support and customer feedback, B.II.e.). You will find the individual functions of your Volkswagen vehicle in the sections below under B.II.
In addition to the general functions, you can activate and use further services (‘module services’) for which separate privacy policies will apply. The module services include the so-called mobile online services. Mobile online services are vehicle-related digital products and services which can be used within a suitably equipped (or ‘service-ready’) Volkswagen vehicle. To do this, you have to enrol your vehicle for a mobile online service and connect it to the app. To use individual functions and to protect against misuse, you need to link your vehicle to the app (e.g. to verify your vehicle as authorised for the use of We Charge Charging on the Go or for the use of special plans). In these circumstances, we process the vehicle identification number (‘VIN’) of the vehicle stored and selected in your Volkswagen ID and transmit this to the relevant function/service. The respective privacy policies of the mobile online services will be provided to you during the enrolment process and/or pairing. Please note that you are only shown services in the app that are supported by your vehicle or the software version of your vehicle.
b. Data processing for the purposes of app provision
For the purposes of app provision, we process your personal data in line with the relevant specification of the functions or services you use. To do this, we load the applicable data from the associated systems for the relevant functions or services, store it temporarily in the app and update it each time you use the app. This data processing is required for app provision in line with your use (see Article 6, paragraph 1, letter b GDPR), unless otherwise specified for individual functions or services in this privacy policy. If you log out of the app, personal data is no longer loaded from the systems and the personal data temporarily stored in the app is deleted. If you do not use the app within a year, you will be automatically logged out of the app for security reasons and any temporarily stored personal data in the app will be deleted.
In order for us to ensure the functioning of the app, identify, analyse and eliminate product errors, defects or technical problems, guarantee network and information security and compliance with legal provisions, we also process what is known as ‘performance‘ and/or ‘logging data’ (e.g. app data (e.g. length of app session, installation identification number, country code (ISO 3166-1 alpha-2) based on your IP address), device data (e.g. model name, manufacturer, operating system version, name of telephone network provider) and IT communications data from the app between the mobile device and the back-end service (e.g. URLs of http queries with status code, response time, query size, operating system, error code for network errors in the event of failed queries), unique user identification number (UUID) as well as VIN (vehicle identification number)). We process this performance data based on our above-mentioned legitimate interests for 90 days before deleting it (see Article 6, paragraph 1, letter f GDPR). In order to find specific product errors and identify deeper problems based on single user requests, we further process a set of data consisting of the unique user identification number (UUID), VIN (vehicle identification number) and the URLs of http queries in combination with a trace ID based on our above-mentioned legitimate interests for 30 days before deleting it (see Article 6, paragraph 1, letter f GDPR).
We use service providers to provide the app. If service providers (‘processors’) process personal data on our behalf, we have concluded a data processing agreement and agreed appropriate guarantees on safeguarding the protection of personal data with these processors. We select our processors with care. They process personal data exclusively for the purposes of fulfilling their responsibilities and are contractually bound by our instructions, have suitable technical and organisational measures for the protection of personal data at their disposal and are regularly monitored by us.
To provide the app and for the purpose of providing support, the personal data collected is processed by CARIAD SE, Berliner Ring 2, 38440 WOLFSBURG, GERMANY, on our behalf and and according to our instructions.
For the purposes of providing the app and individual functions, the personal data processed by CARIAD SE is stored in a web service cloud operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. At Microsoft Ireland Operations Limited, the personal data is encrypted according to the agreements made with CARIAD SE and exclusively processed on data servers in the European Union. (Read) access to the information by Microsoft Corporation or subsidiaries with headquarters in a state outside of the EU/EEA cannot be ruled out. Corresponding EU standard contractual clauses for the transmission of personal data to processors have been concluded to ensure sufficient protection of your personal data. You can download the EU standard contractual clauses from the URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.
We use New Relic, Inc., 188 Spear Street, Suite 1,000, San Francisco, California 94105, United States, as a processor to process the performance data. It stores the performance data in data centres in Germany. As New Relic, Inc. is based in the USA, (read) access to data from the USA cannot be ruled out. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries were concluded to ensure sufficient protection of your personal data. You can access the EU standard contractual clauses from the following URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.
c. Push notifications
The first time you open the app, you will be asked whether you would like to receive push notifications. Push notifications allow us to provide you with information on individual functions or services when the app is running in the background (e.g. in case the charging process is stopped). You can configure in the app which functions you wish to receive push notifications for. In addition, you can activate or deactivate this function at any time via the “Notifications” setting in your device settings. However, if you have activated push notifications, we save a ‘push token’ for your device in order to be able to send you notifications. This processing of data is based on your express consent, which we request when you first access the app (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, we delete the push token and will not send you further push notifications. Depending on your device’s operating system, we use the push notification services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irleland, as processors to allow us to send you push notifications. We cannot preclude the possibility that the information will be accessed Google LLC, with its headquarters in the USA. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries were concluded. You can access the EU standard contractual clauses from the following URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.
d. Enabling location/processing geodata
The use of specific functions or services (e.g. to find available charging stations, find a dealership, find your own vehicle) is only possible if we can access your location on your device and process your geodata. Accordingly, transfer of your device’s position data may take place within the app. Position data is only transferred if you have activated this function in the app. You can activate and deactivate this function at any time via the ‘Notifications’ setting in your device settings. This processing of data is based on your express consent, which we request when you first access the app (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, we will not access your location. Without access to your location, some services are not available or only available with restrictions.
e. Camera access
The use of specific functions or services (e.g. vehicle enrolment with VIN Scanner) is only possible if the app can access your camera on your device. The camera function can only be used if you have activated this function in the app. You can activate this function at any time via the ‘Notifications’ setting in your device settings. When this function is activated, we process the personal data that you record with the camera while using the corresponding app functions. This processing of data is based on your express consent, which the app requests the first time you access the relevant function (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, the app will not access your camera. Without access to your camera, some functions are not available or only available with restrictions.
f. Biometric authentication
The use of biometric authentication (e.g. fingerprint or face recognition) on your device (e.g as an alternative to entering the S-PIN) is only possible if you give the app permission to access this function. This access takes place based on your express permission, which we request the first time a security-related function is accessed. If you withdraw your permission, the biometric authentication shall no longer be used. You may withdraw permission at any time by disabling access to the biometric authentication via the settings in your app.
If you permit the use of biometric authentication, you may use it to operate certain functions of our app (e.g. use of fingerprint instead of entering the S-PIN). Our app uses a function from your operating system (Android or iOS) for this purpose that verifies your identity using your fingerprint and/or face recognition, for instance. If you have activated this function, information (e.g. your S-PIN) shall be stored locally in encrypted form in your smartphone’s app storage. Once your identity has been verified, this information shall be used in the app (e.g. the S-PIN shall be loaded in the app). Please note that neither Volkswagen AG nor the manufacturer of the operating system (Google LLC or Apple Inc.) shall obtain access to your biometric data. The processing takes place locally on your smartphone instead.
II. Individual app functions
You will find the individual functions of your Volkswagen vehicle in the sections below.
a. Volkswagen ID user account
To use the app you need a Volkswagen ID user account provided by Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany, vw@volkswagen.de, telephone: +49-5361-9-0, entered in the Commercial Register of the District Court of Brunswick under No. HRB 100484 (‘Volkswagen AG’). You can log into numerous online services (e.g. websites or applications) from Volkswagen AG or third parties using the Volkswagen ID. It acts as a central user account that you can use to manage your personal data centrally. The data processing required for this is performed for the purposes of contract fulfilment (see Article 6, paragraph 1, letter b GDPR). Registration requires your email address and a password personally chosen by you. Please refer to the comprehensive privacy policy for the Volkswagen ID. This policy can be viewed at https://vwid.vwgroup.io/data-privacy.
You can manage the data in your Volkswagen ID user account at any time. If the use of an individual function or service requires details from your Volkswagen ID that you have deleted from your Volkswagen ID or have stored in your Volkswagen ID user account, the next time you open the app, we will inform you of which details you must add to your Volkswagen ID user account or approve for the relevant function or service.
b. Service partners
If you select a preferred service partner, we access your location – if you have enabled this function on your device – and process your geodata when you access this service in order to show you service partners near you. If you select a preferred service partner in this process, this information is also stored in your Volkswagen ID user account.
c. Garage and general vehicle management
The virtual garage allows you to save vehicles you have ordered or already own in your own user profile so you can view your vehicles and we can offer you convenient access to additional vehicle-related services in this app without having to identify your vehicle again. You need to enter the commission number (for vehicles still in production) or the vehicle identification number (VIN, for vehicles already owned) to identify your vehicle. If this data is already available in your Volkswagen ID user account, this is transmitted to the garage. If you decide to enter this data, it is also stored in your Volkswagen ID user account.
In addition to entering the vehicle identification number (VIN) manually, you can also scan it using the camera function of your mobile device. To do this, you must allow access to the camera on your mobile device the first time you use the Volkswagen app. (see section B.II.a.)
When you register, in the event of any errors that occur, and for support and monitoring purposes, we will record the following data: your Volkswagen ID in the form of the username and your vehicle identification number (if errors occurred in a function with a vehicle context and you have previously added a vehicle to your Volkswagen ID user account). This log data is stored in encrypted form and deleted again automatically after 30 days.
For development and support purposes, we use Hexad GmbH, Porschestr. 58, 38440 Wolfsburg, Germany, as a processor. They support us with all programming activities. We also use WirelessCar Inc., SE-405 08 Gothenburg, Sweden and Audi AG, Auto-Union-Str. 1, 85057 Ingolstadt, Germany, as processors for hosting services.
d. We Charge
With the We Charge charging service, you can use various services for electric vehicles, insofar as they are provided or available in/for a certain country, app version, mobile device or vehicle model.
(1) We Charge Search and Find Charging Stations and sharing with Google/Apple Maps
In order to make full use of the We Charge Search and Find Charging Stations service, this requires information about the locations of charging stations, which is provided by the Google Maps (Google Ireland Limited) map service or Apple Maps (Apple Inc.) map service. For this purpose, Google Maps/Apple Maps requires your location data at the time of a search request through We Charge Search and Find. Your location data will not be submitted to Google Maps or Apple Maps until you have confirmed the submission of your location data. Please note that Google Ireland Limited processes your data within the Google Maps service and Apple Inc. processes your data within the Apple Maps service on its own responsibility, and that we are not responsible for this data processing. You can find information on data protection for Google Maps at https://policies.google.com/privacy?hl=en. You can find information on data protection for Apple Maps at https://www.apple.com/legal/internet-services/maps/terms-en.html.
If you use the Search and Find Charging Stations function, you will be shown the prices for the charging stations based on your respective Volkswagen Group Charging GmbH, Germany, and Volkswagen Group Charging CZ s.r.o., Czech Republic, (within the Czech Republic) charging plans. You can find more information on this in the We Charge Charging on the Go section in B.II.e(3).ii.
You can also share the charging stations described above on your mobile device with your own available or installed map service (e.g. Apple Maps, Google Maps etc.). If you use this function, the relevant map service will process your location at the point at which you share it, as well as shared destinations (e.g. an available charging station together with the address). Please note that the map services are provided by the relevant providers respectively on their own responsibility. We are not responsible for data processing. Privacy information for the map service can be found in the privacy policies for the relevant provider, such as for Apple Maps at https://www.apple.com/legal/internet-services/maps/terms-en.html.or for Google Maps at https://policies.google.com/privacy?hl=en.
(2) We Charge route planning for electric vehicles (‘Electric Vehicle Route Planner’)
The Electric Vehicle Route Planner is a function that plans routes with multiple charging stops for electric vehicles based on supplied parameters and provides helpful information (e.g. expected stops and charging times for a planned route). When you use the Electric Vehicle Route Planner, we process the following personal data based on the input parameters you set: start/destination/stop(s) along your requested route (route data). The route data you entered is turned into geo coordinates for the purposes of calculating your requested route and determining the required charging infrastructure based on the route where necessary. We also process the VIN, language and charging settings of the app, the vehicle location and other technical parameters and range-related components (e.g. battery capacity and range, current charge, target charge) of your stored and selected vehicle (vehicle data) to determine any specific charging infrastructure required for your vehicle based on your calculated route, where necessary. We process the route data for as long as this is required for the above-mentioned purpose and usually delete this straight after the route is provided (for technical reasons, deleted routes may still exist within database backups for up to 30 days after deletion).
For route calculation purposes, route data is transmitted to HERE EUROPE BV, Kennedyplein 222, 5611 ZT Eindhoven, Netherlands (‘HERE’). HERE creates and transmits routes based on route data and sends them back to us so that Volkswagen AG can calculate your final route and determine required charging infrastructure where necessary. Data processing by HERE is HERE’s own responsibility. More information on the processing of personal data by HERE and asserting your rights vis-à-vis HERE may be found in HERE’s privacy policy at https://www.elli.eco/en/privacy.
If you wish to use We Charge Charging at Home and associated online services, you have to pair your wallbox with your existing Volkswagen ID user account using a pairing code. In addition to entering the pairing code manually, you can also scan it using the camera function of your mobile device. You can then access your charging history and see the charged quantity of electricity (only Pro models) , as well as manage and remotely control your wallbox and manage RFID cards (‘charging card’) – e.g. activate or deactivate for use on the wallbox – at any time. In conjunction with use of Charging at Home and associated online services, we process the following personal and additional technical data for the purposes of service provision and delivery: customer and user identification (data provided from your Volkswagen ID user account and email addresses of your optionally enabled users), wallbox ID and charging card identifier and wallbox management status (e.g. administrator rights), charging card numbers for your enabled charging cards, charging history (e.g. charging volume, duration or time, start and end of a charging session, charging ID, authorisation and authentication information), connection status and last communication timestamp (history and logging data) and optional location and location description for your charging station (charge point address (EVSE)).
We process your personal data for the purposes of contractual fulfilment (see Article 6, paragraph 1, letter b GDPR) for as long as this is required for the above-mentioned purpose and delete it without delay after the legal basis ceases to exist, if it is no longer required for the stated purposes or if the stated purposes cease to exist and insofar as there is no other legal basis (e.g. retention periods under trade and fiscal law), otherwise after the other legal basis ceases to exist or if we are obliged to do so for other legal reasons.
We use Volkswagen Group Charging GmbH as a contract processor for the above-mentioned data processing. We have concluded a contract processing agreement with them and agreed appropriate guarantees on safeguarding the protection of personal data (Volkswagen Group Charging GmbH processes personal data exclusively for the purposes of fulfilling its duties and is contractually bound by our instructions, has the suitable technical and organisational measures in place for the protection of personal data and is regularly monitored by us).
ii. We Charge Charging on the Go
Please note that We Charge Charging on the Go service is provided by Volkswagen Group Charging GmbH, Germany, and Volkswagen Group Charging CZ s.r.o., Czech Republic (within the Czech Republic) (referred to as ‘Elli’ in the following) under joint responsibility. More information on the processing of your personal data by Elli and the assertion of your rights vis-à-vis Elli can be found in Elli’s privacy policy at https://www.elli.eco/en/privacy.
If you wish to use We Charge Charging on the Go and associated online services with an Elli charging plan, we first of all have to verify that your electric vehicle is entitled to use an Elli charging plan. To do this, we process the VIN of your stored and selected vehicle. You can then access charging statistics and the charging history, manage and remotely control charging sessions for your vehicle and manage RFID charging cards (‘charging cards’) – e.g. activate or deactivate for use – at any time. In conjunction with use of Charging on the Go and associated online services, we process the following personal and additional technical data for the purposes of service provision and delivery: vehicle identification (based on the VIN of your stored and selected vehicle), charging history (e.g. charging volume, duration or time, start and end of charging session), location of charging station used (charge point address (EVSE)), RFID card number of any charging card used for the charging session and content of optional feedback supplied as part of a charging session. We process your personal data for the purposes of contractual fulfilment (see Article 6, paragraph 1, letter b GDPR) for as long as this is required for the above-mentioned purpose and delete it without delay after the legal basis ceases to exist, if it is no longer required for the stated purposes or if the stated purposes cease to exist and insofar as there is no other legal basis (e.g. retention periods under trade and fiscal law), otherwise after the other legal basis ceases to exist or if we are obliged to do so for other legal reasons.
We use Volkswagen Group Charging GmbH as a contract processor for the above-mentioned data processing. We have concluded a contract processing agreement with them and agreed appropriate guarantees on safeguarding the protection of personal data (Volkswagen Group Charging GmbH processes personal data exclusively for the purposes of fulfilling its duties and is contractually bound by our instructions, has the suitable technical and organisational measures in place for the protection of personal data and is regularly monitored by us).
(4) We Charge Customer Support
Please note that in the context of We Charge Customer Support, there may be deviations from the principles set out in B.II.e. If your queries concern matters arising from your contractual relationship with Elli (e.g. in the context of the We Charge charging services), we will respond to these queries as a processor for Elli. More information on the processing of your personal data by Elli and the assertion of your rights vis-à-vis Elli can be found in Elli’s privacy policy at https://www.elli.eco/en/privacy.
e. Customer support and customer feedback
If you have any queries about using the app or individual functions, you can contact Volkswagen customer support at any time and send us your customer feedback.
If you contact our customer support, we process the details and data relating to your query (e.g. name, email address, telephone number, language and – depending on your query – details such as the VIN of your saved vehicle, your device’s operating system, language settings, error analyses) in an electronic ticket to allow us to contact you and process your query. We store the data for as long as this is required for the purposes of your specific query. If your personal data is required and processed for multiple purposes according to this privacy policy, as soon as the last specific purpose has been fulfilled, your data is automatically deleted or stored in anonymised form, which prevents the data from being associated directly with you. When processing your queries, our customer support uses NTT Data Deutschland GmbH, Teleperformance Group Europe, Middle-East and Africa SAS, 21–25 rue Balzac, 75008 Paris, France, and Salesforce.com EMEA Limited as processors. We cannot preclude the possibility that the information will be accessed by Salesforce.com Inc. with its headquarters in the USA. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries (as appropriate guarantee for data processing in non-European countries) were concluded to ensure sufficient protection of your personal data. You can access the EU standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0914.The data hosted in Europe is also protected through the conclusion of Binding Corporate Rules (appropriate guarantee on data processing in non-European countries).
If we receive a query from you for which we are not responsible or competent, we will forward your queries and your personal data to those who are responsible or competent (e.g. your preferred service partner). However, we only forward your query and your personal data if this is required to process your issue and results in faster processing which is more beneficial to the customer, in your and our legitimate interest (see Article 6, paragraph 1, letter f GDPR).
f. Forwarding destinations to the app
You can enter a destination via various apps (e.g. Google Maps) and share this with our app. The location of the destination is forwarded to our app to show you the desired destinations on the map view of our app and to give you the option of sending it to the vehicle. The destination is only shared if you select this yourself. The destination is only displayed if you have your app open. As soon as you close the app, the destination is no longer available. You can find more information on the handling of personal data in the privacy policies of the apps from which you forward the destination.
C. Your rights
You may assert the following rights vis-à-vis Volkswagen AG at any time free of charge. Additional information on exercising your rights can be found in section D.
Right of access: You have the right to receive information from us (Article 15 GDPR) regarding the processing of your personal data.
Right to rectification: You have the right to request that we rectify (Article 16 GDPR) any of your personal data that is incorrect or incomplete.
Right to erasure: You have the right, in the event that the requirements specified in Article 17 GDPR have been met, to request the erasure of your personal data. Accordingly, you may request the erasure of your personal data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you can also request erasure if we process your personal data on the basis of your consent and you withdraw this consent.
Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if the requirements specified under Article 18 GDPR have been met. This is the case, for example, if you dispute the accuracy of your personal data. You may then request that processing is restricted for as long as it takes to examine the accuracy of your personal data.
Right to object: If processing is based on an overriding legitimate interest, you have the right to object to the processing of your personal data. An objection is permissible if processing is either in the public interest or on account of a justified interest of Volkswagen AG or a third party. In the event of objection, you are kindly requested to notify us of your reasons for objecting to data processing. Besides this, you also have the right to object to data processing for the purpose of direct marketing. The same applies to profiling if this is related to direct marketing.
Right to data portability: Provided that the data processing is based on consent or on the fulfilment of a contract and that it is also carried out using automated processing, you have the right to receive your personal data in a structured, common and machine-readable format and to forward it to another data controller.
Right of withdrawal: Insofar as the data processing is undertaken based upon consent, you have the right to withdraw your consent, with future effect at any time, free of charge.
Right to lodge a complaint: You also have the right to lodge a complaint with a supervisory authority (e.g. with the data protection officer for Lower Saxony) regarding our processing of your personal data.
D. Your points of contact Points of contact for exercising your rights
For information on the person to contact to exercise your rights and for further information, please visit the following link https://datenschutz.volkswagen.de/?lang=en-gb .
Data Protection Officer
Our Data Protection Officer is your point of contact for issues related to data protection:
(Datenschutzbeauftragter der Volkswagen AG [Volkswagen AG Data Protection Officer])
Berliner Ring 2, 38440 Wolfsburg, Germany, telephone: +49-5361-9-0
Email: datenschutz@volkswagen.de
Data controller representative in United Kingdom
Volkswagen Group United Kingdom Representative
Email: ukrepresentative@vwg.co.uk
Version dated: October 2023 (This Privacy Policy is updated from time to time – the current version can always be viewed at the following link: https://consent.vwgroup.io/consent/v1/texts/WeConnectID/gb/en-GB/dataprivacy/latest/PDF