Privacy policy for use of the Volkswagen app

A. Data controller/responsible authority

Thank you for using the mobile application Volkswagen (‘app’). The responsible authority for the app is Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany, vw@volkswagen.de, telephone: +49-5361-9-0, entered in the Commercial Register of the District Court of Brunswick under No. HRB 100484 (‘Volkswagen AG’ or ‘we’, ‘us’ or ‘our’).

In the following, we provide information on how your personal data is collected, processed and used when you use the app. Please note that you can use various functions via the app. Some functions are provided by Volkswagen AG. We provide you with information about these functions below.

Certain functions are not provided by us, but by the relevant provider on their own responsibility. Please note that Volkswagen AG is not responsible for data processing for such third-party functions and we will inform you of this in the relevant function. Privacy information for third-party functions can be found in the relevant function and the relevant provider’s privacy policy at the link provided there.

B. Processing of your personal data when using the app

I. General information on using the app

a. General functions and module services

The app provides you with individual functions for your Volkswagen vehicle. In the app, for instance, you can create a Volkswagen user account (‘Volkswagen ID’) and change your details (e.g. profile picture) or log in with your Volkswagen ID (Volkswagen ID user account, B.II.a.), select a preferred service partner and store it in your Volkswagen ID (Service partner, B.II.b.), view and manage vehicles in your own garage (Garage and general vehicle management, B.II.c.) or use various functions of our charging service (‘We Charge’). If you have any queries about using the app or individual functions, of course you can also contact Volkswagen customer support at any time and send us your customer feedback (Customer support and customer feedback, B.II.e.). You will find the individual functions of your Volkswagen vehicle in the sections below under B.II.

In addition to the general functions, you can activate and use further services (‘module services’) for which separate privacy policies will apply. The module services include the so-called mobile online services. Mobile online services are vehicle-related digital products and services which can be used within a suitably equipped (or ‘service-ready’) Volkswagen vehicle. To do this, you have to enrol your vehicle for a mobile online service and connect it to the app. To use individual functions and to protect against misuse, you need to link your vehicle to the app (e.g. to verify your vehicle as authorised for the use of We Charge Charging on the Go or for the use of special plans). In these circumstances, we process the vehicle identification number (‘VIN’) of the vehicle stored and selected in your Volkswagen ID and transmit this to the relevant function/service. The respective privacy policies of the mobile online services will be provided to you during the enrolment process and/or pairing. Please note that you are only shown services in the app that are supported by your vehicle or the software version of your vehicle.

b. Data processing for the purposes of app provision

For the purposes of app provision, we process your personal data in line with the relevant specification of the functions or services you use. To do this, we load the applicable data from the associated systems for the relevant functions or services, store it temporarily in the app and update it each time you use the app. This data processing is required for app provision in line with your use (see Article 6, paragraph 1, letter b GDPR), unless otherwise specified for individual functions or services in this privacy policy. If you log out of the app, personal data is no longer loaded from the systems and the personal data temporarily stored in the app is deleted. If you do not use the app within a year, you will be automatically logged out of the app for security reasons and any temporarily stored personal data in the app will be deleted.

In order for us to ensure the functioning of the app, identify, analyse and eliminate product errors, defects or technical problems, guarantee network and information security and compliance with legal provisions, we also process what is known as ‘performance‘ and/or ‘logging data’ (e.g. app data (e.g. length of app session, installation identification number, country code (ISO 3166-1 alpha-2) based on your IP address), device data (e.g. model name, manufacturer, operating system version, name of telephone network provider) and IT communications data from the app between the mobile device and the back-end service (e.g. URLs of http queries with status code, response time, query size, operating system, error code for network errors in the event of failed queries), unique user identification number (UUID) as well as VIN (vehicle identification number)). We process this performance data based on our above-mentioned legitimate interests for 90 days before deleting it (see Article 6, paragraph 1, letter f GDPR). In order to find specific product errors and identify deeper problems based on single user requests, we further process a set of data consisting of the unique user identification number (UUID), VIN (vehicle identification number) and the URLs of http queries in combination with a trace ID based on our above-mentioned legitimate interests for 30 days before deleting it (see Article 6, paragraph 1, letter f GDPR).

We use service providers to provide the app. If service providers (‘processors’) process personal data on our behalf, we have concluded a data processing agreement and agreed appropriate guarantees on safeguarding the protection of personal data with these processors. We select our processors with care. They process personal data exclusively for the purposes of fulfilling their responsibilities and are contractually bound by our instructions, have suitable technical and organisational measures for the protection of personal data at their disposal and are regularly monitored by us.

To provide the app and for the purpose of providing support, the personal data collected is processed by CARIAD SE, Berliner Ring 2, 38440 WOLFSBURG, GERMANY, on our behalf and and according to our instructions.

For the purposes of providing the app and individual functions, the personal data processed by CARIAD SE is stored in a web service cloud operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. At Microsoft Ireland Operations Limited, the personal data is encrypted according to the agreements made with CARIAD SE and exclusively processed on data servers in the European Union. (Read) access to the information by Microsoft Corporation or subsidiaries with headquarters in a state outside of the EU/EEA cannot be ruled out. Corresponding EU standard contractual clauses for the transmission of personal data to processors have been concluded to ensure sufficient protection of your personal data. You can download the EU standard contractual clauses from the URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

We use New Relic, Inc., 188 Spear Street, Suite 1,000, San Francisco, California 94105, United States, as a processor to process the performance data. It stores the performance data in data centres in Germany. As New Relic, Inc. is based in the USA, (read) access to data from the USA cannot be ruled out. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries were concluded to ensure sufficient protection of your personal data. You can access the EU standard contractual clauses from the following URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

c. Push notifications

The first time you open the app, you will be asked whether you would like to receive push notifications. Push notifications allow us to provide you with information on individual functions or services when the app is running in the background (e.g. in case the charging process is stopped). You can configure in the app which functions you wish to receive push notifications for. In addition, you can activate or deactivate this function at any time via the “Notifications” setting in your device settings. However, if you have activated push notifications, we save a ‘push token’ for your device in order to be able to send you notifications. This processing of data is based on your express consent, which we request when you first access the app (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, we delete the push token and will not send you further push notifications. Depending on your device’s operating system, we use the push notification services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irleland, as processors to allow us to send you push notifications. We cannot preclude the possibility that the information will be accessed Google LLC, with its headquarters in the USA. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries were concluded. You can access the EU standard contractual clauses from the following URL https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

d. Enabling location/processing geodata

The use of specific functions or services (e.g. to find available charging stations, find a dealership, find your own vehicle) is only possible if we can access your location on your device and process your geodata. Accordingly, transfer of your device’s position data may take place within the app. Position data is only transferred if you have activated this function in the app. You can activate and deactivate this function at any time via the ‘Notifications’ setting in your device settings. This processing of data is based on your express consent, which we request when you first access the app (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, we will not access your location. Without access to your location, some services are not available or only available with restrictions.

e. Camera access

The use of specific functions or services (e.g. vehicle enrolment with VIN Scanner) is only possible if the app can access your camera on your device. The camera function can only be used if you have activated this function in the app. You can activate this function at any time via the ‘Notifications’ setting in your device settings. When this function is activated, we process the personal data that you record with the camera while using the corresponding app functions. This processing of data is based on your express consent, which the app requests the first time you access the relevant function (see Article 6, paragraph 1, letter a GDPR). If you revoke your consent, the app will not access your camera. Without access to your camera, some functions are not available or only available with restrictions.

f. Biometric authentication

The use of biometric authentication (e.g. fingerprint or face recognition) on your device (e.g as an alternative to entering the S-PIN) is only possible if you give the app permission to access this function. This access takes place based on your express permission, which we request the first time a security-related function is accessed. If you withdraw your permission, the biometric authentication shall no longer be used. You may withdraw permission at any time by disabling access to the biometric authentication via the settings in your app.

If you permit the use of biometric authentication, you may use it to operate certain functions of our app (e.g. use of fingerprint instead of entering the S-PIN). Our app uses a function from your operating system (Android or iOS) for this purpose that verifies your identity using your fingerprint and/or face recognition, for instance. If you have activated this function, information (e.g. your S-PIN) shall be stored locally in encrypted form in your smartphone’s app storage. Once your identity has been verified, this information shall be used in the app (e.g. the S-PIN shall be loaded in the app). Please note that neither Volkswagen AG nor the manufacturer of the operating system (Google LLC or Apple Inc.) shall obtain access to your biometric data. The processing takes place locally on your smartphone instead.

II. Individual app functions

You will find the individual functions of your Volkswagen vehicle in the sections below.

a. Volkswagen ID user account

To use the app you need a Volkswagen ID user account provided by Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany, vw@volkswagen.de, telephone: +49-5361-9-0, entered in the Commercial Register of the District Court of Brunswick under No. HRB 100484 (‘Volkswagen AG’). You can log into numerous online services (e.g. websites or applications) from Volkswagen AG or third parties using the Volkswagen ID. It acts as a central user account that you can use to manage your personal data centrally. The data processing required for this is performed for the purposes of contract fulfilment (see Article 6, paragraph 1, letter b GDPR). Registration requires your email address and a password personally chosen by you. Please refer to the comprehensive privacy policy for the Volkswagen ID. This policy can be viewed at https://vwid.vwgroup.io/data-privacy.

You can manage the data in your Volkswagen ID user account at any time. If the use of an individual function or service requires details from your Volkswagen ID that you have deleted from your Volkswagen ID or have stored in your Volkswagen ID user account, the next time you open the app, we will inform you of which details you must add to your Volkswagen ID user account or approve for the relevant function or service. It is possible to store multiple Volkswagen ID user accounts in the app. If you have stored multiple Volkswagen ID user accounts in the app, you have the option to switch user account without logging out and back in again via the app’s profile section.

b. Service partners

If you select a preferred service partner, we access your location – if you have enabled this function on your device – and process your geodata when you access this service in order to show you service partners near you. If you select a preferred service partner in this process, this information is also stored in your Volkswagen ID user account.

c. Garage and general vehicle management

The virtual garage allows you to save vehicles you have ordered or already own in your own user profile so you can view your vehicles and we can offer you convenient access to additional vehicle-related services in this app without having to identify your vehicle again. You need to enter the commission number (for vehicles still in production) or the vehicle identification number (VIN, for vehicles already owned) to identify your vehicle. If this data is already available in your Volkswagen ID user account, this is transmitted to the garage. If you decide to enter this data, it is also stored in your Volkswagen ID user account.

In addition to entering the vehicle identification number (VIN) manually, you can also scan it using the camera function of your mobile device. To do this, you must allow access to the camera on your mobile device the first time you use the Volkswagen app. (see section B.II.a.)

When you register, in the event of any errors that occur, and for support and monitoring purposes, we will record the following data: your Volkswagen ID in the form of the username and your vehicle identification number (if errors occurred in a function with a vehicle context and you have previously added a vehicle to your Volkswagen ID user account). This log data is stored in encrypted form and deleted again automatically after 30 days.

For development and support purposes, we use Hexad GmbH, Porschestr. 58, 38440 Wolfsburg, Germany, as a processor. They support us with all programming activities. We also use WirelessCar Inc., SE-405 08 Gothenburg, Sweden and Audi AG, Auto-Union-Str. 1, 85057 Ingolstadt, Germany, as processors for hosting services.

d. We Charge

With the We Charge charging service, you can use various optional services for electric vehicles, in so far as they are provided or available in/for a certain country, app version, mobile device and vehicle model.

We Charge charging services (Home Charging / Charging on the Go)

With We Charge, you can use the Home Charging or Charging on the Go feature as well as associated online services.

(1a) We Charge Charging at Home

Please note that use of We Charge Charging at Home and associated online services first requires electrical start-up and configuration of a wallbox with connectivity functions (ID.Charger Pro/Connect wallbox), provided by Volkswagen Group Charging GmbH, Mollstrasse 1, 10178 Berlin, Germany (referred to as ‘Elli’ in the following). To ensure that your wallbox remains communicative and up-to-date during the electrical start-up and configuration process, Elli processes technical data under its own responsibility (e.g. device identification, brand, generation, device type and software version). Elli is solely responsible for this specific data processing. You can find more information on the processing of your personal data and the assertion of your rights vis-à-vis Elli in the privacy policy at: https://www.elli.eco/en/privacy-policy

If you wish to use We Charge Charging at Home and associated online services, you have to pair your wallbox with your existing Volkswagen ID user account using a pairing code. In addition to entering the pairing code manually, you can also scan it using the camera function of your mobile device. You can then view your charging history and the charged quantity of electricity (only “Pro models” of the wallbox), as well as manage and remotely control your wallbox and manage RFID cards ("charging cards") – e.g. activate or deactivate for use on the wallbox – at any time.

In conjunction with use of Charging at Home and associated online services, we process the following personal and additional technical data for the purposes of service provision and delivery:

Name, address, email address, telephone number for customer and user identification (personal data provided from your Volkswagen ID user account and email addresses of your optional enabled users), wallbox ID, serial number and name and (product) description of wallbox, charging card ID and wallbox management status (e.g. administrator rights), charging card numbers for your enabled charging cards, charging history (e.g. charging volume, duration or time, start and end of a charging session, charging ID, (user) authorisation and authentication information (known as “token”)), connection status and last communication timestamp (history and logging data) and optional location and location description for your charging station (charge point address (EVSE)).

We process your personal data for the purposes of contractual fulfilment (see Article 6, paragraph 1, letter b) GDPR), specifically to provide the functions of the We Charge Charging at Home service:

- to give you an insight into the active charge level and charging history,

- to perform a Remote Start of the charging session

- to enable you to add or block RFID cards for activating the charging session.

We only process your data for these stated purposes and delete it immediately after the function is provided. No long-term retention takes place beyond this. In the context of backups, however, your data may be stored for up to 24 hours.

We use the following service providers to provide the Charging at Home service:

- CARIAD SE, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Volkswagen Group Charging GmbH, Karl-Liebknecht-Str. 32, 10178 Berlin, GERMANY

- Volkswagen Software Asset Management GmbH, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, IRELAND

Should we transfer your personal data to recipients and processors whose headquarters are outside of the EU, to guarantee an adequate level of protection for your personal data, we have agreed EU standard contractual clauses with these recipients. In addition – where required in accordance with applicable data protection legislation – additional protective measures are taken (such as encryption and additional contractual arrangements) to guarantee an adequate level of protection for your personal data. You can access the EU standard contractual clauses used at the URL https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.

(1b) Smart Charging

Elli offers you the opportunity to use the Smart Charging function. To do this, you need to log into the Elli app using your VW ID. In the Elli app, you can give your consent to the outward transfer to Elli of the data required for the use of the Smart Charging function. On this basis, Elli checks under its own responsibility whether configuration changes are required in your vehicle and whether, with your consent, a technical configuration change to charging settings in your vehicle can take place. To provide this function, Elli processes personal data at its own responsibility. Elli is solely responsible for this specific data processing. You can find more information on the processing of your personal data and the assertion of your rights vis-à-vis Elli in the privacy policy at: https://storage.googleapis.com/prod.documents.elli.eco/documents/privacyPolicySmartChargingApp/ZZ/1.3/privacyPolicy_en.html

In the context of providing the Smart Charging function, we process the following personal data concerning you:

Technical authentication of your Volkswagen ID, your consent to outward data transfer to Elli and the enabling of Smart Charging, personalised access authorisation (known as a “token”), your vehicle identification number (VIN), the charging capability and battery capacity of your vehicle, plus various charging settings (mode, status, settings, profile timer) and the preferred charging mode.

We transfer this data to the responsibility of Elli so it can provide you with access to Smart Charging.

The legal basis for processing is the contract you concluded with Elli (Article 6, paragraph 1, letter b GDPR).

We only process your data for the purposes of use of the Smart Charging function, providing it takes place with us. We delete your data immediately after providing the data to Elli. No long-term retention takes place beyond this. Deviating from this, we store your technical authentication of your Volkswagen ID, your VIN and your consent to outward data transfer to Elli to enable Smart Charging for up to 5 years, as long as your account is being used. Once the account is deleted, this data is deleted immediately.

Personal data is only passed on to third parties if this is required for contract processing, particularly for providing the service.

We use the following service providers to provide the Smart Charging service:

- CARIAD SE, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Volkswagen Group Charging GmbH, Karl-Liebknecht-Str. 32, 10178 Berlin, GERMANY

- Volkswagen Software Asset Management GmbH, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, IRELAND

Should we transfer your personal data to recipients and processors whose headquarters are outside of the EU, to guarantee an adequate level of protection for your personal data, we have agreed EU standard contractual clauses with these recipients. In addition – where required in accordance with applicable data protection legislation – additional protective measures are taken (such as encryption and additional contractual arrangements) to guarantee an adequate level of protection for your personal data. You can access the EU standard contractual clauses used at the URLhttps://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.

(2) We Charge – Charging on the Go

i. Search and find charging stations on the map

The "Search and find charging stations on the map" function in "We Charge" allows charging stations to be displayed when using your vehicle’s navigation system. It shows you which charging stations are available and unavailable. You can also view the charging speed in a charging station’s detail view.

The function "Search and find charging stations on the map" can only be used if we have access to the location of the vehicle (geoposition) or an address entered by you and can process this data. Geoposition data is only processed if you have consented to this prior to using the service. You can of course withdraw your consent at any time with respect to Volkswagen AG, with effect for the future, without giving any reason, e.g. by sending an email to info-datenschutz@volkswagen.de, using the contact details in the site notice, and, depending on the front end, in the settings or by re-accessing the Electric Vehicle Route Planner. However, in that event, the function will no longer be available to you.

In order to provide the function "Search and find charging stations on the map", your geoposition (on the basis of point (a) of Article 6 (1) GDPR) or an address you provide (on the basis of point (b) of Article 6 (1) GDPR) will be processed in order to process your enquiry. No long-term data storage takes place.

ii. Search and find charging stations on the map, details and costs display

If you use the function "Search and find charging stations on the map, details and cost display", we process your personal data by using a token to verify which rates apply to you at a charging station so that we can display these to you. The token grants access to your personal charging plans with Volkswagen Group Charging GmbH. This is determined based on the user ID and access permission to your charging plans.

The display of details and costs is only available if you use the We Charge charging service (public charging). Please note that the We Charge charging service (public charging) is provided, independently of the data processing described in this Privacy Policy, in particular for the provision of the charging map, for charging plans, payment methods and the use of the charging service in the context of charging sessions, by Volkswagen Group Charging GmbH, Germany, and Volkswagen Group Charging CZ s.r.o., Czechia, (within Czechia) ("Elli") under joint responsibility. You can find more information on the processing of your personal data by Elli and the assertion of your rights vis-à-vis Elli in Elli’s privacy policy at https://www.elli.eco/en/privacy.

In the context of providing the function "Search and find charging stations on the map, details and costs display", we will process your user ID, your Volkswagen Group Charging GmbH token and information about your Volkswagen Group Charging GmbH plan – if you have one – in order to execute the contract (point (b) of Article 6 (1) GDPR). We process this data for matching purposes to show you the charging station details and costs display. No long-term retention takes place beyond this.

iii. Search and find charging stations on the map, remote charging

If you use the function "Search and find charging stations on the map, remote charging", you can start and stop charging. Depending on the function’s availability in the relevant front end, you are shown the charging costs based on charging consumption and on a calculation basis in real time taking into account the charging plan that applies to you. We process your personal data by using a token to verify which rates apply to you at a charging station. The token grants access to your personal charging plans with Volkswagen Group Charging GmbH. This is determined based on the user ID and access permission to your charging plans. Please note that the actual charging costs may vary in individual cases.

The Remote Charging function is only possible if you use the We Charge charging service (public charging), i.e. if you have taken out a valid plan with Volkswagen Group Charging GmbH. Information on data processing at Volkswagen Group Charging GmbH can be found in the section "Search and find charging stations on the map, details and costs display".

In the context of providing the function "Search and find charging stations on the map, remote charging", we will process your user ID, your Volkswagen Group Charging GmbH token and information about your Volkswagen Group Charging GmbH plan – if you have one – in order to execute the contract (point (b) of Article 6 (1) GDPR). We process this data for matching purposes to show you the charging station details including a calculation-based price display and the (remote) start and stop function. No long-term retention takes place beyond this.

iv. Electric Vehicle Route Planner

When you use the Electric Vehicle Route Planner, a route with multiple charging stops for electric vehicles is planned within given parameters and helpful information is provided (e.g. expected stops and charging times for a planned route). The route data you entered is turned into geo-coordinates for the purposes of calculating your requested route and determining the required charging infrastructure based on the route where necessary. We also process the VIN (vehicle identification number), the current charge level and other technical parameters and range-related components that we determine using your vehicle ID (such as vehicle consumption data, battery charging curve, battery size, maximum AC/DC charging capacity and vehicle connector information) to determine the necessary charging infrastructure for your vehicle on the basis of the calculated route.

In order to provide the Electric Vehicle Route Planner, we process your address, your vehicle location, your geoposition and the geopositions of your starting point, destination and intermediate stops, the current charge level, charging stops, route options, vehicle ID, route information, time and VIN for the purposes of executing the contract (point (b) of Article 6 (1) GDPR). We shall store this data for as long as it is needed to provide the Electric Vehicle Route Planner or calculate routes. We generally erase the data as soon as the route has been provided. For technical reasons, deleted routes can remain in the system memory for up to 30 days due to database back-ups. No long-term retention takes place beyond this.

You have complete access to the Electric Vehicle Route Planner in the Volkswagen app as long as your vehicle is enrolled, i.e. your vehicle has been added to the Volkswagen app and is linked with your Volkswagen ID. The description of the function in this section relates to the largest possible scope of use. However, the scope varies depending on the front end you use (such as the app or website) and, as previously mentioned, is contingent on the vehicle being enrolled in the Volkswagen app. Otherwise, some features might be restricted.

v. Sharing of data

Personal data is only passed on to third parties if this is required for contract processing, particularly for providing the service.

We use the following IT service providers:

- CARIAD SE, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Volkswagen Group Charging GmbH, Karl-Liebknecht-Str. 32, 10178 Berlin, GERMANY

- Volkswagen Software Asset Management GmbH, Berliner Ring 2, 38440 Wolfsburg, GERMANY

- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, IRLAND

- WirelessCar Sweden AB, Vädursgatan 6, 412 50 Göteborg, SWEDEN.

If one of the above service providers gains access to your personal data, it will process this only on our behalf and in accordance with our instructions.

We also use service providers who process personal data at their own responsibility. Here we use:

- Google Ireland Limited (Gordon House, Barrow Street, DUBLIN 4, IRELAND). More information on data processing by Google can be found at https://policies.google.com/privacy?hl=en.

To provide the function

"Electric Vehicle Route Planner"

we use the following service provider:

- TomTom International B.V., De Rujterkade 154, 1011 ACA Amsterdam, NETHERLANDS

Route data is transferred to TomTom International B.V., (TomTom) in order to calculate routes. TomTom creates and transmits routes based on route data and sends them back to us so that Volkswagen AG can calculate your final route and determine required charging infrastructure where necessary. Data processing by TomTom is TomTom’s own responsibility. You can find more information on the processing of personal data by TomTom and the assertion of your rights vis-à-vis TomTom in TomTom’s privacy policy at https://www.tomtom.com/privacy/en_gb.

vi. Transfer to third countries

Should we transfer your personal data to recipients and processors whose headquarters are outside of the EU, to guarantee an adequate level of protection for your personal data, we have agreed EU standard contractual clauses with these recipients. In addition – where required in accordance with applicable data protection legislation – additional protective measures are taken (such as encryption and additional contractual arrangements) to guarantee an adequate level of protection for your personal data. You can download the EU standard contractual clauses from the URLhttps://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.

.

e. Customer support and customer feedback

If you have any queries about using the app or individual functions, you can contact Volkswagen customer support at any time and send us your customer feedback.

If you contact our customer support, we process the details and data relating to your query (e.g. name, email address, telephone number, language and – depending on your query – details such as the VIN of your saved vehicle, your device’s operating system, language settings, error analyses) in an electronic ticket to allow us to contact you and process your query. We store the data for as long as this is required for the purposes of your specific query. If your personal data is required and processed for multiple purposes according to this privacy policy, as soon as the last specific purpose has been fulfilled, your data is automatically deleted or stored in anonymised form, which prevents the data from being associated directly with you. When processing your queries, our customer support uses NTT Data Deutschland GmbH, Teleperformance Group Europe, Middle-East and Africa SAS, 21–25 rue Balzac, 75008 Paris, France, and Salesforce.com EMEA Limited as processors. We cannot preclude the possibility that the information will be accessed by Salesforce.com Inc. with its headquarters in the USA. Corresponding EU standard contractual clauses for the transmission of personal data to processors in third countries (as appropriate guarantee for data processing in non-European countries) were concluded to ensure sufficient protection of your personal data. You can access the EU standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0914.The data hosted in Europe is also protected through the conclusion of Binding Corporate Rules (appropriate guarantee on data processing in non-European countries).

If we receive a query from you for which we are not responsible or competent, we will forward your queries and your personal data to those who are responsible or competent (e.g. your preferred service partner). However, we only forward your query and your personal data if this is required to process your issue and results in faster processing which is more beneficial to the customer, in your and our legitimate interest (see Article 6, paragraph 1, letter f GDPR).

f. Forwarding destinations

You can enter a destination via various apps (e.g. Google Maps) and share this with our app. The location of the destination is forwarded to our app to show you the desired destinations on the map view of our app and to give you the option of sending it to the vehicle. The destination is only shared if you select this yourself. The destination is only displayed if you have your app open. As soon as you close the app, the destination is no longer available. You can find more information on the handling of personal data in the privacy policies of the apps from which you forward the destination.

You can also share a destination (e.g. a charging station) on your device with your own map service available or installed on your device (e.g. Apple Maps, Google Maps etc.) and other apps (e.g. your email client, your contacts). If you use this function, the relevant map service or relevant app will process your location at the point at which you share it, as well as shared destinations (e.g. an available charging station together with the address). Please note that the map services are provided by the relevant providers respectively under their own responsibility. We are not responsible for data processing. Privacy information for the map service can be found in the privacy policies for the relevant provider, such as for Apple Maps at https://www.apple.com/legal/internet-services/maps/terms-en.html or for Google Maps at https://policies.google.com/privacy?hl=en.

g. Data processing through Google Maps

Our app uses the map provider Google Maps from Google Ireland Limited, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland, ("Google").The use of Google Maps creates a direct connection to Google servers and your smartphone. This allows the map from Google Maps to be provided. Through the integration of Google Maps, Google independently processes the search terms you enter (e.g. place, postcode), your location and your usage behaviour. Further information on data processing and possible transfer of personal data to third countries (e.g. USA) by Google can be found in Google's privacy information at https://policies.google.com/privacy. This data processing is based on your express consent, which we request when you access the map section (see Article 6, paragraph 1, letter a) GDPR). This consent is valid for the period in which you have the app installed. Please note that you may withdraw your consent to the integration of Google Maps at any time with effect for the future by deactivating it in the app settings. If you withdraw your consent, we shall deactivate Google Maps and Google shall not process any personal data through Google Maps.

C. Your rights

You may assert the following rights vis-à-vis Volkswagen AG at any time free of charge. Additional information on exercising your rights can be found in section D.

Right of access: You have the right to receive information from us (Article 15 GDPR) regarding the processing of your personal data.

Right to rectification: You have the right to request that we rectify (Article 16 GDPR) any of your personal data that is incorrect or incomplete.

Right to erasure: You have the right, in the event that the requirements specified in Article 17 GDPR have been met, to request the erasure of your personal data. Accordingly, you may request the erasure of your personal data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you can also request erasure if we process your personal data on the basis of your consent and you withdraw this consent.

Right to restriction of processing: You have the right to request the restriction of the processing of your personal data if the requirements specified under Article 18 GDPR have been met. This is the case, for example, if you dispute the accuracy of your personal data. You may then request that processing is restricted for as long as it takes to examine the accuracy of your personal data.

Right to object: If processing is based on an overriding legitimate interest, you have the right to object to the processing of your personal data. An objection is permissible if processing is either in the public interest or on account of a justified interest of Volkswagen AG or a third party. In the event of objection, you are kindly requested to notify us of your reasons for objecting to data processing. Besides this, you also have the right to object to data processing for the purpose of direct marketing. The same applies to profiling if this is related to direct marketing.

Right to data portability: Provided that the data processing is based on consent or on the fulfilment of a contract and that it is also carried out using automated processing, you have the right to receive your personal data in a structured, common and machine-readable format and to forward it to another data controller.

Right of withdrawal: Insofar as the data processing is undertaken based upon consent, you have the right to withdraw your consent, with future effect at any time, free of charge.

Right to lodge a complaint: You also have the right to lodge a complaint with a supervisory authority (e.g. with the data protection officer for Lower Saxony) regarding our processing of your personal data.

D. Your points of contact Points of contact for exercising your rights

For information on the person to contact to exercise your rights and for further information, please visit the following link https://datenschutz.volkswagen.de/?lang=en-gb .

Data Protection Officer

Our Data Protection Officer is your point of contact for issues related to data protection:

(Datenschutzbeauftragter der Volkswagen AG [Volkswagen AG Data Protection Officer])

Berliner Ring 2, 38440 Wolfsburg, Germany, telephone: +49-5361-9-0

Email: datenschutz@volkswagen.de

Data controller representative in United Kingdom

Volkswagen Group United Kingdom Representative

Email: ukrepresentative@vwg.co.uk

Version dated: September 2024 (This Privacy Policy is updated from time to time – the current version can always be viewed at the following link: https://consent.vwgroup.io/consent/v1/texts/WeConnectID/gb/en-GB/dataprivacy/latest/PDF.)