1. Controller and data protection officer
Responsible for the data processing as a controller in terms of data protection law is:
Porsche Digital Croatia d.o.o. Heinzelova 70 Zagreb, 10000 Croatia Tax ID: HR58734276843 Contact: firstname.lastname@example.org
If you have any questions or suggestions regarding data protection, please feel free to contact us.
2. Subject of data protection
3. Purposes and legal basis of data processing
In the following, you will find an overview of the purposes and legal basis of data processing. In any case, we process personal data in accordance with the legal requirements.
The provision of personal data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will point it out separately if you are obliged to provide personal data and what possible consequences the non-supply would then have (e.g. a loss of claims or our position not to provide the requested service without providing certain information).
3.1 Performance of a contract and pre-contractual measures
We process your personal data if this is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken in response to your request. The data processing is based on Article 6 paragraph 1 letter b) GDPR.
You can voluntarily enter personal data on our website, e.g. when you send us requests for information. We will process your request and we will possibly disclose your information to third parties (e.g. Porsche Digital GmbH, Germany) within this context, if required.
3.2 Compliance with legal obligations
We process your personal data to comply with the legal obligations to which we are subject. The data processing is based on Article 6 paragraph 1 letter c) GDPR. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.
3.3 Safeguarding of legitimate interests
We also process your personal data to pursue the legitimate interests of ourselves or third parties, unless your rights, which require the protection of your personal data, outweigh these interests. The data processing is based on Article 6 paragraph 1 letter f) GDPR. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests:
- Handling of non-contractual inquiries and concerns;
- Ensuring legally compliant actions, prevention of and protection against legal violations (especially criminal offenses), the assertion of and defense against legal claims, internal and external compliance measures;
- Ensuring availability, operation, and security of technical systems as well as technical data management;
- Answering and evaluation of contact requests and feedback.
We process your personal data on the basis of corresponding consent. The data processing is based on Article 6 paragraph 1 letter a) GDPR. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You may revoke any consent you have given at any time, without affecting the legality of the processing that has taken place on the basis of the consent until revocation.
3.5 Change of purpose
If we process your personal data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, in accordance with Article 6 paragraph 4 GDPR, the compatibility of the original and the now pursued purpose, the nature of the personal data, the possible consequences of further processing for you and the guarantees for the protection of the personal data.
We do not carry out automated decision-making or profiling in accordance with Article 22 GDPR. Profiling is only carried out to protect our legitimate interests as described above.
When you submit your personal data into web forms for the purposes of employment, they’re going to be used solely for the job you’re currently applying for, or the first position we think might fit your profile in case you’re applying for an unspecified position. We keep your data only during the job contest. You can also choose that we keep your data for five years after closing the contest you’re applying for. If a career opportunity that matches your profile opens during that time period, we’ll inform you. You can change this whenever by sending us an email to email@example.com.
We will also ask you directly if you would like us to keep your data in case of future job opportunities, but for no longer than five years.
4. Recipients of personal data
Within our company, only those persons who need your personal data for the respective purposes mentioned have access to it. Your personal data will only be passed on to external recipients if we have a legal ground to do so or have your consent. Below you will find an overview of the corresponding recipients:
- Commissioned processors: Group companies of Porsche or external service providers, for example in the areas of technical infrastructure and maintenance, which are carefully selected and reviewed. The processors may only use the data in accordance with our instructions and contracts we have concluded. You may request a full list of the parties to whom we disclose your data by contacting us at firstname.lastname@example.org
- Public bodies: Authorities and state institutions, such as tax authorities, public prosecutors' offices or courts, to which we (must) transfer personal data, e.g. to fulfill legal obligations or to protect legitimate interests.
- Private bodies: Porsche Group companies, cooperation partners, service providers (not bound by instructions) or commissioned persons.
5. Data processing in third countries
If a data transfer takes place to entities whose registered office or place of data processing is not located in a member state of the European Union, another state party to the Agreement on the European Economic Area, or a state for which an adequate level of data protection has been determined by a decision of the European Commission, we will ensure prior to the transfer that either the data transfer is covered by a statutory permit, that guarantees for an adequate level of data protection with regard to the data transfer are in place (e.g., through the agreement of contractual warranties, officially recognized regulations or binding internal data protection regulations at the recipient), or that you have given your consent to the data transfer.
If the data is transferred on the basis of Articles 46, 47, or 49 paragraph 1, subparagraph 2 GDPR, you can obtain from us a copy or reference to the availability of the guarantees for an adequate level of data protection in relation to the data transfer. Please use the information provided under Section 1.
Upon request, you can obtain information about data transfers performed to the USA or any other third country not covered by adequacy decisions.
In order to reduce privacy risks, we have activated IP anonymization for this website and also additionally adjusted settings in order not to allow Google to process your data for their own purposes, disabled Google from using your personal information for advertising purposes and also from linking your behaviors when visiting our pages.
6. Storage duration, erasure of data
We store your personal data, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as you have not revoked your consent. In the event of an objection to processing, we will delete your personal data, unless further processing is still permitted by law. We will also delete your personal data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually delete your personal data immediately
- after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply;
- if your personal data is no longer required for the purposes we pursue and no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter is the case, we will delete the data after the other legal basis has ceased to apply.
7. Rights of data subjects
Right to access: You have the right to receive information about your personal data stored by us.
Right to rectification and erasure: You can demand that we correct incorrect data and, if the legal requirements are met, delete your data.
Restriction of processing: You can demand that we restrict the processing of your data, provided that the legal requirements are met.
Data portability: If you have provided us with data on the basis of a contract or consent, you may, if the legal requirements are met, demand that the data you have provided us with are handed over in a structured, common, and machine-readable format or that we transfer it to another controller.
Objection: You have the right to object at any time to data processing by us based on the safeguarding of legitimate interests for reasons arising from your particular situation. If you make use of your right to object, we will stop processing the data unless we can prove compelling reasons for further processing worthy of protection that outweigh your rights and interests.
Objection to direct marketing: If we process your personal data for the purpose of direct marketing, you have the right to object to our processing of your data for this purpose at any time. If you exercise your right to object, we will stop processing your data for this purpose.
Revocation of consent: If you have given us your consent to process your personal data, you can revoke it at any time with effect for the future. The legality of the processing of your data until the revocation remains unaffected.
Right to lodge a complaint with a supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the supervisory authority responsible for your place of residence or your country or the supervisory authority responsible for us. The supervisory body in the Republic of Croatia is Croatian Personal Data Protection Agency, Zagreb, Selska 136, and you can submit your complaint also via this form.
Your contact with us and the exercise of your rights: Furthermore, you can contact us free of charge if you have questions regarding the processing of your personal data and your rights as a data subject. Please contact us at email@example.com or by letter mail to the address provided under Section 1. Please make sure that we can definitely identify you. If you revoke your consent, you can alternatively choose the contact method that you used when you gave your consent.
8. Effective date