In this Data Protection Notice, we are informing you (as the owner, driver, passenger, etc.) about the processing of your personal data by AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Germany ("we") in connection with data processing in and data transmission from an AUDI AG vehicle.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The entity responsible for the processing of your personal data (the Controller) is:
AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Germany.
If you want to assert your data protection rights, please use the contact options at https://gdpr.audi.com/
There, you will find more information on how to assert your data protection rights.
You can also contact the following address by post:
AUDI AG, DSGVO-Betroffenenrechte (Data Subject Rights pursuant to GDPR), Auto-Union-Straße 1, 85057 Ingolstadt, Germany.
If you have general questions about this Data Protection Notice or the processing of your personal data by Audi, please address them to:
Audi Kundenbetreuung Deutschland (Customer Service Germany), PO Box 10 04 57, 85045 Ingolstadt, Germany.
Email:
If you have concerns about data protection, you can also contact our company's data protection officer:
AUDI AG, Datenschutzbeauftragter (Data Protection Officer), 85045 Ingolstadt, Germany.
Email:
Depending on your vehicle's equipment, you can deactivate the collection of certain personal data via the privacy settings in your vehicle. With the deactivation, services that use this data cannot be provided and are therefore not usable. Please note that the emergency call service will not be deactivated via this feature and will continue to send the data necessary to provide the services. We inform you about special features of the privacy settings for individual services in section C.II. "Privacy Settings".
Other online services in your vehicle may be protected against deactivation through privacy settings for legal or contractual reasons, such as the Audi connect key (if available) or the Audi connect theft tracking system (if installed). Find out about the services protected in your vehicle in the information on "Activate Privacy" in the privacy settings in your HMI (Human Machine Interface).
As the data subject, you are entitled to the following data protection rights, depending on your place of jurisdiction. Please note that such rights might be extended or restricted under applicable local law.
1. Right to be informed
You have the right to be informed about the collection and use of your personal data by us, in a readily accessible manner, and in plain and clear language. We are implementing your right to be informed, also through this notice, whose content may be updated from time to time.
2. Access
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to have access to your personal data stored by AUDI AG, be provided with information about to what extent your personal data will be processed or shared and to receive a copy of your stored personal data.
3. Rectification
You have the right to obtain from AUDI AG without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed.
4. Erasure
You have the right to obtain erasure of your personal data stored by AUDI AG without undue delay if the legal requirements are met.
This is particularly the case if
- your personal information is no longer needed for the purposes for which it was collected;
- the legal basis for processing was your consent, and you have withdrawn your consent;
- you have objected to processing your data which was based on the legal basis of legitimate interests due to personal reasons, and we cannot prove that there are overriding legitimate grounds for such processing;
- your personal data were processed unlawfully; or
- your personal data must be erased in order to comply with legal requirements.
If we have transmitted your data to third parties, we will inform them about the erasure to the extent required by law.
Please note that your right to erasure is subject to certain limitations. For example, we may not and/or must not erase data that we are still required to retain due to statutory retention obligations. In addition, your right of erasure does not extend to data that we need for the establishment, exercise or defence of legal claims.
5. Restriction of Processing
Under certain conditions, you have the right to obtain restriction of processing (i.e., the marking of stored personal data with the aim of limiting its processing in the future). The requirements are:
- The accuracy of your personal data is contested by you and AUDI AG must verify the accuracy of the personal data;
- the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
- AUDI AG no longer needs the personal data for the purposes of the processing, but you require the data to establish, exercise or defend your legal claims;
- you have objected to processing pending the verification of whether the legitimate grounds of AUDI AG override your legitimate grounds.
Where processing has been restricted, such data will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State, or the region where you are located at the relevant time, in each case only to the extent permitted under applicable data protection laws.
6. Data Portability
To the extent that we automatically process your personal data that you have provided to us based on your consent or any contract with you (including your employment contract), you have the right to receive such data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from AUDI AG. You also have the right to have the personal data transmitted directly from AUDI AG to another controller where technically feasible, provided that such transmission does not adversely affect the rights and freedoms of others.
7. Right to Object
If we process your personal data on grounds of legitimate interests or in the public interest, then you have the right to object to the processing of your personal data on grounds relating to your particular situation. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes (or other rights if laws of the region where you are located at the relevant time stipulate another legal basis for direct marketing). Please see our separate note in the section "Information about your Right to Object".
In certain situations, and in the context of a balancing of interests, we will also grant you an additional unrestricted right to object that goes beyond the privacy settings (deactivation option). For more details in connection with this, please see the section D. "Special Information about Online Services”.
If you wish to exercise your right to object, please use the contact details provided in section B.II.
8. Withdrawal of Consent
If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent is unaffected.
If you wish to exercise your right to withdraw your consent to the processing of your personal data, please use the contact details provided in section B.II.
9. Complaint
Furthermore, you have a right to lodge a complaint with a data protection authority if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies. The address of the lead data protection supervisory authority responsible for AUDI AG is:
Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision)
Promenade 18
91522 Ansbach
Germany
The above indicated contacts of the supervisory authority are without prejudice to your right under the conditions and procedures of applicable law to lodge a complaint with a supervisory authority in the state of your habitual residence, place of work or place of the alleged infringement (e.g., for Romania: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal 28-30 G-ral Gheorghe Magheru Bld., District 1, post code 010336, Bucharest, Romania, anspdcp@dataprotection.ro).
10. Information about your Right to Object
a. Right to object on grounds relating to your particular situation
You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balancing of interests. This also applies for any profiling.
Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate grounds but will, of course, examine each individual case.
In the event of an objection, we will no longer process your personal data, unless
- we can demonstrate compelling legitimate grounds for the processing of these data that override your interests, rights and freedoms, or
- your personal data serves the establishment, exercise or defence of legal claims.
b. Objection to the processing of your data for our direct marketing purposes
To the extent that we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, then we will no longer process your personal data for these purposes.
c. Exercise of the right to object
The objection may be lodged without any form and should be made to the contact details listed in this Data Protection Notice under section B.II.
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – "BDSG") as well as local regulations. References to articles in the GDPR in this Data Protection Notice are the equivalent articles in any applicable local regulations (if any) where those regulations implement or retain the GDPR.
The specific data and purposes of the data processing depend primarily on the particular vehicle and the vehicle equipment and the services used.
Please note that not all services listed may be available for your vehicle or in your country. The features available in your vehicle and their functional scope can be found in the service description.
The list and specification of all the maximum available features, regardless of your vehicle model and the specific software version, is only for the purposes of this Data Protection Notice and does not intend or lead to an expansion of the features or functional scope of your specific vehicle.
Your vehicle sends certain data to our IT systems or to the IT systems of the service providers we use. On the basis of the data sent from your vehicle, we provide you with a service or content that we deliver directly from our IT systems or via the IT systems of our service providers to your vehicle or app. This always requires at least a technical assignment of a request to a service and to a vehicle. This assignment is effected either via the vehicle identification number of your vehicle or a pseudonym. The personal data are pseudonymised if they can no longer be assigned to a specific data subject without additional information.
With so-called swarm services, data from many vehicles help you to experience new safety and convenience features in your vehicle. As with the online navigation features, the data transfer from your vehicle is pseudonymised, with a different pseudonym (session ID) in each driving cycle. Since these are location-based services, accurate location information must be sent and processed in a timely manner. The vehicle identification number is not transmitted to either the processing systems of AUDI AG or to the service providers involved. The data is only collected if the associated services are activated in your vehicle. The specific data that are transmitted for the respective service can be found in the description of the services marked as swarm services in section D. In addition to this service-specific data, the metadata required to provide the service is transmitted: time stamp, information about the software versions used, map or map tile versions used, key position, ignition on/off, engine on/off.
Further details on the specifically processed data categories and the corresponding sources can be found in the following sections for each service under "Specific Information about Online Services".
The processing of the data listed for each service takes place in order to provide and perform the services you use (necessary for the performance of a contract with you or for the implementation of pre-contractual measures that are based on your requests (Article 6 (1) (1) (b) GDPR)) as well as to identify disruptions and maintain system security, including detection and tracking of inadmissible access attempts and access to our IT systems based on our legal obligations in the area of data security (Article 6 (1) (1) (c) GDPR) and our legitimate interest in the elimination of disruptions, the maintenance of system security and the detection of tracking of inadmissible access attempts and access our IT systems (necessary for the purposes of the legitimate interests pursued by AUDI AG or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data, in particular where the data subject is a child (Article 6 (1) (1) (f) GDPR)).
In individual cases, processing takes place for the exercise or defence of legal claims on the basis of our corresponding legitimate interest (Article 6 (1) (1) (f) GDPR).
If, in individual cases, we process personal data of passengers or other occupants, this is done to provide the service you and/or the passenger or occupant are using for the performance of the contract or for the purposes of pursuing our legitimate interest in the performance of the contract towards the respective contracting party (Article 6 (1) (1) (b) GDPR or Article 6 (1) (1) (f) GDPR).
For so-called swarm services, the service provider aggregates the data that it processes for the provision of the service with data from other vehicles, and saves the aggregation result without reference to the vehicles. Our service provider processes these data to optimise and further develop services to protect legitimate interests in order to offer customers a high-quality service (necessary for the purposes of the legitimate interests pursued by AUDI AG or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data, in particular where the data subject is a child (Article 6 (1) (1) (f) GDPR)). This requires processing and storing the exact location information with the respective events, where no reference to your vehicle or your person is made.
Insofar as we process your personal data otherwise, the processing is based on the following legal grounds for the following purposes:
Purpose |
Legal Basis |
Legitimate Interest in the Balancing of Interests |
Supporting law enforcement authorities in the event of vehicle theft by tracking vehicles and vehicle parts using the vehicle identification number (VIN) | Legitimate interest (Article 6 (1) (1) (f) GDPR) | Compliance with legal and official requirements |
Fraud and money laundering prevention | Compliance with our legal obligations (Article 6 (1) (1) (c) GDPR), balancing of interests (Article 6 (1) (1) (f) GDPR) | Compliance with legal and official requirements |
Prevention, control and investigation of terrorist financing and asset endangering criminal offences, comparisons with European and international anti-terror lists, | Compliance with our legal obligations (Article 6 (1) (1) (c) GDPR), balancing of interests (Article 6 (1) (1) (f) GDPR) | Compliance with legal and official requirements |
Compliance with control and reporting obligations under tax law, archiving of data | Compliance with our legal obligations (Article 6 (1) (1) (c) GDPR), balancing of interests (Article 6 (1) (1) (f) GDPR) | Compliance with legal and official requirements |
Disclosure as part of official/judicial measures for the purposes of gathering evidence, law enforcement and enforcing civil claims | Compliance with our legal obligations (Article 6(1) (1) (c) GDPR), balancing of interests (Article 6 (1) (1) (f) GDPR) | Compliance with legal and official requirements |
Settlement and tax assessment of company services | Performance of contract (Article 6 (1) (1) (b) GDPR), balancing of interests (Article 6 (1) (1) (f) GDPR, compliance with our legal obligations (Article 6 (1) (1) (c) GDPR) | Compliance with legal and official requirements |
Internal and special audits, internal investigations | Balancing of interests (Article 6 (1) (1) (f) GDPR) | Verifying compliance with contractual and legal obligations by AUDI AG, its employees and its sales partners, suppliers, etc., using the vehicle identification number if necessary |
Statistical evaluations for corporate management, Cost recording and controlling | Balancing of interests (Article 6 (1) (1) (f) GDPR) | We have a legitimate interest in carrying out evaluations to control our business processes and cost control based on the analysis of sales and order data by model, sales channel, order status, analysis of requested variants and equipment, reporting on business parameters, using the vehicle identification number if necessary. |
Establishment of legal claims and defence in legal disputes | Balancing of interests (Article 6 (1) (1) (f) GDPR) | We have a legitimate interest in establishing, exercising or defending our legal claims |
Compliance checks | Balancing of interests (Article 6 (1) (1) (f) GDPR); compliance with our legal obligations Article 6 (1) (1) (c) GDPR) | Checking compliance with legal provisions, internal company guidelines, rules and standards of AUDI AG, group companies, employees, business partners and other third parties |
Insofar as we process further data for other purposes or based on another legal ground, we will state this separately with the respective legal grounds in the notes in section D. “Specific Information about Online Services”.
Please note: We do not process your personal data for automated individual decision-making (including profiling).
Within AUDI AG, those entities receive your data that they need to comply with our contractual and statutory obligations and for the purposes of the legitimate interests pursued by us.
11. Processors
Our service providers (processors) that we employ and engage may also receive data for these purposes. If we use processors to provide our services, we ensure that personal data is protected in accordance with the relevant statutory provisions by means of suitable legal precautions and appropriate technical and organisational measures.
We employ processors of the following categories for the provision of specific services, who support us in the execution of our business processes. Specifically, this includes undertakings in the following categories:
• Hosting providers
• Service providers
12. Third Parties
As a matter of principle, we will only disclose your personal data to third parties if this is necessary for the performance of the contract, if we or the third party have a legitimate interest in such disclosure, or if you have given your consent.
In addition, data may be transferred to third parties (including investigative or security authorities) if we are obliged to do so by law or by enforceable official or court order.
Regarding the processors employed in each case and the other recipients, please see the special information on the individual services in section D. “Specific Information about Online Services”.
13. Are data transmitted to a third country?
A transfer of data to third countries (i.e., countries that are neither members of the European Union nor of the European Economic Area) may occur to the extent necessary to perform services for you, if required by law, or where you have given us your consent (in the absence of any other appropriate safeguarding mechanism under the GDPR). Please note: Under applicable local law, a third country transfer might be defined differently, e.g., as a transfer outside of the country where you are located at the relevant time. In addition, we also share your personal data with processors in third countries in individual cases and insofar as this is necessary for the provision of the specific features. Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. For data transfers to third countries where there is no adequate level of data protection, we ensure that, prior to disclosure, the recipient has either an adequate level of data protection (e.g., an adequacy decision of the EU Commission or the agreement of so-called EU standard contractual clauses of the European Union with the recipient or any other safeguard required under local law), or we have obtained express consent from our users.
You can find more information on the European Commission's adequacy decision on the website of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
You can obtain a copy from us of the specific applicable or agreed provisions to ensure an adequate level of data protection. Please refer to the information in the section B.II. “Whom can I contact?”
Details on data transfers to third countries are contained in section D. “Specific Information about Online Services”.
We store your data only for as long as is necessary for fulfilling the purposes for processing personal data as described in this notice (e.g., providing our services to you or as long as we have a legitimate interest to do so, in particular to eliminate disruptions or to optimise our services). We only store the data that we require for the respective purpose and pseudonymise or anonymise the data that is processed beyond the provision of our services as far as possible.
In addition, we are subject to various retention and documentation obligations pursuant to, inter alia, the German Commercial Code (Handelsgesetzbuch – “HGB”) and the German Tax Code (Abgabenordnung – “AO”). The retention and documentation periods specified therein last up to ten years. Finally, the storage period is also governed by statute of limitations periods, which can be up to thirty years, for example, pursuant to Sections 195 et seqq. Of the German Civil Code (Bürgerliches Gesetzbuch – “BGB”), where the general limitation period is three years.
Under certain circumstances, your data may also need to be retained for a longer period of time, such as when a legal hold or litigation hold (i.e., a prohibition of data deletion for the duration of the proceedings) is ordered in connection with an administrative or judicial proceeding.
We may also be subject to retention and documentation obligations in line with the local legislation of your country.
To the extent further details are possible, you will find further information on retention obligations in section D. "Specific Information about Online Services."
As part of our business relationship, you only need to provide the personal data that is required to enter into and conduct a business relationship, or that we are required to collect by law. Without this data, we will generally have to refuse to enter into the contract or to execute the order, or will be unable to perform an existing contract and possibly have to terminate it. This means that the use of a service requires that you provide the specified data. Unless you provide the data, we cannot provide the service to you. You can find further information about the privacy settings in section C. II.
1. Electronic Control Units
a. General
Electronic control units are installed in your vehicle. Control units process data that they receive, for example from vehicle sensors, generate themselves or exchange with one another (vehicle data). Some control units are necessary for the safe functioning of your vehicle, others support you when driving (driver assistance systems), others enable convenience or infotainment features.
Below you will find general information on data processing in the vehicle. Specific information can be found in the respective owner's manual, which is available online and, depending on the equipment, also digitally in the vehicle, in direct connection with the notes on the relevant functional features and below under section D. "Specific Information about Online Services".
b. Personal Reference
Each vehicle is marked with a unique vehicle identification number. In some countries this vehicle identification number can be traced back to the current and former owner of the vehicle via information from the relevant national motor transport authority of the domicile (e.g., in Germany the German Federal Motor Transport Authority (Kraftfahrtbundesamt). In other countries, this might be possible via information from other local ministries or authorities). There are also other ways of attributing data collected from the vehicle to the owner or driver, for example via the license plate number.
The data generated or processed by control units can therefore be personal or become personal under certain conditions. Depending on which vehicle data is involved, it may be possible to draw conclusions about your driving behaviour, your location or your route or usage behaviour.
c. Legal Requirements for the Disclosure of Information
Insofar as there are legal regulations, manufacturers are generally obliged to release the data stored by the manufacturer to the required extent at the request of government agencies in individual cases (e.g., when investigating a criminal offence).
Government agencies are also authorised under applicable law to read data from vehicles themselves in individual cases. In the event of an accident, for example, information can be read from the airbag control unit that can help to investigate it.
2. Operating Data of the Vehicle
Control units process data to operate the vehicle. This includes for example:
- Vehicle status information (e.g., speed, deceleration, lateral acceleration, wheel revolution speed, whether the seat belts are fastened),
- Environmental conditions (e.g., temperature, rain sensor, distance sensor).
This data is generally volatile – it is not stored after the vehicle is switched off and is only processed in the vehicle itself. Control units often contain data memory (sometimes also including the vehicle keys). These are used to temporarily or permanently document information about vehicle status, component stress, maintenance requirements and technical events and errors.
Depending on technical equipment, the following information is stored:
- Operating conditions of system components (e.g., fill levels, tyre pressure, battery status)
- Deviations from system states in important system components (e.g., lights, brakes) that are documented in the internal vehicle systems event memory,
- System responses in specific driving situations (e.g., deployment of airbags, use of stability control systems)
- Information about vehicle-damaging events,
- For electric vehicles, the charge level of the high-voltage battery, estimated range.
In special cases (e.g., when the vehicle has detected a malfunction), it may be necessary to store data that would otherwise be volatile.
If you use services (e.g., repair services, maintenance work), the stored operating data and the vehicle identification number (VIN) might, to the extent necessary, be read out and accessed. The data may be read out from the vehicle by an employee of the service network (e.g., workshops and manufacturer) or third parties (e.g., roadside assistance services). The same applies to warranty cases and quality assurance measures.
The readout is generally carried out via the statutorily prescribed connection for OBD ("on-board diagnostics") in the vehicle. The readout operating data records the technical conditions of the vehicle or individual components and helps with error diagnostics, compliance with maintenance obligations and with quality improvement. This data, especially information about component stress, technical events, operating errors and other errors, is sent with the respective vehicle identification number (VIN) to the manufacturer, if necessary. In addition, the manufacturer is subject to product liability. For liability issues, such as vehicle recalls, the manufacturer also uses operating data from the vehicle. This data may also be used to review warranty and guarantee claims by customers.
Error memories in the vehicle can be reset by a service provider as part of repair/service work or at your request.
3. Convenience and Infotainment Features
You can save convenience settings and customisations in the vehicle and change or reset them at any time. These include, depending on the equipment, e.g.,
- Settings of seat and steering wheel positions,
- Suspension and climate control settings,
- Driver assistance and driver information systems,
- Settings in instrument cluster and infotainment system
- Customisations such as interior lighting.
As part of the selected equipment, you can enter data into the vehicle's infotainment functions yourself. These include, depending on the equipment, e.g.,
- Multimedia data such as music, movies or photos for playback in an integrated multimedia system,
- Address book data for use in connection with an integrated hands-free device or an integrated navigation system,
- Entered navigation destinations,
- Data on the use of Internet services.
This data for convenience and infotainment functions can be stored locally in the vehicle or it can be on a device that you have connected to the vehicle (e.g., smartphone, USB flash drive or MP3 player). If you have entered data yourself, you can delete it at any time.
This data is only transmitted from the vehicle at your request, in particular when using online services in accordance with the settings you have selected. For further information on online services, please refer to section D.
4. Smartphone Integration e.g., Android Auto or Apple CarPlay
If your vehicle is equipped accordingly, you can connect your smartphone or another mobile device to the vehicle so that you can control it using the controls integrated in the vehicle. The smartphone's image and sound can be output via the multimedia system. At the same time, certain information is transmitted to your smartphone. Depending on the type of integration, this includes, for example, position data, day/night mode and other general vehicle information. Please refer to the owner's manual for the vehicle/infotainment system and to "Special Information".
The integration enables the use of selected smartphone apps, such as navigation or music playback. There is no further interaction between smartphone and vehicle, in particular active access to vehicle data. The type of further data processing is determined by the provider of the app used in each case. Whether and which settings you can make depends on the respective app and the operating system of your smartphone.
5. Online Services
If your vehicle has a wireless network connection, this enables the exchange of data between your vehicle and other systems (data servers of AUDI AG or data servers of service providers). In certain countries, the wireless network connection is enabled possibly by an on-board transmitter and receiver unit (built-in by us) or by a mobile device (e.g., smartphone) brought in by you. Online features (information and control services for your vehicle) can be used via this wireless network connection. This includes online services and applications/apps that are made available to you by us or by other providers ("Audi connect services" or "services").
For information about each service, please see section D. "Specific Information about Online Services."
Please note that not all services listed may be available for your vehicle or in your country.
a. Manufacturer's Services
In the case of online services from AUDI AG, the respective features are described at the relevant place (e.g., vehicle infotainment system (MMI), manufacturer's website). The associated data protection information can be found below in section D. "Specific Information about Online Services". Personal data may be used to provide online services. The exchange of data for this takes place via a protected connection, e.g., with the IT systems provided for this purpose by AUDI AG. Any collection, processing and use of personal data that goes beyond the provision of core services takes place exclusively on the basis of legal permission, e.g., a statutory emergency call system, a contractual agreement or on the basis of consent.
You can activate or deactivate the services and functions (some of which are subject to a fee) and – depending on the vehicle – also the entire wireless network connection of the vehicle. This does not apply to functions and services required by law, such as an emergency call system.
In addition, the above personal data may be used in individual cases for development and optimisation purposes of the legitimate interests pursued by us (Article 6 (1) (1) (f) GDPR).
b. Third-Party Services
If you make use of the opportunity to use online services of other providers (third parties), these services are subject to the responsibility and the data protection terms and terms of use of the respective provider. We generally have no influence on the content exchanged here.
Therefore, please obtain information on the nature, extent and purpose of the collection and use of personal data in the context of third-party services from the respective service provider.
The "Privacy Mode" feature allows you to partially or completely restrict data communication via the vehicle's internal SIM card. To do this, you can deactivate/activate the data processing displayed in the vehicle for each group. Safety-relevant services are excluded from deactivation through Privacy Mode. You can find an overview of which services and data processing are assigned to the respective group under "Privacy Settings" in your vehicle's MMI.
Depending on the vehicle equipment and country, the primary user has the option of deactivating/activating individual services for all users of the vehicle in the myAudi portal, or the individual user can deactivate/activate individual services in the vehicle itself.
As part of this feature, we process the following data or categories of data from your vehicle: the vehicle identification number (with which your motor vehicle can be uniquely identified and assigned to a specific owner), the selected privacy setting and the current deactivation/activation status per service or service group.
We process the above data to implement the settings and to enable you and authorised users (main and secondary users) to view the privacy settings in the myAudi web portal or in the Audi smartphone app.
Please note that changes to privacy settings only affect data transfer via the in-vehicle SIM card. Other wireless data interfaces such as Bluetooth, Bluetooth Low Energy (BLE), Wireless LAN (WLAN), CV2X Communication, Near Field Communication (NFC), Electronic Toll Collect (ETC), Integrated Toll Module (ITM) must be connected separately. Wired data transmission via USB, charging communication (high-voltage system) or on-board diagnostics (OBD) is similarly unaffected by the settings in "Privacy Mode".
We may further use your personal data from the vehicle in an anonymised form. Anonymous means that it is no longer possible to draw conclusions or identify an individual person. For example, we remove identifying features such as the vehicle identification number, aggregate the data or only process statistical data. Anonymising the data serves to protect your privacy. If a legal basis for the anonymisation is required, this is done for the purposes of the legitimate interest pursued by us in the data protection-compliant further use of vehicle data, inter alia for the development and optimisation of our products and services and to increase road and product safety (Article 6 (1) (1) (f) GDPR).
Please note that some of the online services are offered not only via the MMI, but also on the optionally available Audi Rear Seat Entertainment (Rear Seat Entertainment for MMI 3G+, Audi Tablet for MIB2 and MIB2+) and can be used there as well. The following information on data processing applies accordingly
The specific data and purposes of the data processing depend primarily on the particular vehicle and the vehicle equipment and the services used. Please note that not all services listed may be available for your vehicle or in your country. The features available in your vehicle and their functional scope can be found in the service description.
The list and specification of all the maximum available features, regardless of your vehicle model and the specific software version, is only for the purposes of this Data Protection Notice and does not intend or lead to an expansion of the features or functional scope of your specific vehicle.
To provide the online services in your vehicle and to secure your vehicle's communication, your vehicle registers with our IT systems for each driving cycle. For this purpose, your vehicle sends the following data or categories of data from your vehicle in the course of the registration: the vehicle identification number (with which your motor vehicle can be uniquely identified and assigned to a specific owner). If you use personalised services, your login data for your myAudi account, which you enter in the vehicle, will be transmitted to our IT systems. This means that certain data that you store in your myAudi account is also available in the vehicle (further information can be found in the information for the respective services).
For the use of certain online services, signed proof of authorisation (so-called "credentials") is transferred to your vehicle (e.g., OAuth token), with which our service providers can verify the authorisation to use a service. We only transmit the proof of authorisation to the service provider, without having to transmit your vehicle identification number or any other specific reference to you or your vehicle (pseudonymous authorisation). Information on the use of pseudonymous authorisation can be found under the individual services.
We process the above data to check, register and authenticate your vehicle on our IT systems in order to provide the Audi connect services and display your license status in the vehicle (Article 6 (1) (1) (b) GDPR). In order to check your authorisation to use services, your vehicle registers with the IT systems of Audi AG in each driving cycle.
In addition to your vehicle identification number, we also log the time and type of service used in order to identify and analyse disruptions for the purposes of the legitimate interests pursued by us. The log data is stored for 4 months for this purpose.
In addition, the above personal data may be used in individual cases for development and optimisation purposes of the legitimate interests pursued by us (Article 6 (1) (1) (f) GDPR).