Privacy Policy 360° Volkswagen App

 

A. Controller

With this privacy policy, we inform you about the processing of your personal data by Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, vw@volkswagen.de, registered in the commercial register of the Braunschweig District Court under the number HRB 100484 (Volkswagen AG), when using the mobile application 360° Volkswagen App (hereinafter referred to as the app).

 

B. General information

I. Anonymous data collection

 

You can use individual services of this app without telling us who you are. In this case, we do not collect, process or use any personal data.

 

II. Services without registration

 

When using services of this app that do not require registration, your data will only be stored locally on your mobile device; insofar as data is processed by us for the provision of services, we point this out in the section "The individual services without registration" (see below under C).

 

III. Services with registration

 

When using services that require registration, data is occasionally transferred to our data server, processed there and stored in your Volkswagen user account "depending on the respective service". Details can be found in Section D.

 

IV. Disclosure of data

 

Personal data will not be passed on to third parties.

 

V. Payment services

 

No payment service is integrated. Payment data will not be processed.

 

VI. Geoservices

 

No geoservices are included. Geodata is not processed.

 

C. The individual services without registration

The area of the app, which can be used without registration, contains a list of links to further offers of Volkswagen AG as well as appearances of the Volkswagen Group brands without personal data.

 

D. The individual services with registration

The login area of the app offers a variety of services. The total number of services differs from one licensed company to another. This privacy policy lists the maximum number of services. In the following, it is described for each service which personal data is stored and processed where and for what purpose. Evaluations of the collected personal data beyond the described purposes will not be carried out. The legal basis for data processing is Section 26 (1) sentence 1 of the Federal Data Protection Act (BDSG) for employees of Volkswagen Aktiengesellschaft and Article 6 (1) (b) of the General Data Protection Regulation (GDPR) for employees of other companies of the Volkswagen Group, as a legally binding contract is concluded by accepting the Terms of Use.

 

I. Accept Terms of Use

 

As part of the acceptance of the Terms of Use, we store the following personal data in the backend of the app for your Volkswagen UserID and your Global Identifier (GID): (1) Date of acceptance of the App Terms of Use and (2) version of the accepted Terms of Use. Acceptance of the GroupWiki Terms of Use is transferred to GroupWiki and deposited there. This personal data is stored for the purpose of tracing consent to the terms of use and to ensure that new consent does not have to be given each time you log in to the app.

 

II. Simplified filing

 

To make it easy to log in, the UserID and password are sent encrypted to the central Volkswagen Identity Provider (IDP) after they have been entered, where a so-called refresh token is created if the login is successful, which is stored in the smartphone's secure memory area. From this point on, the app does not require a new login for up to 90 days after entering the UserID and password via device unlocking. When logging in to the app, this refresh token is extracted from the smartphone's secure memory area and used to log in to the Volkswagen IDP. When you uninstall the app, the refresh token is automatically deleted from your smartphone.

 

III. Subscribe to news channels

 

In order to display the news channels you have individually selected, we store the following personal data in the backend of the app for the Volkswagen UserID and your GID: selected news channels. The storage is only visible to the logged-in user of the app. It is not possible to view the channel selection of other users. The storage of this personal data in the context of "Subscribe to news channels" is for the purpose of individualizing the app with regard to the display of news articles.

 

IV. Commenting on news articles

 

When you click on the comment button and reply to comments, the following personal data is stored in the GroupWiki system of Volkswagen AG for your Volkswagen UserID and your GID: (1) comment on a post, (2) first and last name including profile photo of the commenting user, (3) date and time of creation of the comment and (4) date and time of the last change for a comment. The storage takes place in connection with the content that has been commented on and is visible to the logged-in users of the app as well as registered users of the GroupWiki. Comments can be deleted and edited by the comment author at any time. The storage of this personal data in the context of pressing the comment button is for the purpose of promoting the interaction between the author and the respondent. The data is retained for 90 days according to KSU class "Standard 0.0". Comments can be subsequently changed and/or deleted by the creator.

 

V. Liking news articles

 

When you click on the Like button, the following personal data is stored in the GroupWiki system of Volkswagen AG for your Volkswagen UserID and your GID: (1) Posts that have been provided with a Like, (2) Date and time of the respective Like, and (3) Date and time of the last change of a Like. The storage takes place in connection with the content that was liked and is visible to the logged-in users of the app as well as registered users of the GroupWiki. Likes can be undone at any time. The storage of this personal data in the context of pressing the Like button is for the purpose of making appreciation of professional amounts visible. The data is retained for 90 days according to KSU class "Standard 0.0".

 

VI. Receipt of messages (push notification)

 

For push notifications, the Amazon Simple Notification Service (SNS, https://aws.amazon.com/de/sns/) is used in the app. Amazon does not process any personal data about you. To enable push notifications, we store the following personal data in the backend of the app "if you have activated the function" for your Volkswagen UserID and your GID: (1) activation or deactivation of push notifications and (2) smartphone token for push messages (the token identifies your smartphone; the token does not contain any personal information). Point (1) is only visible to the logged-in user of the app. Point (2) is stored in the backend of the app. This personal data is stored in the context of push notifications for the purpose of promoting information about news from users of the app. In addition, the token described above is stored in Amazon SNS so that push notifications can be received on the smartphone.

 

VII. Search

 

The data displayed in this service is stored and processed exclusively in the Volkswagen GroupFind system. Accordingly, GroupFind's privacy policy applies. In the app, your recent entries are displayed in the search slot under "Recent Searches" when you start the Search tab. In this view, you have the option to delete your search history at any time. Accordingly, when you search in the app, the following personal data is stored for your Volkswagen UserID and your GID: Search terms that the user has entered in the app. The data is stored on the end device and not on servers of Volkswagen AG. The last search terms are only visible to the respective user of the app. When the app is uninstalled, the recent searches are automatically deleted. The storage of this personal data in the context of the activation of the search is carried out for the purpose of easier operation of the search.

 

VIII. Feedback

 

Entries in this form are generally anonymous and not personal; no of your data is stored or processed. By sending the entries for the feedback function, the following non-personal data is stored: (1) Feedback category, (2) Feedback text, (3) Date of the sent feedback (timestamp), (4) Version of the app, (5) Operating system of the smartphone, (6) Smartphone model. This data is stored as part of the feedback function for the purpose of improving the app. Optionally, you can activate the option "Use my contact details for queries" to give support the opportunity to respond to your feedback. If you do so, (1) your UserID, (2) your GID and (3) your e-mail address will be stored in addition to the above data.

Optionally, you can enable the "Use my contact information for RFIs" option to allow support to respond to your feedback. If you do so, (1) your UserID, (2) your GID and (3) your e-mail address will be stored in addition to the above data. This is done for the purpose of easier investigation of the causes of errors and for feedback from the support to the user.

 

IX. Menus

 

The use of menus of company restaurants, self-service shops and bistros of Volkswagen AG is generally anonymous. However, you can mark company restaurants, self-service shops and bistros as favorites. This favorite identifier is stored on your smartphone for your UserID, not on servers of Volkswagen AG. You can undo the favorites flag in the app in the Services menus at any time. As soon as the app is deleted, the favorites flag is also deleted. This data is stored for the purpose of faster access to your favorite restaurants, self-service shops and bistros.

 

X. Plans of the Move Bus, factories and health centers - creating favorites

 

The plans of the Move Bus as well as the plants and the health centers are hereinafter referred to as document services, as these three services call up PDF documents to display the plans in the app. The use of the bus shuttle plans, plants and health centers of Volkswagen AG is generally anonymous. However, you can mark plans of the bus shuttles, factories and health centers as favorites under the respective document service. This favorite marking is stored on your smartphone for your UserID, not on servers of Volkswagen AG. You can undo the favorites marking in the app in the respective document service (plans of the bus shuttle, plants and health centers) at any time. As soon as the app is deleted, the favorites flag is also deleted. This data is stored for the purpose of faster access to the preferred documents.

 

XI. (FIORI) Self Services

 

On the one hand, the use of the functions in the Self Services area contains a link to the source system Self Services, where you log in with your individual access data. This access data is not stored within the 360° Volkswagen app. On the other hand, the section contains an explanation with texts and images on the registration process for the TOTP procedure.

 

XII. Company ID card

 

The following personal data is processed in the input form for ordering a new company ID card: 1) your cost center, 2) your personnel number. Other personal data, such as 3) VW UserID, 4) first and last name, 5) Volkswagen e-mail address, are automatically transferred by logging in to the 360° Volkswagen app.

It is optional to store your own ID picture. With the transmission to Volkswagen AG, all image rights required for the creation of a company ID card are transferred to Volkswagen AG. All information transmitted in the input form, including an optional image, is forwarded via Amazon's cloud-based mail service (Amazon Simple Email Service) from the 360° Volkswagen App to the responsible Card Service Center in encrypted form.

The current ID request can be viewed temporarily for one month, using the secure internal memory of your smartphone. Data is not stored in the backend of the 360° Volkswagen app.

 

XIII. Social affairs

 

The following personal data is processed in the input form for participation in the employee donation or provident fund: 1) your personnel number, 2) your location. Other personal data, such as 3) VW UserID, 4) first and last name, 5) Volkswagen e-mail address, are automatically transferred by logging in to the 360° Volkswagen app.

All information submitted in the input forms is forwarded via Amazon's cloud-based mail service (Amazon Simple Email Service: https://aws.amazon.com/de/ses/) from the 360° Volkswagen app to the responsible HR consulting center or to the responsible departments. The last request is made visible by specifying the order date and, for example, the selected contribution (employee donation), for which the secure internal memory of your smartphone is used. Data is not stored in the backend of the 360° Volkswagen app.

 

XIV. Compliance

 

Here you will be provided with various content on the subject of compliance. In detail, this includes a decision-making aid, anti-corruption content, information on the whistleblower system and contact options via the Compliance Infopoint. Infopoint Compliance: Entries in this form are generally personal; (1) your UserID, (2) your e-mail address will be stored or processed. All information submitted in the input form is forwarded via Amazon's cloud-based mail service (Amazon Simple Email Service: https://aws.amazon.com/de/ses/) from the 360° Volkswagen app to the responsible info point in a transport-encrypted manner.

 

XV. Idea Management

 

Under the Idea Management function, you will be provided with general information, contact details and a link to HR Self Services (see XI.) for entering ideas. When linking to the "Input of ideas", the 360° Volkswagen app only forwards you via a browser call at this point. There is no data processing in the 360° Volkswagen app.

 

XVI. HR Consulting Center

 

Under the "HR Consulting Center" function, the 360° Volkswagen App offers you the opportunity to find out how to contact the advice centers. You will already be shown the possible contact options in the app in order to establish contact afterwards. The 360° Volkswagen app uses the information known to you, which is provided by our contact person. There is no data processing in the 360° Volkswagen app.

 

XVII. My profile data/personal details

 

In the "More" tab, you will find the following data on your personal detail page: (1) first and last name including title, (2) profile picture, (3) current function (taken from the Volkswagen phone book), (4) current organizational unit, (5) company, (6) contact details (e-mail, telephone and fax number), (7) business address and (8) organizational classification in department including photos, first and last names, organizational units and functions (from the Volkswagen phone book) of colleagues,  direct and higher-level supervisors. This content comes from GroupFind (see "Search"), which exports the data from the Volkswagen Corporate Directory (VCD) system. You can read more about this in GroupFind's privacy policy (https://groupfind.volkswagenag.com/groupfind-api/static/de/privacy.html). When using this service, no personal data is stored. The display of personal data on the personal detail page is for the purpose of your own self-disclosure.

 

XVIII. Change profile picture

 

If you change the profile picture via the person details page, you must allow the app to access either your smartphone's camera or your smartphone's gallery. With allowed access to the camera, it is possible to take new pictures and use them as a profile picture. If access to the gallery is permitted, it is possible to select existing images on the smartphone as a profile picture. Access is granted once when the function is used for the first time and is stored anonymously in the secure memory area of the smartphone. Permission can be revoked by deleting the app or in the system settings of the smartphone (not the app). The profile picture is stored in the system including your Volkswagen UserID and your GID. The profile picture is visible to logged-in users of the app, as well as logged-in users in GroupWiki and GroupFind. The profile picture can be deleted at any time via the app. The profile picture is stored and displayed for the purpose of communication between the users of the app.

 

E. Tracking Tools

The operation and support of the 360° Volkswagen app requires ensuring that the application works correctly on the employee's device. This is accompanied by:

 

- Identification, analysis and correction of product errors and deficiencies in the course of optimal customer service/satisfaction (e.g. in the event of technical problems)

- Ensuring network and information security

- Further development of the product

- Ensuring compliance with legal requirements (e.g. no transfer of data to unknown third parties)

 

As part of the processing of this data and to fulfill the stated purpose, the software analysis tools of New Relic Inc. are used. The company stores the data in a self-managed data center in Frankfurt am Main.

The following data is collected by the application on the mobile device and transmitted to New Relic's servers for the stated purpose:

 

- Application data (e.g. length of the application session, identification number of the installation, country code (ISO 3166-1 alpha-2) based on the IP address

- Device data (e.g. model name, manufacturer, operating system version, telephone network operator information)

- IT communication data of the application between the mobile device and the backend service (e.g. URLs of HTTP requests with status code, response time, size of the request, operating system error code in case of network errors in case of HTTP requests fail, location based on the anonymized IP address)

- Data on the performance of the app on the end device (e.g. loading time of individual pages)

- Statistical data on the use of functions provided by the app (e.g. frequency of calls to a service)

 

New Relic stores the data for a maximum of 180 days. After this period, the data will be deleted. The data collection takes place on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) DSGVO.

 

F. Your rights

You can assert your following rights against Volkswagen AG at any time free of charge. For more information on exercising your rights, please refer to Section G.

 

Right to information: You have the right to receive information from us about the processing of your personal data.

 

Right of rectification: You have the right to obtain from us the rectification of inaccurate or incomplete personal data concerning you.

 

Right to deletion: You have the right to request the deletion of your data if the conditions set out in Art. 17 GDPR are met. After that, you can, for example, request the deletion of your data, insofar as it is no longer necessary for the purposes for which it was collected. In addition, you can request deletion if we process your data on the basis of your consent and you revoke this consent.

 

Right to restriction of processing: You have the right to request the restriction of the processing of your data if the requirements of Art. 18 GDPR are met. This is the case, for example, if you dispute the accuracy of your data. For the duration of the verification of the accuracy of the data, you can then request the restriction of processing.

 

 

Right to data portability: If the data processing is based on consent or the performance of a contract and this is also carried out using automated processing, you have the right to receive your data in a structured, common and machine-readable format and to transmit it to another data processor.

 

Right of revocation: If the data processing is based on consent, you have the right to revoke the data processing within the scope of a consent with effect for the future at any time free of charge.

 

Right to lodge a complaint: You also have the right to complain to a supervisory authority (e.g. the State Commissioner for Data Protection of Lower Saxony) about our processing of your data.

 

G. Your contact persons

Contact person for exercising your rights

 

The contact persons for exercising your rights and further information can be found on the following website https://datenschutz.volkswagen.de

 

Data protection supervisor

 

Our data protection officer is available to you as a contact person for data protection-related concerns:

 

Data Protection Officer of Volkswagen AG

Berliner Ring 2, 38440 Wolfsburg

dataprivacy@volkswagen.de

 

September 2023