Skip to Content

Data Protection Notice regarding Audi connect

Illustration of a book with a protective shield on the cover depicting a padlock

A. Scope of the Data Protection Notice

In this Data Protection Notice, we are informing you (as the owner, driver, passenger, etc.) about the processing of your personal data by AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Germany ("we") in connection with data processing in and data transmission from an AUDI AG vehicle.

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

B. General Information

I. Who is responsible for data processing

The entity responsible for the processing of your personal data (the Controller) is:

AUDI AG, Auto-Union-Straße 1, 85057 Ingolstadt, Germany.

Tax identification number / Commercial Register No.: DE811115368 / HRB No./Commercial Register No.: 1

You can find further information about us, in particular the members of the Management Board, in our legal notice: www.audi.com/en/legal-notice/

II. Whom can I contact?

If you want to assert your data protection rights, please use the contact options at data-subject-rights.audi.com

There, you will find more information on how to assert your data protection rights.

You can also contact the following address by post:

AUDI AG, DSGVO-Betroffenenrechte (Data Subject Rights pursuant to GDPR), Auto-Union-Straße 1, 85057 Ingolstadt, Germany. Or you can use the contact option via data-subject-rights.audi.com.

Your concerns and data subject rights are important to us. We will respond to every request as quickly as possible. If you have general questions about this Data Protection Notice or the processing of your personal data by Audi, please address them to:

Audi Kundenbetreuung Deutschland (Customer Service Germany), PO Box 10 04 57, 85045 Ingolstadt, Germany.

Email: kundenbetreuung@audi.de

Telephone number: 0800 – 28 347 378 423

Fax number: 0800 – 329 262 834

III. Contact details of the data protection officer

If you have concerns about data protection, you can also contact our company's data protection officer:

AUDI AG, Datenschutzbeauftragter (Data Protection Officer), 85045 Ingolstadt, Germany

IV. What rights do I have?

Depending on your vehicle's equipment, you can deactivate the collection of certain personal data via the privacy settings in your vehicle. With the deactivation, services that use this data cannot be provided and are therefore not usable. Please note that the emergency call service and legally required data processing will not be deactivated via this feature and will continue to send the data necessary to provide the services.

Other online services in your vehicle may be protected against deactivation through privacy settings for legal or contractual reasons, such as the Audi Connect key (if available) or the Audi Connect theft tracking system (if installed). Find out about the services protected in your vehicle in the information on "Activate Privacy" in the privacy settings in your HMI (Human Machine Interface). We inform you about special features of the privacy settings for individual services in section C.II. "Privacy Settings".

All rights described below in relation to personal data and its processing may be subject to restrictions in accordance with applicable EU and/or national legislation. Depending on the jurisdiction, you may have the following rights as a data subject. Please note: Your rights under the laws of the country in which you reside at the relevant time may differ from the rights described below. Further country-specific information, in particular on the rights to which you are entitled under the law of the respective country, can be found in Annex 1. These rights apply in addition to your rights under the GDPR, provided that the legal requirements are met.

Further information on the rights you may have in connection with our processing of your personal data can be found at: data-subject-rights.audi.com

As a data subject, you are entitled to the following data protection rights, depending on your place of jurisdiction. Please note that these rights may be extended or restricted under applicable local law.

1. Right to be informed

You have the right to be informed about the collection and use of your personal data by us, in a readily accessible manner, and in plain and clear language. We are implementing your right to be informed, also through this notice, whose content may be updated from time to time.

2. Access

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to have access to your personal data stored by AUDI AG, be provided with information about to what extent your personal data will be processed or shared and to receive a copy of your stored personal data.

3. Rectification

You have the right to obtain from AUDI AG without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed.

4. Erasure

You have the right to obtain erasure of your personal data stored by AUDI AG without undue delay if the legal requirements are met. This is particularly the case if

  • your personal information is no longer needed for the purposes for which it was collected;
  • the legal basis for processing was your consent, and you have withdrawn your consent;
  • you have objected to processing your data which was based on the legal basis of legitimate interests due to personal reasons, and we cannot prove that there are overriding legitimate grounds for such processing;
  • your personal data were processed unlawfully; or
  • your personal data must be erased in order to comply with legal requirements.

If we have transmitted your data to third parties, we will inform them about the erasure to the extent required by law.

Please note that your right to erasure is subject to certain limitations. For example, we may not and/or must not erase data that we are still required to retain due to statutory retention obligations. In addition, your right of erasure does not extend to data that we need for the establishment, exercise or defence of legal claims.

5. Restriction of Processing

Under certain conditions, you have the right to obtain restriction of processing (i.e., the marking of stored personal data with the aim of limiting its processing in the future). The requirements are in particular:

  • The accuracy of your personal data is contested by you and AUDI AG must verify the accuracy of the personal data;
  • the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
  • AUDI AG no longer needs the personal data for the purposes of the processing, but you require the data to establish, exercise or defend your legal claims;
  • you have objected to processing pending the verification of whether the legitimate grounds of AUDI AG override your legitimate grounds.

Where processing has been restricted, such data will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State, or the region where you are located at the relevant time, in each case only to the extent permitted under applicable data protection laws.

6. Data Portability

To the extent that we automatically process your personal data that you have provided to us based on your consent or any contract with you (including your employment contract), you have the right to receive such data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from AUDI AG. You also have the right to have the personal data transmitted directly from AUDI AG to another controller where technically feasible, provided that such transmission does not adversely affect the rights and freedoms of others.

7. Right to Object

If we process your personal data on grounds of legitimate interests or in the public interest, then you have the right to object to the processing of your personal data on grounds relating to your particular situation. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes (or other rights if laws of the region where you are located at the relevant time stipulate another legal basis for direct marketing). Please see our separate note in the section "Information about your Right to Object". In certain situations, and in the context of a balancing of interests, we will also grant you an additional unrestricted right to object that goes beyond the privacy settings (deactivation option). For more details in connection with this, please see the section D. Online Services.

If you wish to exercise your right to object, please use the contact details provided in section B.II Whom can I contact?

8. Withdrawal of Consent

If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent is unaffected.

If you wish to exercise your right to withdraw your consent to the processing of your personal data, please use the contact details provided in section B.II Whom can I contact?

9. Complaint

Furthermore, you have a right to lodge a complaint with a data protection authority if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies. The address of the lead data protection supervisory authority responsible for AUDI AG is:

Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision)

Promenade 18

91522 Ansbach

Germany

The above indicated contacts of the supervisory authority are without prejudice to your right under the conditions and procedures of applicable law to lodge a complaint with a supervisory authority in the state of your habitual residence, place of work or place of the alleged infringement (e.g., for Japan: Personal Information Protection Commission, Government of Japan (PPC), Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan, Phone: +81-3-6457-9680). Under the following link you will find all contact details of the national supervisory authorities in all Member States: www.edpb.europa.eu/about-edpb/board/members_en

The contact details of the national supervisory authorities and further country-specific information can be found in Annex 1 – Additional data subject rights and further country-specific information

10. Information about your Right to Object

a.    Right to object on grounds relating to your particular situation

You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balancing of interests. This also applies for any profiling. Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate grounds but will, of course, examine each individual case. In the event of an objection, we will no longer process your personal data, unless

  • we can demonstrate compelling legitimate grounds for the processing of these data that override your interests, rights and freedoms, or
  • your personal data serves the establishment, exercise or defence of legal claims.

b. Objection to the processing of your data for our direct marketing purposes

To the extent that we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, then we will no longer process your personal data for these purposes.

c. Exercise of the right to object

The objection may be lodged without any form and should be made to the contact details listed in this Data Protection Notice under section B.II. Whom can I contact?

V. What data do we process for what purposes and on what legal basis?

We process your personal data for various purposes in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – "BDSG") as well as local regulations. References to articles in the GDPR in this Data Protection Notice are the equivalent articles in any applicable local regulations (if any) where those regulations implement or retain the GDPR. References to Articles within the GDPR do not limit the rights of non-EU residents under applicable local law. If the applicable local law of the country where you are located at the relevant time foresees additional requirements regarding the legal bases, we will comply with such additional requirements and will inform you accordingly. These laws may include but are not limited to, taxation, credit, financial, privacy and security laws of your jurisdiction. 

The specific data and purposes of the data processing depend primarily on the particular vehicle and the vehicle equipment and the services used.

Please note that not all services listed may be available for your vehicle or in your country. The list and specification of all the maximum available features, regardless of your vehicle model and the specific software version, is only for the purposes of this Data Protection Notice and does not intend or lead to an expansion of the features or functional scope of your specific vehicle. 

Your vehicle sends certain data to our IT systems or to the IT systems of the service providers we use. On the basis of the data sent from your vehicle, we provide you with a service or content that we deliver directly from our IT systems or via the IT systems of our service providers to your vehicle This always requires at least a technical assignment of a request to a service and to a vehicle. This assignment is effected either via the vehicle identification number of your vehicle or a pseudonym. The personal data are pseudonymised if they can no longer be assigned to a specific data subject without additional information.

With so-called swarm services, data from many vehicles help you to experience new safety and convenience features in your vehicle. As with the online navigation features, the data transfer from your vehicle is pseudonymised, with a different pseudonym (session ID) in each driving cycle. Since these are location-based services, accurate location information must be sent and processed in a timely manner. The vehicle identification number is not transmitted to either the processing systems of AUDI AG or to the service providers involved. The data is only collected if the associated services are activated in your vehicle. The specific data that are transmitted for the respective service can be found in the description of the services marked as swarm services  In addition to this service-specific data, the metadata required to provide the service is transmitted: time stamp, information about the software versions used, map or map tile versions used, key position, ignition on/off, engine on/off.

Further details on the specifically processed data categories and the corresponding sources can be found in the following sections for each service section D. Online Services.

Please note: If the law of the country in which you are located at the relevant time provides for additional requirements with regard to the legal bases, we will comply with these additional requirements and inform you accordingly. This applies in particular if this law provides for (express) consent to the processing of your personal data.

If we process your personal data otherwise, the processing is based on the following legal grounds for the following purposes: 

Table
PurposeLegal Basis
Legitimate Interest in the Balancing of Interests
Purpose
Review and optimization of products and services
Legal Basis
Fulfillment of a legal obligation, balancing of interests
Legitimate Interest in the Balancing of Interests
Control of product quality and prevention of product damage, preventive complaint management
Purpose
Customer order processing, incl. vehicle production and provision of digital services
Legal Basis
Contract fulfillment (e.g. service contract, vehicle purchase contract or contract for special equipment), balancing of interests (with regard to passengers and co-drivers) Consent
Legitimate Interest in the Balancing of Interests
Provision of the service used by you, the passenger or the occupants to fulfill the contract
Purpose
Credit check
Legal Basis
Consent, balancing of interests
Legitimate Interest in the Balancing of Interests
Protection against advance payments to non-creditworthy contractual partners
Purpose
Operation and administration of or support for internally used IT systems
Legal Basis
Balancing of interests
Legitimate Interest in the Balancing of Interests
Protection of IT infrastructure against accidental or willful interference, maintenance of IT systems and security
Purpose
Data trading and management
Legal Basis
Contract fulfillment, consent
Legitimate Interest in the Balancing of Interests

Purpose
Development and testing of components, products and services
Legal Basis
Contract fulfillment (e.g. service contract, vehicle purchase contract or contract for special equipment) and consent, balancing of interests
Legitimate Interest in the Balancing of Interests
Improvement of road safety and own products, promotion of science
Purpose
Customer inquiries and complaints
Legal Basis
Contract fulfillment (e.g. service contract, vehicle purchase contract or contract for special equipment) and consent, balancing of interests
Legitimate Interest in the Balancing of Interests
Product quality control and prevention of product damage, preventive complaint management
Purpose
Warranty and goodwill
Legal Basis
Contract fulfillment, consent
Legitimate Interest in the Balancing of Interests

Purpose
Warranty processing incl. product recalls
Legal Basis
Contract fulfillment (service contract), balancing of interests, contract fulfillment
Legitimate Interest in the Balancing of Interests
  • If there are concrete indications that a fault during the warranty or guarantee period was caused by modifications to the vehicle (tuning, conversions, etc.), AUDI AG has a legitimate interest in recognizing this
  • Effective fault detection and analysis in order to be able to rectify faults
  • Supporting the AUDI dealer in fulfilling its legal obligations towards you
Purpose
Compliance checks
Legal Basis
Balancing of interests (Article 6 (1) (1) (f) GDPR); compliance with our legal obligations Article 6 (1) (1) (c) GDPR)
Legitimate Interest in the Balancing of Interests
Checking compliance with legal provisions, internal company guidelines, rules and standards of AUDI AG, group companies, employees, business partners and other third parties
Purpose
Prevention of legal violations (in particular criminal offenses) and misuse
Legal Basis
Fulfillment of legal obligations, balancing of interests
Legitimate Interest in the Balancing of Interests
  • Compliance with legal and regulatory requirements
  • Verification of compliance with legal provisions, internal company guidelines, rules and standards of AUDI AG, Group companies, employees, business partners and other third parties
Purpose
Personal checks and verification of authorizations
Legal Basis
Weighing of interests, contract fulfillment if necessary (checks related to official duties), fulfillment of legal obligations if necessary
Legitimate Interest in the Balancing of Interests
Protection against unauthorized access, protection against damage caused by carrying out activities without being authorized to do so
Purpose
IT security
Legal Basis
Balancing of interests
Legitimate Interest in the Balancing of Interests
Protection of the IT infrastructure against accidental or willful interference, recovery of data after data loss to maintain the IT infrastructure
Purpose
Internal administration
Legal Basis
Contract fulfillment, balancing of interests, fulfillment of legal obligations, consent if necessary
Legitimate Interest in the Balancing of Interests
  • Analysis of sales and order data by sales channel model, order status
  • Analysis of requested variants and equipment
  • Reporting on key business figures, using the vehicle identification number if necessary
  • Performing evaluations to control our business processes and cost control based on the analysis of sales and order data by sales channel model, order status, analysis of requested variants and equipment, reporting on business parameters, using the vehicle identification number if necessary
  • Maintenance of operations
  • Compliance with legal and regulatory requirements
  • Providing benefits and support for employees
  • maintaining product quality
  • Prevention of recourse claims
  • Preparing for and following up on events, improving the organization for the future,
Purpose
Legal matters and compliance
Legal Basis
Fulfillment of a legal obligation, public interest, fulfillment of legal obligations, balancing of interests, contract fulfillment
Legitimate Interest in the Balancing of Interests
  • Fulfillment of legal and regulatory requirements
  • Verification of compliance with legal provisions, internal company guidelines, rules and standards of AUDI AG, Group companies, employees, business partners and other third parties,
  • compliance with legal and regulatory requirements, assertion, exercise or defense of legal claims of AUDI AG or the respective AUDI dealer
  • Verification of compliance with contractual and legal obligations by AUDI AG, its employees and its sales partners, suppliers, etc., if necessary using the vehicle identification number
Purpose
Customer and prospective customer support, advertising
Legal Basis
Consent, balancing of interests, contract fulfillment (contract to which your request relates, e.g. vehicle purchase contract, delivery, etc.)
Legitimate Interest in the Balancing of Interests
Representation of AUDI AG and information about its activities and products, adaptation of online services to changing user needs, maintenance and improvement of product quality
Purpose
Market and opinion research 
Legal Basis
Consent, balancing of interests
Legitimate Interest in the Balancing of Interests
Maintaining and improving product quality
Purpose
Customer analysis and customer evaluation
Legal Basis
Consent, balancing of interests
Legitimate Interest in the Balancing of Interests
  • Analysis of sales and order data by sales channel model, order status
  • Analysis of requested variants and equipment
  • Reporting on business parameters using the VIN if necessary
  • Performing evaluations to manage our business processes and cost control based on the analysis of sales and order data by sales channel model, order status, analysis of requested variants and equipment, reporting on business parameters, if necessary using the vehicle identification number, maintaining and improving product quality, representing AUDI AG and informing about its activities and products, adapting online services to changing user needs

Insofar as we process further data for other purposes or based on another legal ground, we will state this separately with the respective legal grounds in the notes in section D. Online Services.

Please note: We do not process your personal data for automated individual decision-making (including profiling).

VI. Is there an obligation to provide personal data?

When using your vehicle and our functions or services, you only need to provide the personal data that is required for use or that we are legally obliged to collect. Without this data, we will generally not be able to provide the desired functions. If data from the vehicle is processed beyond the functions and legal obligations, this will only be done with your consent in accordance with the Telecommunications Digital Services Data Protection Act (TDDDG).

If AUDI asks you for sensitive data, you are not obliged to pass it on and AUDI does not make the provision of its functions dependent on the transmission of this data, unless the corresponding functions cannot be provided without this data.

VII. Who receives my data?

Due to the size and complexity of data processing by us, it is not possible to list each recipient of your personal data individually in this data protection information, which is why only categories of recipients are generally specified.

Within AUDI AG, those entities receive your data that they need to comply with our contractual and statutory obligations and for the purposes of the legitimate interests pursued by us.

Your personal data will only be disclosed by us to third parties if this is necessary for the performance of the contract, if we or the third party have a legitimate interest in such disclosure, or if you have given your consent in accordance with the applicable local law.

In addition, data may be transferred to third parties (including investigative or security authorities) if we are obliged to do so by law or by enforceable official or court order.
Information on processors and/or other recipients of your personal data can be found in Annex 2 - Processor and Annex 3 - Recipients as independent controllers.

1. Is data transferred to a third country?

A transfer of data to third countries (i.e., countries that are neither members of the European Union nor of the European Economic Area) may occur to the extent necessary to perform services for you, if required by law, or where you have given us your consent (in the absence of any other appropriate safeguarding mechanism under the GDPR). Please note: Under applicable local law, a third country transfer might be defined differently, e.g., as a transfer outside of the country where you are located at the relevant time. In addition, we also share your personal data with processors in third countries in individual cases and insofar as this is necessary for the provision of the specific features.

Please note that not all third countries have a level of data protection recognized as adequate by the relevant government or competent authority of the country in which you are located (e.g. the European Commission in the European Union). For data transfers to third countries where there is no adequate level of data protection, we ensure that, prior to disclosure, the recipient has either an adequate level of data protection (e.g., an adequacy decision of the EU Commission or the agreement of so-called EU standard contractual clauses of the European Union with the recipient or any other safeguard required under local law), or we have obtained express consent from our users.

Where AUDI relies on appropriate safeguards under applicable law (e.g. standard contractual clauses or binding corporate  rules pursuant to Art. 46 (2) GDPR for transfers to third countries), AUDI will take additional technical and/or organizational measures as necessary to ensure an adequate level of protection for your personal data. An adequate level of protection includes implementing appropriate safeguards to prevent unauthorized access, collection, use, disclosure, copying, modification or deletion and similar risks and loss of storage media or devices on which personal data is stored.

You can find more information on the European Commission's adequacy decision on the website of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
You can obtain a copy from us of the specific applicable or agreed provisions to ensure an adequate level of data protection. Please refer to the information in the section B.II Whom can I contact?

Details on data transfers to third countries are contained in Annex 2 - Processor and Annex 3 - Recipients as independent controllers.

VIII. How long will my data be stored?

We store your data only for as long as is necessary for fulfilling the purposes for processing personal data as described in this notice (e.g., providing our services to you or as long as we have a legitimate interest to do so, in particular to eliminate disruptions or to optimise our services). We only store the data that we require for the respective purpose and pseudonymise or anonymise the data that is processed beyond the provision of our services as far as possible.

In addition, we are subject to various retention and documentation obligations pursuant to, inter alia, the German Commercial Code (Handelsgesetzbuch – “HGB”) and the German Tax Code (Abgabenordnung – “AO”). The retention and documentation periods specified therein last up to ten years. Finally, the storage period is also governed by statute of limitations periods, which can be up to thirty years, for example, pursuant to Sections 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch – “BGB”), where the general limitation period is three years.

Under certain circumstances, your data may also need to be retained for a longer period of time, such as when a legal hold or litigation hold (i.e., a prohibition of data deletion for the duration of the proceedings) is ordered in connection with an administrative or judicial proceeding.

We may also be subject to retention and documentation obligations in line with the local legislation of your country.

If a specification is possible, you can find further information on retention obligations in section D. Online Services.

IX. What practices and procedures are used to protect my data?

We have implemented comprehensive technical and organizational measures (TOMs) and comply with them at all times to protect your data in accordance with the high standards of the GDPR and the standards of other legislation of the country in which you reside. These include pseudonymization and encryption as well as measures to ensure the ongoing confidentiality, integrity and availability of your data (including the ability to recover data in the event of an incident). We regularly review our TOMs and make improvements where necessary to ensure the security of your data and to comply with applicable law. We have put in place appropriate procedures to deal with any personal data breach (i.e. a breach of security leading to the accidental or unlawful  destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed) and will notify you as the data subject and the relevant supervisory authority where we are legally required to do so.

X. Updates to this privacy policy

We may update this Privacy Policy from time to time by making updates to this Privacy Policy available on our website and in the vehicle.

Current version: June 30, 2025

C. Vehicle Data

I. What data does my vehicle process?

1. Electronic Control Units

a. General information

Electronic control units are installed in your vehicle. Control units process data that they receive, for example from vehicle sensors, generate themselves or exchange with one another (vehicle data). Some control units are necessary for the safe functioning of your vehicle, others support you when driving (driver assistance systems), others enable convenience or infotainment features.

Below you will find general information on data processing in the vehicle. Specific information can be found in the respective owner's manual, which is available online and, depending on the equipment, also digitally in the vehicle, in direct connection with the notes on the relevant functional features and below under section D. Online Services.

b. Personal Reference

Each vehicle is marked with a unique vehicle identification number (VIN). In some countries this vehicle identification number can be traced back to the current and former owner of the vehicle via information from the relevant national motor transport authority of the domicile (e.g., in Germany the German Federal Motor Transport Authority (Kraftfahrtbundesamt). In other countries, this might be possible via information from other local ministries or authorities. There are also other ways of attributing data collected from the vehicle to the owner or driver, for example via the license plate number.

The data generated or processed by control units can therefore be personal or become personal under certain conditions. Depending on which vehicle data is involved, it may be possible to draw conclusions about your driving behaviour, your location or your route or usage behaviour.

c. Legal Requirements for the Disclosure of Information

Insofar as there are legal regulations, manufacturers are generally obliged to release the data stored by the manufacturer to the required extent at the request of government agencies in individual cases (e.g., when investigating a criminal offence). Government agencies are also authorised under applicable law to read data from vehicles themselves in individual cases. In the event of an accident, for example, information can be read from the airbag control unit that can help to investigate it.

2. Operating Data of the Vehicle

Control units process data to operate the vehicle. This includes for example:

  • Vehicle status information (e.g., speed, deceleration, lateral acceleration, wheel revolution speed, whether the seat belts are fastened),
  • Environmental conditions (e.g., temperature, rain sensor, distance sensor).

This data is generally volatile – it is not stored after the vehicle is switched off and is only processed in the vehicle itself. Control units often contain data memory (sometimes also including the vehicle keys). These are used to temporarily or permanently document information about vehicle status, component stress, maintenance requirements and technical events and errors. Depending on technical equipment, the following information is stored:

  • Operating conditions of system components (e.g., fill levels, tyre pressure, battery status)
  • Deviations from system states in important system components (e.g., lights, brakes) that are documented in the internal vehicle systems event memory,
  • System responses in specific driving situations (e.g., deployment of airbags, use of stability control systems)
  • Information about vehicle-damaging events,
  • For electric vehicles, the charge level of the high-voltage battery, estimated range.

In special cases (e.g., when the vehicle has detected a malfunction), it may be necessary to store data that would otherwise be volatile.

If you use services (e.g., repair services, maintenance work), the stored operating data and the vehicle identification number (VIN) might, to the extent necessary, be read out and accessed. The data may be read out from the vehicle by an employee of the service network (e.g., workshops and manufacturer) or third parties (e.g., roadside assistance services). The same applies to warranty cases and quality assurance measures.

The readout is generally carried out via the statutorily prescribed connection for OBD ("on-board diagnostics") in the vehicle. The readout operating data records the technical conditions of the vehicle or individual components and helps with error diagnostics, compliance with maintenance obligations and with quality improvement. This data, especially information about component stress, technical events, operating errors and other errors, is sent with the respective vehicle identification number (VIN) to the manufacturer, if necessary.

In addition, the manufacturer is subject to product liability. For liability issues, such as vehicle recalls, the manufacturer also uses operating data from the vehicle. This data may also be used to review warranty and guarantee claims by customers. Error memories in the vehicle can be reset by a service provider as part of repair/service work or at your request. 

3. Convenience and Infotainment Features

You can save convenience settings and customisations in the vehicle and change or reset them at any time. These include, depending on the equipment, e.g.,

  • Settings of seat and steering wheel positions,
  • Suspension and climate control settings,
  • Driver assistance and driver information systems,
  • Settings in instrument cluster and infotainment system
  • Customisations such as interior lighting

As part of the selected equipment, you can enter data into the vehicle's infotainment functions yourself. These include, depending on the equipment, e.g.,

  • Multimedia data such as music, movies or photos for playback in an integrated multimedia system,
  • Address book data for use in connection with an integrated hands-free device or an integrated navigation system,
  • Entered navigation destinations,
  • Data on the use of Internet services.

This data for convenience and infotainment functions can be stored locally in the vehicle or it can be on a device that you have connected to the vehicle (e.g., smartphone, USB flash drive or MP3 player). If you have entered data yourself, you can delete it at any time.

This data is only transmitted from the vehicle at your request, in particular when using online services in accordance with the settings you have selected. For further information on online services, please refer to section D. Online Services. 

4. Smartphone Integration e.g., Android Auto or Apple CarPlay

If your vehicle is equipped accordingly, you can connect your smartphone or another mobile device to the vehicle so that you can control it using the controls integrated in the vehicle. The smartphone's image and sound can be output via the multimedia system. At the same time, certain information is transmitted to your smartphone. Depending on the type of integration, this includes, for example, position data, day/night mode and other general vehicle information. Please refer to the owner's manual for the vehicle/infotainment system and to "Special Information".

The integration enables the use of selected smartphone apps, such as navigation or music playback. There is no further interaction between smartphone and vehicle, in particular active access to vehicle data. The type of further data processing is determined by the provider of the app used in each case. Whether and which settings you can make depends on the respective app and the operating system of your smartphone.

5. Online Services

If your vehicle has a wireless network connection, this enables the exchange of data between your vehicle and other systems (AUDI AG data servers, data servers of Volkswagen AG Group companies or data servers of service providers). In certain countries, the wireless network connection is enabled possibly by an on-board transmitter and receiver unit or by a mobile device (e.g., smartphone) brought in by you. Online features (information and control services for your vehicle) can be used via this wireless network connection. This includes online services and applications/apps that are made available to you by us or by other providers ("Audi Connect services" or "services").

You can find information on the individual services at D. Online Services.

Please note that not all services listed may be available for your vehicle or in your country.

a. Manufacturer's Services

In the case of online services from AUDI AG, the respective features are described at the relevant place (e.g., vehicle infotainment system (MMI), manufacturer's website). The associated data protection information can be found below in section D. Online Services. Personal data may be used to provide online services. The exchange of data for this takes place via a protected connection, e.g., with the IT systems provided for this purpose by AUDI AG. Any collection, processing and use of personal data that goes beyond the provision of core services takes place exclusively on the basis of legal permission, e.g., a statutory emergency call system, a contractual agreement or on the basis of consent.

You can activate or deactivate the services and functions and – depending on the vehicle – also the entire wireless network connection of the vehicle. This does not apply to functions and services required by law, such as an emergency call system.

In addition, the aforementioned personal data may occasionally be processed for the purposes of development and optimization in order to safeguard our legitimate interests.

b. Data transmission in connection with charging

If a vehicle is connected to a charging device including a communication interface, function-related data (e.g. vehicle identification data) is transferred to the charging device as part of the charging process.

c. Third-Party Services

If you make use of the opportunity to use online services of other providers (third parties), these services are subject to the responsibility and the data protection terms and terms of use of the respective provider. We generally have no influence on the content exchanged here.

Therefore, please obtain information on the nature, extent and purpose of the collection and use of personal data in the context of third-party services from the respective service provider.

II. Privacy settings (Privacy Mode)

The "Privacy Mode" feature allows you to partially or completely restrict data communication via the vehicle's internal SIM card. To do this, you can deactivate/activate the data processing displayed in the vehicle for each group. Safety-relevant services are excluded from deactivation through Privacy Mode. You can find an overview of which services and data processing are assigned to the respective group under "Privacy Settings" in your vehicle's MMI.

Depending on the vehicle equipment and country, the primary user has the option of deactivating/activating individual services for all users of the vehicle in the myAudi portal, or the individual user can deactivate/activate individual services in the vehicle itself.

As part of this feature, we process the following data or categories of data from your vehicle: the vehicle identification number (with which your motor vehicle can be uniquely identified and assigned to a specific owner), the selected privacy setting and the current deactivation/activation status per service or service group.

We process the above data to implement the settings and to enable you and authorised users (main and secondary users) to view the privacy settings in the myAudi web portal or in the Audi smartphone app.

Please note that changes to privacy settings only affect data transfer via the in-vehicle SIM card. Other wireless data interfaces such as Bluetooth, Bluetooth Low Energy (BLE), Wireless LAN (WLAN), CV2X Communication, Near Field Communication (NFC), Electronic Toll Collect (ETC), Integrated Toll Module (ITM) must be connected separately. Wired data transmission via USB, charging communication (high-voltage system) or on-board diagnostics (OBD) is similarly unaffected by the settings in "Privacy Mode".

III. Anonymisation of Vehicle Data

We may further use your personal data from the vehicle in an anonymised form. Anonymous means that it is no longer possible to draw conclusions or identify an individual person. For example, we remove identifying features such as the vehicle identification number, aggregate the data or only process statistical data. Anonymising the data serves to protect your privacy. If a legal basis for the anonymisation is required, this is done for the purposes of the legitimate interest pursued by us in the data protection-compliant further use of vehicle data, inter alia for the development and optimisation of our products and services and to increase road and product safety.

Annex 1 – Additional data subject rights and further country-specific information

Table

Australia

Under Australian law, you have the right to

  • access;
  • rectification;
  • lodge a complaint with both AUDI and the Office of the Australian Information Commissioner (“OAIC”) or any other dispute recognition scheme recognised by the OAIC which can be found on the OAIC website www.oaic.gov.au.
  • If you are concerned with the way we have handled your personal data, you may lodge a privacy complaint with the Office of the Australian Information Commissioner (“OAIC”). However, it is a requirement of the OAIC that prior to lodging a complaint, you have raised your complaint with us. If you are not satisfied with our response or we fail to provide a response within 30 days of receipt, you can lodge a complaint with the OAIC. The contact details for the OAIC are set out below: 

Phone: 1300 363 992

Fax: (02) 9284 9666

Website: https://www.oaic.gov.au/

Post: GPO Box 5288, Sydney NSW 2001

Brazil

The following supplements and/or amendments to the Privacy Notice apply if (i) you are located in the Brazil, (ii) the processing operation is carried out in Brazilian territory, or (iii) the purpose of the processing activity is to offer or supply goods or services or to process the data of individuals located in Brazilian territory, in accordance with the local data protection laws, which include the Brazilian General Data Protection Law (LGPD). In the event of any conflict or inconsistency between the Privacy Policy the following shall govern and prevail:

 

1. Which data do we process for which purposes and which legal bases apply?

The processing of your personal data must be based on one of the following legal bases:

  • Through the provision of your consent;
  • To comply with a legal or regulatory obligation by AUDI AG;
  • For studies to be carried out by research bodies, guaranteeing the anonymization of personal data whenever possible;
  • When necessary for the execution of a contract or preliminary procedures related to a contract between AUDI AG and you;
  • For AUDI AG’s regular exercise of rights in judicial, administrative or arbitration proceeding;
  • For the protection of life or physical safety of you or a third party;
  • For the protection of health, exclusively, in a procedure carried out by health professionals, health services or health authorities;
  • When necessary to meet the legitimate interests of AUDI AG or a third party, except where your fundamental rights and freedoms that require the protection of personal data prevail; or
  • For credit protection, including the provisions of the Brazilian relevant legislation.

 

If the process of sensitive personal data (personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data relating to health or sex life, genetic or biometric data, when linked to a natural person), one of the following legal bases must also apply:

  • You or your legal guardians consent, in a specific and detached manner, for specific purposes;
  • When the data is indispensable for:
    a. compliance with a legal or regulatory obligation by AUDI AG;
    b. shared processing of data necessary for the execution by the public administration of public policies provided for in laws or regulations;
    c. carrying out studies by a research body, guaranteeing, whenever possible, the anonymization of sensitive personal data;
    d. the regular exercise of rights, including in contracts and in judicial, administrative and arbitration proceedings.

All processing based on legitimate interest will consider the rights and freedoms of the data subject, as well as the guidelines issued by the Brazilian National Data Protection Agency (ANPD).

Processing activities will also observe good faith and the following principles:

  • purpose: carrying out the processing for legitimate, specific, explicit purposes that have been informed to the data subject, without the possibility of further processing in a manner incompatible with those purposes;
  • adequacy: compatibility of the processing with the purposes informed to the data subject, in accordance with the context of the processing;
  • necessity: limitation of the processing to the minimum necessary for the fulfillment of its purposes, with the scope of the relevant data, proportional and not excessive in relation to the purposes of the data processing;
  • free access: guaranteeing data subjects easy and free consultation on the form and duration of processing, as well as on the completeness of their personal data;
  • data quality: guaranteeing  data subjects that their data is accurate, clear, relevant and up-to-date, in accordance with the need for it and for the fulfillment of the purpose for which it is processed;
  • transparency: guaranteeing data subjects clear, precise and easily accessible information about the processing and the respective processing agents, with due regard for commercial and industrial secrets;
  • security: using technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination;
  • prevention: adoption of measures to prevent the occurrence of damage as a result of the processing of personal data;
  • non-discrimination: guaranteeing the impossibility of processing for unlawful or abusive discriminatory purposes;
  • responsibility and accountability: demonstrating the adoption of effective measures capable of proving compliance with personal data protection rules, including the effectiveness of these measures, by the agent.

 

Considering the legal bases indicated, we reiterate the treatments listed in Section B.V. of the Privacy Notice.

 

2. Is data transferred to a third country?

Personal data processed under Brazilian law will only be transferred internationally in accordance with the following legal bases: 

  • To countries or international organizations that provide a degree of personal data protection adequate to Brazilians Laws, according to the Brazilian National Data Protection Agency (ANPD) authorizing the transfer to such country or organization;
  • Where applicable, in the relationship between AUDI AG and the third party: a) specific contractual clauses for a given transfer; b) standard contractual clauses; c) global corporate standards; d) regularly issued seals, certificates and codes of conduct apply;
  • When the transfer is necessary for the protection of the life or physical safety of the holder or a third party;
  • When the Brazilian National Data Protection Agency (ANPD) authorizes the transfer;
  • When the transfer is the result of a commitment made in an international
  • If you have given specific and prominent consent to the transfer, with prior information on the international nature of the operation, clearly distinguishing it from other purposes. 

The international transfer clause will follow the standard adopted and required by the Brazilian National Data Protection Agency (ANPD).

3. What rights do I have?

In addition to the rights set forth in the item IV of the Data Protection Note, the Data Subject of Personal data processed under Brazilian law have the right to

  • ownership of your personal data;
  • a guarantee of the fundamental rights of freedom, intimacy and privacy, in accordance with Brazilian legislation;
  • to be informed about any public or private entity with whom your data has eventually been shared. We are implementing your right to be informed, also through this notice, the content of which may be updated from time to time.
  • access to processed data and information about its processing;
  • portability of data to another service or product provider, upon express request, in accordance with the regulations of the Brazilian national authority, observing commercial and industrial secrets
  • erasure when consent is the legal basis for processing: please note that exceptions to this right might apply, namely, when the data is needed for (i) compliance with our legal or regulatory obligations; (ii) study by a research organization; (iii) transfer to third parties; (iv) use solely by the controller, as long as the data is anonymized;
  • actualization of your data;
  • anonymize, block or delete unnecessary or excessive personal data or data processed in noncompliance with data protection law;
  • review decisions made solely on the basis of automated processing of personal data affecting your interests, including decisions aimed at defining your personal, professional, consumer and credit profile or aspects of your personality;
  • lodge a complaint before ANPD (Autoridade Nacional de Proteção de Dados) against the data controller;
  • be informed of the possibility of not providing consent and the consequences thereof; and
  • object to processing carried out on the basis of one of the hypotheses for waiving consent, in the event of non-compliance with the provisions of Brazilian law.

To exercise any of your rights under the LGPD, you may contact our Data Protection Officer via the channels indicated at the Data Protection Note, indicating the legal basis of your complaint and/or request. We will respond to your request within the timeframes established by Brazilian law.

You can also lodge a complaint directly with the National Data Protection Agency (ANPD) via https://falabr.cgu.gov.br/web/manifestacao/criar?tipo=1&orgaoDestinatario=235884.

Canada

Please note 

  • Personal data may be processed or stored outside of Canada for purposes consistent with this Data Protection Notice. You acknowledge and agree that, as a result, the personal data that is processed or stored or accessed in other jurisdictions may be subject to the laws of those jurisdictions and may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in such other countries.

  • Under Canadian law, you have the right to

  • opt out of information handling practices that are not reasonably necessary to provide the services you’ve requested. You can exercise this right by contacting using the contact details set out in Sec. B.II.
  • be informed of the use by us of technology allowing us to profile, locate or identify you and of the means available to you to activate the functions that allow us to identify, locate or profile you.

  • While Audi AG takes the security of personal data seriously and uses industry standard security risks associated with transferring and processing personal data contemplated herein. However, no security or processes are fool proof. If personal data is accessed by third parties, it may lead to phishing attempts to get more information from you and/or identify theft.

     

  • For some of the services described in this Data Protection Notice, we use technology allowing us to locate your position. Please refer to the descriptions of the individual services in section D. Online Services for information on whether and to what extent we process location data for the provision of the respective service. To benefit from such technology and to use such services, you might have to first activate the required settings. Please find detailed information on how to activate/deactivate individual services in Sec. C.II. Privacy settings (Privacy Mode) and in your vehicle’s MMI.

     

Hongkong

In addition to your rights set out in Sec. B.IV.8, under the laws of Hong Kong, you may withdraw your consent to the use of your personal data.

In addition to your rights set out in Sec. B.IV.10.b, under the laws of Hong Kong, you will be informed at the time of the first communication with you in direct marketing without charge to you.

Japan

Please note regarding data transfers to third countries (Sec. B.VII.1 of this Data Protection Notice):

For transfer of data out of Japan please note that, to the extent recipients are located in EU member states and/or the UK, the Japanese government has recognized the adequacy of the EU’s and the UK’s personal data protection standards.

To the extent recipients are located in the U.S., please note the following additional information: 

  1. Information on the personal data protection system in the U.S. are published by the Personal Information Protection Commission JAPAN (https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/)
  2. Information on measures by the recipients to protect personal data: AUDI AG executes proper contracts with the recipients to adequately safeguard the protection of personal data at least the same level as required under the EU GDPR and the Act of Protection of Personal Information in Japan. 

Please note that you have, under Japanese law, the right to 

  • request information on purpose of use;
  • request access to your personal data and a record of provision to a third party;
  • request correction, addition or deletion;
  • request discontinuance of use or erasure; and
  • request explanations on data processing regarding the reasons for not taking the requested action.

Malaysia

Under the laws of Malaysia, you have the right to

  • request access to your personal data;
  • request correction of your personal data;
  • prevent processing likely to cause damage or distress; and
  • prevent processing for purposes of direct marketing.

Upon exercising your rights stated above in written form addressed to the contact details listed in section B.II., if you are dissatisfied with our response or we fail to provide a response within 21 days of receipt, you have the right to submit an application to the Personal Data Commissioner to require us to comply with your request. The application to the Per-sonal Data Commissioner can be made to the following address:

Commissioner of Personal Data Protection, 6 th Floor, KKMM Complex Lot 4G9, Persiaran Perdana, Presint 4 Federal Government Administrative Centre 62100 Putrajaya.

In the event of any inconsistencies between the English version and the Bahasa Malaysia version of this Data Protection Notice, the English version shall prevail.

Mexico

You have the right to:

  • access;
  • rectify;
  • cancel;
  • oppose; which gives you the right to object to your personal data being subject to automated processing that produces unwanted legal effects or significantly affects your interests, rights, or freedoms. This includes processing intended to evaluate, without human intervention, certain personal aspects such as your professional performance, economic situation, health status, sexual preferences, reliability, or behaviour.
  • limit the use or disclosure of your personal data which could result in including you in our exclusion list.
  • file data protection claim with the Secretary of Anticorruption and Good Governance;
  • request a reconsideration of a decision made via automated decision making in case you are of the opinion that the data processed in this context is (partly) incomplete or incorrect.

You may exercise any of your data protection rights by sending an email to: datenschutz@audi.de Will inform you of the decision made regarding the request within a maximum period of twenty (20) business days from the date the request is received. If the request is deemed appropriate, it will be carried out within fifteen (15) business  days from the date the response is communicated. These time periods may be extended once for an equal duration, provided the circumstances of the case justify such an extension.

The purposes disclosed in Section C.V. of this Privacy Notice that rely on the performance of a contract or the need to comply with legal obligations are considered Primary Purposes. These purposes are necessary for the provision of our services and to fulfill our legal and contractual obligations. For these purposes, your consent is not required as they are essential to our relationship and the services we provide.
Any other purposes disclosed in this Privacy Notice that rely on our legitimate interest are considered Secondary Purposes. These purposes are not necessary for compliance with legal or contractual obligations. We will only process your personal data for these Secondary Purposes with your consent.

You have the right to opt-out of the processing of your personal data for Secondary Purposes at any time. To exercise this right, please send a request to the following email address: datenschutz@audi.de.

Any changes or updates to this Privacy Notice will be communicated to data subjects through internal communication channels.

New Zealand

Under the laws of New Zealand, you have the right to

  • know what personal data is held;
  • request for personal data held and access the personal data;
  • rectification;
  • a response to your request within 20 working days, if you make a request for access to or rectification of your personal information. In limited circumstances, AUDI may extend this 20 working day time limit, but we must tell you the period of the extension and the reasons for the extension.
  • lodge a complaint with both AUDI and the Privacy Commissioner. However, it is a requirement that before you can complain to the Privacy Commissioner you must first raise your complaint with AUDI. If you are not satisfied with AUDI’s response or you do not receive a response, you can lodge a complaint to the Privacy Commissioner. In general, you should wait at least 30 working days for a response before contacting the Privacy Commissioner to lodge a complaint. Further details on how to make a complaint to the Privacy Commissioner are available on the Privacy Commissioner website at www.privac.org.nz.

Singapore

You have statutory rights as provided under Singapore's Personal Data Protection Act 2012, including the rights to

  • request access to your personal data;
  • request correction of your personal data; an
  • withdraw consent to the collection, use or disclosure of your personal data (where applicable), subject to any grounds for the collection, use or disclosure without your consent that are required or authorised under the Personal Data Protection Act 2012 or any other written law of Singapore.

South Africa

Personal information means information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person.

Under South African law, you have the right to

  • not have your personal data processed for the purposes of direct marketing by unsolicited electronic communication;
  • initiate civil proceedings;
  • be informed if your personal information has been compromised;
  • be informed, free of charge and before the information is included in a directory, should you be a subscriber to a printed or electronic directory;
  • lodge a complaint to the Information Regulator of South Africa by completing the complaint and sending it to POPIAComplaints@inforegulator.org.za. The complaint form is available at https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-PAIA-Form05-Reg10-1.pdf. 

For further information about your South African data privacy rights, please visit the website of the Information Regulator at https://inforegulator.org.za/.

Taiwan

You have the right to

  • make an inquiry of and to review your personal data;
  • request a copy of your personal data;
  • supplement or correct your personal data;
  • demand the cessation of the collection, processing or use of your personal data; and
  • erase your personal data.

United Arab Emirates (UAE)

Under the UAE Federal Data Protection Law (the “PPD”), you have the right to: 

  • request information about the types of personal data processed, purposes of processing, recipients, storage periods, correction/erasure procedures, and data protection measures.
  • obtain access to your personal data held by AUDI.
  • receive your personal data in a structured, machine-readable format and request transfer to another controller (where technically feasible).
  • request correction or completion of inaccurate or incomplete personal data.
  • request erasure of personal data in certain circumstances (e.g., data no longer needed, consent withdrawn, unlawful processing).
  • request restriction or suspension of processing in specific cases (e.g., contesting accuracy, unlawful processing, objection to processing).
  • object to processing of personal data in certain situations, including for direct marketing or statistical purposes.
  • withdraw previously given consent to processing at any time (without affecting prior lawful processing).
  • object to decisions based solely on automated processing, including profiling, that have legal or significant effects.
  • file a complaint with the UAE Data Office if you believe your data protection rights have been violated.
  • communicate directly with AUDI or the Data Protection Officer regarding your personal data and exercise of rights.

Legitimate interest is not recognized as a valid legal basis for the collection and processing of personal data under the PPD. Accordingly, in situations where AUDI would typically rely on legitimate interest or a balancing of interests to justify processing, an alternative legal basis would be required in the UAE.

Your personal data may only be transferred outside the UAE under specific conditions designed to protect your rights and privacy. Your data can be transferred to another country if that country has data protection laws that provide an adequate level of protection, as determined by the UAE Data Office, or if the UAE has entered into a relevant agreement with that country.

If your data needs to be transferred to a country without such protections, this can only occur if there are contractual safeguards in place to ensure your data is handled in accordance with UAE standards, if you have given your explicit consent, or if the transfer is necessary to fulfill a contract with you, protect your vital interests, comply with legal obligations, or serve the public interest.

You have the right to be informed about where your data is being sent, the safeguards in place, and to object or withdraw your consent to such transfers, except where the law provides otherwise. These mechanisms are in place to ensure that your personal data remains protected and that you retain control over how and where your information is processed, even when it leaves the UAE.

Annex 2 - Processor

Table
Category of the processorProcessor NameAddressPurpose of processing / purpose of transfer to a third country
Connect service and data categories
Country of data processing
Category of the processor
Service provider
Processor Name
HERE Global B.V.
Address
Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services D
Connect service and data categories
D.II.1
D.II.2
D.II.3
D.II.4
D.II.5
D.II.6
D.II.7
D.II.10
D.II.11
D.II.12
D.II.14
D.II.18
D.II.19
Country of data processing
Netherlands, Ireland
Category of the processor
Service provider
Processor Name
Valtech Mobility GmbH
Address
Marsstraße 46, 80335 Munich, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.II.4
D.II.6
D.II.7
D.II.11
D.II.15
Country of data processing
Germany
Category of the processor
VW Group company
Processor Name
CARIAD SE
Address
Major-Hirst-Straße 7, 38442 Wolfsburg, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
Cariad is a processor for all services
Country of data processing
Germany, Ireland
Category of the processor
Service provider
Processor Name
Parkopedia Limited
Address
1st Floor, Apex Yard, 29-35 Long Lane, London, SE1 4PL, UK
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services D
Connect service and data categories
D.II.8
Country of data processing
United Kingdom
Category of the processor
Service provider
Processor Name
e.solutions GmbH
Address
Despag-Straße 4a, 85055 Ingolstadt, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.II.2
D.II.12
D.II.14
D.II.16
D.II.18
D.II.19
Country of data processing
Germany
Category of the processor
Service provider
Processor Name
Cerence B.V.
Address
CBS Weg 11, 6412 EX Heerlen, Netherlands
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.II.19
Country of data processing
Netherlands, Ireland
Category of the processor
Service provider
Processor Name
Microsoft Ireland Operations Limited
Address
One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.II.3
Country of data processing
Ireland
Category of the processor
Service provider
Processor Name
Bosch Service Solutions GmbH
Address
Lahnstraße 34-40, 60326 Frankfurt am Main, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.IV.2
Country of data processing
Germany
Category of the processor
Service provider
Processor Name
Vodafone Automotive Telematics SA
Address
Via S. Franscini 10, 6850 Mendrisio, Switzerland
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.IV.6
Country of data processing
Switzerland
Category of the processor
Service provider
Processor Name
Vodafone GmbH
Address
Ferdinand-Braun-Platz 1, 40549 Düsseldorf, Germany
Purpose of processing / purpose of transfer to a third country
Verification and migration of the vehicle from the 2G/3G standard to an LTE-enabled account
Connect service and data categories
Vehicle master data and identification (vehicle identification data)
Country of data processing
Germany
Category of the processor
VW Group company
Processor Name
Volkswagen AG
Address
Berliner Ring 2, 38440 Wolfsburg, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.III.5.
D.V.1
D.VI.1.
Country of data processing
Germany
Category of the processor
VW Group company
Processor Name
Dr. Ing. h.c. Porsche AG
Address
Porschestraße 911, 71287 Weissach, Germany
Purpose of processing / purpose of transfer to a third country
Development and testing of products and services
Connect service and data categories
D.VI.1.
Country of data processing
Germany
Category of the processor
Service provider
Processor Name
Harman Becker Automotive Systems GmbH
Address
Becker-Göhring-Straße 1, 76307 Karlsbad, Germany
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.V.6
Country of data processing
Ireland
Category of the processor
Service provider
Processor Name
w.e.b. Wirth EDV Beratung OHG
Address
Jesuitenstraße 11, 85049 Ingolstadt, Germany
Purpose of processing / purpose of transfer to a third country
Development and testing of products and services
Connect service and data categories
D.IV.10.
Country of data processing
Germany
Category of the processor
VW Group company
Processor Name
SEAT:CODE (Metropolis Lab Barcelona S.A.)
Address
Carrer de Badajoz 97, Sant Marti, 08018 Barcelona, Spain
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.V.8.
Country of data processing
Spain
Category of the processor
VW Group company
Processor Name
Audi RED Inc.
Address
36 Distillery Lane Suite 300, Toronto, Ontario M5A 3C4, Canada
Purpose of processing / purpose of transfer to a third country
Provision of digital services, development and testing of products and services
Connect service and data categories
D.V.8.
Country of data processing
Canada

Annex 3 - Recipients as independent controllers

Table
Category of the recipientNameAddressPurpose of the processing by the recipient/purpose of the transfer to a third country
Categories of data transferred
With regard to the periods of use and retention and other recipients, see website with data protection notice
Country of processing
Category of the recipient
Service provider
Name
Google Ireland Ltd.
Address
Gordon House, Barrow Street, Dublin 4, Ireland
Purpose of the processing by the recipient/purpose of the transfer to a third country
Provision of digital services, development and testing of products and services
Categories of data transferred
Vehicle data: search queries, position data (GPS position; radius value)
With regard to the periods of use and retention and other recipients, see website with data protection notice
https://policies.google.com/privacy
Country of processing
EU27, USA
Category of the recipient
Service provider
Name
TomTom Germany GmbH & Co KG
Address
Am Neuen Horizont 1, 31177 Harsum, Germany
Purpose of the processing by the recipient/purpose of the transfer to a third country
Provision of digital services, development and testing of products and services
Categories of data transferred
Pseudonymized vehicle data: VIN, token, time stamp, position data (GPS position), direction of travel, speed
With regard to the periods of use and retention and other recipients, see website with data protection notice
https://www.tomtom.com/privacy
Country of processing
EU27, USA
Category of the recipient
Service provider
Name
Amazon Services LLC
Address
410 Terry Avenue N Seattle, WA 98109-5210 United States
Purpose of the processing by the recipient/purpose of the transfer to a third country
Provision of digital services, development and testing of products and services
Categories of data transferred
Login token
With regard to the periods of use and retention and other recipients, see website with data protection notice
https://aws.amazon.com/privacy/
Country of processing
Primarily in the country of data collection. Depending on the service, Amazon may also process the data in the EU27, the USA or other third countries
Category of the recipient
Service provider
Name
Amazon Europe Core S.à r.l.
Address
(Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg
Purpose of the processing by the recipient/purpose of the transfer to a third country
Provision of digital services, development and testing of products and services
Categories of data transferred
Login token
With regard to the periods of use and retention and other recipients, see website with data protection notice
https://www.amazon.com/privacy
Country of processing
Primarily in the country of data collection. Depending on the service, Amazon may also process the data in the EU27, the USA or other third countries
Category of the recipient
Service provider
Name
Cubic³ HQ
Address
The Hive, Carmanhall Road, Sandyford Business Park, Dublin D18 Y2C9, Ireland
Purpose of the processing by the recipient/purpose of the transfer to a third country
Provision of digital services, development and testing of products and services
Categories of data transferred
FIN in plain text
With regard to the periods of use and retention and other recipients, see website with data protection notice
https://www.cubic3.com/privacy-policy/
Country of processing
Ireland
back to top

© 2026 AUDI AG. All rights reserved

Notice: All consumption and emission values are based on the characteristics of the German market.

Loading..