Privacy policy for use of EPIS (Electronics Parts Information System) – China Security Law (V1.0)
1: Responsible Party and Contact
This Statement is made in order to ensure adequate protection of personal information under the Cyber Security Law and other applicable laws and regulations of the People’s Republic of China. We, Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany will protect your personal information following the principles of fairness and lawfulness, definite purpose of data processing, proportionality, transparency, consent, security etc. as defined in applicable laws and regulations and our internal policy. We will have in place appropriate technical and organizational security measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
If you have any questions or concerns about our Privacy Statement or if you would like to make a complaint about a possible breach of relevant laws and regulations, please contact us through datenschutz@volkswagen.de.
2: Scope and Collection of Personal Information
The following personal information of yours will be collected by Volkswagen AG (hereinafter “We”), Berliner Ring 2, 38440 Wolfsburg
IT usage data as user ID and professional contact and organizational data such as the surname and first name, business telephone number and business email address as well as the department code.
3: Purposes of processing the personal Information
The legitimate interest of Volkswagen AG is to quickly identify the contact person for corresponding part numbers in order to be able to answer queries and thus ensure the satisfaction of dealers and customers.
The personal data can be viewed and, if necessary, changed by the user concerned. Only professional contact details and IT usage data of the persons concerned are processed. In terms of organization, when a user application is made there is always a multi-stage procedure for user authorization, so that only those users who must have access are authorized. This keeps the number of users as small as possible.
4: Retention periods
We will collect, process, store, and use personal information for maximally 30 years according to applicable laws and regulations in P.R. C.
Users’ data is managed and saved by an administrator when a user account is created. If a user no longer requires access to EPIS, that access is blocked within a month of confirmation that EPIS is no longer required.
In principle, the personal data we collect and generate in the territory of the People’s Republic of China will be stored within the Federal Republic of Germany.
For queries and the obligation to provide evidence, and in the case of unclear vehicle part identification, it is necessary to save the assignment to vehicle parts of the technically responsible editor. Storage takes place from the assignment of the technically responsible editor to specific vehicle parts. This assignment remains saved for 30 years. This assignment is visible to all EPIS users, which means also to authorized EPIS users who access EPIS from outside of the People’s Republic of China.
5: Sharing, Transfer and Disclosure of Personal Information
Further, in order to carry out the required technical dialogue the System users have access to your personal data. System users refer to the users from other companies within VW Group.
Also the Service provider, the contractor LexCom Informationssysteme GmbH, which is responsible for the EPIS system have got access to your personal data for the purposes of technical support and further development.
Other companies within VW Group: Volkswagen Group of America, Volkswagen de Mexico S.A. de C.V.; Volkswagen do Brasil Ltda.; Volkswagen Argentina S.A.; Volkswagen of South Africa (Pty.) Ldt.; MAN Latin Ame-rica Indústria e Comércio de Veículos Ltda.; Bugatti Automobiles S.A.S.; Bentley Motors Limited; Automobili Lamborghini S.p.A.; Porsche AG, Audi AG, Seat S.A.; Skoda Auto a.s.; FAW-Volkswagen Automotive Co., Ltd.; Shanghai Volkswagen Automotive Co., Ltd.; Volkswagen Group Services GmbH, OOO Volkswagen Group Rus.
Transfer
Unless otherwise stipulated as above, we will not transfer your personal data to any company, organization, or individual except under the following circumstances:
a) Transfer with explicit consent: after acquiring your explicit consent, we will transfer your personal data to other parties;
b) When the transfer of personal data is involved in a(n) merger, acquisition or bankruptcy liquidation, we will require the new company or organization to which your personal data is transferred to continue to be bound by this personal data Protection Policy, otherwise we will require the new company or organization to seek your consent again.
Public Disclosure
We will only publicly disclose your personal data under the following circumstances:
a) After we obtain your explicit consent;
b) Statutory disclosure: we might publicly disclose your personal data as stipulated by laws, regulations or the mandatory requirements of government agencies.
6: Information and Data Security
Data security is our highly concerned matter. However, if information is sent over the network, the security of the data cannot be completely guaranteed. We will manage and safeguard your personal information, and use technical and organizational security measures, which are in line with widely recognized industry standard to prevent your personal information from loss, theft or falsification.
In the case of an unfortunate personal data security incident, we will, in a timely manner and in accordance with laws and regulations, inform you of the basic conditions and possible impacts of the security incident, response measures that are already taken or to be taken by us, suggestions for you regarding self-prevention and risk mitigation, our remedial measures for you, etc. We will inform you of such information by email, telephone, push notification, etc., and when it is difficult to notify each personal data subject individually, we will properly and effectively issue a public notice. At the same time, we will also take the initiative to report the handling of personal data security incidents in accordance with regulatory requirements.
The EPIS System is certified by VW as confidential and fulfills the security requests of Volkswagen.
7: Customer Rights
You have rights to access, correct, delete your personal information, change the scope of your authorization, withdraw your authorization or cancel your accounts through contact channels. Please contact us through k-vo-gl.epis-admin.vwag.r.ks@volkswagen.de
We will respond in 30 days. We will not charge you for your reasonable requests in principle. However, a fee to reflect the cost will be imposed as appropriate on repeated requests beyond reasonable scope. As for repeated requests that are groundless and need excessive technological means (e.g. developing a new system or fundamentally changing the current practices) to fulfill, bring about risks to others’ legitimate rights and interests or are downright impractical (e.g. involving information stored on a backup disk), we might reject.
We will not be able to respond to your request under the following circumstances:
1) Related to our compliance with the obligations under the laws and regulations;
2) Directly related to national security or defense security;
3) Directly related to public security, public health or major public interests;
4) Directly related to criminal investigations, prosecutions, trials and enforcement of court decisions, etc.;
5) We have sufficient proof that you have subjective malice or abuse of rights;
6) For the purpose of safeguarding your life, property and other important legal rights and interests or those of other individuals but it is difficult to obtain consent;
7) Responding to your request will cause serious harm to your legitimate rights and interests, or those of other individuals or organizations.
8) Involving trade secrets.
8: Cookies or similar technologies
No cookies or similar technologies are used.
9: General Information
Volkswagen AG, Berliner Ring 2, 38440 Wolfsburg, Germany will not send commercial information to you or conducting customer satisfaction survey by contacting you through your provided contact information. We will not be responsible for any damages caused by internet / server failure or damages caused by your own error while providing such information or other circumstances which we and/or the Authorized third party receiver could not foresee proven or overcome. We will inform you and obtain your consent again if any of the abovementioned condition has substantially changed.
Please Note: We will not be responsible for any damages caused by internet / server failure or damages caused by your own error while providing such information or other circumstances which we and/or the authorized third party receiver could not foresee proven or overcome.
10: Privacy Questions
We may update the Personal Information Privacy Statement. When we post changes to this Statement, we will revise the update date at the top of this Statement and we will post the updated Statement on our websites. We will inform you about changes within a reasonable time.
EPIS(电子零部件信息系统)使用私隐政策 – 中国安全法 (V1.0)
1: 责任方及联系人
为确保个人信息受到《中华人民共和国网络安全法》及其他适用法律法规的充分保护,特制定本声明。我们,大众集团(Volkswagen AG),地址:Berliner Ring 2, 38440 Wolfsburg, Germany)将根据适用的法律法规和我们内部政策的规定,本着公平合法原则、数据处理之明确目的、相称性、透明度、同意、安全等原则保护您的个人信息。我们会采取适当的技术及组织安全措施,保障个人数据不会因意外或非法破坏或意外丢失、更改、未经授权的披露或访问而受到损害。
如果您对我们的私隐声明有任何问题或疑虑,或者想就可能违反相关法律法规的行为进行投诉,请通过以下方式联系我们datenschutz@volkswagen.de
2: 个人信息的范围和收集
大众集团(Volkswagen AG,以下简称“我们”,地址:Berliner Ring 2, 38440 Wolfsburg)将收集您的以下个人信息:
作为用户 ID 的 IT 使用数据、工作联系方式和企业数据,例如姓氏和名字、公司电话号码、公司电子邮件地以及部门代码。
3: 处理个人信息的目的
大众集团(Volkswagen AG)的合法目的是快速确定相应零部件号的联系人,以便能够回答质询,从而确保经销商和客户满意。
有关用户可以查看并在必要时更改个人数据。只可处理相关人士的专业联系方式及 IT 使用数据。从组织的角度看,在创建用户应用程序时,始终有一个多阶段用户授权过程,因此只有那些具备访问权限的用户才能获得授权。这样就可以保证尽可能少的用户数量。
4: 保存期限
根据中华人民共和国相关法律和法规,我们收集、处理、存储和使用个人信息的最长期限不超过 30 年。
在创建用户帐户后,用户的数据由管理员管理和保存。如果用户不再需要访问 EPIS,在确认不再需要 EPIS 后一个月内,该访问将被阻止。
原则上,我们在中华人民共和国境内收集和产生的个人数据将存储在德国境内。
对于查询和提供证据的义务,以及无法识别车辆零部件的情况,有必要保留技术责任编辑的车辆零部件分配。存储从技术责任编辑分配到特定的车辆零部件。此分配将被保存 30 年。此分配对所有 EPIS 用户可见,即从中国境外访问 EPIS 的授权 EPIS 用户也可以看到。
5:个人信息的共享、传输和披露
此外,为了开展必要的技术对话,系统用户可以访问您的个人数据。系统用户是指大众集团内其他公司的用户。
此外,服务提供商、负责 EPIS 系统的承包商 LexCom Informationssysteme GmbH 也可以访问您的个人数据,以便提供技术支持和进一步开发。
大众集团内的其他公司:Volkswagen Group of America, Volkswagen de Mexico S.A. de C.V.;Volkswagen do Brasil Ltda.;Volkswagen Argentina S.A.;Volkswagen of South Africa (Pty.) Ldt.;MAN Latin Ame-rica Indústria e Comércio de Veículos Ltda.;Bugatti Automobiles S.A.S.;Bentley Motors Limited;Automobili Lamborghini S.p.A.;Porsche AG, Audi AG, Seat S.A.;Skoda Auto a.s.;一汽-大众汽车有限公司;上汽大众汽车有限公司;Volkswagen Group Services GmbH, OOO Volkswagen Group Rus。
传输
除非上述另有规定,否则我们不会将您的个人数据传输给任何公司、组织或个人,但以下情况除外:
A) 明确同意的传输:在获得您的明确同意后,我们会将您的个人数据传输给其他方;
B) 如果个人数据的传输涉及合并、收购或破产清算,我们需要传输您的个人数据的新公司或组织继续遵守此个人数据保护政策,否则我们需要新公司或组织再次征询您的同意。
公开披露:
我们只会在以下情况下公开披露您的个人数据:
A) 获得您的明确同意后;
B) 法定披露:我们可能会根据法律、法规或政府机构的强制性要求公开披露您的个人数据。
6:信息和数据安全
我们高度重视数据安全。但是,如果信息通过网络发送,数据的安全性就无法得到完全保证。我们将管理和保护您的个人信息,并采用符合公认行业标准的技术和组织安全措施,防止您的个人信息丢失、被盗或伪造。
如果出现不幸的个人数据安全事件,我们将及时依照法律法规,通知您基本的条件和安全事件的可能影响,已经采取或我们将要采取的响应措施,关于自我防范和降低风险的建议,我们为您提供的补救措施等。我们将通过电子邮件、电话、推送通知等方式告知您这些信息;当难以逐一通知个人数据当事人时,我们将适当而有效地发出公告。同时,我们也会按照监管要求,主动上报个人数据安全事件的处理情况。
EPIS 系统获大众集团认证为保密系统,满足大众集团的安全要求。
7:客户权利
您有权通过联系渠道访问、更正、删除您的个人信息、更改您的授权范围、撤销您的授权或注销您的账户。如需联系我们,请发送邮件至k-vo-gl.epis-admin.vwag.r.ks@volkswagen.de
我们将在 30 天内答复您。对于您的合理要求,我们原则上不向您收取费用。但是,对于超出合理范围的重复请求,我们将酌情收取一定的费用,以体现成本。对于毫无根据、需要使用过多技术手段(如开发新系统或从根本上改变现有做法)来实现、给他人合法权益带来风险或完全不切实际的重复请求(如涉及存储在备份盘上的信息),我们可能会拒绝。
对于下列情况,我们将无法答复您的请求:
1) 与我们遵守的法律和法规规定的义务有关的事项;
2) 直接关系国家安全、国防安全;
3) 直接关系公共安全、公共卫生或重大公共利益;
4) 直接关系刑事调查、刑事起诉、审判和法院判决执行;
5) 我们有充分证据证明您有主观恶意或滥用权利;
6) 以维护您或者他人的生命、财产等重要合法权益为目的,但难以取得同意;
7) 答复您的请求将会严重损害您的合法权益,或损害其他个人或组织的合法权益。
8) 涉及商业机密。
8:Cookie 或类似技术
未使用 Cookie 或类似技术。
9:一般信息
大众集团(Volkswagen AG,地址:Berliner Ring 2, 38440 Wolfsburg Germany)不会通过您提供的联系方式向您发送商业信息或进行客户满意度调查。对于因互联网/服务器故障或您提供此等信息时的自身错误或其他我们和/或授权第三方接收方无法预见、证实或克服的情况而导致的任何损害,我们概不负责。如上述条件出现任何重大变更,我们将通知您并再次获得您的同意。
请注意:对于由于互联网/服务器故障或您提供此等信息时的自身错误或其他我们和/或授权第三方接收方无法预见、证实或克服的情况而导致的任何损害,我们概不负责。
10:隐私问题
我们可能会更新个人信息私隐声明。当我们发布本声明的变更时,我们将在本声明顶部修改更新日期,并在我们的网站上发布更新后的声明。我们会在合理的时间内通知您此类变更。