Information on the processing of personal data

valid from 1 May 2021

 


This data protection notice is provided by the VST/F Language Services department as the language services provider for the Volkswagen Passenger Cars brand (hereinafter “we” or “us”) to inform you as to how we process your personal data.

Personal data is all information that refers to you, in particular regarding your person (incl. name, contact information) and your job.

The specific data we process and how we use it depends primarily on the services agreed in the relevant instance. For this reason, not all parts of this information will be relevant to you.

1. Name and contact information of the administrator

Volkswagen AG
Berliner Ring 2
38436 Wolfsburg


2. Your contact

Contact person for exercising your rights

The contact person for exercising your rights and for further information can be found on the following website:
https://datenschutz.volkswagen.de

Data protection officer

If you have any data protection concerns, please contact our data protection officer:

Data Protection Officer, Volkswagen AG

Berliner Ring 2, 38440 Wolfsburg

https://datenschutz@volkswagen.de

3. Data categories and purposes for which personal data are to be processed, as well as the legal basis for processing
3.1. We process the following personal data

We process the personal data of interpreting and translation service providers. Data that we gather from you when you submit an application to the application pool and that we use to maintain the entire business relationship (from initiation to processing to the termination of a contract), in particular personal data relating to interpreters or your employees in certain functions (for example quality management officers) incl. name, contact information; especially and exclusively for the purpose of accreditation of interpreters and with their explicit consent: photo, copy of passport, car registration number;

  • In addition to this, we also collect the following from translation service providers:
  • professional contact and (work) organisation data (internal/external) such as surname, first name, email address, telephone number, company
  • IT user data such as user ID and roles/rights

3.2. We process personal data for the following purposes

The data that we collect from you when you submit an application to the application pool and that we use to maintain the entire business relationship (from initiation to processing to the termination of a contract) is processed by us for the purposes of preparing and implementing the business relationship;

  • in order to enable communication between yourself and ourself (for example sharing information about jobs, targets, and common activities, for convening discussions, and for providing support in the form of advice and information)
  • in order to fulfil our other duties as a language services provider (for example by carrying out quality assessments and audits, advising project managers / translators / editors / interpreters, checks to ensure compliance with scheduled due dates, assembling teams of interpreters).

3.3. Our data processing is founded on the following legal basis

The legal basis for the processing of personal data relating to your person or your work is Article 6.1.1.b of the General Data Protection Regulation (2016/679) or GDPR, which allows for data processing for the fulfilment of a contract. The contractual obligations are largely detailed in the current version of the framework agreement including the annexes thereof or in the framework contract (AZ order center).

The legal basis for processing is also Article 6.1.1.f of the GDPR, which allows for processing for the safeguarding of our legitimate interests, provided this is required and does not override your interests or fundamental rights and freedoms. Legitimate interests in this context include in particular the processing of data by us in order to carry out the organisational duties assigned to us, for example in order to provide you with information.

4. Passing on personal data to recipients or categories of recipients

We pass your personal data on to third parties as part of order processing contracts in order to receive support in fulfilling certain organisational tasks.

For example, external service providers assist with order management, the commissioning of evaluations of translation quality in accordance with SAE standard J2450, conducting events, maintenance and support services, and the destruction of files and data carriers. All of the companies used in this context are registered in Germany.

In addition to these, third parties based in Germany come into contact with your data when using various project management software. The use of this software is also based on an order processing contract.

4.1. Project management software: Plunet Business Manager and SDL Trados GroupShare

We use Plunet BusinessManager and SDL Trados GroupShare among others as project management software.

The changes regarding data protection and security are based on the new EU General Data Protection Regulation. The new regulation, which came into full effect on 25 May 2018 after a two-year transition period, affects all persons within the European Union as well as companies that do business with EU citizens. Overall, the security of personal data has been bolstered by the expansion of the obligation to inform, data mining and deletion. Convenience functions have been introduced that save users from having to laboriously enter the data manually. These include the following points in Plunet BusinessManager:

  • If new contacts are to be created in future, the persons in question must be informed. This is done via an email template that is automatically sent as soon as a new contact is created in Plunet BusinessManager. The location of the contact created can also be provided if desired. In this way, the registration process, known as opt-in, can be traced.
  • Users have the right to request that their data be deleted at any time. Plunet also checks whether there are retention periods for individual translation projects. For open projects still within the retention period, the visibility of the contact is automatically limited until the contact can be deleted following the expiration of the retention period.

In terms of the security aspect, the following changes have been implemented for users:

  • Optional two-factor authentication ensures increased security during the login both for internal and external employees as well as for in-house customers.
  • Password protection has been improved. If a password has been forgotten, a captcha must be entered to be able to request a new password.
  • Regular penetration tests conducted by external specialists ensure that the customer data remain secure.

Plunet BusinessManager also has a number of user rights that can be summarised in rights groups. This ensures that users are assigned only those rights that are required for carrying out their work.

5. Duration of storage/criteria for determining the duration

The duration for which the personal data is saved and stored is based on the respective processing purposes. The criteria for determining the respective storage period in specific individual cases are as follows:

  • Insofar as we process the data for the purpose of carrying out our business activities, we will store the data for the duration of the business relationship between ourself and yourself;
  • Insofar as we process the data within the context of anticipated court proceedings, we will store the data until the legal proceedings are finally concluded or until the statute of limitations for the specific claims comes into effect according to the relevant regulations pertaining to civil law; in the case of a regular statute of limitations, the storage period is generally three years;
  • Insofar as we require the data for bookkeeping purposes, the storage period is based on the legal regulatory provisions for the retention of documents; the storage period is generally between six and ten years.

Additionally, we store your data in accordance with the retention and documentation obligations stipulated by law.

6. Use of cookies

Volkswagen AG uses various cookies on its websites. Cookies are small files containing configuration information that are saved to your device. Cookies can essentially be divided into 3 categories. There are cookies that are essential for the functionality of the website (referred to as functional cookies), cookies that increase convenience when visiting a website and save, for example, your language settings (referred to as convenience cookies), and cookies on the basis of which a pseudonymised user profile is created (referred to as tracking cookies). In Plunet BusinessManager only session cookie are used.

While you are active on a website, a session cookie is temporarily stored on your computer in the form of a session ID, for example, to store a session cookie. This is done, for example, to ensure that you don't have to log in again each time you access the website. Session cookies are deleted when you log off, or cease to be valid as soon as your session has automatically expired.

7. Rights of the data subject

You may exercise the following rights vis-à-vis Volkswagen AG at any time without cost. You can obtain further information about exercising your rights at the following website: https://datenschutz.volkswagen.de

You may exercise the following rights vis-à-vis Volkswagen AG at any time without cost. Further information on asserting your rights can be found in section D.

Right to information: You have the right to obtain information from us about how your personal data is processed.

Right to rectification: You have the right to request that we rectify any of your personal data that may be inaccurate or incomplete.

Right to deletion: You have the right to have your data deleted if the conditions set out in Article 17 of the GDPR are met. For example, you may ask for your data to be deleted if it is no longer necessary for the purposes for which it was collected. You may also ask for your data to be erased if we process your data based on your consent and you withdraw that consent.

Right to restriction of processing: You have the right to ask for a restriction of the processing of your data if the conditions set out in Article 18 of the GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can then demand a restriction of the processing for the period it takes to verify the accuracy of the data.

Right to object: You have the right to object to the processing of your data if the processing is based on an overriding interest or if your data is used for the purpose of direct marketing. An objection is admissible if processing is performed in the public interest or in the exercise of official authority, or if it is performed for a legitimate interest of Volkswagen AG or of a third party. If you object to the processing of your data, please notify us of the grounds for your objection. You also have the right to object to data processing for the purposes of direct marketing. The same applies to profiling, insofar as it is related to direct marketing.

Right of data transferability: You have the right to receive your data in a structured, commonly used and machine-readable format and to transfer this data to another data processor, provided that data processing is based on consent or contract fulfilment and that automated processing methods are used.

Right to withdraw consent: If the data processing is based on consent, you have the right to withdraw your consent to the data processing with effect for the future at any time, free of charge.

Right of complaint: You also have the right to lodge a complaint about our processing of your data with a supervisory authority (such as the Data Protection Commissioner for the State of Lower Saxony [Landesbeauftragte für den Datenschutz Niedersachsen]).

Site notice
Volkswagen AG
VST/F Language Services
Brieffach 8087
38436 Wolfsburg
Version dated May 2021