NIO Logo Created with sketchtool.

Privacy Policy

NIO GMBH

PRIVACY POLICY ("PRIVACY POLICY")

Last updated: May 24, 2018

We take privacy issues very seriously at NIO GmbH, ("NIO", "we", "us", "our" or "ours") and we are fully committed to protecting your privacy. Please read this Privacy Policy carefully as it contains important information regarding how we collect, store, process, transfer, share and use your personal information.

Please note that any changes to the Privacy Policy will become effective as of the date of posting the revised policy.

Thank you for visiting http://www.nio.io/de_DE (the "Service") which is operated by NIO. For the purposes of EU data protection laws ("Data Protection Legislation"), NIO is data controller (i.e. the company who is responsible for, and controls the processing of, your personal data).

This Privacy Policy applies to information we collect and use about visitors to our Service. Please read this Privacy Policy carefully in order to understand our views and practices regarding your personal data and how we will treat it.

If you have questions or concerns regarding this Privacy Policy, you may contact us by emailing at: privacy.de@nio.com.

  1. COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
    1. We collect personal data about you when you voluntarily submit information directly to us when you access and use the Service. This can include information you provide to us when you e-mail us using the links on the Service, fill in a form, for example, our web-based recruiting tool, correspond with us via the Service, phone, email or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to surveys or use some other feature of the Service as available from time to time.
    2. If you do not provide such information, you may be unable to enjoy certain services, or the intended benefits of relevant services provided by us. You are also not required to provide your personal data in the case you are applying for a job with NIO. However, in such case, we will not be able to offer an employment.
    3. The table at Annex 1 sets out the categories of personal data we collect about you, how we use such information and how it is disclosed. The table also lists the legal basis which we rely on to process the personal data.
    4. We also automatically collect personal data about you indirectly, including about how you access and use the Service and information about the device you use to access the Service.
    5. The table at Annex 2 sets out the categories of personal data we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal data.
    6. We may link or combine the personal data we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
    7. We may anonymise and aggregate any of the personal data we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Service and developing new products and features. We may also share such anonymised information with others.
  2. DISCLOSURES OF YOUR PERSONAL DATA
    1. We may have to share your personal data with the following parties for the purposes set out as follows, as further detailed in Annex 1 and Annex 2:
      1. Service providers and advisors. Personal data may be disclosed to third party vendors and other service providers that perform services for us, on our behalf, which may include identifying and serving targeted advertisements (for example, on Facebook and Twitter), providing payment, mailing or email services, tax and accounting services, data enhancement services, fraud prevention services, web hosting, and/or analytic services.
      2. Purchasers and third parties in connection with a business transaction. Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
      3. Law enforcement, regulators and other parties for legal reasons. Personal data may be disclosed to third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to protect the security or integrity of the service; and/or (c) exercise or protect the rights, property, or personal safety of users of the Service or others.
  3. RETENTION PERIODS
    1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (as set out in paragraph 1 above, and in Annex 1 and Annex 2 below), including for the purpose of satisfying and legal, accounting, or reporting requirements.
    2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
    3. Personal data submitted by a job applicant who will not be made an offer will be immediately blocked following the decision of not making and offer and then deleted within a maximum period of 9 months with the exception of the name and the time of informing of the decision not to make an offer. This data is deleted after 7 years, unless you have given your consent separately and voluntarily.
    4. In some circumstances, you can ask us to delete your data: see paragraph 5.2.4 below for further information.
    5. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
  4. STORING AND TRANSFERRING YOUR PERSONAL DATA
    1. Security. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored on secure servers. All electronic transaction entered into via our Service will be protected by SSL encryption technology.
    2. International Transfers of your Personal Data. Your personal data may be transferred to, and processed and stored in, countries outside of the jurisdiction you are in where we and our third-party service providers or other NIO group entities have operations. If you are located in the European Economic Area ("EEA"), your personal data may be processed outside of the EEA, including, for example, in China (an "International Transfer"). Any International Transfers of your personal data are made either: (a) to a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission; (b) to a third party that is a member of a compliance scheme recognised as offering adequate protection for the rights and freedoms of data subjects as determined by the European Commission, such as the EU-U.S. Privacy Shield; or (c) pursuant to appropriate safeguards, such as the Standard Contractual Clauses (for transfers to processors) approved by European Commission Decision C(2010)593, the ones approved by the European Commission Decision C(2004) 5271) (for controller to controller data transfers) or any subsequent versions thereof released by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Policy.
    3. If you wish to enquire further about the safeguards used or if you would like to request a copy of these Model Contracts please contact: privacy.de@nio.com.
  5. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
    1. This section applies to you if you are located in the EEA.
    2. In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
      1. Right of access. You have the right to obtain:
        1. confirmation of whether, and where, we are processing your personal information;
        2. information about the categories of personal information that we are processing, the purposes for which we process your personal information, and information as to how we determine applicable retention periods;
        3. information about the categories of recipients with whom we may share your personal information; and
        4. a copy of the personal information we hold about you.
      2. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
      3. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information that we hold about you without undue delay.
      4. Right to erasure. You have the right, in some circumstances, to require use to erase your personal information without undue delay, if the continued processing of that personal information is not justified.
      5. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
      6. Right of objection. You have a right to object to processing of your personal information, based on legitimate interests and direct marketing.
    3. If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.
    4. You also have the right to lodge a complaint to

      Bayerisches Landesamt für Datenschutzaufsicht
      Hausanschrift
      Promenade 27 (Schloss)
      91522 Ansbach
      Deutschland

      Postanschrift
      Postfach 606
      91511 Ansbach
      Deutschland

      Telefon: +49 (0) 981 53 1300
      Telefax: +49 (0) 981 53 98 1300
      E-Mail: poststelle@lda.bayern.de
  6. COOKIES AND SIMILAR TECHNOLOGIES
    1. The Service uses cookies and similar technologies to distinguish you from other users of the Service. This helps us to provide you with a good experience when you browse the Service and also allows us to improve the Service.
    2. Cookies are pieces of code that allow for personalisation of the Service experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your device's hard disk (such as your computer or smartphone) for record-keeping purposes.
    3. We use the following types of cookies:
      1. Strictly necessary cookies. These are cookies that are required for the essential operation of the Service such as to authenticate users and prevent fraudulent use.
      2. Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around the Service when they are using it. This helps us to improve the way the Service works, for example, by ensuring that users are finding what they are looking for easily. If you have given your consent, Google Analytics, a web analysis service of Google Inc. is used on this website. The use includes the Universal Analytics operating mode. This service permits to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and to analyse user's activities across devices. Google Analytics uses cookies which are text files placed on your computer, to help the website analyse how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server.
      3. Functionality cookies. These are used to recognise you when you return to the Service. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
      4. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
      5. Third party cookies. Please be aware that advertisers and other third parties may use their own cookies tags when you click on an advertisement or link on our website. These third parties are responsible for setting out their own cookie and privacy policies.
    4. The cookies we use are designed to help you get the most from the Service but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of the Service. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
      1. https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
        https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
        https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
        https://support.apple.com/kb/ph21411?locale=en_US
    5. We participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your online browsing history and your interests. To do this, we or our advertising partners may collect information about how you use or connect to our Service, or the types of other websites, social media services, content and ads that you (or others using your device) visit or view or connect to our Service. Typically, this information is collected through cookies and similar tracking technologies.
    6. If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):
      1. Your Online Choices (http://www.youronlinechoices.com/)
      2. Network Advertising Initiative (http://www.networkadvertising.org/)
      3. Digital Advertising Alliance (http://www.aboutads.info/consumers)
    7. We also use clear gifs in HTML-based emails sent to our Customers to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Service. You can set your e-mail options to prevent the automatic downloading of images that may contain these technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
    8. If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or the Network Advertising Initiative's online sources at www.networkadvertising.org.
  7. LINKS TO THIRD PARTY SITES
    The Service may, from time to time, contain links to and from third party services. If you follow a link to any of these services, please note that these services have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those services.
  8. CHANGES TO THIS POLICY
    We evaluate our privacy policies and procedures to implement improvements and refinements from time to time. Accordingly, we may update this Privacy Policy from time to time, and so you should review this page periodically. If we make material changes to this Privacy Policy, we will update the "last updated" data at the start of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.
  9. NOTICE TO YOU
    If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Service. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.
  10. DATA PROTECTION OFFICER
    We have appointed a Data Protection Officer which can be contacted at privacy.de@nio.com.
  11. CONTACTING US
    If you have any questions about this Privacy Policy, please feel free to contact us privacy.de@nio.com.
Category of personal information How we use it Legal basis for the processing
Contact information and basic personal details such as your first name, last name, telephone number and email address. We may use this information to communicate with you and to deal with enquiries and complaints made by or about you relating to the Service. The processing is necessary for:
  • • the performance of a contract and to take steps prior to entering into a contract; and
  • • our legitimate interests, namely administering the Service, for marketing purposes and communicating with users.
We use this information to operate, maintain and provide to you the features of the Service. The processing is necessary for:
  • • the performance of a contract and to take steps prior to entering into a contract; and
  • • our legitimate interests, namely administering the Service, for marketing purposes and communicating with users.
Job applicant data such as the contact information and basic personal data as listed above and information on our CV including previous jobs. We use your information for the purpose of determining whether we want to make you and offer, and if so, of administering the employment relationship with you. As NIO is part of the multinational NIO Group, we may share some of your information with other group members including those located outside the European UNIOn. The processing is necessary for:
  • • the preparation and administration of an employment relationship, and
  • • our legitimate interests, namely legal defense.

ANNEX 2 - PERSONAL INFORMATION COLLECTED AUTOMATICALLY

Category of personal information How we use it Legal basis for the processing
Information about how you access and use the Service including, for example, how frequently you access the Service, the time you access the Service and how long you use the Service for, whether you access the Service from multiple devices, the website from which you came and the website to which you go when you leave the Service, and other actions you take on the Service. We use this information to present the Service to you. The processing is necessary for our legitimate interests, namely to tailor the Service to the user and improve the Service generally.
We use this information to administer the Service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints, and concerns, and for developing and improving the Service.
We use this information to detect and prevent fraud and IT security threats. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and IT security threats.
Information about your device including information about your computer, tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Service through the device, your Internet service provider or mobile network and your IP address. We use this information to present the Service to you. The processing is necessary for our legitimate interests, namely to tailor the Service to the user and improve the Service generally.
We use this information to administer the Service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints, and concerns, and for developing and improving the Service.
We use this information to detect and prevent fraud and IT security threats. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and IT security threats.