Article version 2024.267.0

Volvo Cars App Privacy Notice

Effective from:

Published at:

This document describes how Volvo Cars (as defined below), and sometimes other entities, processes your personal data when you use the Volvo Cars mobile application (hereinafter “Volvo Cars App”), that keeps you connected to your Volvo vehicle.

The Volvo Cars app has several functionalities, which entail different types of personal data processing, as we will explain below. Depending on your market and the type of subscription you have, these functionalities can be grouped as follows:

  • The Volvo Cars services – this includes the aspects mentioned under sections 2.1 (When you use the Volvo Cars App), 2.2 (The Volvo Cars remote vehicle services), 2.3 (Driving Journal), 2.4 (Charging), 2.5 (Car sharing with Guest functionality), 2.6 (App Analytics), 2.7 (Research and development), 2.8 (Your subscription for the Volvo Cars App) below.
  • Value added services, provided in collaboration with retailers – such as Digital Service Booking (section 2.11) and Volvo Valet (section 2.12).

You can find below:

1. Who is responsible for the processing of your personal data

The responsibility for the processing of your personal data in the Volvo Cars App is divided according to below:

  • The entity responsible for the main processing of personal data in relation to The Volvo Cars remote vehicle services, Driving Journal, Car sharing with Guest functionality, App Analytics, as well as Research and development, is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31, Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as “Volvo Cars”.
  • The entity responsible for the processing of personal data when you get in touch with us as well as for Marketing communications is Volvo Car Brasil Importação e Comércio de Veículos Ltda., having its registered office at Rua Surubim, 577 10º Andar, São Paulo, BRA 04571-050, hereinafter referred to as “National Sales Company”.
  • The retailer services booked through the Volvo Cars App (Digital service booking and Volvo Valet), are jointly performed as joint controllers by Volvo Cars, the National Sales Company, and the Volvo Cars retailer where you request the retailer service (hereinafter “Volvo retailer” or “retailer”).

2. Personal data collected, why and for how long

As mentioned previously, Volvo Cars App comes with a number of different functions depending on your car model and your market – some of the functions described below might not be applicable for you.

2.1 When you use the Volvo Cars App

When you use the Volvo Cars App, we automatically collect data about your use of the Volvo Cars App in order to monitor its functioning and undertake troubleshooting measures when necessary. In order to do this, we use information such as device information (e.g., device manufacturer, app installation ID), general vehicle information (e.g., vehicle model and type, year, user country) and usage data (e.g., clicks, views and potential issues or errors). This processing is necessary for our legitimate interest to provide you with a secure and functioning Volvo Cars App. The information used for this purpose is retained for 30 days from collection.

2.2 The Volvo Cars remote vehicle services

We collect identifiers (such as your first and last name, phone number, Volvo ID (e-mail address), vehicle identification number - “VIN”, unique device identifier, and push notification token) and purchase history (ownership period, any subscription services in which you are enrolled, and the model and year of your vehicle and corresponding vehicle specifications).

We use this information to provide the Volvo Cars remote vehicle services, such as the ability to control your vehicle remotely (e.g. pre-climatisation, unlock/lock doors, remote start/stop of engine, current outside temperature, receive theft alarm notifications), viewing the status of your vehicle (e.g. fuel level, windshield washer fluid levels, brake fluid levels, door lock status, tire pressure or maintenance warnings, battery status, or other vehicle status indicators).

We also use this information to send push notifications within the Volvo Cars App related to upcoming maintenance and service reminders for your vehicle. For hybrid and full electric cars, we store charging location to be able to offer a convenient way to schedule the charging. We collect your vehicle location information as well as, if you allow this, location of your mobile device, for you to use the map functionalities in the Volvo Cars App, and to show you your position relative to your Volvo on the map.

Wherever you are not asked specifically whether you agree to any data processing, the reason why we process this data is in order to perform our contract with you (Art. 6.1. (b) GDPR).

If, through your mobile settings, you grant us access to your location data, calendars and contacts, we will process this data to supply an easy way for you to send location of a point of interest from your phone to the car based on your contact list, calendars events or search results. The legal basis for this processing is your consent (Art. 6.1.(a) GDPR).

When your Volvo Cars subscription comes to an end, the details linked with this service, including your personal information, will be deleted after ninety (90) days. Note that the Volvo Cars subscription follows the car, therefore if there is a change of ownership you as a seller are responsible to disconnect your car from the app and get your data deleted. This also applies for registered primary driver in case of car lease. Follow this link for instructions.

2.3 Driving Journal

The Volvo Cars App allows you to choose to log your driving journal. This may be useful to you if, for example, you expense mileage. The Driving Journal must be activated by you, otherwise it stays inactive and the data is not collected.

If you do activate the Driving Journal, we collect your identifiers (such as first and last name, phone number, E-mail address, and VIN) and collect your vehicle location information automatically through your vehicle telematics (start and stop, or continuously depending on type of car as described below) to identify each trip including trip related information (time, distance, fuel and/or electricity consumption, electricity generation if hybrid) and mileage. For petrol and diesel cars, the driving journal only contains the start and finish positions of each driving cycle. However, if you have a hybrid/twin engine model, the driving journal also includes information about your routes.

We process this data based on your consent (Art. 6.1.(a) GDPR).

As a rule, the Driving Journal data is stored for 100 days. In special situations, such as cars benefiting from the , the Driving Journal data is stored for 500 days.

You can at any time deactivate the Driving Journal, and in this case the data will stop being collected. This does not however automatically trigger the deletion of the previously collected information.

2.4 Charging

2.4.1 Public charging

2.4.2 Plug & Charge

Plug & Charge allows you to charge at a public charger without using an app, RFID or card. Compatible charging stations can identify your vehicle and verify your charging contract without any manual input, which means that you can start charging by just plugging in the cable.

When you use Plug & Charge, we process the following personal data:

  • VIN;
  • PCID (Provisioning Certificate ID); and
  • Contract certificate.

The processing of your personal data in relation to Plug & Charge is necessary for the performance of our agreement with you.

We will retain the aforementioned data until the contract certificate is removed from the vehicle.

2.5 Car sharing with Guest functionality

When using the car sharing with Guest functionality available through the Volvo Cars App, Volvo Cars processes the following personal data:

  1. Your and your guest’s Volvo ID - for identification and to make it possible to save your individual settings separately.
  2. Your and your guest’s mobile phone number - to send invitations to guests through SMS.
  3. Car model, model year, car color, license plate and location of the car to make it easier for the Guest to find the car.
  4. Car door lock status - to open and lock the car and make sure that the car is locked after use.
  5. Driving journal data (if enabled) of guest trips are available for both the Guest and the Primary driver, all driver journal data for the car is only available for the Primary driver.

The legal basis for the processing of your data is your contract with us (Art. 6.1. (b) GDPR), while the legal basis for the processing of the guest’s personal data is our legitimate interest (Art. 6.1. (f) GDPR) to give you the benefit of the car sharing functionality.

We will retain this personal data until 1) the guest is removed by the primary driver, 2) according to driver journal retention rules or 3) until the subscription comes to and end, whichever comes first.

2.6 App Analytics

We measure how our app is being used in order to better understand user behaviour and improve the usability and reliability of the app, as well as to gain insights into how the services are used and improve your experience of these services. We do this by using Google Analytics (in restricted mode), and we process your device ID, device IP address (pseudonymised immediately after collection), Volvo ID and vehicle connection status.

The legal basis for this data processing is our legitimate interest ((Art. 6.1.f) GDPR) to improve the usage and experience of our our app and our services.

This data will be stored for fourteen (14) months from collection.

2.7 Research and development

For research and development purposes to better understand how to improve our products and services and which new ones to develop, we use a data-driven approach and leverage vehicle (such as VIN), product (such as Volvo Cars App usage), customer (such as Volvo ID) and sales data (such as selling or servicing retailer) to inform the direction of the development of our products and services. The processing spans a wide range of analytics, modelling and research performed by our analysts and data scientists.

The legal basis for this processing is our legitimate interest ((Art. 6.1.f) GDPR). Where possible, we restrict analyses to anonymized or pseudonymized data. The processing does not include any automated decision concerning you.

We retain this data for ten (10) years.

2.8 Your subscription for the Volvo Cars App

If you have a subscription for the Volvo Cars remote vehicle services, you will get the opportunity to renew this service in the Volvo Cars App. When you do this, as well as to manage your subscription, we process your identifiers (such as first and last name, phone number, e-mail address, VIN) and your purchase status and history. The purpose of our processing is to administer and monitor your purchase (from purchase to delivery) including any necessary contacts with authorities for official reporting, administration of your request for related services, follow up on the delivery, and to communicate updates related to the services that you have purchased. We use a third-party payment provider to process your payments, and that is a separate processing of your personal data by them; you can read more about the privacy practices of our payment processor in section 3 below.

The legal basis for our processing of your personal data is that this processing is necessary for the performance of our contract (Art. 6.1. (b) GDPR) with you.

We will retain your personal data for ninety (90) days after your Volvo Cars subscription has expired, in order to enable continuation of the service if you choose to resubscribe. In addition, we will archive the data relating to your purchase for ten (10) years in order to comply with accounting and financial reporting legislation – this is a legal obligation (Art. 6.1. (c) GDPR).

2.9 When you get in touch with us

When you use the contact option in the Volvo Cars App, the National Sales Company will process your personal identifiers relevant for the channel you use (such as first and last name, phone number/E-mail address, VIN, unique device identifier, and push notification token) as well as any data you supply in connection with your enquiry. They do this under their legitimate interest to administer your request ((Art. 6.1.f) GDPR).

The data related to your requests will be retained for thirty-six (36) months from the receipt of your enquiry.

2.10 Marketing communications

Through the Volvo Cars App you can receive marketing communications related to the Volvo Cars products, if you have consented to this. To do this the National Sales Company processes your identifiers (such as first and last name, phone number, E-mail address), your vehicle specification (such as model, engine, VIN), Volvo ID data and device ID, in order to tailor the marketing to the products and services you use. The legal basis for this is your consent (Art. 6.1.(a) GDPR).

This data is processed for marketing purposes until you have withdrawn your consent. If you withdraw your consent, the processing of your data will be restricted to operating a suppression list in order to make sure you don’t unintentionally receive marketing communication.

2.11 Digital service booking

The Volvo Cars App makes it possible for you to book various services for your car with selected retailers. When you do this, the processing of personal data involved in this booking (as explained below) is performed jointly by Volvo Cars, the National Sales Company and the Volvo Cars retailer you select.

When you book a service through the Volvo Cars App, Volvo Cars collects:

  • your identifiers (such as first and last name, phone number, e-mail address);
  • depending on the service requested, car related information such as vehicle identity, license plate, diagnostic trouble codes, warnings, mileage, fluid levels, as well as your own description of the purpose of the booking (if any),

which will be distributed to the National Sales Company and the retailer executing the service you requested (which might be service/repair workshop, body paint workshop, car reconditioning specialists and car logistics services).

This information will be used to book the service, organise performance, contact you in matters regarding the service booked or as direct consequences of using the service such as sending confirmations and notifications. This data is processed in order to perform the booking you request (in other words, our legal basis for this processing is your contract with us (Art. 6.1. b) GDPR).

Booking details (time and location of requested appointment, used contact channel, booking status, booking content) will be stored in system logs for solving errors that might occur in the system. The booking details will also be processed for analysis and evaluation of the service. This processing is performed by Volvo Cars, and the legal basis for the data processing is our legitimate interest (Art. 6.1.f) GDPR) in performing these activities.

We will keep your service-related personal data up to two (2) years from last time using the service. In addition, we will archive pseudonymized booking details in system logs for five (5) years for statistics reasons.

When you use the digital service booking, Volvo Cars collects statistical data through Google Analytics (in restricted mode) to better understand user behaviour and improve the usability. We thus process online identifiers, including cookie identifiers, internet protocol addresses and device identifiers. The legal basis for the data processing is our legitimate interest (Art. 6.1.f) GDPR)) in measuring the usage and behaviour of our app. This data will be stored for fourteen (14) months from collection.

In addition, the Volvo service partner providing the service is subject to various retention and documentation obligations and may also be required by law to disclose personal data to authorities ((Art. 6.1 c) GDPR). This information can be found in the privacy policy of the service partner.

2.12 Volvo Valet service

The Volvo Cars App makes it possible for you to book the Volvo Valet service. When you do this, the processing of personal data involved in this booking (as explained below) is performed jointly by Volvo Cars, the National Sales Company and the Volvo Cars retailer performing the service.

If you use the Volvo Valet service, the following information is processed about you: your pickup & delivery service history – in order to know which services have been completed; driver's license and insurance details– if you use a loaner vehicle; license plate and VIN number - needed to identify vehicle; pickup and/or dropoff address - needed to provide the service; pickup and/or dropoff notes inserted by you (if any); IP address. When we send push notifications with the status updates of the service, we use the following categories of data in order to keep track of notifications sent: unique device identifier; push notification token; push notification title and body; IP address. This processing is based on performance of a contract to which you are a party ((Art. 6.1. b) GDPR).

If you leave feedback after performance of the service, we collect your name, the rating and comments given. The legal basis of the data processing is for the purposes of our legitimate interests ((Art. 6.1.f) GDPR) to continuously improve our services for the customer. Furthermore, it is the customer's decision whether to give a feedback.

The quality of our service is essential and because liability issues may arise regarding alleged damages to the car, we keep photos of the vehicle, along with timestamps and location, in our interest to defend our (and our partners and drivers involved in the service) rights and interests. The legal basis of the data processing is for the purposes of our legitimate interest ((Art. 6.1.f) GDPR) that in case of damage we want to clarify as simply as possible whether the damage was caused by drivers during the performance of the service.

We will retain your data related to the service up to three (3) years from last time using the service, unless disputes arise – in that case we keep the necessary data for as long as needed to defend our rights. In addition we will archive pseudonymized booking details in system logs for five (5) years for statistics reasons.

In addition, the Volvo service partner providing the service is subject to various retention and documentation obligations and may also be required by law to disclose personal data to authorities ((Art. 6.1 c) GDPR). This information can be found in the privacy policy of the service partner.

3. How your personal data is shared

The processing mentioned above by Volvo Car Corporation involves processing of your personal data with the following categories of third parties, on a need-to-know basis:

Processing by processors

Our categories of processors supporting delivering the Volvo Cars App are:

  • cloud connectivity service provider;
  • data hosting;
  • push notifications;
  • distribution of emails;
  • chat functionality and customer care handling;
  • selected Volvo Car retailers for digital service booking and Volvo Valet; and
  • subscription invoice handling provider.

They are limited by contract in their ability to use your personal data for any purpose other than to provide services for us in compliance with each data processing agreement in place. In some of these situations the use of the processors involves limited transfers of personal data outside of the European Union. We have taken precautions that such transfers are limited to the minimum necessary, and only involve data that cannot directly identify you and thus poses a very low risk in case of unauthorised disclosure.

Sharing with other members of the Volvo Car Group

Data mentioned under sections 2.7 and 2.8 above is shared with our national sales company where the data originates from, for the following purposes:

  • Assessing retailer performance;
  • Customer care;
  • Marketing segmentation;
  • Assessing subscription extentions and reactivations.

Sharing with other third parties (separate controllers)

We process payments through third parties that collect payment data directly from you and do not share it with us:

  • Stripe Inc. (provider of payment service, billing, invoicing and subscription administration). You can view their privacy policy at https://stripe.com/en-se/privacy

The Volvo Cars App uses Google Maps to show your and your car’s location. You can view their privacy policy at https://policies.google.com/privacy.

4. Your rights in relation to the processing of personal data

4.1 Your rights under GDPR

As a data subject you have specific legal rights granted by the General Data Protection Regulation relating to the personal data we process about you. These are briefly explained below, and you can exercise them by filling out the dedicated form indicated below.

  1. Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
  2. Right to access your personal data: You may ask from us information regarding personal data that we hold about you. We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs. You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if you request that we confirm whether or not we process your personal data, and we transfer your personal data to a country that is outside the EU and the EEA.
  3. Right to rectification: You may obtain from us rectification of incorrect or incomplete personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
  4. Right to restriction: You may obtain from us restriction of processing of your personal data, if:
    1. you contest the accuracy of your personal data, for the period we need to verify the accuracy,
    2. the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
    3. we do no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims, or
    4. you object to the processing while we verify whether our legitimate grounds override yours.
  5. Right to portability:You have the right to receive your personal data that you have provided to us, and, where technically feasible, request that we transmit your personal data (that you have provided to us) to another organization, if:
    1. we process your personal data by automated means;
    2. we base the processing of your personal data on your consent, or our processing of your personal data are necessary for the execution or performance of a contract to which you are a party;
    3. your personal data are provided to us by you; and
    4. your right to portability does not adversely affect the rights and the freedoms of other persons.
    You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your right to have your personal data transmitted from us to another organization is a right you have if such transmission is technically feasible.
  6. Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject;
    3. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
    4. for the establishment, exercise or defense of legal claims.
  7. Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data, otherwise we will only restrict it. You also have the right to object at any time, regardless of any reason, to the processing of your personal data for direct marketing (which includes profiling to the extent that it is related to such direct marketing), if such processing was based on our legitimate interest. If the marketing was based on your consent, you can withdraw consent (see above).
  8. Right to lodge a complaint: You can lodge a complaint to your local data protection supervisory authority or with any other data protection authority in the EU. However, we will appreciate if you first contact us to try and solve your problem – you can find our contact details below.

You can exercise your rights in relation to us by filling out this form, which will help us to deal with your request properly. The online form contains the information that we need to verify your identity and review your request. For requests submitted by telephone or email, you will need to provide us with sufficient information that allows us to reasonably verify that you are the person whose personal data we collected and describe your request in sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.

You can exercise these rights in relation to all of the joint controllers mentioned in this notice.

4.2 Your rights under Brazilian Law

Our National Sales Company understands the importance of having access to your information, so it is committed to respecting your privacy.

We have created this “Privacy Notice” so that you clearly and transparently understand how we use and process this information, always in compliance with national data protection regulations, such as the Brazilian General Data Protection Law (“LGPD”).

Under the LGPD, individuals have certain rights related to their personal data, subject to limitations in this law, as follows:

  1. Confirmation of the existence of data processing: You have the right to ask us whether we process data about you.
  2. Information. You have the right to receive information about the processing of your personal data, including on the public and private entites with which we share your data.
  3. Access to your personal data. With some exceptions intended to protect the rights of third parties, you are entitled to access the personal data we have about you or, in some cases, to receive a copy of such data in common electronic format.
  4. Correction of incomplete, inaccurate, or out-of-date data. You have the right to correct the personal data we hold about you, if they are factually incorrect, incomplete, or outdated. This right does not cover opinion issues, such as the opinions expressed in editorial contents.
  5. Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD. You have the right to object to the processing and to request the anonymization, blockage, or elimination of unnecessary or excessive data or of data processed in non-compliance with the provisions of the LGPD.
  6. Deletion of personal data. You have the right to have your personal data deleted whenever it is processed under your consent. In general, this right is not available when we still have a valid legal reason to keep your data (for example, because we are forced to do so according to the law).
  7. Portability. In some circumstances, you have the right to request that we transfer the data that we have collected to another organization, or directly to you.
  8. Consent withdrawl. If we are processing your personal data based on your consent, you are entitled to withdraw this consent at any time, in which case we will interrupt the processing, except if we have another legal basis to continue the processing. You also have the right to be informed about the possibility of not giving consent and its implications.
  9. Complaints. You have the right to file a compliant about data privacy matters to the Brazilian Data Protection Authority (“ANDP”). Before doing so, please tell us your concerns so that we can try to solve them.

To exercise one or more of these rights or if you have any questions about these rights or the processing of your personal data, please use this e-mail address: sac.volvocars@volvocars.com.

5. Contact information

In order to exercise your rights, please see section 4 above. If you have any other questions regarding the subject matter of personal data protection, you can contact us at the following contact details:

Volvo Car Corporation

Post address: Assar Gabrielssons väg, SE-405 31, Gothenburg, Sweden

E-mail address: globdpo@volvocars.com

6. Data Security

Volvo is committed to making every effort to ensure the privacy and protection of your personal data. Likewise, we contractually require that all of our business partners who, eventually, process your personal data also act accordingly.

In general, we have adopted the following security measures:

  • Tools and mechanisms available in the market for cryptography, anonymization and inviolability of information, whenever applicable;
  • Technology for individualization and identification of accesses, including to prevent unauthorized access to our systems, data bases and all digital environments;
  • Confidentiality terms with all of our employees and partners who have access to or handle consumer data on behalf of Volvo, in order to guarantee the security and confidentiality of the data; and
  • Technology available on the market to protect our data bases and digital enviroments.

7. Children’s Privacy

Volvo Cars App is not designed or intended for individuals under the age of 12. Therefore, if you are under the age of 12, we ask that you do not use our App or our services, and do not provide us with any information. If you are aware that an individual under the age of 12 has provided us with information, please contact us at the email address globdpo@volvocars.com so that we can take the necessary steps to delete such data.

8. Changes to our Privacy Notice

We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this privacy notice at any time. Whenever we make substantial changes to this notice, and in particular when this notice underlies your consent, we will inform you of the changes. This privacy notice is current as of the date which appears at the top of the document.