Article version 2024.115.0

Vehicle Privacy Notice

Effective from:

Published at:

This privacy notice explains how Volvo Cars (as defined below) processes data related to vehicles and connected services provided by Volvo Cars.

For an explanation of vehicle features and functions, please check the owner's manual for the relevant model. Please note that if there are any differences between this notice and the owner's manual related to the processing of personal data, this notice takes precedence.

Since the processing of data depends on the features and functions with which the vehicle is equipped and the services you choose to activate, this document presents the widest extent of possible processing. If you have an older vehicle, or a newer model not equipped with a certain feature or function, the data processing associated with that feature will not occur.

This privacy notice does not apply to:

  • Special vehicles (e.g., police cars)
  • Processing of personal data that does not leave the car (local processing)
  • Processing of personal data when you interact with one of our retailers (such as when you buy your car)
  • Your use of software, apps and services provided by third parties. (For further information, please see the individual service providers' own terms and conditions, as well as their privacy policies/notices)
  • The provision of the internet/connectivity service in your car, which is supplied by a mobile network operator independently from Volvo Cars.

Please note that Volvo Cars has other privacy notices that should be read together with this information for a complete picture. We have listed these for you below. You can easily access them by following the links directly.

You can find the following information below:

1. Who we are

The entity responsible for the processing of personal data referred to below is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31 Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as “Volvo Cars,” “we,” or “us.” If other entities are processing personal data together with us, so-called joint controllers, this will be specified.

2. What personal data we use and why

2.1 Data used for infotainment purposes

2.1.1 Driving Journal

The Driving Journal automatically logs all your trips. This may be useful if, for example, you want to manage your mileage expenses. The Driving Journal must be activated by you; otherwise the data is not collected.

If you enable the Driving Journal, we will collect your identifiers, such as first and last name, phone number, e-mail address, your vehicle identification number (VIN) and the vehicle's location, as well as other trip-related information such as your routes, time, distance, fuel and/or electric consumption and mileage. Depending on your vehicle model, either the start and finish position or the full route are collected.

We process this data based on your consent.

As a rule, the Driving Journal's data is stored for up to 400 days, depending on car model. You can disable the Driving Journal at any time, and by doing so the data will stop being collected. This does not trigger the deletion of previously collected information.

2.1.2 Over-the-air Software Updates

Over-the-air software updates enable your vehicle to update and maintain the latest software without visiting a workshop. Using the latest software ensures you can fully utilize our updated services. By using the latest software, you are also improving your protection against cybersecurity incidents.

To maintain vehicle software and provide necessary software updates, we process the following data:

  • Vehicle identification number (VIN)
  • Vehicle software version
  • Diagnostic trouble codes
  • Vehicle manufacturing date
  • Vehicle specification
  • Installation status and reports

The legal basis for us to process the data mentioned above is your consent.

We will retain records of the software updates made for the entire lifetime of the vehicle.

You can agree or disagree to automatic software updates at any time in the privacy settings. If you agree, software updates are downloaded automatically, and you will be notified when the update is ready to install. If you disagree, you will be notified when a new update is available and can be downloaded. If you don't want to use over-the-air software updates, you can have updates installed in a workshop with the required connection to our systems.

2.1.3 Connected Safety

Our vehicles are equipped with Connected Safety, a service offered by us, which informs you about current traffic hazards while you drive the vehicle. This information is based on information sent from other vehicles or from public sources where applicable. This information is used to alert you to changing road conditions or potential road hazards early on by displaying appropriate warnings, allowing you to adapt your driving style accordingly. If your own vehicle detects a potential road hazard, such as reduced friction between your tires and the road, or if the hazard warning lights are activated, this information is sent to Volvo Cars. The information is aggregated and anonymized before sent to vehicles approaching your own vehicle's position.

The data that we collect and process to support Connected Safety is:

  • Vehicle identification number (VIN)
  • Events such as slippery road alert activation, hazard lights activation, etc.
  • Time stamp of each alert
  • Location

The legal basis for us to process the data mentioned above is performance of the contract. You can turn the service on and off at any time.

In addition, the above-mentioned data is processed anonymously and transmitted to traffic agencies and companies in order to avoid and reduce hazards posed by road traffic and also to improve road safety, reduce maintenance costs and contribute to a sustainable traffic environment. Volvo Cars and Polestar Performance AB (a Swedish company headquartered at Assar Gabrielssons Väg 9, SE-405 31, Gothenburg, Sweden, hereinafter referred to as “Polestar”) are joint controllers for these purposes. As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

We will retain the information for 1 week.

2.1.4 Digital Key

Digital keys can fully replace conventional car keys and allow you to conveniently lock, unlock, or start your vehicle with your smartphone or smart watch. In addition, it is also possible to share your key with additional users through various digital channels.

A digital key only requires a network connection during the initial one-time setup, or to share or revoke keys. Once set up, the key will work via Bluetooth, near-field communication (NFC), and ultra-wideband technology (UWB). During setup, your key will be added to the wallet app on your smart device. From your wallet app you can share your key through messaging apps, mail, or via Airdrop®. You can also easily revoke keys you have shared, either through the wallet app or through the vehicle infotainment system.

The following data is processed when using the digital key:

  • Vehicle identification number (VIN)
  • Vehicle details
  • Vehicle status
  • Volvo ID
  • Key ID
  • Friendly name

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain your data for as long as you have a valid contract.

2.1.5 Real-time Traffic Information

The Real Time Traffic Information service receives information about road traffic information from a third-party service provider.

We process the following data from the car:

  • Vehicle position and speed – these are shared with the third-party service provider to calculate congestion and to inform you and other drivers where risks for congestion exist; these data points are anonymous for the third-party service provider.
  • Vehicle Identity Number (VIN) – this is used by Volvo Cars to verify that your vehicle has a subscription for this service.

Car models equipped with sensors that can identify traffic signs in real time as you drive do this through local processing (in the car) only.

The legal basis for us to process the data mentioned above is performance of the contract. You can turn the service on and off at any time.

The data will be stored by Volvo Cars as long as the subscription is active. Once the subscription is inactive, VIN, speed, and position are stored for maximum of 90 days, unless a longer time is required under local applicable law.

2.1.6 Intelligent Speed Assist (ISA)

Intelligent Speed Assist (ISA) is a mandatory function in some jurisdictions that uses road sign data to assist cars in maintaining the speed limit. In order to know the speed limit on the current road, ISA uses the car's navigation system to retrieve road sign data. The navigation system, in turn, needs to know the car's position in order to provide the correct data.

In addition, Volvo Cars is legally required to report aggregated data on your usage of the vehicle, such as:

  • duration or distance traveled with the advanced vehicle systems activated or deactivated
  • duration or distance traveled while observing or overriding the recognized speed limits
  • the time elapsed between the activation and deactivation of the advanced vehicle systems

To support ISA and the reporting, the following data is processed:

  • Vehicle Identification Number (VIN)
  • Vehicle speed
  • Vehicle details (model, production year)
  • Information generated by the vehicle, its sensors and systems (warnings, faults, diagnostics, status and behavior of the advanced vehicle systems)
  • Information related to how the vehicle is used and operated (settings, use of the advanced vehicle systems)
  • Location

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We retain the information until it has been aggregated and sent to relevant authorities.

2.1.7 Speech Messaging

Speech Messaging is part of a larger voice command system with which you can control features of your infotainment system and create and send SMS messages by giving verbal instructions. To initiate a dialog using voice commands, you first need to activate this function. Voice control will remain activated until you deliberately stop it or until you have not responded to three prompts from the system.

The following data is processed when using Speech Messaging:

  • Recorded voice data or commands
  • Vehicle identification number (VIN) - the VIN is used to verify that your car has a subscription for this service
  • Phone number
  • Text message - The text message created by the 3rd-party service provider is stored in the cloud and sent back and saved in your vehicle. The text message can be sent as an SMS.

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the information until the message has been sent.

2.1.8 Air Quality Index

This function shows information on air quality, such as pollution and pollen levels.

Initially, information on the air quality from within the car is shown.

If you choose to share the car's location, information on air quality from outside the vehicle will also be presented.

The legal basis for us to process the data mentioned above is performance of the contract.

The data will be deleted after it has been presented in the car.

2.1.9 Map Delivery System

Some of our vehicles can request map data from our Map Delivery System. This service will enhance vehicle functions such as Pilot Assist and Adaptive Cruise Control by providing up-to-date map data of your current location.

To enable Map Delivery System, the following data is processed:

  • Location - in order for the vehicle to be able to request the correct map data, an approximate location is processed (with an area no more specific than 0.8 km²).

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data until the map data has been downloaded.

2.2 Data used related to safety

2.2.1 Active Safety Data Recorder (ASDR)

The primary purpose of the Active Safety Data Recorder (ASDR) is to record data related to traffic accidents or collision-like situations. This information will be processed by our research and development department to help us better understand the circumstances in which traffic accidents, injuries, and damage occur.

By giving your consent, Volvo Cars collects and processes the following data for future development purposes and active safety-related complaints:

  • Vehicle identification number (VIN)
  • Type of safety event triggered and its occurrences
  • Front-facing camera images are captured for 4 seconds before and after collision-like situations
  • Vehicle location at time of incident

The legal basis for us to process the data mentioned above is your consent, and we keep it for 10 years before we delete or anonymize it.

2.2.2 Event Data Recorder (EDR)

The vehicle stores safety-related information relating to crash or near-crash situations in an Event Data Recorder (EDR) – also known as the car's "black box." The safety-related information includes the following data:

  • How various systems in your vehicle were operating
  • Whether or not the driver and passenger safety belts were buckled/fastened
  • How far (if at all) the driver was depressing the accelerator and/or brake pedal
  • How fast the vehicle was traveling

The period recorded is usually up to 30 seconds. Recording only takes place if a non-trivial collision situation occurs.

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We will retain the information until overwritten by a new triggering event.

2.2.3 Emergency Call (eCall)

Emergency Call (eCall) automatically triggers an emergency call and sending of data in the event of certain types of accidents detected by activation of one or more sensors within the vehicle. This means that the car will automatically make an eCall even if all occupants in the car are unconscious, and the data mentioned below will be automatically transmitted to the call center. eCall can also be triggered manually by pushing and holding the SOS button for at least 2 seconds.

When an eCall is made, the following data are processed:

  • Vehicle Identification Number (VIN)
  • Vehicle propulsion or engine specification
  • Vehicle model specification
  • Time of the incident
  • Location of the incident
  • Direction of the vehicle travel
  • Vehicle status

By default, and where available, eCall is routed to a third-party service provider (this is called a third-party service eCall or TPS eCall). This supplier varies by region, and you can get more information by contacting us regarding which suppliers are used in your region. You can choose to have the call routed to the 911 public emergency service at any time by modifying your settings.

The data is only collected when the eCall is made, and the only entities having access to it are Volvo Cars and the third party providing the service (or the emergency service itself, if selected). However, they may forward this data to specialized emergency services (for example, ambulance) if necessary.

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We will retain the data for 200 days, and the processing is limited to the emergency situations referred to above.

2.2.4 Call Center Services

With Call Center Services, we provide you with the ability to connect to our call center from within the vehicle by pressing the “on call”/assist button, through a call from within the app or by calling the call center directly. Services offered as part of the Call Center Services are described below:

Roadside Assistance (RSA)

RSA involves supporting you when you experience a technical fault with your vehicle, such as a flat tire or a fault with the engine/motor. In some cases, the agent at the call center is able to provide guidance on the call to you on how to remedy the issue. In other cases, the repair can be made at the roadside (called a "spot repair"); if that is not possible, your vehicle will need to be towed to a workshop to be repaired. The agent will assess which response is appropriate during the call. Where roadside recovery is needed (spot repair or a tow), assistance vehicles can be provided by a third party, such as a roadside vehicle towing and repair company, who then will process the related data.

Stolen Vehicle Tracking (SVT)

SVT is a way to locate your vehicle if it is stolen. A vehicle may be reported stolen by: 

  • the vehicle itself. This happens when the vehicle detects that the vehicle alarm has been triggered, which causes a notification, known as a "theft notification," to be sent to any driver with the Volvo Cars App connected to the vehicle, as well as to the call center.
  • the owner of the vehicle, that makes a call to the call center.
  • local law enforcement (police). Again, a call is made directly to the call center.

For the SVT process to be initiated, an official police report must be filed, and the report case number needs to be submitted to the call center.

Remote Vehicle Immobilization/Mobilization (RVI/RVM)

RVI/RVM can be used to enable or disable the immobilizer in the vehicle. If the immobilizer is enabled, the vehicle will not be able to be started until the immobilizer is disabled. The vehicle can then be remotely mobilized. This service is initiated by the call center agent. 

In order to provide you with the services described above, we will automatically collect the following data when you contact the call center through the “on call”/assist button in the vehicle or through the Volvo Car App:

  • License plate
  • Vehicle Identification Number (VIN)
  • Vehicle specification
  • Vehicle status
  • Time and place of the request
  • Location at time of the call
  • Direction of the vehicle travel

Depending on the nature and scope of the request, for any of the call center services above, we may need to process additional information necessary for the delivery of requested assistance. For example:

  • contact information (home address, email address, phone number)
  • insurance details (policy and claim number)
  • transaction-related data
  • damage cause and information about the workshop handling the repair

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data for 200 days.

2.2.5 Intrusion Detection System

The goal of the Intrusion Detection System (IDS) is to detect anomalies and violations that could be possible threats to the main infotainment system. This means that we will monitor how software and apps behave to ensure they are not violating what they are permitted to do. IDS will monitor the system in real-time and report violations to Volvo Cars.

We will process the following data:

  • Vehicle identification number (VIN)
  • Timestamp (exact time that the event occurred)
  • Information related to what source initiated which target
  • Technical data (software versions, system and crash reports, permissions, and certificates)

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We will retain the information for 90 days. We will either delete the data, or, if we identify a need to retain the data, we will anonymize it at the end of this period.

2.2.6 Ensuring Safe Batteries

We need to ensure that our cars with hybrid or full-electric powertrains are safe in order to protect our drivers, their families and the general public from danger and unnecessary inconvenience. To ensure this, we will collect and use information related to batteries to enable early detection of potential concerns and to identify new potential fault types. If we think it is needed, we will also contact and inform you of potential concerns.

The data we collect and use are:

  • Information related to the vehicle (model, production year, Vehicle Identification Number [VIN], hardware and software information)
  • Information related to the vehicle propulsion and battery (hardware and software information, cell voltages, state of charge, charging information, configurations, calibrations, temperature, alarms, warnings, faults, diagnostics, timestamps, state of health and overall status)

The legal basis for us to process the data mentioned above is our legitimate interests mentioned above, as well as to fulfill our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3 Data used related to maintenance and repairs

2.3.1 Service Planning

Service planning helps you keep your vehicle in good condition and observe the vehicle's health.

If applicable in your country, we will send you service-related communication.

When your vehicle has an internet connection, service planning works by continuously providing Volvo Cars, retailers, and workshops with diagnostic data. Providing diagnostic data remotely will enable your workshop to better prepare for your upcoming visit. In addition, data will be shared with our national sales company and retailers to administer bookings and deliveries of parts if needed.

Service planning also helps us schedule production and delivery of spare parts, which is an important component for our sustainability goals, as it optimizes content, logistics and workshop utilization.

In order to provide you with service planning, the following data will be collected:

  • Information related to the vehicle (model, production year, Vehicle Identification Number [VIN], hardware and software information)
  • Information generated by the vehicle, its sensors and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, temperature, timestamps, state of health, and status and behavior of onboard systems and functions)

The legal basis for us to process the data mentioned above is performance of the contract. You can turn the service on and off at any time.

We will retain the information for 3 years, except for information concerning the vehicle's high-voltage battery, which is retained for 10 years.

2.3.2 Diagnostic read-outs in workshops

If servicing or repairs are carried out on your vehicle at a service center, workshop, or partner, we will receive and use information for fault tracing, to manage our product manufacturer obligations, and for product research and development purposes, such as monitoring and improving the quality of our vehicles, their safety features, and other functions.

The data we collect and use are:

  • Information related to the vehicle (model, production year, Vehicle Identification Number [VIN], hardware and software information)
  • Information generated by the vehicle, its sensors, and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, and status and behavior of onboard systems and functions)
  • Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode [charge, park, drive], charging information, timestamps, speed, passenger occupancy, interactions, and use of the information head unit [the screen in the car], use of remote services, and use of car functions such as accelerator, brakes, steering, seat belts and doors)

The legal basis for us to process the data mentioned above is our legitimate interests, as well as to fulfill our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3.3 Bug Reporting

Bug Reporting is a tool that can be activated by workshops to enable us to collect information on software bugs. The tool is used to identify and investigate the impact of issues and will enable us to solve software related problems, as well as maintain our software in good health. By activating Bug Reporting, we will collect and process the following data from your vehicle:

  • Information related to the vehicle (mileage, fuel consumption, vehicle configuration and details, Vehicle Identification Number [VIN], IP address and software version)
  • Information generated by the Information Head Unit, Display Head Unit, Telematics and Connectivity Antenna Module and their associated signals (GPS, DID [DataIdentifier], DTC [Diagnostic Trouble Code], vehicle network diagnostics, Android Automotive diagnostics, start-up diagnostics, and reports and logfiles targeted to developers)
  • Information about the interaction between the driver and vehicle (speed, infotainment settings, navigation destinations, phone contacts, radio settings, third-party application settings, roadside assistance log)
  • Information related to the driver (e-mail accounts, phone number, Volvo ID)

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the issue with your vehicle has been solved, or for 90 days, whichever occurs later.

2.3.4 Extended Vehicle Data Analysis

In order to fully investigate the issues with your vehicle that you bring to our attention, we need to use the following data from your vehicle, together with some basic customer data such as name and contact details:

  • data recorded by the Event Data Recorder and other systems related to the vehicle safety systems (speed, GPS position, steering angle, brake power, deployment, and use of safety systems, etc.)
  • data regarding surroundings (such as temperature, slippery road) captured by other car sensors or acquired from providers of such information
  • data from the vehicle's Electronic Control Units, Telematics and Connectivity Antenna Module and the Information Head Unit and their associated signals
  • vehicle status (mileage, fuel consumption, odometer and other data shown on the dashboard)
  • all interaction between the driver and vehicle, such as changes to various settings, account names such as Volvo ID and Google ID, and data related to Bluetooth connected device usage
  • Vehicle Identification Number (VIN)

The data will be used to identify potential problems with the vehicle, manage potential warranty cases, and identify potential product safety issues. If the data can't be collected, Volvo Cars will not be able to investigate the problems.

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the problem with your vehicle has been solved.

2.4 Data used for research & development purposes

2.4.1 Traffic accident research and development

When a traffic accident occurs involving one of our vehicles, we investigate what happened for the purpose of improving the safety of our vehicles, as well as the traffic environment in general. If it would be beneficial for our research, we will send out a survey to you to get additional information on the accident.

When researching, the following data will be processed:

  • Contact details
  • Information related to the vehicle (model, production year, Vehicle Identification Number [VIN], license plate, hardware, and software information)
  • Information generated by the vehicle, its sensors, and systems (nearby objects, engine data, frozen signal data, odometer, weather and road conditions, temperature, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, energy and fuel consumption, timestamps, state of vehicle health, and status and behavior of onboard systems and functions)
  • Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode [charge, park, drive], charging information, timestamps, speed, passenger occupancy, interactions, and use of the information head unit [the screen in the car], use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors, and triggering of airbag deployment)
  • Location data
  • Camera data: Outward-facing camera images are captured for 4 seconds before and after the accident

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data for 10 years.

2.4.2 Vehicle data analytics

We process vehicle data (listed below) in order to obtain statistical information about our vehicles and how they are used. We use this information for product research and development purposes: in particular, to improve and monitor the quality of vehicles and their safety features. This also serves to manage Volvo Cars' warranty commitments and to comply with our legal requirements relating to emissions monitoring.

Data categories used:

  • Vehicle identification number (VIN)
  • Identifiers of the vehicle's hardware and software versions
  • Diagnostic trouble codes (DTC)

Volvo Cars also collects the following information on the vehicle's high-voltage battery (where applicable):

  • High voltage battery ID, capacity, and health status
  • Vehicle market information
  • Charging station information (e.g. availability status, power type, pole ID)
  • Diagnostic data during charging (e.g., duration, state of charge, current fluctuation)

The legal basis for us to process the data mentioned above is your consent.

Vehicle identification number (VIN), vehicle hardware and software version identifiers, and diagnostic trouble code (DTC) data are retained for 2 years, while information on the vehicle's high-voltage battery is retained for the lifetime of the battery.

In the case of hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered at Assar Gabrielssons Väg 9, SE-405 31, Gothenburg, Sweden, hereinafter referred to as "Polestar") share analytical data from their respective vehicles. The analytical data exchanged between Volvo Cars and Polestar listed above are of a purely technical nature and do not involve actual customer data. The analytical data collected via the Volvo Cars and Polestar platforms are exchanged between the two companies for the purposes of improving and monitoring the quality of the vehicle, the performance of the electric and hybrid features, and the safety features.

As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing of analytical data. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

2.4.3 Vehicle Analytics & Improvements

If you provide your consent by enabling Vehicle Analytics & Improvements, we will collect and use the data listed below to get information about your vehicle and how it is being used. We use this information for fault tracing, product research and development purposes, such as to monitor and improve the sustainability and quality of our vehicles, their safety features and other functions. If we think it is needed, we will also contact and inform you of potential problems or faults.

We collect and use the following data:

  • Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.
  • Information generated by the vehicle, its sensors and systems: odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, security logs, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, status of onboard systems and functions, behavior of onboard systems and functions and output of onboard systems and functions.
  • Information related to how the vehicle is used and operated: configurations, settings, device connections, trailer connected, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions and use of the infotainment head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors.
  • Location data: Location is collected in the following cases.
    • incidents (near accidents) and accidents;
    • if the eCall function has been activated; and
    • in case of connectivity issues.
    Location is also continuously collected from safety functions, autonomous drive and advanced driving assistance systems.
  • Camera data: outward-facing camera images are captured
    • in connection to incidents and accidents; and
    • continuously from safety functions, autonomous drive and advanced driving assistance systems.

The legal basis for the collection and use of the data mentioned above is your consent.

We keep the data for five years, other than the information on the car's high-voltage battery, which is retained for the life of the battery. At the five-year mark, we will delete the data or, if we see a need to keep it, we make sure it is completely anonymized.

2.5 Emissions reporting

If you have a vehicle with an internal combustion engine and you visit an authorized Volvo workshop or service partner, they will collect data from your vehicle, which will be sent to us in order to be reported pursuant to applicable law. This collection of data occurs every time your vehicle is serviced unless you inform the service retailer that you object.

The data collected is:

  • Vehicle Identification Number (VIN)
  • Information related to emissions: total fuel consumed (lifetime), total distance traveled (lifetime), total grid energy into the battery (lifetime) – with several breakdowns as needed under applicable law

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

The information above is kept until the data has been reported.

2.6 Law Enforcement Requests

Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish or exercise legal claims or defend ourselves against them.

We provide law enforcement with the least amount of personal data necessary. Examples of data types that we can give out include the serial number of a car part connected to a VIN number or a IMEI number.

3. Sharing of your personal data

We share data with various organizations to run our business, to maintain our relationship with you, and to provide you with products and services. We describe these situations below.

Where we refer to these organizations as our "suppliers," "processors," or "sub-processors," each one of these organizations is limited by contract in their ability to use your personal data for any purpose other than to provide services to us or on our behalf, as instructed by us. In each case, we only share the personal data, including telematics data, we deem necessary to achieve the respective purpose.

Other group companies within Volvo Cars and its sub-processors

  • Personal data is transferred to other group companies for customer care, to provide our products and services. and for the provision of IT systems for business support and data storage.

IT suppliers and their sub-processors

  • Personal data is transferred to IT suppliers who supply general business support systems to us, such as software and data storage providers.

Law enforcement authorities (e.g., the police or courts)

  • • Personal data needs to be shared or may be shared with law enforcement authorities (e.g., the police or courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish or exercise legal claims or defend ourselves against them.

Other service providers (such as mobile network operators, connectivity providers and charging operators)

  • • We can share information from the vehicle and subscription information to enable services, for fault tracing, and to make service improvement.

Any party approved by you

  • • For example, you may ask us to share vehicle data with a third party, such as with an insurance company to prepare an insurance quote for you.

3rd-party vehicle owners

  • For example, fleet management or car rental companies might process data generated by the vehicle and your driving, including location data, for vehicles they own or manage.

Retailer, repairers, workshops

  • • Personal data is transferred for the purpose of providing services, fault tracing, maintenance, and repair.

4. Your rights and controls

4.1 Your rights under GDPR

You have specific legal rights relating to the personal data we process about you. The rights may differ depending on which jurisdiction you are in and the nature of the processing. Generally, your rights concern the ability to:

  • withdraw your consent
  • object to our processing of your data
  • ask for a copy of the data we hold about you (the so-called subject access right)
  • ask for the data to be transferred to another entity (so-called data portability)
  • ask for the data to be corrected or restricted
  • ask for the data to be deleted (so-called right to be forgotten)

As mentioned, these rights are not absolute, and in some cases data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfill your request.

If you would like to submit a rights request, you can get in touch with us by completing this form. We kindly ask that you use the form, as it sets out the information that we need to verify your identity and effectively process your request. However, should you prefer not to use the form, you are always welcome to contact us and submit your request using the contact information in the next section.

You also have a right to submit a complaint to your local data protection authority should you have concerns about how we use your personal data. However, we would appreciate it if you reached out and raised your concerns directly with us first to allow us to try to resolve them together. You can find our contact information below.

4.2 Your rights under Canadian laws

  • Right to Access: You have the right to request what personal information we have collected, used, shared for a business purpose, and sold about you. Once we receive your request and confirm your identity, we will disclose to you the information we have collected about you.
  • Right to Correct Inaccurate Information: You have the right to correct inaccurate personal information. Once we receive your request and confirm your identity, we will correct (and direct our service providers to correct) your personal information in our records.
  • Right to Delete: You have the right to request the deletion of some or all of the personal information that we collected about you, subject to certain exceptions. Once we receive your request and confirm your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies under applicable law.
  • Right to Limit the Use or Disclosure of Personal Information and/or Opt Out of Profiling: You have the right to opt out of the sale of your personal information for monetary or other valuable consideration. You may also ask us not to use or disclose your information for the purposes of targeting advertising to you based on your personal data obtained from your activity across different businesses, services, websites, etc.
  • Right to Opt Out of the Sale or Sharing of Personal Information You have the right to opt out of the sale of your personal information by us to third parties for monetary or other valuable consideration. You also have the right to opt out of the “sharing” of your information relating to online targeted advertising (or cross-context behavioral advertising). In the event that we do sell your personal information, you may opt out.
    • Our collection and disclosure of personal information through the use of certain cookies across our digital services may be deemed a sale or “sharing” under relevant privacy laws. To exercise your right to opt out of the sale or sharing of your personal information to advertising partners through cookies, please use our OneTrust Cookie Manager or enable Global Privacy Control (GPC) on your browser to communicate your privacy preference. For all the details on GPC, including how to turn it on, visit https://globalprivacycontrol.org/.

You may exercise these rights by submitting a request by email at vclcust@volvoforlife.com or by calling us at (800) 663-8255. You may only submit two privacy rights requests within a 12-month period.

When submitting a rights request, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information, and you must describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. If we deny your privacy rights request due to a lack of identifiable information or any other legal reason, you may appeal our decision by contacting us by e-mail at vclcust@volvoforlife.com.

5. Contact information

If you have any questions about how we use your personal data, you can contact us at dataprotection@volvocars.com or contact the Volvo Car Corporation Data Protection Officer as follows:

Mailing Address: Volvo Car Corporation, Attention: The Data Protection Officer, dep 50099, VAK, 405 31 Gothenburg, Sweden.

Email: globdpo@volvocars.com

6. Updates to this notice

We continuously develop our products and services and will review and update this privacy notice as a result. As such we encourage you to revisit this privacy notice regularly. The date at the top of this privacy notice lets you know when it was last updated. We will handle your personal data in a manner consistent with the privacy notice under which it was collected unless we have your consent to handle it differently.