Privacy Notice – Volvo ID
Effective from:
Published at:
This document describes how Volvo Cars (as defined below) processes your personal data when you create and use your Volvo ID to get access to services within the Volvo Cars digital ecosystem (hereinafter “Volvo ID”).
You can find below:
ADDENDUM FOR USERS IN KOREA (VOLVO ID)
- Who We Are;
- What Personal Information We Collect and Why;
- Disclosure of Personal Information to Third Parties;
- Processing of Personal Information by Entrusted Third Parties;
- Overseas Transfer of Personal Information;
- Rights and Duties of Users and Legal Representatives and Exercise thereof;
- Method of Destruction of Personal Information;
- Security Measures for Personal Information;
- Data Protection Officer;
- Modification of the Privacy Notice
1. Who we are
The entity responsible for the processing of personal data in relation to the creation and use of your Volvo ID is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31, Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as “Volvo Cars”, “we”, or “us”.
2. What personal data we collect and why
The creation and use of your Volvo ID, to get access to services withing the Volvo Cars digital ecosystem, involves the processing of the following categories of personal data:
We collect from you your identifiers (such as first and last name, phone number, preferred language, country, E-mail address and password) to create an account with us, provide you with access to the Volvo Cars Services that require a Volvo ID and to communicate with you regarding your Volvo ID. The legal basis of this data processing is performance of the contract you have enter into with Volvo Cars ((Art. 6.1.b) GDPR).
To provide an overview of your Volvo ID and its connected services on the Volvo ID Portal, we process your Volvo ID, vehicle information (VIN, car details) and services connected to your Volvo ID. The legal basis for this processing is the legitimate interest ((Art. 6.1.f) GDPR) to outline all cars and services that are associated with your Volvo ID.
We also process your personal data for troubleshooting purposes, in connection with the creation or use of your Volvo ID, to improve the reliability of our product. We then use part of your Volvo ID (user name and user ID). The legal basis for this is our legitimate interest ((Art. 6.1.f) GDPR) to secure a stable and relyable product to you.
3. How long we keep your data
We will keep your personal data as long as you have a registered Volvo ID. If you delete your Volvo ID (which you can do through the Volvo ID Portal) the Volvo ID together with associated data will be deleted thirty (30) days after your deletion request.
4. Who we share your personal data with
Our categories of processors supporting in delivering the Volvo ID are:
- account creation and authentication service provider;
- data hosting;
- distribution of emails and sms;
- troubleshooting service provider.
They are limited by contract in their ability to use your personal data for any purpose other than to provide services for us in compliance with each data processing agreement in place. In some of these situations the use of the processors involves limited transfers of personal data outside of the European Union. We have taken precautions that such transfers are limited to the minimum necessary, and only involve data that cannot directly identify you and thus poses a very low risk in case of unauthorised disclosure.
5. Your rights in relation to the data processing we perform
As a data subject you have specific legal rights granted by the General Data Protection Regulation relating to the personal data we process about you. These are briefly explained below, and you can exercise them by filling out the dedicated form indicated below.
- Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
- Right to access your personal data: You may ask from us information regarding personal data that we hold about you. We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs. You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if you request that we confirm whether or not we process your personal data, and we transfer your personal data to a country that is outside the EU and the EEA.
- Right to rectification: You may obtain from us rectification of incorrect or incomplete personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
- Right to restriction: You may obtain from us restriction of processing of your personal data, if:
- you contest the accuracy of your personal data, for the period we need to verify the accuracy,
- the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
- we do no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims, or
- you object to the processing while we verify whether our legitimate grounds override yours.
- Right to portability: You have the right to receive your personal data that you have provided to us, and, where technically feasible, request that we transmit your personal data (that you have provided to us) to another organization, if: You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your right to have your personal data transmitted from us to another organization is a right you have if such transmission is technically feasible.
- we process your personal data by automated means;
- we base the processing of your personal data on your consent, or our processing of your personal data are necessary for the execution or performance of a contract to which you are a party;
- your personal data are provided to us by you; and
- your right to portability does not adversely affect the rights and the freedoms of other persons.
- Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
- for the establishment, exercise or defense of legal claims.
- Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data, otherwise we will only restrict it. You also have the right to object at any time, regardless of any reason, to the processing of your personal data for direct marketing (which includes profiling to the extent that it is related to such direct marketing), if such processing was based on our legitimate interest. If the marketing was based on your consent, you can withdraw consent (see above).
- Right to lodge a complaint: You can lodge a complaint to your local data protection supervisory authority or with any other data protection authority in the EU. However, we will appreciate if you first contact us to try and solve your problem – you can find our contact details below.
You can exercise your rights in relation to us by filling out this form, which will help us to deal with your request properly. The online form contains the information that we need to verify your identity and review your request. For requests submitted by telephone or email, you will need to provide us with sufficient information that allows us to reasonably verify that you are the person whose personal data we collected and describe your request in sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.
6. Contact information
In order to exercise your rights, please see section 5 above. If you have any other questions regarding the subject matter of personal data protection, you can contact us at the following contact details:
Volvo Car Corporation
Post address: Assar Gabrielssons väg, SE-405 31, Gothenburg, Sweden
E-mail address: globdpo@volvocars.com
7. Changes to our Privacy Notice
We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this privacy notice at any time. Whenever we make substantial changes to this notice, and in particular when this notice underlies your consent, we will inform you of the changes. This privacy notice is current as of the date which appears at the top of the document.
ADDENDUM FOR USERS IN KOREA (VOLVO ID)
This addendum shall apply to users in the Republic of Korea (“Korea”). In case this addendum deviates from the body of the Privacy Notice, the provisions of this addendum shall prevail.
1. Who We Are
In Korea, Volvo Car Korea (referred to as “Company”, “we”, or “us” in this addendum) is responsible for the processing of personal information in relation to the creation and use of your Volvo ID. The Company has its registered office at 343, Hakdong-ro, Gangnam-gu, Seoul, Korea.
2. What Personal Information We Collect and Why
We collect your personal information as described in “2. What personal data we collect and why” of the Privacy Notice based on your consent, unless the applicable laws and regulations in Korea allow otherwise.
3. Disclosure of Personal Information to Third Parties
Other than the cases listed below in this Section, unless otherwise provided in the applicable laws and regulations, the Company will not use or provide users’ personal information to any other third party beyond the scope of purposes set forth in the Privacy Notice without the users’ consent, except in the following cases:
- If prior consent of the user is obtained; or
- If the case falls under any of the reasons prescribed in Articles 17 and 18 of the Personal Information Protection Act.
The Company provides the following personal information to third parties.
- TDCX (티디씨엑스코리아(유))
- Purpose of personal information provision: Customer call center, Volvo On Call Services, service related customer general inquiries, outbound/inbound calls, vehicle related inquiries, dealer network inquiries, surveys, RSA, email inquiries, 1:1 Web inquiries
- Personal information items to be provided: All collected items; Name, address, mobile number, telephone number, email address, plate number, VIN#, vehicle model, delivery date, contract date, all required vehicle related information and etc.
- Period for retention and use of personal information to be provided: Until fulfillment of the purpose of collection and use of personal information.
- Samsung Fire Insurance. (삼성화재서비스손해사정㈜)
- Purpose of personal information provision: Roadside Assistance Operation, Volvo On Call Services
- Personal information items to be provided: All collected items; Name, address, mobile number, telephone number, email address, plate number, VIN#, vehicle model, delivery date, contract date, all required vehicle related information to provide RSA service
- Period for retention and use of personal information to be provided: Until fulfillment of the purpose of collection and use of personal information.
- MPC Plus(㈜엠피씨플러스)
- Purpose of personal information provision: Call center service of RSA, RSA service, outbound calls
- Personal information items to be provided: All collected items; Name, address, mobile number, telephone number, email address, plate number, VIN#, vehicle model, delivery date, contract date, all required vehicle related information to provide RSA service
- Period for retention and use of personal information to be provided: Until fulfillment of the purpose of collection and use of personal information.
- Samsung Fire Insurance Roadside Assistance partners
- Purpose of personal information provision: RSA on site service (towing, emergency services)
- Personal information items to be provided: All collected items; Name, mobile phone number, phone number, plate number, vehicle model, symptoms, all related vehicle information to provide RSA service
- Period for retention and use of personal information to be provided: Until fulfillment of the purpose of collection and use of personal information.
4. Processing of Personal Information by Entrusted Third Parties
The Company entrusts third parties with the task of processing personal information of the users in order to improve the quality of the Volvo ID services, and the Company ensures that such personal information is managed in a safe manner by clearly stating the following scope of entrustment in the relevant contracts pursuant to the relevant laws:
Entrusted Third Party | Scope of Entrusted Tasks |
---|---|
TDCX (티디씨엑스코리아(유)) | Customer call center, Volvo On Call services, service related customer general inquiries, outbound/inbound calls, vehicle related inquiries, dealer network inquiries, surveys, RSA, email inquiries, 1:1 web inquiries |
Samsung Fire Insurance. (삼성화재서비스손해사정㈜) | Roadside Assistance (RSA): Volvo On Call services, emergency roadside assistance service |
MPC Plus(㈜엠피씨플러스) | RSA role on behalf of Samsung Fire Insurance: Volvo On Call services, emergency roadside assistance service, outbound calls |
Samsung Fire Insurance RSA partners | RSA: actual towing & on-site services |
AWS (Amazon Web Service) 아마존웹서비스 | Hosting cloud in Seoul to provide solution for connected car cloud service of Volvo On Call (web server, data base, firewall) |
5. Overseas Transfer of Personal Information
The Company may transfer and manage personal information of users overseas for purpose of, among others, providing services as follows:
Name and contact information of the company that the personal information is transferred to:
Volvo Car Corporation
Assar Gabrielssons väg, SE-405 31, Gothenburg, Sweden
Country: Sweden
Date and method of transfer: At the time of service use
Personal information to be transferred: All collected items
Period for retention and use by the transferee: Until fulfillment of the purpose of personal information provision.
6. Rights and Duties of Users and Legal Representatives and Exercise thereof
Users, legal representatives (if the users are under the age of 14), and any representative entrusted with such right can exercise their rights to request access to, modification, deletion, and suspension of processing of personal information at any time. Also, the users and representatives can retract consent to collection and use of personal information or cancel registration at any time. To exercise rights through the data protection officer, please contact the data protection officer as set forth in Section 9 herein.
7. Method of Destruction of Personal Information
In principle, personal information of users will be destroyed without delay after fulfilling the purpose of collection and use.
Information provided by users for use of the Volvo ID services will be placed in a separate database (or filing cabinet in case of personal information printed on paper) and stored for a certain period of time based on grounds for information protection provided in the Company's internal policies and other applicable laws and regulations after fulfilling the purpose of collection and use and before being destroyed.
The process and method for destruction of personal information is as follows:
A. Destruction Procedure
The Company shall select the personal information to be destroyed and proceed with the destruction upon approval by the data protection officer.
B. Destruction Method
- Personal information printed on paper will be destroyed by shredding or incineration.
- Personal information stored in electronic files will be destroyed via technical methods preventing restoration.
8. Security Measures for Personal Information
The Company takes all necessary technical, managerial and physical meausres as required by applicable laws and regulations to protect users’ personal information, including but not limited to the following:
- Managerial measures: Establishment and enforcement of internal management plans, periodic training of employees, etc.;
- Technical measures: Management of access authority to the personal information processing system, installment of access control systems, encryption of unique identification information, and installment of security programs, etc.; and
- Physical measures: Access control to data processing room, archive room, etc.
9. Data Protection Officer
Name: Lee, Manshik
Title: Head of Sales & Marketing
Contact Information: help_korea@volvocars.com
10. Modification of the Privacy Notice
The Privacy Notice and this addendum will be effective from July 5, 2024.
Prior versions of the Privacy Notice and this addendum can be found here.