VEHICLE PRIVACY NOTICE

Last updated: April 24, 2024

This privacy notice explains how Volvo Cars (as defined below) process data related to vehicles and connected services provided by Volvo Cars.

For an explanation of vehicle features and functions, please check the owner's manual for the relevant model. Please note that if there are any differences between this notice and the owner's manual related to the processing of personal data, this notice takes precedence.

Since the processing of data depends on the features and functions with which the vehicle is equipped, and on the services which you choose to activate, this document presents the widest extent of possible processing. If you have an older vehicle, or if a new model is not equipped with a certain feature or function, the data processing associated with that feature will not happen.

This privacy notice does not apply to:

· Special vehicles (e.g. police cars)

· Processing of personal data that does not leave the car (local processing)

· Processing of personal data when you interact with one of our retailers (such as when you buy your car)

· Your use of software, apps and services provided by third parties. (For further information, please see the individual service providers’ own terms and conditions as well as their privacy policies/notices)

· The provision of the internet/connectivity service in your car, which is supplied by a mobile network operator independently from Volvo Cars.

Please note that Volvo Cars has other privacy notices that should be read together with this information for a complete picture. We have listed these for you below. You can easily access them by following the links directly.

· General Privacy Notice

· Volvo Cars App privacy notice

You can find below:

1. Who we are

2. What personal data we use and why

2.1 Data used for infotainment purposes

2.1.1 Driving Journal

2.1.2 Over the air software updates (OTA)

2.1.3 Connected Safety

2.1.4 Digital Key

2.1.5 Real-time Traffic Information (RTTI)

2.1.6 Intelligent Speed Assist (ISA)

2.1.7 Speech Messaging

2.1.8 Air Quality Index

2.1.9 Map Delivery System

2.2 Data used related to safety

2.2.1 Active Safety Data Recorder (ASDR)

2.2.2 Event Data Recorder (EDR)

2.2.3 Emergency Call (eCall)

2.2.4 Call Centre Services

2.2.5 Intrusion Detection System (IDS)

2.2.6 Ensuring safe batteries

2.3 Data used related to maintenance and repairs

2.3.1 Service planning

2.3.2 Diagnostic read-out in workshops

2.3.3 Bug Reporting

2.3.4 Extended Vehicle Data Analysis

2.4 Data used for research & development purposes

2.4.1 Traffic accident research and development

2.4.2 Vehicle data analytics

2.4.3 Vehicle Analytics & Improvements

2.5 Emissions reporting

2.6 Law enforcement requests

3. Sharing of your personal data

4. Your rights and controls

4.1 Your rights under GDPR

4.2 Your rights under XXXX

5. Contact information

6. Updates to this notice

1. Who we are

The entities responsible for the processing of personal data referred to below are Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31 Gothenburg, Sweden, company registration number 556074-3089, and Volvo Car USA LLC hereinafter referred to as “Volvo Cars”, “we”, or “us”. If other entities are processing personal data together with us, so called joint controllers, this will be specified.

2. What personal data we use and why

The Driving Journal automatically logs all your trips. This may be useful if, for example, you want to manage your mileage expenses. The Driving Journal must be activated by you, otherwise the data is not collected.

2.1 Data used for infotainment purposes

If you enable the Driving Journal, we will collect your identifiers such as first and last name, phone number, E-mail address, your vehicle identification number (VIN), and the vehicles location as well as other trip related information such as your routes, time, distance, fuel and/or electric consumption and mileage. Depending on your vehicle model only start and finish position is collected or the full route.

We process this data based on your consent.

2.1.1 Driving Journal

As a rule, the Driving Journals data is stored for up to 400 days depending on car model. You can disable the Driving Journal at any time, and by doing so the data will stop being collected. This does not trigger the deletion of previously collected information.

2.1.2 Over the air software updates (OTA)

Over the air software updates enable your vehicle to update and maintain the latest software without visiting a workshop. Using the latest software ensures you can fully utilize our updated services. By using the latest software, you are also improving your protection against cybersecurity incidents.

To maintain vehicle software and provide necessary software updates, we process the following data:

· Vehicle identification number (VIN)

· Vehicle software version

· Diagnostic trouble codes

· Vehicle manufacturing date

· Vehicle specification

· Installation status and reports

The legal basis for us to process the data mentioned above is your consent.

We will retain records of the software updates made for the entire vehicle lifetime.

You can agree or disagree to automatic software updates at any time in the privacy settings. If you agree, software updates are downloaded automatically, and you will be notified when the update is ready to install. If you disagree, you will be notified when a new update is available and can be downloaded. If you don't want to use over the air software updates, you can have updates installed in a workshop with the required connection to our systems.

2.1.3 Connected Safety

Our vehicles are equipped with Connected Safety, a service offered by us, which informs you about current traffic hazards while you drive the vehicle. This information is based on information sent from other vehicles or from public sources where applicable. This information is used to alert you on changing road conditions or potential road hazard early on by displaying appropriate warnings, allowing you to adapt your driving style accordingly. If your own vehicle detects a potential road hazard, such as reduced friction between your tires and the road or if the hazard warning lights are activated, this information is sent to Volvo Cars. The information is aggregated and anonymized before sent to vehicles approaching your own vehicles position.

The data that we collect and process to support Connected Safety is:

· Vehicle identification number (VIN)

· Event such as Slippery road alert activation, Hazard light activation etc.

· Time stamp of each alert

· Location

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

In addition, the abovementioned data is processed anonymously and transmitted to traffic agencies and companies, in order to avoid and reduce dangers posed by road traffic, but also to improve road safety, to reduce maintenance costs and contribute to a sustainable traffic environment. Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Sweden, hereinafter referred to as “Polestar”) are joint controllers for these purposes. As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

We will retain the information for 1 week.

2.1.4 Digital Key

Digital key can fully replace the conventional car key, and allows you to conveniently lock, unlock, or start your vehicle with your smartphone or smart watch. In addition, it is also possible to share your key with additional users through various digital channels.

Digital key only requires network connection during the initial one-time set-up, for sharing of keys, or revoking keys. Once set-up, the key will work via Bluetooth, Near Field Communication (NFC), and Ultra-Wideband Technology (UWB). During set-up, your key will be added to your wallet app in your smart device. From your wallet app you can share your key through messaging apps, mail, or via Airdrop®. You can also easily revoke keys you have shared, either through the wallet app, or in the vehicle infotainment system.

The following data is processed when using digital key:

· Vehicle identification number (VIN)

· Vehicle details

· Vehicle status

· Volvo ID

· Key ID

· Friendly name

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain your data as long as you have a valid contract.

2.1.5 Real-time Traffic Information (RTTI)

The Real Time Traffic Information service receives information about road traffic information from a 3rd party service provider.

We process the following data from the car:

  • Vehicle position and speed – these are shared with the 3rd party service provider to calculate congestion and to inform you and other drivers where risks for congestion exist; these data points are anonymous for the 3rd party service provider.
  • Vehicle Identity Number (VIN) – this is used by Volvo Cars to verify that your vehicle has a subscription for this service.

Car models equipped with sensors that can identify traffic signs in real time as you drive do this through local processing (in the car) only.

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

The data will be stored by Volvo Cars as long as the subscription is active. Once the subscription is inactive, VIN, speed and position are stored for maximum of 90 days, unless a longer time is required under local applicable law.

2.1.6 Intelligent Speed Assist (ISA)

Intelligent Speed Assist (ISA) is a mandatory function in some jurisdictions that uses road sign data to assist cars in keeping the speed limit. In order to know the speed limit on the current road ISA uses the car’s navigation system to fetch road sign data. The navigation system in turn needs the car's position to provide the correct data.

In addition, Volvo Cars is legally required to report aggregated data on your usage of the vehicle, like:

· how much time or how long distances you have travelled with the advanced vehicle systems activated or deactivated

· how much time or how long distanced you have travelled by observing or overriding the recognized speed limits

· the time elapsed between the activation and deactivation of the advanced vehicle systems

To support ISA and the reporting, the following data is processed:

· Vehicle Identification Number (VIN)

· Vehicle speed

· Vehicle details (model, production year)

· Information generated by the vehicle, its sensors and systems (warnings, faults, diagnostics, status and behavior of the advanced vehicle systems)

· Information related to how the vehicle is used and operated (settings, use of the advanced vehicle systems)

· Location

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

We retain the information until it has been aggregated and sent to relevant authorities.

2.1.7 Speech Messaging

Speech Messaging is part of a larger voice command system with which you can control features of your infotainment system, and lets you create and send SMS messages by giving verbal instructions. To initiate a dialogue using voice commands, you first need to activate this function. Voice control will remain activated until you deliberately stop it or until you have not responded to three prompts from the system.

The following data is processed when using Speech Messaging:

· Recorded voice data or commands

· Vehicle identification number (VIN) - the VIN is used to verify that your car has a subscription for this service

· Phone number

· Text message - The text message created by the 3rd party service provider is stored in the cloud and sent back and saved in your vehicle. The text message can be sent as SMS.

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the information until the message has been sent.

2.1.8 Air Quality Index

This function shows information on air quality, such as pollution and pollen levels.

Initially, information on the air quality from within the car is shown.

If you choose to share the location of the car, information of the air quality from outside the vehicle will also be presented.

The legal basis for us to process the data mentioned above is performance of the contract.

The data will be deleted after it has been presented in the car.

2.1.9 Map Delivery System

This service will enhance functions in the vehicle such as Pilot Assist and Adaptive Cruise Control by providing up-to-date map data of your current location.

To enable Map Delivery System, the following data is processed:

· Location - in order for the vehicle to be able to request the correct map data an approximate location is processed (with an area no more specific than 0.8 km2).

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data until the map data has been downloaded.

2.2 Data used related to safety

The Active Safety Data Recorder (ASDR) primary purpose is to record data related to traffic accidents or collision-like situations. This information will be processed by our research and development department to help us better understand the circumstances in which traffic accidents, injuries, and damage occur.

2.2.1 Active Safety Data Recorder (ASDR)

By giving your consent, Volvo Cars collects and processes the following data for future development purposes and active safety-related complaints:

· Vehicle Identity Number (VIN)

· Type of safety event triggered and its occurrences

· Front-facing camera images are captured during 4 seconds before and after collision-like situations

· Vehicle location at time of incident

The legal basis for us to process the data mentioned above is your consent, and we keep it for 10 years before we delete or anonymize it.

2.2.2 Event Data Recorder (EDR)

The vehicle stores safety-related information relating to crash or near-crash situations in an Event Data Recorder (EDR) – also known as the car’s “black box”. The safety-related information includes data such as:

  • How various systems in your vehicle were operating
  • Whether or not the driver and passenger safety belts were buckled/fastened
  • How far (if at all) the driver was depressing the accelerator and/or brake pedal
  • How fast the vehicle was traveling

The period recorded is usually up to 30 seconds and the EDR does not record any data during normal driving conditions.

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

The data will be retained as per the legal requirements until such time as it is overwritten by new events.

2.2.3 Emergency Call (eCall)

Emergency Call (eCall) automatically triggers an emergency call and sending of data in the event of certain types of accidents, detected by activation of one or more sensors within the vehicle. That means an eCall will be made by the car automatically even if all occupants in the car are unconscious, and the data mentioned below is automatically transmitted to the call center. eCall can also be triggered manually by pushing and holding the SOS button for at least 2 seconds.

When an eCall is made, the following data is processed:

· Vehicle Identification Number (VIN)

· Vehicle propulsion or engine specification

· Vehicle model specification

· Time of the incident

· Location of the incident

· Direction of the vehicle travel

· Vehicle status

By default, and where available, eCall is routed to a third-party services provider (this is called a third-party service eCall or TPS eCall); this supplier varies by region, and you can get more information by contacting us regarding which suppliers is used in your region. You can at any time choose to have the call routed to the public emergency service, by modifying your settings.

The data is only collected when the eCall is made, and the only entities having access to it are Volvo Cars and the third party providing the service (or the emergency service itself, if selected). However, they may forward this data to specialized emergency services (for example ambulance) if necessary.

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We will retain the data for 200 days, and the processing is limited to the emergency situations referred to above.

2.2.4 Call Center Services

With Call Centre Services we provide you with the ability to connect to our call center from within the vehicle by pressing the “on call”/assist button, through a call from within the app or by calling the call center directly.Services offered as part of the Call Centre Services are described below:

Roadside Assistance (RSA)

RSA involves supporting you when you experience a technical fault with your vehicle, such as a flat tire or a fault with the engine/motor. In some cases, the agent at the call center is able to provide guidance on the call to you on how to remedy the issue. In other cases, the repair can be made at the roadside (called a ‘spot repair’) or, where that is not possible, your vehicle will need towing to a workshop to be fixed. The agent will assess what response is appropriate during the call. Where roadside recovery is needed (spot repair or a tow), assistance vehicles can be provided by a third party, such as a roadside vehicle towing and repair company, who then will process the related data.

Stolen Vehicle Tracking (SVT)

SVT is a way to locate your vehicle if stolen. A vehicle may be reported stolen by:

· the vehicle itself. This happens when the vehicle detects a trigger of the vehicle alarm, which causes a notification, known as a ‘theft notification’, to be sent to any driver with the Volvo Cars App connected to the vehicle, as well as to the call center.

· the owner of the vehicle, that makes a call to the call center.

· local law enforcement (police). Again, a call is made directly to the call center.

For the SVT process to be initiated an official police report must be filed and the report case number needs to be submitted to the call center.

Remote Vehicle Immobilization/Mobilization (RVI/RVM)

RVI/RVM can be used to enable or disable the immobilizer in the vehicle. If the immobilizer is enabled, the vehicle will not be able to be started until the immobilizer is disabled. The vehicle can then be remotely mobilized. This service is initiated by the call center agent.

In order to provide you with the services described above, we will automatically collect the following data when contacting the call center through the “on call”/assist button in the vehicle or through the Volvo Car App:

· License plate

· Vehicle Identification Number (VIN)

· Vehicle specification

· Vehicle status

· Time and place of the request

· Location at time of the call

· Direction of the vehicle travel

Depending on the nature and scope of the request, for any of the call center services above, we may need to process additional information necessary for the delivery of requested assistance, for example:

· contact information (home address, e-mail address, phone number)

· insurance details (policy and claim number)

· transaction-related data

· damage cause and information about the workshop handling the repair

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data for 200 days.

2.2.5 Intrusion Detection System (IDS)

The goal of the Intrusion Detection System (IDS) is to detect and prevent against anomalies and violations that could be possible cybersecurity threats for the vehicle systems. This means that we will monitor how software and apps behave to ensure they are not violating what they are permitted to do. IDS will be monitoring the system in real-time and report violations to Volvo Cars.

We will process the following data:

· Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.

· Information generated by the vehicle, its sensors and systems: faults, diagnostics, connectivity and network information, certifications and authorization data, security logs, calibrations, timestamps, status of onboard systems and functions, behavior of onboard systems and functions and output of onboard systems and functions.

· Information related to how the vehicle is used and operated: configurations, settings, device connections, timestamps, passenger occupancy, use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors.

· Location data: Low precision, accuracy over 600m.

The legal basis for us to process the data mentioned above is to fulfill our legal obligations.

We will retain the pseudonymized information for the lifetime of the vehicle. In case of a detected vulnerability, we will keep the data for 1 year after the investigation has been concluded.

2.2.6 Ensuring safe batteries

We need to ensure that our cars with a hybrid or full-electric powertrain are safe in order to protect our drivers, their families and the general public from danger and unnecessary inconvenience. To ensure this, we will collect and use information related to batteries to enable early detection of potential concerns and to identify new potential fault types. If we think it is needed, we will also contact and inform you of potential concerns.

The data we collect, and use are:

• Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), hardware and software information)

• Information related to the vehicle propulsion and battery (hardware and software information, cell voltages, state of charge, charging information, configurations, calibrations, temperature, alarms, warnings, faults, diagnostics, timestamps, state of health and overall status)

• Information generated by the vehicle: Odometer.

The legal basis for us to process the data mentioned above is our legitimate interests mentioned above as well as to fulfill our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3 Data used related to maintenance and repairs

Service planning helps you keep your vehicle in good condition and observe the vehicle’s health.

If applicable in your country, we will send you service-related communication.

When your vehicle has an internet connection, service planning works by continuously providing Volvo Cars, retailers, and workshops with diagnostic data. Providing diagnostic data remotely, will enable your workshop to prepare your upcoming visit even better. In addition, data will be shared with our national sales company and retailers to administer bookings and deliveries of parts if needed.

2.3.1 Service planning

Service planning also helps us schedule production and delivery of spare parts, which is an important component for our sustainability goals by optimizing content, logistics and workshop utilization.

In order to provide you with service planning, the following data will be collected:

Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), hardware and software information)

Information generated by the vehicle, its sensors and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, temperature, timestamps, state of health, status and behavior of onboard systems and functions)

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

We will retain the information for 3 years, except for information on the vehicle’s high-voltage battery, which is retained for 10 years.

2.3.2 Diagnostic read-out in workshops

If servicing or repairs are carried out on your vehicle at a service center, workshop, or partner, we will receive and use information for fault tracing, to manage our product manufacturer obligations, for product research and development purposes, such as to monitor and improve the quality of our vehicles, their safety features, and other functions.

The data we collect, and use are:

• Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), hardware and software information)

• Information generated by the vehicle, its sensors, and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, status and behavior of onboard systems and functions)

• Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions, and use of the information head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors)

The legal basis for us to process the data mentioned above is our legitimate interests as well as to fulfil our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3.3 Bug Reporting

Bug Reporting is a tool that can be activated by workshops to enable us to collect information on software bugs. The tool is used to identify and investigate the impact of issues and will enable us to solve software related problems as well as maintain our software in good health. By activating Bug Reporting, we will collect and process the following data from your vehicle:

· Information related to the vehicle (mileage, fuel consumption, vehicle configuration and details, Vehicle Identification Number (VIN), IP-address and software version)

· Information generated by the Information Head Unit, Display Head Unit, Telematics and Connectivity Antenna Module and their associated signals (GPS, DID (Data Identifier), DTC (Diagnostic Trouble Code), vehicle network diagnostics, Android Automotive diagnostics, start-up diagnostics, and reports and logfiles targeted to developers)

· Information about the interaction between the driver and vehicle (speed, infotainment settings, navigation destinations, phone book, radio settings, third party application settings, roadside assistance log)

· Information related to the driver (e-mail accounts, phone number, Volvo ID)

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the issue with your vehicle has been solved, or for 90 days, whichever occurs later.

2.3.4 Extended Vehicle Data Analysis

In order to fully investigate issues with your vehicle that you bring to our attention, we need to use the following data from your vehicle together with some basic customer data such as name and contact details;

· data recorded by the Event Data Recorder and other systems relating to vehicle safety system (speed, GPS position, steering angle, brake power, deployment, and use of safety systems etc.)

· data regarding surroundings (such as temperature, slippery road) captured by other car sensors or acquired from providers of such information

· data from the vehicle’s Electronic Control Units, Telematics and Connectivity Antenna Module and the Information Head Unit and their associated signals

· vehicle status (mileage, fuel consumption, odometer and other data shown in the dashboard)

· all interaction between driver and vehicle such as changes of different settings, account names such as Volvo ID and Google ID and data related to device usage which has connected via Bluetooth

· Vehicle Identification Number (VIN)


The data will be used to identify potential problems with the vehicle, manage a potential warranty case and potential product safety issues. If the data can’t be collected, Volvo Cars will not be able to investigate the problems.

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the problem with your vehicle has been solved.

2.4 Data used for research & development purposes

When a traffic accident occurs involving one of our vehicles, we investigate what happened for the purpose of improving the safety of our vehicles as well as the traffic environment in general. If it would be beneficial for our research, we will send out a survey to you to get additional information on the accident.

2.4.1 Traffic accident research and development

When researching, the following data will be processed:

· Contact details

· Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), License plate, hardware, and software information)

· Information generated by the vehicle, its sensors, and systems (Close objects, engine data, frozen signal data, odometer, weather and road conditions, temperature, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, energy and fuel consumption, timestamps, state of vehicle health, status and behavior of onboard systems and functions)

· Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions and use of the information head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors and trigger deployment of airbag)

· Location data

· Camera data: Outward-facing camera images are captured during 4 seconds before and after the accident

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data for 10 years.

2.4.2 Vehicle data analytics

We process vehicle data (listed below) in order to obtain statistical information about our vehicles and how they are used. We use this information for product research and development purposes, in particular to improve and monitor the quality of vehicles and their safety features. This also serves to manage Volvo Cars’ warranty commitments.

Data categories used:

  • Vehicle identification number (VIN)
  • Identifiers of the vehicle’s hardware and software versions
  • Diagnostic trouble codes (DTC)

Volvo Cars also collect the following information on the vehicle’s high-voltage battery (where applicable):

  • High voltage battery ID, capacity, and health status
  • Vehicle market information
  • Charging station information (e.g. availability status, the power type, pole ID)
  • Diagnostic data during charging (e.g. duration, state of charge, current fluctuation)

The legal basis for us to process the data mentioned above is your consent.

The data Vehicle identification number (VIN), Identifiers of the vehicle’s hardware and software versions, and Diagnostic trouble codes (DTC), are retained for 2 years, while the information on the vehicle’s high-voltage battery is retained for the lifetime of the battery.

In the case of hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Gothenburg, Sweden, hereinafter referred to as “Polestar”) share analysis data from their respective vehicles. The analysis data exchanged between Volvo Cars and Polestar, as listed above, is of a purely technical nature and does not involve actual customer data. The analysis data collected via the Volvo Cars and Polestar platforms is exchanged between the two companies for the purposes of improving and monitoring the quality of the vehicle, the performance of the electric and hybrid features, and the safety features.

As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing of analysis data. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

2.4.3 Vehicle Analytics and Improvements

If you provide your consent by enabling Vehicle Analytics & Improvements, we will collect and use data (listed below) to get information about your vehicle and how it is being used. We use this information for fault tracing, product research and development purposes, such as to monitor and improve the sustainability and quality of our vehicles, their safety features and other functions. If we think it is needed, we will also contact and inform you of potential problems or faults.

The data we collect and use:

• Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.

• Information generated by the vehicle, its sensors and systems: odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, security logs, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, status of onboard systems and functions, behavior of onboard systems and functions and output of onboard systems and functions.

• Information related to how the vehicle is used and operated: configurations, settings, device connections, trailer connected, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions and use of the infotainment head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors.

• Location data: Location is collected in the following cases.

o incidents (near accident) and accidents;

o if the eCall function has been activated; and

o in case of connectivity issues.

Location is also continuously collected from safety functions, autonomous drive and advanced driving assistance systems.

• Camera data: outward-facing camera images are captured

o in connection to incidents and accidents; and

o continuously from safety functions, autonomous drive and advanced driving assistance systems.

The legal basis for the collection and use of the data mentioned above is your consent.

We keep the data for five years, other than the information on the car’s high-voltage battery, which is retained for the life of the battery. At the five-year mark, we will delete the data or, if we see a need to keep the data, we make sure it’s completely anonymized.


2.5 Emissions reporting

If you have a vehicle with an internal combustion engine we will collect data from your vehicle in order to be reported pursuant to applicable law.

The data collected is:

· Vehicle Identification Number (VIN)

· Information related to emissions: total fuel consumed (lifetime), total distance travelled (lifetime), total grid energy into the battery (lifetime) – with several breakdowns as needed under applicable law

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

The information above is kept until the data has been reported.

2.6 Law enforcement requests

Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish, exercise or defend ourselves against legal claims.

We provide law enforcement with the least amount of personal data that is necessary. Example of data type that we can give out are; serial number of car part connected to a VIN numberor a IMEI-number.

3. Sharing of your personal data

We share data with various organizations to run our business, to maintain our relationship with you, and to provide you with products and services. We describe these situations below.

Where we refer to these organizations as our ‘suppliers”, ‘processors’ or ‘sub-processors’, each one of these organizations is limited by contract in their ability to use your personal data for any purpose other than to provide services to us or on our behalf, as instructed by us. In each case, we only share the personal data, including telematics data, we deem necessary to achieve the respective purpose.

Other group companies within Volvo Cars and its sub-processors

· Personal data is transferred to other group companies for customer care, to provide our products and services and for provision of IT systems for business support and data storage.

IT-suppliers and their sub-processors

· Personal data is transferred to IT-suppliers who supply general business support systems to us, such as software and data storage providers.

Law enforcement authorities (e.g., police, courts)

· Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish, exercise or defend ourselves against legal claims.

Other service providers (such as mobile network operators, connectivity providers and charging operators)

· We can share information from the vehicle and subscription information to enable the services, for fault tracing and service improvement purposes.

Any party approved by you

· For example, you may ask us to share vehicle data with a third party such as an insurance company to prepare an insurance quote for you.

3rd party vehicle owners

· For example, fleet management or car rental companies might process data generated by the vehicle and your driving, including location data, for vehicles they own or manage.

Retailer, repairers, workshops

· Personal data is transferred for the purpose of providing services, fault tracing, maintenance, and repair.


4. Your rights and controls

You have specific legal rights relating to the personal data we process about you. The rights may differ depending on which jurisdiction you are in and the nature of the processing. Generally, your rights concern the possibility to:

· withdraw your consent

· object to our processing of your data

· ask for a copy of the data we hold about you (so-called subject access right)

· ask for the data to be transferred to another entity (so-called data portability)

· ask for the data to be corrected or restricted

· ask for the data to be deleted (so-called right to be forgotten)

4.1 Your rights under GDPR

As mentioned, these rights are not absolute and in some cases data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfil your request.

If you would like to submit a rights request, you can get in touch with us by completing this form. We kindly ask that you use the form as it sets out the information that we need to verify your identity and effectively process your request. However, should you prefer not to use the form, you are always welcome to contact us and submit your request using the contact information in the next section.

You also have a right to submit a complaint to your local data protection authority should you have concerns about how we use your personal data. However, we would appreciate it if you reached out and raised your concerns directly with us first to allow us to try to resolve them together. You can find our contact information below.

4.2 Your rights under US State Laws

Laws in various states provide rights to you with respect to your personal information. Our General Privacy Statement outlines these rights and how you can exercise those rights in the US.

5. Contact information

If you have any questions about how we use your personal data, you can contact us at dataprotection@volvocars.com, or Volvo Car Corporation Data Protection Officer as follows:

Postal Address: Volvo Car Corporation, Attention: The Data Protection Officer, dep 50099, VAK, 405 31 Gothenburg, Sweden.

Email: globdpo@volvocars.com

6. Updates to this notice

We continuously develop our products and services and will review and update this privacy notice as a result. As such we encourage you to revisit this privacy notice regularly. The date at the top of this privacy notice lets you know when it was last updated. We will handle your personal data in a manner consistent with the privacy notice under which it was collected unless we have your consent to handle it differently.