Vehicle Privacy Notice

2.1 Data used for infotainment purposes

2.1.1 Driving Journal

The Driving Journal automatically logs all your trips. This may be useful if, for example, you want to manage your mileage expenses. The Driving Journal must be activated by you, otherwise the data is not collected.

If you enable the Driving Journal, we will collect your identifiers such as first and last name, phone number, E-mail address, your vehicle identification number (VIN), and the vehicle’s location as well as other trip related information such as your routes, time, distance, fuel and/or electric consumption and mileage. Depending on your vehicle model only start and finish position is collected or the full route.

We process this data based on your consent.

As a rule, the Driving Journal’s data is stored for up to 400 days depending on car model. You can disable the Driving Journal at any time, and by doing so the data will stop being collected. This does not trigger the deletion of previously collected information.

2.1.2 Over the air software updates (OTA)

Over the air software updates enable your vehicle to update and maintain the latest software without visiting a workshop. Using the latest software ensures you can fully utilize our updated services. By using the latest software, you are also improving your protection against cybersecurity incidents.

To maintain vehicle software and provide necessary software updates, we process the following data:

• Vehicle identification number (VIN)
• Vehicle software version
• Diagnostic trouble codes
• Vehicle manufacturing date
• Vehicle specification
• Installation status and reports

The legal basis for us to process the data mentioned above is your consent.

We will retain records of the software updates made for the entire vehicle lifetime.

You can agree or disagree to automatic software updates at any time in the privacy settings. If you agree, software updates are downloaded automatically, and you will be notified when the update is ready to install. If you disagree, you will be notified when a new update is available and can be downloaded. If you don’t want to use over the air software updates, you can have updates installed in a workshop with the required connection to our systems.

2.1.3 Connected Safety

Our vehicles are equipped with Connected Safety, a service offered by us, which informs you about current traffic hazards while you drive the vehicle. This information is based on information sent from other vehicles or from public sources where applicable. This information is used to alert you on changing road conditions or potential road hazard early on by displaying appropriate warnings, allowing you to adapt your driving style accordingly. If your own vehicle detects a potential road hazard, such as reduced friction between your tires and the road or if the hazard warning lights are activated, this information is sent to Volvo Cars. The information is aggregated and anonymized before sent to vehicles approaching your own vehicle’s position.

The data that we collect and process to support Connected Safety is:

• Vehicle identification number (VIN)
• Event such as Slippery road alert activation, Hazard light activation etc.
• Time stamp of each alert
• Location

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

In addition, the abovementioned data is processed anonymously and transmitted to traffic agencies and companies, in order to avoid and reduce dangers posed by road traffic, but also to improve road safety, to reduce maintenance costs and contribute to a sustainable traffic environment. Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Sweden, hereinafter referred to as “Polestar”) are joint controllers for these purposes. As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

We will retain the information for 1 week.

2.1.4 Digital Key

Digital key can fully replace the conventional car key, and allows you to conveniently lock, unlock, or start your vehicle with your smartphone or smart watch. In addition, it is also possible to share your key with additional users through various digital channels.

Digital key only requires network connection during the initial one-time set-up, for sharing of keys, or revoking keys. Once set-up, the key will work via Bluetooth, Near Field Communication (NFC), and Ultra-Wideband Technology (UWB). During set-up, your key will be added to your wallet app in your smart device. From your wallet app you can share your key through messaging apps, mail, or via Airdrop^®. You can also easily revoke keys you have shared, either through the wallet app, or in the vehicle infotainment system.

The following data is processed when using digital key:

• Vehicle identification number (VIN)
• Vehicle details
• Vehicle status
• Volvo ID
• Key ID
• Friendly name

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain your data as long as you have a valid contract.

2.1.5 Real-time Traffic Information (RTTI)

The Real Time Traffic Information service receives information about road traffic information from a 3rd party service provider.

We process the following data from the car:

• Vehicle position and speed – these are shared with the 3rd party service provider to calculate congestion and to inform you and other drivers where risks for congestion exist; these data points are anonymous for the 3rd party service provider.
• Vehicle Identity Number (VIN) – this is used by Volvo Cars to verify that your vehicle has a subscription for this service.

Car models equipped with sensors that can identify traffic signs in real time as you drive do this through local processing (in the car) only.

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

The data will be stored by Volvo Cars as long as the subscription is active. Once the subscription is inactive, VIN, speed and position are stored for maximum of 90 days, unless a longer time is required under local applicable law.

2.1.6 Intelligent Speed Assist (ISA)

Intelligent Speed Assist (ISA) is a mandatory function in some jurisdictions that uses road sign data to assist cars in keeping the speed limit. In order to know the speed limit on current road ISA uses the car’s navigation system to fetch road sign data. The navigation system in turn needs the car's position to provide the correct data.

In addition, Volvo Cars is legally required to report aggregated data on your usage of the vehicle, like:

• how much time or how long distances you have travelled with the advanced vehicle systems activated or deactivated
• how much time or how long distanced you have travelled by observing or overriding the recognized speed limits 
• the time elapsed between the activation and deactivation of the advanced vehicle systems

To support ISA and the reporting, the following data is processed:

• Vehicle Identification Number (VIN)
• Vehicle speed
• Vehicle details (model, production year)
• Information generated by the vehicle, its sensors and systems (warnings, faults, diagnostics, status and behaviour of the advanced vehicle systems)
• Information related to how the vehicle is used and operated (settings, use of the advanced vehicle systems)
• Location

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

We retain the information until it has been aggregated and sent to relevant authorities.

2.1.7 Speech Messaging

Speech Messaging is part of a larger voice command system with which you can control features of your infotainment system, and lets you create and send SMS messages by giving verbal instructions. To initiate a dialogue using voice commands, you first need to activate this function. Voice control will remain activated until you deliberately stop it or until you have not responded to three prompts from the system.

The following data is processed when using Speech Messaging:

• Recorded voice data or commands
• Vehicle identification number (VIN) - the VIN is used to verify that your car has a subscription for this service
• Phone number
• Text message - The text message created by the 3rd party service provider is stored in the cloud and sent back and saved in your vehicle. The text message can be sent as SMS.

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the information until the message has been sent.

2.1.8 Air Quality Index

This function shows information on air quality, such as pollution and pollen levels.

Initially, information on the air quality from within the car is shown.

If you choose to share the location of the car, information of the air quality from outside the vehicle will also be presented.

The legal basis for us to process the data mentioned above is performance of the contract.

The data will be deleted after it has been presented in the car.

2.1.9 Map Delivery System

This service will enhance functions in the vehicle such as Pilot Assist and Adaptive Cruise Control by providing up-to-date map data of your current location.

To enable Map Delivery System, the following data is processed:

• Location - in order for the vehicle to be able to request the correct map data an approximate location is processed (with an area no more specific than 0.8 km²).

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data until the map data has been downloaded.

2.2 Data used related to safety

2.2.1 Active Safety Data Recorder (ASDR)

The Active Safety Data Recorder (ASDR) primary purpose is to record data related to traffic accidents or collision-like situations. This information will be processed by our research and development department to help us better understand the circumstances in which traffic accidents, injuries, and damage occur.

By giving your consent, Volvo Cars collects and processes the following data for future development purposes and active safety-related complaints:

• Vehicle Identity Number (VIN)
• Type of safety event triggered and its occurrences
• Front-facing camera images are captured during 4 seconds before and after collision-like situations
• Vehicle location at time of incident

The legal basis for us to process the data mentioned above is your consent, and we keep it for up to 10 years before we delete or anonymise it.

2.2.2 Event Data Recorder (EDR)

The vehicle stores safety-related information relating to crash or near-crash situations in an Event Data Recorder (EDR) – also known as the car’s “black box”. The safety-related information includes data such as:

• How various systems in your vehicle were operating
• Whether or not the driver and passenger safety belts were buckled/fastened
• How far (if at all) the driver was depressing the accelerator and/or brake pedal
• How fast the vehicle was traveling

The period recorded is usually up to 30 seconds and the EDR does not record any data during normal driving conditions.

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

The data will be retained as per the legal requirements until such time as it is overwritten by new events.

2.2.3 Emergency Call (eCall)

Emergency Call (eCall) automatically triggers an emergency call and sending of data in the event of certain types of accidents, detected by activation of one or more sensors within the vehicle. That means an eCall will be made by the car automatically even if all occupants in the car are unconscious, and the data mentioned below is automatically transmitted to the call centre. eCall can also be triggered manually by pushing and holding the SOS button for at least 2 seconds.

When an eCall is made, the following data is processed:

• Vehicle Identification Number (VIN)
• Vehicle propulsion or engine specification
• Vehicle model specification
• Time of the incident
• Location of the incident
• Direction of the vehicle travel
• Vehicle status

By default, and where available, eCall is routed to a third-party services provider (this is called a third party service eCall or TPS eCall); this supplier varies by region, and you can get more information by contacting us regarding which suppliers are used in your region. You can at any time choose to have the call routed to the public emergency service, by modifying your settings.

The data is only collected when the eCall is made, and the only entities having access to it are Volvo Cars and the third party providing the service (or the emergency service itself, if selected). However, they may forward this data to specialised emergency services (for example ambulance) if necessary.

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

We will retain the data for 200 days, and the processing is limited to the emergency situations referred to above.

2.2.4 Call Centre Services

With Call Centre Services we provide you with the ability to connect to our call centre from within the vehicle by pressing the “on call”/assist button, through a call from within the app or by calling the call centre directly. Services offered as part of the Call Centre Services are described below:

Roadside Assistance (RSA)

RSA involves supporting you when you experience a technical fault with your vehicle, such as a flat tire or a fault with the engine/motor. In some cases, the agent at the call centre is able to provide guidance on the call to you on how to remedy the issue. In other cases, the repair can be made at the roadside (called a ‘spot repair’) or, where that is not possible, your vehicle will need towing to a workshop to be fixed. The agent will assess what response is appropriate during the call. Where roadside recovery is needed (spot repair or a tow), assistance vehicles can be provided by a third party, such as a roadside vehicle towing and repair company, who then will process the related data.

Stolen Vehicle Tracking (SVT)

SVT is a way to locate your vehicle if stolen. A vehicle may be reported stolen by: 

• the vehicle itself. This happens when the vehicle detects a trigger of the vehicle alarm, which causes a notification, known as a ‘theft notification’, to be sent to any driver with the Volvo Cars App connected to the vehicle, as well as to the call centre.
• the owner of the vehicle, that makes a call to the call centre.
• local law enforcement (police). Again, a call is made directly to the call centre.

For the SVT process to be initiated an official police report must be filed and the report case number needs to be submitted to the call centre.

Remote Vehicle Immobilisation/Mobilisation (RVI/RVM)

RVI/RVM can be used to enable or disable the immobiliser in the vehicle. If the immobiliser is enabled, the vehicle will not be able to be started until the immobiliser is disabled. The vehicle can then be remotely mobilised. This service is initiated by the call centre agent. 

In order to provide you with the services described above, we will automatically collect the following data when contacting the call centre through the “on call”/assist button in the vehicle or through the Volvo Car App:

• License plate
• Vehicle Identification Number (VIN)
• Vehicle specification
• Vehicle status
• Time and place of the request
• Location at time of the call
• Direction of the vehicle travel

Depending on the nature and scope of the request, for any of the call centre services above, we may need to process additional information necessary for the delivery of requested assistance, for example:

• contact information (home address, e-mail address, phone number)
• insurance details (policy and claim number)
• transaction-related data
• damage cause and information about the workshop handling the repair

The legal basis for us to process the data mentioned above is performance of the contract.

We will retain the data for 200 days.

2.2.5 Intrusion Detection System (IDS)

The goal of the Intrusion Detection System (IDS) is to detect and prevent against anomalies and violations that could be possible cybersecurity threats for the vehicle systems. This means that we will monitor how software and apps behave to ensure they are not violating what they are permitted to do. IDS will be monitoring the system in real-time and report violations to Volvo Cars.

We will process the following data:

• Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.
• Information generated by the vehicle, its sensors and systems: faults, diagnostics, connectivity and network information, certifications and authorization data, security logs, calibrations, timestamps, status of onboard systems and functions, behavior of onboard systems and functions and output of onboard systems and functions.
• Information related to how the vehicle is used and operated: configurations, settings, device connections, timestamps, passenger occupancy, use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors.
• Location data: Low precision, accuracy over 600m.

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

We will retain the pseudonymized information for the lifetime of the vehicle. In case of a detected vulnerability we will keep the data for 1 year after the investigation has been concluded.

2.2.6 Ensuring safe batteries

We need to ensure that our cars with a hybrid or full-electric powertrain are safe in order to protect our drivers, their families and the general public from danger and unnecessary inconvenience. To ensure this, we will collect and use information related to batteries to enable early detection of potential concerns and to identify new potential fault types. If we think it is needed, we will also contact and inform you of potential concerns.

The data we collect and use are:

• Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.
• Information related to the vehicle propulsion and battery: hardware and software information, cell voltages, state of charge, charging information, configurations, calibrations, temperature, alarms, warnings, faults, diagnostics, timestamps, state of health and overall status.
• Information generated by the vehicle: Odometer.

The legal basis for us to process the data mentioned above is our legitimate interests mentioned above as well as to fulfil our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3 Data used related to maintenance and repairs

2.3.1 Service planning

Service planning helps you keep your vehicle in good condition and observe the vehicle’s health.

If applicable in your country, we will send you service-related communication.

When your vehicle has an internet connection, service planning works by continuously providing Volvo Cars, retailers, and workshops with diagnostic data. Providing diagnostic data remotely, will enable your workshop to prepare your upcoming visit even better. In addition, data will be shared with our national sales company and retailers to administer bookings and deliveries of parts if needed.

Service planning also helps us schedule production and delivery of spare parts, which is an important component for our sustainability goals by optimizing content, logistics and workshop utilization.

In order to provide you with service planning, the following data will be collected:

• Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), hardware and software information)
• Information generated by the vehicle, its sensors and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, temperature, timestamps, state of health, status and behaviour of onboard systems and functions)

The legal basis for us to process the data mentioned above is performance of the contract. You can switch the service on and off at any time.

We will retain the information for 3 years, except for information on the vehicle’s high-voltage battery, which is retained for 10 years.

2.3.2 Diagnostic read-out in workshops

If servicing or repairs are carried out on your vehicle at a service centre, workshop, or partner, we will receive and use information for fault tracing, to manage our product manufacturer obligations, for product research and development purposes, such as to monitor and improve the quality of our vehicles, their safety features, and other functions.

The data we collect and use are:

• Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), hardware and software information)
• Information generated by the vehicle, its sensors, and systems (odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, status and behaviour of onboard systems and functions)
• Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions, and use of the information head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors)

The legal basis for us to process the data mentioned above is our legitimate interests as well as to fulfil our legal obligations, such as conducting safety-related recalls.

We will retain the information mentioned above for the lifetime of the vehicle.

2.3.3 Bug Reporting

Bug Reporting is a tool that can be activated by workshops to enable us to collect information on software bugs. The tool is used to identify and investigate the impact of issues and will enable us to solve software related problems as well as maintain our software in good health. By activating Bug Reporting, we will collect and process the following data from your vehicle:

• Information related to the vehicle (mileage, fuel consumption, vehicle configuration and details, Vehicle Identification Number (VIN), IP-address and software version)
• Information generated by the Information Head Unit, Display Head Unit, Telematics and Connectivity Antenna Module and their associated signals (GPS, DID (Data Identifier), DTC (Diagnostic Trouble Code), vehicle network diagnostics, Android Automotive diagnostics, start-up diagnostics, and reports and logfiles targeted to developers)
• Information about the interaction between the driver and vehicle (speed, infotainment settings, navigation destinations, phone book, radio settings, third party application settings, roadside assistance log)
• Information related to the driver (e-mail accounts, phone number, Volvo ID)

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the issue with your vehicle has been solved, or for 90 days, whichever occurs later.

2.3.4 Extended Vehicle Data Analysis

In order to fully investigate issues with your vehicle that you bring to our attention, we need to use the following data from your vehicle together with some basic customer data such as name and contact details:

• data recorded by the Event Data Recorder and other systems relating to vehicle safety system (speed, GPS position, steering angle, brake power, deployment, and use of safety systems etc)
• data regarding surroundings (such as temperature, slippery road) captured by other car sensors or acquired from providers of such information
• data from the vehicle’s Electronic Control Units, Telematics and Connectivity Antenna Module and the Information Head Unit and their associated signals
• vehicle status (mileage, fuel consumption, odometer and other data shown in the dashboard)
• all interaction between driver and vehicle such as changes of different settings, account names such as Volvo ID and Google ID and data related to device usage which has connected via Bluetooth
• Vehicle Identification Number (VIN)

The data will be used to identify potential problems with the vehicle, manage a potential warranty case and potential product safety issues. If the data can’t be collected, Volvo Cars will not be able to investigate the problems.

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data until the problem with your vehicle has been solved.

2.4 Data used for research & development purposes

2.4.1 Traffic accident research and development

When a traffic accident occurs involving one of our vehicles, we investigate what happened for the purpose of improving the safety of our vehicles as well as the traffic environment in general. If it would be beneficial for our research, we will send out a survey to you to get additional information on the accident.

When researching, the following data will be processed:

• Contact details
• Information related to the vehicle (model, production year, Vehicle Identification Number (VIN), License plate, hardware, and software information)
• Information generated by the vehicle, its sensors, and systems (Close objects, engine data, frozen signal data, odometer, weather and road conditions, temperature, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorization data, calibrations, energy and fuel consumption, timestamps, state of vehicle health, status and behaviour of onboard systems and functions)
• Information related to how the vehicle is used and operated (configurations, settings, device connections, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions and use of the information head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors and trigger deployment of airbag)
• Location data
• Camera data: Outward-facing camera images are captured during 4 seconds before and after the accident

The legal basis for us to process the data mentioned above is our legitimate interest.

We will retain your data for 10 years.

2.4.2 Vehicle data analytics

We process vehicle data (listed below) in order to obtain statistical information about our vehicles and how they are used. We use this information for product research and development purposes, in particular to improve and monitor the quality of vehicles and their safety features. This also serves to manage Volvo Cars’ warranty commitments.

Data categories used:

• Vehicle identification number (VIN)
• Identifiers of the vehicle’s hardware and software versions
• Diagnostic trouble codes (DTC)

Volvo cars also collects the following information on the vehicle’s high-voltage battery (where applicable):

• High voltage battery ID, capacity, and health status
• Vehicle market information
• Charging station information (e.g. availability status, the power type, pole ID)
• Diagnostic data during charging (e.g. duration, state of charge, current fluctuation)

The legal basis for us to process the data mentioned above is your consent.

The data Vehicle identification number (VIN), Identifiers of the vehicle’s hardware and software versions, and Diagnostic trouble codes (DTC), are retained for 2 years, while the information on the vehicle’s high-voltage battery is retained for the lifetime of the battery.

In the case of hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Gothenburg, Sweden, hereinafter referred to as “Polestar”) share analysis data from their respective vehicles. The analysis data exchanged between Volvo Cars and Polestar, as listed above, is of a purely technical nature and does not involve actual customer data. The analysis data collected via the Volvo Cars and Polestar platforms is exchanged between the two companies for the purposes of improving and monitoring the quality of the vehicle, the performance of the electric and hybrid features, and the safety features.

As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing of analysis data. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.

2.4.3 Vehicle Analytics & Improvements

If you provide your consent by enabling Vehicle Analytics & Improvements, we will collect and use data (listed below) to get information about your vehicle and how it is being used. We use this information for fault tracing, product research and development purposes, such as to monitor and improve the sustainability and quality of our vehicles, their safety features and other functions. If we think it is needed, we will also contact and inform you of potential problems or faults.

The data we collect and use:

• Information related to the vehicle: model, production year, Vehicle Identification Number (VIN), hardware and software information.
• Information generated by the vehicle, its sensors and systems: odometer, service indicators, alarms, warnings, lights, faults, diagnostics, connectivity and network information, certifications and authorisation data, security logs, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, state of health, status of onboard systems and functions, behaviour of onboard systems and functions and output of onboard systems and functions.
• Information related to how the vehicle is used and operated: configurations, settings, device connections, trailer connected, usage mode (charge, park, drive), charging information, timestamps, speed, passenger occupancy, interactions and use of the infotainment head unit (the screen in the car), use of remote services, use of car functions such as accelerator, brakes, steering, seat belts and doors.
• Location data: Location is collected in the following cases.
  • incidents (near accident) and accidents;
  • if the eCall function has been activated; and
  • in case of connectivity issues.
  Location is also continuously collected from safety functions, autonomous drive and advanced driving assistance systems.
• Camera data: outward-facing camera images are captured
  • in connection to incidents and accidents; and
  • continuously from safety functions, autonomous drive and advanced driving assistance systems.

The legal basis for the collection and use of the data mentioned above is your consent.

We keep the data for five years, other than the information on the car’s high-voltage battery, which is retained for the life of the battery. At the five-year mark, we will delete the data or, if we see a need to keep the data, we make sure it’s completely anonymised.

2.5 Emissions reporting

If you have a vehicle with an internal combustion engine we will collect data from your vehicle in order to be reported pursuant to applicable law.

The data collected is:

• Vehicle Identification Number (VIN)
• Information related to emissions: total fuel consumed (lifetime), total distance travelled (lifetime), total grid energy into the battery (lifetime) – with several breakdowns as needed under applicable law

The legal basis for us to process the data mentioned above is to fulfil our legal obligations.

The information above is kept until the data has been reported.

2.6 Law enforcement requests

Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish, exercise or defend ourselves against legal claims.

We provide law enforcement with the least amount of personal data that is necessary. Example of data type that we can give out are; serial number of car part connected to a VIN number or a IMEI-number.