Volvo Cars Privacy Notice - In-Car Application 

Effective from: 2026-04-20

Published at: 2026-04-20

Thanks for using Volvo Cars in-car applications! Volvo Cars Asia Pacific Headquarters (with business address at 2088 Luyi Road, Jiading District, Shanghai, hereinafter referred to as “Volvo Cars” “we” or “us”) takes the protection of users’ personal information and privacy seriously.

As we may collect and use your personal information when you are using Volvo Cars in-car application (“Volvo Application”), we have formulated the privacy notice (this “Notice”) that covers how we collect, store, use, entrusted process, share and protect personal information of users. We will explain to you in this Notice the purpose, manner and scope of our collection and use of your personal information, your rights to your personal information, and the measures we take to protect the information security, in order to provide full disclosure and obtain your consent or separate consent.

Except as expressly provided in this Notice, this Notice does not apply to products and/or services independently provided to you by third parties through access via our products and/or services (including but not limited to iFlytek’s voice features, AutoNavi Maps, iQutong, Huawei AppGallery, Ximalaya, QQ Music, NetEase Clout Music, etc.), such as third-party applications linked through our products and/or services. Such third parties, in order to provide you with their respective services, may collect your personal information. Please note that if you provide your personal information to a third party when using its products and/or services, your information will then be subject to the third party’s privacy statement or similar policy, and we are not liable for any improper use or disclosure of the information provided by you by any third party.

We understand that other associated individuals or entities besides you (including but not limited to your contacts, spouse, relatives, friends, drivers, etc.) may also access and experience our applications while using your vehicle. Their information is provided to us in the course of obtaining the relevant products or services we offer to you (“you” and “associated individuals,” collectively referred to as “you” hereinafter). You confirm that prior to such associated persons providing information to us, you have explained to them the purpose, manner, and scope of information use in accordance with this Notice, and obtained their authorization and consent to enable us to collect, store, use, entrust processing, share, transfer, and publicly disclose such information as described herein. You have also informed the associated individuals of their rights to access, correct, and delete their personal information.

Please use the Volvo Application only after fully understanding and selecting “Agree.” If you or your legal guardian do not agree to this Notice, you may decline our collection and use of your personal information by selecting “Disagree.” In such cases, we may be unable to provide you with relevant services.

This Notice will help you understand the following:

1. How we collect and use your personal information

2. How we retain your personal information

3. How we entrusted process, share, transfer, and publicly disclose your personal information

4. How we protect your personal information

5. Your rights to your personal information

6. How we process personal information of minors

7. Third-party service providers and their services

8. How your personal information is transferred globally

9. Update of this Notice

10. How to contact us

Section 1: How We Collect and Use Your Personal Information

We collect personal information to operate more efficiently and provide you with the best possible experience. We collect personal information through the following channels: (1) information you provide directly to us; (2) information we obtain while you use Volvo Application; and/or (3) information we obtain about you from third parties.

The information we collect depends on the specific products or services you use, the context in which you interact with us, and the choices you make—including your privacy settings and the products and features you use. Our products and features encompass both core business functions and value-added services. When we collect information, you are not required to provide personal information. For core business functions, if you choose not to provide it, we may be unable to provide the corresponding services or respond to or resolve any issues you encounter. For value-added features, you may choose whether to consent to our collection of information. If you decline consent, it may result in the inability to access the relevant value-added features, but it will not affect your use of the corresponding core business functions.

1. How We Collect and Use Your Personal Information

1.1 Information collected during your use of the products and/or services

(1) To provide you with the Volvo ID login functionality

If you choose to log in with your Volvo ID, we will collect your email address/phone number and password. If you decline to provide this information, you may be unable to use services associated with your Volvo ID, but you can still continue to use other services provided by our in-vehicle system.

(2) To provide you with air quality features

If you choose to enable the air quality feature, we will collect your city location to retrieve the current PM2.5 index for that city and further monitor the environmental conditions around your vehicle. If you decline to allow us to access this information, you may be unable to use our air quality feature, but this will not affect your use of the basic functions of the Volvo Application.

If you have enabled the air quality feature, you may still disable it by pressing the main button on the in-car system to stop us from collecting your related personal information.

(3) To provide you with Event Data Recorder (EDR) services

To comply with applicable legal requirements, we may collect and store safety-related information associated with collision or near-collision events through the Event Data Recorder (EDR), also known as the vehicle's “black box.” Such safety-related information includes:

• How the various systems in your vehicle operate;

• Are the driver and passengers wearing their seat belts;

• Driver's displacement distance (if any) when pressing the accelerator and/or brake pedals;

• Vehicle speed

Recording duration typically lasts up to 30 seconds. Please note that recording only occurs during significant collisions and does not capture any data under normal driving conditions. Furthermore, the recorded content does not include the geographic location of the vehicle operator or the collision (or its vicinity). Please understand that EDR services are provided to comply with mandatory legal and regulatory requirements, and we need to collect the aforementioned data to deliver these services to you.

(4) To provide you with the Driving Journal feature

If you choose to enable and use the driving log feature independently, we will collect and use your name, phone number, vehicle identification number (VIN), location information, and other trip-related details (including your driving route, time, distance, fuel consumption, and/or electricity consumption and mileage) to provide you with mileage expense management services.

(5) To provide you with over-the-air (OTA) software update services.

• To enable maintenance and necessary updates of in-vehicle software, we may collect and use the following data: Vehicle Identification Number (VIN);

• Vehicle software version;

• Diagnose fault codes;

• Vehicle specifications;

• Installation status and reports;

Vehicle manufacturing date.

If you decline remote software upgrades, you will be unable to use our online update service, and certain features that rely on the latest software may not function properly. Similar to other smart devices, failure to update software regularly may increase the likelihood of security risks to your vehicle's systems. You may also choose to visit our service center for software updates. Should you decline our collection of the aforementioned information, we will be unable to provide remote software upgrade services, though this will not affect your continued use of the basic functions of the Volvo Application.

If you have enabled the Over-the-Air software update service, you can still disable it by navigating to [Settings > System > Software Update > Turn Off Automatic Software Download]. Once disabled, we will cease collecting data related to remote software updates.

(6) To provide you with Connected Safety features

To alert you to road changes or potential hazards in a conspicuous manner while you are driving, enabling you to adjust your driving behavior promptly to avoid and reduce road traffic dangers, thereby enhancing road safety.

We may collect and use the following data from you:

• Vehicle Identification Number (VIN);

• Alarm activation signals (including slippery road warning activation signals, hazard warning light activation signals, etc.);

• Alarm signal timestamp;

• Location information (Location information is used to alert you to current or potential road hazards).

The collected information will be retained for one week, after which we will anonymize the data.

(7) To provide you with the Active Safety Data Recording (ASDR) feature

The primary purpose of the active safety data recording function is to capture data related to traffic accidents or similar collision events. This information will be processed by our Quality and R&D departments to help us better understand the circumstances under which traffic accidents, injuries, and damage occur.

With your authorization and consent, we will collect and process the following data for future development purposes and to address complaints related to active safety:

• Vehicle Identification Number (VIN)

• Types of security incidents triggered and their occurrence frequency

• Vehicle location at the time of the accident

The legal basis for our processing of the aforementioned data is your consent. The information collected as described above will be retained for a period of ten years. Upon expiration of this ten-year period, we will delete such information or, if deemed necessary to retain the relevant information, ensure its complete anonymization.

(8) To provide you with the Driver Monitoring System (DMS)

To ensure driving safety, when you enable the “Driver Monitoring System” feature, we will monitor your driving status to assess your fitness to drive and issue alerts when necessary. To do this, we collect your facial image data and analyze characteristics such as head position, eye position, and whether your eyes are closed. This information is converted into assessment values to determine your level of fatigue or distraction, enabling us to provide corresponding alerts.

The Driver Monitoring System processes all video images exclusively within your vehicle's cabin. After converting them into evaluation values, collected facial images are deleted. No facial images are stored inside the vehicle or uploaded to cloud servers. You may enable or disable this feature via the consent switch.

(9) To provide you with vehicle analysis and improvement services

For the purposes of fault tracing, product research, and development—such as monitoring and improving the sustainability, quality, safety performance, and other features of our vehicles—we may need to collect and use the following data to obtain information about your vehicle and its usage.

To provide you with vehicle analysis and improvement services, we need to collect and process your:

• Vehicle-related information, including model, year of manufacture, vehicle identification number (VIN), hardware and software details;

• Information generated by vehicles, sensors, and systems, including odometer readings, service indicators, alerts, warnings, lights, faults, diagnostics, connectivity and network information, authentication and authorization data, security logs, calibrations, temperature, weather and road conditions, energy and fuel consumption, timestamps, health status, status of onboard systems and functions, behavior of onboard systems and functions, and outputs of onboard systems and functions;

• Information related to vehicle usage and operation, including configuration, settings, device connections, trailer connections, usage patterns (charging, parking, driving), charging information, timestamps, vehicle speed, number of passengers, interaction and usage of infotainment devices (in-vehicle screens), use of remote services, and use of vehicle functions such as throttle, brakes, steering, seat belts, and doors;

• Vehicle location data, including collection under the following circumstances: (1) occurrence of incidents (emergencies) and accidents, (2) activation of the emergency call (eCall) function, and (3) connection issues. Safety features, autonomous driving, and advanced driver assistance systems continuously collect location information;

• Camera data, including images related to events and incidents captured by outward-facing cameras, as well as images continuously collected from safety features and combined driver assistance systems.

The information collected above will be retained for five years. Upon expiration of this five-year period, we will either delete the relevant information or ensure it is fully anonymized. However, information concerning the vehicle's high-voltage battery will be retained for the duration of the battery's service life.

(10) To provide you with Bluetooth services

When you pair your vehicle with your phone using Bluetooth functionality, your vehicle may request access to the following data via Bluetooth:

• Contacts;

• Phone Favorites;

• Call History.

(11) To provide you with Speech Messaging services

To provide you with voice messaging services, we may need to collect and use the following data to identify whether you have subscribed to this feature, enabling you to control infotainment system functions via voice commands, initiate conversations, and create and send text messages:

• Recorded voice data or commands;

• Vehicle identification number (VIN);

• Phone number;

• Text message content.

The text message content is created by a third-party service provider, stored in the cloud, and then transmitted back to be stored in your vehicle. Once the text message is sent, the relevant content will no longer be retained.

Navigation announcements and voice assistant prompts generated through our voice cloning technology are powered by customized voice generation services provided by our partner iFlytek.

(12) To provide you with the eCall service

To ensure your safety, we have developed an emergency call feature that automatically initiates a call when one or more sensors inside the vehicle are activated during a severe accident. When an emergency call is triggered, we need to collect the following data:

• Vehicle Identification Number (VIN);

• Engine specifications;

• Vehicle model specifications;

• Time of incident occurrence;

• Location of incident occurrence;

• Direction of vehicle travel;

• Vehicle status.

Both Volvo Cars and third-party call service partners may collect the aforementioned data, which will also be transmitted to emergency service providers (such as ambulance services) when necessary.

Please understand that eCall is a core business function we provide to you. If you refuse to allow us to collect the aforementioned data, you will be unable to use the relevant services of the Volvo Application.

(13) To provide you with call center services (including Volvo Rescue Service, Stolen Vehicle Tracking Service, and remote vehicle immobilization or mobilization services)

When providing you with call center services (including Volvo Rescue Service, Stolen Vehicle Tracking Service, and Remote Vehicle Immobilization or Mobilization Service), we may collect and use the following data from you:

• Vehicle Identification Number (VIN);

• License plate number;

• Vehicle specifications;

• Vehicle status;

• Time and location of the request;

• Location at the time of the call;

• Direction of vehicle travel.

Users' use of call center services constitutes their own independent decision, with location permissions granted on a one-time basis only.

Additionally, depending on the nature and scope of the request, we may need to process additional information required to provide the requested assistance:

• Contact information (home address, email address, phone number);

• Insurance details (policy and claim numbers);

• Transaction-related data;

• Cause of damage and information about the repair facility.

If you decline to allow us to collect the aforementioned information, we may be unable to provide you with call center services. However, this will not affect your use of the basic functions of the Volvo Application.

(14) To provide you with fault analysis and customer care services

When a fault or other status alert occurs in the DIM, we may need to collect the following data from you for upload to Volvo Cars' backend fault monitoring and analysis platform for troubleshooting. This enables us to contact you for repairs or pre-order necessary parts to save you time:

• Vehicle Identification Number (VIN);

• Alert/Notification ID;

• Mileage;

• Vehicle speed;

• Engine RPM;

• Gear position;

• Vehicle location information.

If you agree to enable the Bug Reporting feature in the workshop, we will collect and process the following data from your vehicle to identify and investigate the impact of software faults, resolve software-related issues, and maintain the proper functioning of the software:

• Vehicle-related information (mileage, fuel consumption, vehicle configuration and details, Vehicle Identification Number (VIN), IP address, and software version);

• Information generated by the infotainment host, display host, telematics and connectivity antenna modules, and their associated signals (GPS, DID (Data Identifier), DTC (Diagnostic Trouble Code), vehicle network diagnostics, Android Auto diagnostics, startup diagnostics), along with reports and log files for developers;

• Information about interactions between the driver and the vehicle (speed, infotainment settings, navigation destinations, phone contacts, radio settings, third-party app settings, Volvo Rescue Log);

• Driver-related information (email accounts, phone numbers, Volvo-ID).

When you use the Extended Vehicle Data Analysis feature, we collect and use the following data to enable us to thoroughly investigate issues with your vehicle:

• Basic customer data (name and contact information);

• Data recorded by event data recorders and other systems related to vehicle safety systems (speed, GPS location, steering angle, braking force, deployment and use of safety systems);

• Data about the surrounding environment collected by other vehicle sensors or obtained from such information providers (including temperature, slippery road conditions);

• Data from the vehicle's electronic control units, telematics and connectivity antenna modules, and infotainment host units along with their associated signals;

• Vehicle status (mileage, fuel consumption, odometer readings, and other data displayed on the instrument panel);

• All interactions between the driver and the vehicle, such as changes to various settings, account name (Volvo ID), and data related to the use of Bluetooth-connected devices;

• Vehicle Identification Number (VIN).

When you have your vehicle serviced or repaired at a service center, workshop, or through our partners, we may collect and use the following data to facilitate troubleshooting, manage product manufacturers, and conduct product development—all to optimize and enhance the safety, quality, and other features of Volvo Cars:

• Vehicle-related information (model, year of manufacture, vehicle identification number (VIN), hardware and software information);

• Information generated by the vehicle, sensors, and systems (odometer, service indicators, alerts, warnings, lights, faults, diagnostics, connectivity and network information, authentication and authorization data, calibration, temperature, weather and road conditions, energy and fuel consumption, timestamps, health status, status and behavior of onboard systems and functions);

• Information related to how the vehicle is used and operated (configuration, settings, device connections, usage patterns (charging, parking, driving), charging information, timestamps, speed, passenger occupancy, interactions, and use of the infotainment system (in-vehicle screens), use of remote services, use of vehicle functions (e.g., accelerator, brakes, steering, seat belts, and doors).

To provide you with customer care services and remind you to perform timely vehicle maintenance, we may collect and use your Vehicle Identification Number (VIN), license plate number, customer service order mileage, in-vehicle system mileage data, in-vehicle system maintenance alerts, and your contact information or that of the person submitting the vehicle for service. This information will be used to generate your recommended maintenance schedule alerts.

If you decline to provide us with the aforementioned information, you may be unable to access our fault analysis and customer care services. However, this will not affect your use of the basic functions of the Volvo Application.

(15) To provide you with the Vehicle Data Analytics feature

To obtain statistical information about our vehicles and their usage for product development purposes, particularly for improving and monitoring vehicle quality and safety performance, as well as for Volvo Car warranty services, we may need to collect and use the following data:

• Vehicle Identification Number (VIN);

• Identifiers for vehicle hardware and software versions;

• Diagnostic Trouble Codes (DTC);

• The following information about the vehicle's high-voltage battery (if applicable to your model)

• High-voltage battery ID, capacity, and health status;

• Vehicle market information;

• Charging station information (availability status, power source type, pole ID);

• Diagnostic data during charging (duration, state of charge, current fluctuations).

When you first choose to use the vehicle data analysis service, you must agree to and comply with Volvo Cars' Privacy Policy. Otherwise, vehicle data analysis will not collect any data. You may withdraw your consent at any time, and we will immediately cease data collection. However, this does not affect information that has already been collected.

(16) To provide you with the Service Planning feature

When you use our service plan features to help maintain your vehicle's condition and monitor its status, we may collect and use the following diagnostic data:

• Vehicle-related information (model, year of manufacture, vehicle identification number (VIN), hardware and software details);

• Information generated by the vehicle and its sensors and systems (odometer readings, service indicators, alerts, warnings, lights, faults, diagnostics, temperatures, timestamps, health status, and the status and behavior of onboard systems and functions).

When your vehicle is connected, Volvo Cars, Volvo Car sales, and Service Centers will collect diagnostic data and may also entrust our dealers to process such data to prepare repair services in advance when needed and manage parts reservations and deliveries.

(17) To provide you with product and event promotion information

When you use our products or services, we may send you information we believe may interest you or be relevant to you via email, SMS, or phone calls based on the personal information we collect. This includes information about our products/services, messages and advertisements, events, promotions, and marketing campaigns. If you wish to opt out of receiving such communications, you may do so by following the unsubscribe instructions provided in the email or SMS message, or by contacting us directly using the contact information provided in this Notice.

1.2 Obtaining Your Information from Third Parties

To enhance your experience and develop new products, we may obtain your personal information or other data from our partners within the scope permitted by law and with your authorization.

We will strictly adhere to the purposes stated in this Notice when using your personal information. Your personal information will only be used for the purposes that were identified, explained, and authorized by you at the time of collection. Should we intend to use the information for any other purposes not specified in this Notice, we will seek your consent beforehand. Should we intend to use information collected for specific purposes for other purposes, we will seek your consent beforehand. Without user consent, we will not provide users' personal information or other vehicle data to third parties for their use.

1.3 Other Usage Instructions

We will use the collected personal information within the scope necessary to provide our services, as outlined in this Notice.

We collect statistics on the usage of our services and may share these statistics with the public or third parties to demonstrate overall usage trends of our services. However, these statistics do not contain any personally identifiable information about you.

We will employ tracking technology to record relevant data based on your interactions within Volvo Cars' in-vehicle applications. This data includes your usage patterns, transaction details, and basic information (vehicle model, gender, age, new user status, education level, and occupation) when using applications such as AutoNavi, Ximalaya, QQ Music, NetEase Cloud Music, ZhiXing Car News, Scene Assistant, and iFlytek (where applicable). This information helps us understand how you use our products and/or services. It enables us to further develop and improve our offerings, enhance your user experience, research new products, and recommend content that may interest you.

When we intend to use your personal information for purposes not specified in this Notice, or when information collected for specific purposes is to be used for other purposes, we will request your prior consent by having you actively check a box.

We may conduct research, processing, training, statistical analysis, and forecasting on the personal information collected in accordance with this Privacy Notice. Through research, analysis, and forecasting, we aim to improve service quality, enhance user experience, provide references for business decisions, develop new products, and strengthen product security. We may aggregate and analyze the personal information collected under this Privacy Notice to analyze or predict your personal characteristics, such as preferences and behaviors, ultimately forming your personal characteristic model. Please be advised that we currently do not utilize your personal characteristic model for personalized recommendations. It is solely for our internal data analysis purposes.

2. Exceptions to Authorization and Consent for Collection and Use of Personal Information

You fully understand that, in accordance with applicable laws, we may collect and use your personal information without obtaining your authorization or consent in the following circumstances:

(1) Necessary for entering into or performing a contract where the individual is a party, or for implementing human resources management in accordance with legally established labor regulations and collectively bargained agreements;

(2) Necessary for performing statutory duties or fulfilling legal obligations;

(3) Necessary for responding to public health emergencies or protecting the life, health, and property safety of natural persons in urgent situations;

(4) Processing personal information within reasonable limits for public interest activities such as news reporting and public oversight;

(5) Processing personal information voluntarily disclosed by individuals or otherwise lawfully made public within reasonable limits as prescribed by laws and regulations;

(6) Other circumstances prescribed by laws and administrative regulations.

Section 2: How We Retain Your Personal Information

1. We determine the retention period for your personal information solely as required by laws and regulations, and only for the period necessary to achieve the purposes outlined in this Notice. After the expiration of the aforementioned period, we will delete your personal information or anonymize it.

2. Upon expiration of the consent period, we will obtain renewed consent from the individual. Should changes occur in the purpose of processing personal information, the methods of processing, or the types of personal information processed, we will obtain renewed consent from the individual.

3. If we terminate our services or operations, we will notify you at least thirty days in advance and delete or anonymize your personal information after the termination of services or operations.

Section 3: How We Entrusted Process, Share, Transfer, and Publicly Disclose Your Personal Information

1. How We Entrusted Process Your Personal Information

Certain specific modules or features within our products or services are provided by external suppliers. For example, we may engage service providers such as technical support providers to assist us in delivering customer support. For any companies, organizations, or individuals we entrust with the processing of personal information, we enter into strict confidentiality agreements or other data protection-related agreements with them. These agreements require them to process personal information in accordance with our instructions, applicable laws and regulations, and to implement additional measures to ensure the confidentiality and security of personal information.

2. How We Share and Transfer Your Personal Information

We may occasionally share certain personal information with our affiliates and strategic partners who collaborate with us to provide products and services, or share and transfer your personal information in other circumstances to deliver the products or services you request. Volvo Cars may share your personal information within the following scope:

(1) Sharing among Volvo Cars Entities: Within the scope permitted by laws and regulations, your personal information may be shared with our affiliated companies to ensure compliance with legal requirements, protect the interests, property, or safety of us, our affiliates or business partners, you, other users, or the public. We will only share the personal information necessary to achieve the aforementioned purposes. Without your consent, our affiliated companies will not use the shared personal information for any purposes beyond those stated above.

(2) Sharing with Business Partners: To fulfill the purposes stated in this Notice, certain services will be provided with the assistance of authorized business partners. We may share some of your personal information with these partners to deliver better customer service and user experience. Our business partners include the following types:

a. Authorized Dealers: To provide you with pre-sales services and post-sales warranty support, we will share your name, phone number, email address, location information, and other relevant details with our authorized dealers to better deliver these services.

b. Authorized Service Providers: To provide you with after-sales repair services, we will share your vehicle information, order details, and device information with our authorized service providers to better deliver these services.

The specific identity of authorized dealers and service providers depends on the particular circumstances of your vehicle. Typically, you can find the identity and contact information of your vehicle's dealer and service provider in documents such as the purchase contract. Should you have any questions, you may also contact us through the methods disclosed in this Notice.

(3) Our Collaboration with Third-Party Software Development Kit (SDK) Providers: Volvo Cars' in-vehicle applications include SDK plugins provided by our authorized partners. When you use relevant services offered by these authorized partners within Volvo Cars' in-vehicle applications, such service plugins will collect and process your related personal information, as detailed in the table below:

(4) Information sharing should be conducted when explicitly required by law or regulatory mandates, such as in scenarios related to government investigations, legal proceedings, disputes, or other legal requirements.

(5) When we believe disclosure is necessary to protect our rights in good faith, such as to investigate potential violations of our terms and conditions or to detect, prevent, or disclose fraud and other security issues.

(6) We will only share your personal information for lawful, legitimate, necessary, specific, and clearly defined purposes, and will only share the personal information necessary to provide products and/or services. We will only permit Volvo Cars employees and affiliates who need to use your personal information to access it when acting on behalf of Volvo Cars. Furthermore, we will only share the necessary personal information, and such sharing will be subject to the purposes stated in this Notice. Should our affiliates wish to change the purpose of processing personal information, they will seek your authorization and consent again.

(7) In cases where personal information needs to be transferred due to reasons such as merger, division, dissolution, or declaration of bankruptcy, we will inform you of the recipient's name or contact details. Furthermore, we will notify the recipient that they must continue to fulfill the obligations stated in this Notice. Should the recipient alter the relevant processing purposes or methods, they must obtain your authorization and consent anew.

(8) We enter into strict confidentiality agreements with companies, organizations, and individuals with whom we share personal information. These agreements emphasize stringent data protection compliance requirements and mandate that they process personal information in accordance with our instructions and any other relevant confidentiality and security measures. Regarding the use of sensitive personal data, we require third parties to employ data anonymization and encryption technologies to better protect user data. However, please note that Volvo Cars and its authorized dealers and service providers are separate legal entities. We generally do not assume liability for unlawful acts committed by Volvo Cars authorized dealers or service providers. If you have any questions about how your dealer or service provider collects and uses your personal information, please contact that dealer or service provider directly.

3. How We Publicly Disclose Your Personal Information

We will only publicly disclose your personal information under the following circumstances:

(1)With your separate consent; or

(2)Disclosure required by law: We may disclose your personal information when legally compelled to comply with subpoenas or other legal processes, lawsuits, or mandatory requests from government authorities, if we believe in good faith that such disclosure is necessary to protect our rights, safeguard your safety or the safety of others, investigate fraud, or respond to government requests.

4.Exceptions to Authorized Consent for Sharing, Transferring, or Publicly Disclosing Personal Information

You are fully aware that, in accordance with applicable laws, we may share, transfer, or publicly disclose your personal information without prior authorization or consent in the following circumstances:

(1)Necessary for entering into or performing a contract where the individual is a party, or for implementing human resources management in accordance with legally established labor regulations and collectively bargained agreements;

(2)Necessary for performing statutory duties or fulfilling legal obligations;

(3)Necessary for responding to public health emergencies or protecting the life, health, and property safety of natural persons in urgent situations;

(4)Processing personal information within reasonable limits for public interest activities such as news reporting and public oversight;

(5)Processing personal information voluntarily disclosed by individuals or otherwise lawfully made public within reasonable limits as prescribed by laws and regulations;

(6)Other circumstances prescribed by laws and administrative regulations.

Section 4: How We Protect Your Personal Information

We place great importance on personal information security and take all reasonable and feasible measures to protect your personal information:

1. Data Security Technical Measures

We will implement industry-standard security measures, including establishing reasonable systems and protocols, as well as employing security technologies to prevent unauthorized access, use, or modification of your personal information, and to avoid data corruption or loss.

Volvo Cars employs encryption technology to securely store user personal information and isolates it through isolation techniques. Strict data access permissions and multi-factor authentication technologies are implemented to protect personal information and prevent unauthorized use of data.

2. We only permit Volvo Cars and Volvo Cars affiliate employees who have a legitimate need to know such information to access personal data, and have established strict access control and monitoring mechanisms for this purpose. We also require all personnel who may come into contact with your personal information to fulfill corresponding confidentiality obligations. Failure to comply with these obligations will result in legal liability or termination of the cooperative relationship.

3. We recommend using complex passwords when communicating with other users via email, instant messaging, social media, and similar platforms, and taking care to protect your personal information.

4. Please be advised that the internet environment is not 100% secure. We will implement security safeguards in accordance with legal requirements and technological advancements to ensure the security of any information you send to us. However, if our physical, technical, or administrative security measures are compromised due to unforeseeable and unpreventable events, resulting in unauthorized access, public disclosure, alteration, or destruction of information, we shall not be liable for any losses arising from causes beyond Volvo Cars' control.

5. Security Incident Response

Please safeguard your personal information and only share it with others when necessary. To address potential risks such as personal information leaks, damage, or loss, Volvo Cars has established multiple systems that clearly define classification and grading standards for security incidents and vulnerabilities, along with corresponding handling procedures. Volvo Cars has also established a dedicated emergency response team for security incidents. Following standardized security incident handling protocols, the team activates contingency plans tailored to different incidents to mitigate damage, analyze the situation, pinpoint the source, develop remedial measures, and collaborate with relevant departments to trace the origin and take countermeasures.

In the unfortunate event of a personal information security incident, we will promptly notify you in accordance with legal and regulatory requirements. This notification will include: - The basic details of the security incident and its potential impact; - The measures we have taken or will take to address the incident; - Recommendations for you to independently prevent and mitigate risks; - Remedial measures available to you. We will promptly notify you of the incident via email, letter, phone call, push notifications, or other means. When it is impractical to notify each individual data subject individually, we will publish an announcement using reasonable and effective methods. Additionally, we will proactively report the handling of the personal information security incident to regulatory authorities as required by law.

We have established dedicated teams for network operations and data security to handle matters related to personal information protection. Should you have any questions regarding our personal information protection practices, please contact us using the contact information provided at the bottom of this Notice. If you discover that your personal information has been compromised, particularly if your account credentials have been leaked, please immediately contact us via the contact details in this Notice and assist us in taking appropriate measures.

Section 5: Your Rights to Your Personal Information

We respect your rights regarding your personal information. Below are the rights you are entitled to by law, along with how we protect these rights.

1.Right to be informed

We inform you about how we process your personal information by publishing this Notice. We are committed to ensuring transparency in the use of your information.

2.Right to access

You may directly query or access your personal information within our product or service interfaces. This includes logging into your account at any time via the product page to access personal information associated with your account.

You may access your personal information by navigating to [Settings > User Account > Account]. If you are unable to query or access your personal information independently, or encounter any issues while exercising your data access rights, you may contact us through the methods disclosed in this Notice to request access to your personal information.

3.Right to rectification

If you discover that the personal information we process about you is incorrect or incomplete, you have the right to request that we correct or supplement it. You may submit a correction request through Volvo Cars entities, authorized dealers, customer service hotline (10108666), or other channels.

4.Right to erasure

You may request us to delete your personal information in the following circumstances:

(1) If our processing of personal information violates laws and regulations or breaches our agreement with you;

(2) If you no longer use our products or services, or if you cancel your Volvo ID;

(3) If the purpose of our processing has been fulfilled, cannot be fulfilled, or is no longer necessary to achieve the processing purpose;

(4) If we no longer provide products or services to you, or the retention period has expired;

(5) If you withdraw your consent.

If you wish to request the deletion of your sensitive personal information based on the above circumstances, you may contact us at any time via the contact details provided in this Notice. We will process the deletion within 10 business days. If you wish to request the deletion of your general personal information based on the circumstances described above, you may contact us at any time using the contact information provided in this Notice. We will respond within 15 business days. If we decide to comply with your deletion request, we will also notify entities that have obtained your personal information from us to delete it, unless otherwise required by laws and regulations or unless these entities have obtained your independent authorization. After you delete information from our services, we may not immediately remove the corresponding information from our backup systems. However, such information will be deleted when backups are updated. Please be aware and understand that in accordance with laws and regulations, if the retention period stipulated by laws or administrative regulations has not expired, or if the deletion of personal information is technically unfeasible, we will cease processing such information except for storage and the implementation of necessary security protection measures.

5.Right to account cancellation

We provide you with the right to deactivate your account. You may contact us directly via the methods disclosed in this Notice to request account deactivation. After submitting your request, we may conduct a manual review to verify your eligibility for account deactivation. We will assist you in completing the deactivation process within 15 business days of your request submission. Upon account cancellation, we will delete or anonymize all relevant personal information associated with your account, except where otherwise required by applicable laws and regulations. After cancellation, we will no longer be able to provide you with products or services that require account login.

6.Right to consent withdrawal

Each business function requires certain basic personal information to be completed (see the “How We Collect and Use Your Personal Information” section of this Notice).

You may revoke your authorization consent at any time by accessing the vehicle system settings page [Settings > User > Privacy > Privacy Settings] and disabling the corresponding permissions. Performing a factory reset will withdraw your consent for personal information collection, and we will cease collecting all personal information.

7.Right to portability

When the conditions specified by the national cyberspace administration are met, you have the right to request the transfer of your personal information to a designated personal information processor. Upon providing formal authorization, you may exercise your right to data portability through the contact information provided in this Notice.

8.Right to file a complaint

(1)You have the right to contact us and file a complaint through the methods disclosed in this Notice. We will respond within 15 business days of receiving your complaint. If you are dissatisfied with our response, particularly if our personal information processing activities have infringed upon your lawful rights and interests, you may also file a complaint or report to the cyberspace administration, public security bureau, industry and commerce and other regulatory authorities, or initiate legal proceedings in a court with jurisdiction.

(2)Please note that for security reasons, we may verify your identity before processing your request. We generally do not charge fees for reasonable requests. However, for repeated requests that exceed reasonable limits, we may charge a cost-based fee depending on the circumstances. We may refuse requests that are groundless and repetitive, require disproportionate technical means (e.g., necessitating new system development or fundamental changes to existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical. In such cases, we will provide specific reasons in our response. Additionally, if your request directly involves matters of national security, defense security, public health, criminal investigations, or other issues directly related to public interest, or if it may cause serious harm to the legitimate rights and interests of you, other individuals, or organizations, we may be unable to respond to your request.

Subject to compliance with relevant legal requirements, your close relatives may exercise the aforementioned rights to access, copy, correct, or delete your relevant personal information, unless you have made alternative arrangements.

Section 6: How We Process Personal Information of Minors

1. Our products and services are primarily intended for adults. If you are a minor under the age of 18, you must obtain your guardian's consent before using our products and/or services. When collecting personal information from children with parental consent, we will only use or publicly disclose such information when permitted by law, explicitly authorized by the guardian, or necessary for the protection of the child. Regarding personal information potentially involving children under 14 years of age, in addition to complying with the provisions of this Notice concerning user personal information, we will adhere to the principles of legitimacy and necessity, informed consent, clear purpose, security safeguards, and lawful utilization. We will strictly follow the requirements of laws and regulations such as the Personal Information Protection Law and the Regulations on the Protection of Children's Personal Information Online for the storage, use, and disclosure of children's personal information, and ensure the lawful rights of children and their guardians regarding such information.

2. If we discover that we have collected personal information from minors without first obtaining verifiable parental consent, we will take steps to delete the relevant data as soon as possible.

3. If you are the guardian of a minor and have questions regarding the processing of your ward's information, or if you have evidence that a minor used our in-vehicle applications without obtaining parental consent, please contact us using the information provided below.

Section 7: Third-Party Service Providers and Their Services

While using our products and/or services, you may access applications and other services linked to Volvo Cars vehicles, websites, and other products but provided by third parties. For example, third-party applications may require vehicle data such as your location to provide services. Consequently, such third-party applications and services may involve your provision of specific categories of personal information to third parties. Volvo Cars assumes no responsibility for the collection or use of personal information by third-party applications or services. We recommend that you carefully review the applicable terms and conditions (and any related privacy statements) before using such applications or services. Make your own decision to use them only after ensuring you fully understand their rules for collecting and using your personal information. If you have any questions about a specific third party's use of your personal information, please contact that third party directly.

Section 8: How Your Personal Information Is Transferred Globally

In principle, personal information collected and generated within the People's Republic of China will be stored within the People's Republic of China. As Volvo Car Group conducts daily operations through affiliated companies and information systems worldwide, your personal information may be transferred to affiliated companies outside Volvo Car Group and third-party service providers (“Overseas Recipient”), or accessed by Overseas Recipients, after obtaining your separate consent:

Currently, the physical storage locations for our data include Beijing, Shanghai, Gothenburg.

The aforementioned Overseas Recipient is:

We will fulfill our data cross-border security management obligations as required by laws, regulations, and relevant supervisory authorities, and implement necessary security measures to protect your personal information. You may exercise your statutory rights directly with the Overseas Recipient through the contact information provided in the above form, or request our assistance in contacting the Overseas Recipient at hewei.xu@volvocars.com.

Section 9: Update of This Notice

1. To provide you with better service and in line with Volvo Cars' business development, this Notice may be updated. However, we will not reduce your rights under this Notice without your explicit consent. We will notify you of any updates by posting the revised version on Volvo Cars websites and apps, and will remind you of the changes via website announcements or other appropriate means before they take effect. Please visit Volvo Cars websites to stay informed about the latest privacy notice. By using or continuing to use our products and/or services after we have updated this Notice (in such event that we will promptly remind you of the updates), you agree to the content of this Notice (including the updated version) and consent to the collection, use, storage and sharing of your information in accordance with this Notice.

2. For significant changes, we will also provide more prominent notice (we will explain the specific changes to the privacy notice through means including but not limited to email, SMS, or special prompts on browsing pages).

The material changes referred to in this Notice include but are not limited to:

(1) Significant alterations to our service model, such as changes in the purpose of processing personal information, the types of personal information processed, or the manner of using personal information;

(2) Significant changes in our ownership structure or organizational framework, such as changes in ownership resulting from business restructuring, bankruptcy, mergers, or acquisitions;

(3) Changes to the primary recipients of personal information sharing, transfer, or public disclosure;

(4) Significant changes to your rights regarding personal information processing and the methods for exercising such rights;

(5) Changes to the department responsible for personal information security, its contact information, or complaint channels;

(6) When a personal information security impact assessment report indicates high risk.

3. We will also archive previous versions of this Notice for your reference.

Section 10: How to Contact Us

If you have any questions, comments, or suggestions regarding this Notice or matters related to your personal information, please send your feedback to: Volvo Cars Asia Pacific Headquarters, Attn: 2088 Luyi Road, Jiading District, Shanghai, China. Alternatively, you may contact us by calling our customer service hotline (10108666) or reaching out to our User Rights Affairs Contact (Xu Hewei, 16621032398).

Generally, we will respond within fifteen business days, unless otherwise required by laws and regulations. If you are dissatisfied with our response, particularly if you believe our personal information processing activities have infringed upon your lawful rights and interests, you may also file a complaint or report with regulatory authorities such as Cyberspace Administration, Telecommunications, Public Security, and Industry and Commerce, or initiate legal proceedings in a court with jurisdiction.