Customer Privacy Policy Vehicle Privacy Notice Privacy Notice – Volvo ID Volvo Cars App Privacy Notice Privacy Notice – Customer Care Privacy Notice – Consumer surveys

Article version 2025.143.0

Vehicle Privacy Notice

Effective from: 2025-05-23

Published at: 2025-05-23

This privacy notice explains how Volvo Cars (as defined below) process data related to vehicles and connected services provided by Volvo Cars that you can control through the privacy settings provided in the vehicle and for some features also in the Volvo Cars App.

Since the processing of data depends on the features and functions with which the vehicle is equipped, and on the services which you choose to activate, this document presents the widest extent of possible processing. If you have an older vehicle, or if a new model is not equipped with a certain feature or function, the data processing associated with that feature will not happen.

For an explanation of vehicle features and functions, please check the owner’s manual for the relevant model. Please note that if there are any differences between this notice and the owner’s manual related to the processing of personal data, this notice takes precedence.

This privacy notice does not apply to:

Special vehicles (e.g. police cars)
Processing of personal data that does not leave the vehicle (local processing)
Processing of personal data when you interact with one of our retailers (such as when you buy your vehicle)
Your use of software, apps and services provided by third parties (for further information, please see the individual service providers’ own terms and conditions as well as their privacy policies/notices)
The provision of the internet/connectivity service in your vehicle, which is supplied by a mobile network operator independently from Volvo Cars.

Please note that Volvo Cars has other privacy notices that should be read together with this information for a complete picture and that can easily access here.

In this notice you will find information about:

Who we are
What personal data we use and why
Sharing of your personal data
- 3.1 Cross border transfer
Your rights and controls
- 4.1 Your rights under GDPR
- 4.2 Your rights under PDPA
Contact information
Updates to this notice

1. Who we are

The entity responsible for the processing of personal data referred to below is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31 Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as “Volvo Cars”, “we”, or “us”.

For the processing concerning Connected Safety, and Vehicle Data Analytics for hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Sweden, hereinafter referred to as “Polestar”) are jointly responsible. Volvo Cars is for those purposes, responsible for providing information to its customers, and that the respective rights afforded any applicable data protection laws will be exercised by Volvo customers in relation to Volvo Cars.

2. What personal data we use and why

Personal data is information that directly or indirectly relates to you as a natural living person and that we receive from your vehicle. See below how we defined personal data categories in the context of vehicle related processing.

User details	Volvo ID, name, email, phone no, unique user ID.
Vehicle details	Identifiers such as the vehicle identification number (VIN) and registration number; and information about the vehicle such as model, production year, configuration and specifications including engine, propulsion type, hardware and software info and battery ID.
Vehicle information and status	Data such as faults codes and diagnostics data, charging related data, component and system health status such as but not limited to state of health, overall status (vehicle propulsion and battery), status and behaviour of onboard systems and functions, alarms, warnings, security logs, certifications and authorisation data, calibrations, connectivity and network information data related to the use of the vehicle (such as odometer, timestamps, temperature, service indicators, emissions, device connections, weather and road conditions, energy and fuel consumption, trailer connected, settings.
Vehicle usage and user behaviour	Data such as passenger occupancy, usage mode (charge, park, drive), settings, use of remote services, brakes, steering, seat belts and doors, interactions and use of the infotainment head unit, use of vehicle functions such as accelerator, supporting information related to incidents and malfunctions.
Position and movement information	Speed, location, and time logs.
Safety events	Type of safety event triggered and its occurrences, such as slippery road alert activation, hazard light activation and related time stamps.
Images/data from external cameras	Images captured from safety functions, autonomous drive and advanced driving assistance systems.

We process your personal data for the purposes described below. In certain cases, we may need to process your personal data to fulfil our contractual obligations to you or comply with applicable legal and regulatory requirements. Failure to provide the requested personal data may result in our inability to deliver certain services or fulfil our obligations effectively. Rest assured that we only collect and process personal data necessary for these purposes and in accordance with relevant data protection laws.

2.1 Data used for infotainment purposes

2.1.1 Over-the-Air Software Updates

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To maintain the latest software and provide necessary updates. To ensure you can fully utilise our updated services. To improve your protection against cybersecurity incidents.	Vehicle details Vehicle information and status	Consent.	Records of the software updates will be retained for the lifetime of the vehicle.

2.1.2 Connected Safety

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To alert you about current or potential traffic hazards and changing road conditions while you drive. To improve road safety, reduce maintenance costs, and contribute to a sustainable traffic environment.	Vehicle details Safety events Position and movement information (position is used to alert you about current or potential traffic hazards)	Performance of a contract.	The information will be retained up to one week.

2.1.3 Digital Key

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To allow you to lock, unlock, or start your vehicle with your smartphone or smart watch. To enable sharing and revoking of digital keys through various digital channels.	Vehicle details Vehicle information and status User details	Performance of a contract.	Your data will be retained for as long as you have a valid contract.

2.1.4 Real-Time Traffic Information

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To verify if the service subscription is active. To calculate and provide information on risks of road congestion, which we do with the support of a partner that will receive anonymous position and movement data.	Vehicle details Position and movement information	Performance of a contract.	Your data will be retained for as long as the subscription is active. Once the subscription is inactive, VIN, speed and position are stored up to 90 days, unless a longer time is required under applicable local law.

2.1.5 Intelligent Speed Assist

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To assist your vehicle in keeping the speed limit using road sign data. To report aggregated data on your usage of the vehicle to relevant authorities.	Vehicle details Vehicle information and status Vehicle usage and user behaviour Position and movement information (the position is used to fetch road sign data)	Legal obligation and performance of a contract.	Your data will be retained until it has been aggregated and reported to relevant authorities.

2.1.6 Air Quality Index

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To show information on air quality within your vehicle. If location is shared, it will provide you with information about pollution and pollen levels outside your vehicle.	Vehicle information and status Position and movement information	Performance of a contract.	Your data will be retained until it has been presented in your vehicle.

2.1.7 Map Delivery System

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To enhance functions in the vehicle such as Pilot Assist and Adaptive Cruise Control by utilising high-definition map data of your current location.	Position and movement information.	Performance of a contract.	The data will be retained until the map data has been downloaded.

2.2 Data used related to safety

2.2.1 Active Safety Data Recorder

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
Data related to traffic accidents or collision-like situations will be processed by our research and development department to help us better understand the circumstances in which traffic accidents, injuries, and damage occur.	Vehicle details Safety events Images from external camera Position and movement information (with an accuracy of ≤ 500 meters)	Consent.	The data will be retained for up to 10 years, after which it will be deleted or anonymised.

2.2.2 Event Data Recorder

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To assess the vehicle safety system performance in situations of crash or near-crash.	Vehicle information and status Vehicle usage and user behaviour	To fulfil our legal obligations.	The data will be retained until it is overwritten by new events.

2.2.3 Emergency Call (eCall)

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To ensure an emergency call will be triggered, either automatically or manually in the event of certain types of accidents.	Vehicle details Position and movement information (with an accuracy of ≤ 500 meters including the direction of travel and delta velocity in case of crash) Vehicle information and status Vehicle usage and user behaviour	To fulfil our legal obligations and performance of a contract.	Your data will be retained for up to 200 days.

2.2.4 Call Centre Services

Services offered as part of the Call Centre Services are described below.

Services	How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
Roadside Assistance	To connect you to our call centre when you need support in case of technical faults with your vehicle.	Vehicle details Position and movement information Vehicle information and status Additional information necessary for the delivery of requested assistance (e.g., user details, insurance details, transaction-related data, damage cause, and information about the workshop handling the repair)	Performance of a contract.	Your data will be retained for up to 200 days.
Stolen Vehicle Tracking	To locate your vehicle, if stolen.
Remote Vehicle Immobilisation/ Mobilisation	To enable or disable the immobiliser in the vehicle.	Vehicle details Position and movement information (with an accuracy of ≤ 500 meters) Vehicle information and status Safety events (reason for the call)
Safety Call	To ensure the safety of those in the vehicle in situations where the driver is detected as unresponsive by the safety features in the vehicle (reason for the call).

2.2.5 Intrusion Detection System

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To detect and prevent anomalies and violations that could be possible cybersecurity threats for the vehicle systems. To monitor how software and apps behave to ensure they are not violating what they are permitted to do.	Vehicle details Vehicle information and status Vehicle usage and user behaviour Position and movement information	To fulfil our legal obligations and performance of a contract.	Your data will be retained: pseudonymized for the lifetime of the vehicle. for up to one year after the investigation has been concluded, in case of a detected vulnerability.

How will we use your personal data (‘purpose’)

The information we use (‘personal data’)

Legal basis

Retention

To detect and prevent anomalies and violations that could be possible cybersecurity threats for the vehicle systems.
To monitor how software and apps behave to ensure they are not violating what they are permitted to do.

Vehicle details
Vehicle information and status
Vehicle usage and user behaviour
Position and movement information

To fulfil our legal obligations and performance of a contract.

Your data will be retained:

pseudonymized for the lifetime of the vehicle.
for up to one year after the investigation has been concluded, in case of a detected vulnerability.

2.2.6 Ensuring Safe Batteries

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To ensure that our vehicles with a hybrid or full-electric powertrain are safe. If deemed needed, to contact and inform you of potential concerns.	Vehicle details Vehicle information and status	Our legitimate interest to develop and improve the safety of our products.	Your data will be retained for the lifetime of the vehicle.
To enable early detection of potential concerns and to identify new potential fault types. To manage our product manufacturer obligations.	Vehicle details Vehicle information and status	To fulfil our legal obligations.	Your data will be retained for the lifetime of the vehicle.

2.3 Data used related to maintenance and repairs

2.3.1 Service Planning

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To help keep your vehicle in good condition and observe the vehicle’s health. To enable workshops to prepare for your visit by providing diagnostic data remotely. To schedule production and delivery of spare parts. To administer bookings and deliveries of parts if needed the data will be shared with our national sales company and retailers.	Vehicle details Vehicle information and status	Performance of a contract.	Your data will be retained for up to three years. The vehicle’s high-voltage battery information will be retained for up to 10 years.

2.3.2 Diagnostic Read-Out in Workshops

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
For fault tracing and product research and development.	Vehicle details Vehicle information and status Vehicle usage and user behaviour	Our legitimate interests to develop and improve our products and services.	Your data will be retained for the lifetime of the vehicle.
To manage our product manufacturer obligations.		To fulfil our legal obligations.	Your data will be retained for the lifetime of the vehicle.

2.3.3 Bug Reporting

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To identify and investigate software-related problems and maintain our software in good health.	Vehicle details Vehicle information and status Vehicle usage and user behaviour User details	Our legitimate interests to remedy, develop and improve our software.	Your data will be retained until the issue with your vehicle has been solved, or for up to 90 days, whichever occurs later.

2.3.4 Extended Vehicle Data Analysis

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To investigate and identify issues with the vehicle. To manage a potential warranty case and potential product safety issues.	Vehicle details Vehicle information and status Vehicle usage and user behaviour User details Position and movement information Safety events	Our legitimate interests to remedy, develop and improve our products.	Your data will be retained until the problem with your vehicle has been solved, after which it will be deleted.

2.4 Data used for research & development purposes

2.4.1 Traffic Accident Research

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To investigate the circumstances of a traffic accident involving one of our vehicles. To improve the safety of our vehicles and the traffic environment in general.	Vehicle details Vehicle information and status Vehicle usage and user behaviour Position and movement information Images from external camera	Our legitimate interests to remedy, develop and improve safety in our products.	Your data will be retained for up to 10 years.
To gather additional information on the accident through a survey, if beneficial for our research.	User details		Your data will be retained for up to 10 years.

2.4.2 Vehicle Data Analytics

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To understand how the vehicle is being used. To obtain statistical information about our vehicles. For product research and development, particularly to improve and monitor the quality of vehicles and their safety features. To manage Volvo Cars’ warranty commitments.	Vehicle details Vehicle information and status	Consent.	Your data will be retained for up to two years. The vehicle’s high-voltage battery information will be retained for the lifetime of the battery.

2.4.3 Vehicle Analytics & Improvements

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To understand how the vehicle is being used. To obtain statistical information about our vehicles. For fault tracing, product research, and development. To monitor and improve the sustainability and quality of our vehicles, their safety features, and other functions. To contact and inform you of potential problems or faults if needed.	Vehicle details Vehicle information and status Vehicle usage and user behaviour Position and movement information (with an accuracy of ≤ 500 meters) Safety events Images from external camera User details	Consent.	Your data will be retained for up to five years after which, if it is still needed will be anonymised or otherwise be deleted. The vehicle’s high-voltage battery information will be retained for the lifetime of the battery.

2.5 Emissions reporting

How will we use your personal data (‘purpose’)	The information we use (‘personal data’)	Legal basis	Retention
To collect emission specific data from your vehicle that will be reported to the relevant entity or authority.	Vehicle details Vehicle information and status	To fulfil our legal obligations and legitimate interest.	Your data will be retained until it has been reported to relevant authorities.

3. Sharing of your personal data

We share data with various organisations to run our business, to maintain our relationship with you, and to provide you with products and services. We describe these situations below.

Where we refer to these organisations as our ‘suppliers’, ‘processors’ or ‘sub-processors’, each one of these organisations is limited by contract in their ability to use your personal data for any purpose other than to provide services to us or on our behalf, as instructed by us. In each case, we only share the personal data, including telematics data, we deem necessary to achieve the respective purpose.

Who (‘Recipient’)	Why (‘Purpose’)
Other group companies within Volvo Cars and its sub-processors	Personal data is transferred to other group companies for customer care to provide our products and services and for provision of IT systems for business support and data storage.
IT-suppliers and their sub-processors	Personal data is transferred to IT-suppliers who supply general business support systems to us, such as software and data storage providers.
Authorised Volvo Car retailer(s) and repairer(s) (and its sub-processors)	Personal data is transferred for the purpose of providing services, fault tracing, maintenance, and repair.
Law enforcement authorities (e.g. police, courts) and other competent authorities	Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a severe crime is suspected, or when it is necessary to establish, exercise or defend ourselves against legal claims. We provide law enforcement with the least amount of personal data that is necessary. Example of data type that we can give out is the serial number of a vehicle part connected to a VIN number or an IMEI-number (unique user ID).
Other service providers (such as mobile network operators, customer care service partners, connectivity providers, roadside assistance operators and charging operators)	We may share information from the vehicle and subscription information to enable the services, for fault tracing and service improvement purposes. In some markets we use and share information with a third-party provider for customer care services. To provide certain functions (e.g., real-time traffic information) we share anonymised data with third parties.
Any party approved by you	For example, you may ask us to share vehicle data with a third party such as an insurance company to prepare an insurance quote for you.
Third -party vehicle owners such as companies with a Volvo Car fleet or car rental companies	Personal data may be provided by Volvo Cars, as processor, to the third-party owners, as controllers, for the purpose of providing fleet management services.

3.1 Cross border transfer

Your personal data will be stored by the Volvo Cars Group and/or our service providers located in foreign countries. Some of these countries may have data protection laws that differ from those enforced in Thailand (such as Sweden, the Netherlands, China, and Japan). For any actions carried out as part of Volvo Cars’ contractual obligations to you, we will rely on such contracts as the basis for cross-border data transfers. In cases where no such contract exists, Volvo Cars will ensure that legally recognized data protection safeguards such as Standard Contractual Clauses (SCCs) are in place. However, if these safeguards are not applicable, Volvo Cars will obtain your explicit consent on a case-by-case basis. In all instances, we will ensure that any personal data transferred internationally is protected to a standard equivalent to PDPA and in line with our internal practices.

4. Your rights and controls

4.1 Your rights under GDPR

You have specific legal rights relating to the personal data we process about you. The rights may differ depending on which jurisdiction you are in and the nature of the processing. Generally, your rights concern the possibility to:

withdraw your consent
object to our processing of your data
ask for a copy of the data we hold about you (so-called subject access right)
ask for the data to be transferred to another entity (so-called data portability)
ask for the data to be corrected or for its processing to be restricted
ask for the data to be deleted (so-called right to be forgotten)

As mentioned, these rights are not absolute and in some cases data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfil your request.

If you would like to submit a rights request, you can get in touch with us by completing this form. We kindly ask that you use the form as it sets out the information that we need to verify your identity and effectively process your request. However, should you prefer not to use the form, you are always welcome to contact us and submit your request using the contact information in the next section.

You also have a right to submit a complaint to your local data protection authority should you have concerns about how we use your personal data. However, we would appreciate it if you reached out and raised your concerns directly with us first to allow us to try to resolve them together. You can find our contact information below.

4.2 Your rights under PDPA

In addition to your rights under the GDPR, as a data subject in Thailand, you have specific legal rights granted by Thailand’s Personal Data Protection Act of 2019 relating to the personal data we process about you. These are briefly explained below, and you can exercise them by filling out the dedicated form indicated below.

Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
Right to access your personal data: You may ask from us information regarding personal data that we hold about you. We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs. You have the right to the information about our safeguards for the transfer of your personal data to a country that is outside Thailand if you request that we confirm whether or not we process your personal data, and we transfer your personal data to a country that is outside Thailand.
Right to rectification: You may obtain from us rectification of incorrect or incomplete personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
Right to restriction: You may obtain from us restriction of processing of your personal data, if:
1. you contest the accuracy of your personal data, for the period we need to verify the accuracy;
2. the processing is unlawful and you request the restriction of processing rather than erasure of your personal data;
3. we do no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims; or
4. you object to the processing while we verify whether our legitimate grounds override yours.
Right to portability: You have the right to receive your personal data that you have provided to us, and, where technically feasible, request that we transmit your personal data (that you have provided to us) to another organization, if:
1. we base the processing of your personal data on your consent, or our processing of your personal data are necessary for the execution or performance of a contract to which you are a party;
2. your personal data are provided to us by you; and
3. your right to portability does not adversely affect the rights and the freedoms of other persons.
- You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your right to have your personal data transmitted from us to another organization is a right you have if such transmission is technically feasible.
Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless processing is necessary:
1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by a law to which we are subject;
3. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
4. for the establishment, exercise or defense of legal claims.
Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data, otherwise we will only restrict it. You also have the right to object at any time, regardless of any reason, to the processing of your personal data for direct marketing (which includes profiling to the extent that it is related to such direct marketing), if such processing was based on our legitimate interest. If the marketing was based on your consent, you can withdraw consent (see above).
Right to lodge a complaint: You can lodge a complaint regarding our processing of personal data to the Office of the Personal Data Protection Committee, Thailand. However, we will appreciate if you first contact us to try and solve your problem – you can find our contact details below.

As mentioned, these rights are not absolute and at times, data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfil your request.

5. Contact information

If you have any questions about how we use your personal data, you can contact us at dataprotection@volvocars.com, or Volvo Car Corporation Data Protection Officer as follows:

Postal Address: Volvo Car Corporation, Attention: The Data Protection Officer, dep 50099, VAK, 405 31 Gothenburg, Sweden.

E-mail: globdpo@volvocars.com

Thai residents may also contact our National Sales Company, i.e. Volvo Car (Thailand) Limited, whose contact details are as below:

Postal address: 14/2-5 Floor, Emporium Tower Building, 622 Sukhumvit Road, Kwaeng Klongton, Khet Klongtoey, Bangkok 10110, Thailand

E-mail: dpothai@volvocars.com

6. Updates to this notice

We continuously develop our products and services and will review and update this privacy notice as a result. As such we encourage you to revisit this privacy notice regularly. The date at the top of this privacy notice lets you know when it was last updated. We will handle your personal data in a manner consistent with the privacy notice under which it was collected unless we have your consent to handle it differently.