Article version 2021.340.0

Volvo vehicle Privacy Notice

Effective from:

Published at:

This privacy notice explains how Volvo Cars (as defined below) processes car-generated data when customers use a Volvo vehicle and associated connected services provided by Volvo Cars.

This document only explains the processing of personal data associated with the features of the newest Volvo car models; here you will not find the explanation of the features themselves – for this, please check the owner's manual for the relevant model. If you did not elect a car equipped with these features or if there are features which you did not choose to activate, the descriptions of those features may not apply to your car. Also, if you have an older model car, or if a new model is not equipped with a certain feature, the data processing associated with that feature will not happen.

Please note that if there is any discrepancy between this notice and the owner's manual as regards the processing of personal data, this notice takes precedence. In addition, the manual may include descriptions of data being processed which are not included below. This is because the manual includes the full universe of data being processed, whereas this notice does not include: (i) local processing (instances where data processed does not leave the car), because this does not constitute the processing of personal data by Volvo Cars or (ii) processing of personal data by Third Parties as separate controllers (for example, Google, in the case of Android Automotive infotainment system).

This privacy notice does not apply to:

  • Special vehicles (e.g., police cars);
  • Processing of personal data that does not leave the car (local processing);
  • Processing of personal data when you interact with one of our retailers (such as when you buy your car);
  • Your use of software and third-party apps/services in the car (such as Google Automotive and any apps in the car's infotainment system);
  • Your use of mobile apps provided by Volvo Cars, such as Volvo On Call/Volvo Cars App; please see our Volvo Cars App privacy notice for more information.
  • Your use of third-party value-added services based on car data (such as pay-as-you-drive insurance);
  • The provision of the internet service in your car, which is supplied by a mobile network operator independently from Volvo Cars.

You can find the following information below:

1. Who is responsible for the processing of your personal data

The entity responsible for the processing of personal data referred to below is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31 Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as "Volvo Cars," "we," or "us." For the purposes of GDPR, Volvo Car Corporation is the data controller of this personal data. In some situations the processing of personal data has joint controllers, which are identified in the respective sections. However, in all situations the joint controllers have agreed that the information is provided to you by Volvo Cars and that you can exercise your rights (see section 3 below).

2. What personal data we collect and what happens with it

2.1. Processing of Personal Data While You Drive

2.1.1. Vehicle data analytics (VDA)

We automatically collect and process vehicle data (listed below) in order to obtain statistical information about our vehicles and how they are used. We use this information for product research and development purposes: in particular, to improve and monitor the quality of vehicles and their safety features. This also serves to manage Volvo Cars' warranty commitments and to comply with our legal requirements relating to emissions monitoring.

Data categories used:

  • Vehicle identification number (VIN);
  • Identifiers of the vehicle's hardware and software versions;
  • Diagnostic trouble codes (DTC).

Volvo cars also automatically collects the following information on the vehicle's high-voltage battery (where applicable):

  • High voltage battery ID, capacity, and health status;
  • Charging station information (e.g., availability status, power type, pole ID, etc.);
  • Diagnostic data during charging (e.g., duration, state of charge, current fluctuation, etc.).

For the purposes of GDPR, the legal basis for the processing of the data mentioned above is your consent (Art. 6(1)(a) GDPR).

The Vehicle Identification Number (VIN), identifiers of the vehicle's hardware and software versions, and Diagnostic Trouble Codes (DTC), are retained for 2 years, while the information on the vehicle's high-voltage battery is retained for the lifetime of the battery.

In the case of hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Sweden, hereinafter referred to as "Polestar") share the analytical data listed above from their respective vehicles. The analysis data exchanged between Volvo Cars and Polestar is of a purely technical nature and does not involve actual customer data. The analytical data collected via the Volvo Cars and Polestar platforms are exchanged between the two companies for the purposes of improving and monitoring the quality of the vehicle, the performance of the electric and hybrid features, and the safety features.

As joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing of analysis data. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers and that the respective rights under the applicable privacy law may be exercised by Volvo customers in relation to Volvo Cars. You can read about this in section 3 below (What rights you have in relation to the data processing we perform).

2.1.2. Over-the-air Software Updates

In order to be able to maintain the vehicle software and provide necessary software updates directly, we automatically collect and process the following data:

  • Vehicle identification number (VIN);
  • Vehicle software version;
  • Diagnostic trouble codes; and
  • Vehicle manufacturing date.

We process the data mentioned above if you consent to this (Art. 6(1)(a) GDPR). If you refuse over-the-air software updates, this will prevent you from being able to use our updated services, or you will not be able to use them fully. Failure to update may also increase the risk of cybersecurity incidents, much like in the case of all other smart devices. Note that you can also opt to have the updates installed in one of our workshops.

We will retain records of the software updates made to the car for the entire lifetime of the vehicle.

2.1.3. Connected Safety

If your vehicle has the Connected Safety feature activated, we automatically collect the following vehicle information from your car:

  • Vehicle identification number (VIN)
  • Information about the internet connection (Wi-Fi/PSIM/Bluetooth)
  • Slippery road alert activation
  • Hazard light activation
  • Time stamp of each alert
  • Location of alert
  • 3D road mapping.

We use this information to provide you with the Connected Safety feature to you (Art. 6(1)(b) GDPR). You can turn the service on and off at any time.

This information, without the VIN number or driver's identity information, is shared with other vehicles (Volvo cars and trucks) that have the Connected Safety feature activated in order to inform you and them about current traffic situations on the route and provide alerts about upcoming hazards on the road (e.g., slippery road or hazard light alerts), allowing you and other drivers using Connected Safety to adapt driving style accordingly. If your own vehicle's hazard warning lights are activated or your vehicle detects reduced friction between your tires and the road (a.k.a. "slippery road alert"), information about this can be sent to vehicles approaching your own vehicle's position.

In addition, the aforementioned data is shared, in an anonymized manner, with traffic agencies (in order to avert and reduce dangers posed by road traffic).

We keep the data for 1 week before we delete or anonymize it.

2.1.4. Real-time Traffic Information

If your vehicle model is equipped with Real-Time Traffic Information service we collect from the car:

  • Vehicle information (vehicle position and speed) – we share these with third party real-time traffic information service providers to allow them to calculate traffic congestion and inform you and other drivers where risks for congestion exist; these data points are anonymous to the third-party service provider and to other drivers using their services.
  • Vehicle identifier (Vehicle Identity Number (VIN)) – we use this to verify that your vehicle has a subscription for this service.

We process the data mentioned above in the course of performing a service for you (Art. 6(1)(b) GDPR). You can turn the service on and off at any time.

Car models equipped with sensors that can identify traffic signs in real time as you drive do this through local processing (in the car) only.

The data will be stored by Volvo Cars as long as the subscription is active. Once the subscription is inactive, VIN, speed, and position are stored for maximum of 90 days, unless a longer time is required under local applicable law.

2.1.5. Speech Messaging

Speech Messaging is part of a larger voice command system with which you can control features of your infotainment system and create and send SMS messages by giving verbal instructions.

If you have activated "Speech Messaging" in your vehicle, we automatically collect and process the following data when you use the voice control system:

  • Recorded voice data or commands
  • Vehicle identification number (VIN) - the VIN is used to verify that your car has a subscription for this service
  • Phone number
  • Text message) - The text message created by the third-party service provider is stored in the cloud and sent back and saved in your vehicle. The text message can be sent as an SMS.

Voice control will remain activated until you deliberately stop it or until you have not responded to three prompts from the system.

The processing of your data is necessary to provide the voice control system and associated services and therefore to perform the contract entered into with you (Art. 6(1)(b) GDPR). If you do not provide your data, it will not be possible to use the voice control system.

We will share the recorded voice data with the third-party service provider in order to provide the service to you. The resulting text message is shared by the third-party service provider with us and then passed to your vehicle. The third-party service provider is a separate controller for this data.

Speech Messaging is not available in newer car models that are equipped with Android Automotive, which allows you to activate Google Assistant. If activated, Google Assistant is provided by a third-party service provider, which will provide a relevant privacy notice for that service.

2.2. Processing in the Event of an Incident

In the event of an incident or (near) accident, personal data will be processed for the following purposes for a certain period of time.

2.2.1. Active Safety Data Recorder (ASDR)

The "Active Safety Data Recorder" (ASDR) service records data related to traffic accidents or collision-like situations. This data is automatically collected by your car the car when traffic accidents or collision-like situations occur. The following information is collected:

  • Vehicle identification number (VIN);
  • Type of safety event triggered and its occurrences;
  • Front-facing camera images are captured during 4 seconds before and after collision-like situations; and
  • Vehicle location at time of incident.

If you enable sharing of this information with us, we use this information to help us better understand the circumstances in which traffic accidents, injuries, and damage occur to address active safety-related complaints and for future development purposes.

The ASDR does not record any data during normal driving conditions but rather only when a non-trivial collision situation occurs.

We collect the data mentioned above based on your consent (Art. 6(1)(a) GDPR), and we keep it for 10 years before we delete or anonymize it.

2.2.2. Event Data Recorder (EDR)

The vehicle is equipped with an Event Data Recorder (EDR) – also known as the car's "black box" – which stores safety-related information relating to crash or near-crash situations. To operate the EDR we automatically collect the following vehicle information from the car and process it:

  • How various systems in your vehicle were operating;
  • Whether or not the driver and passenger safety belts were buckled/fastened;
  • How far (if at all) the driver was depressing the accelerator and/or brake pedal; and,
  • How fast the vehicle was traveling.

The period recorded is usually up to 30 seconds. Recording only takes place if a non-trivial collision situation occurs. No data is recorded under normal driving conditions. Furthermore, the recording does not include who is driving the vehicle or the geographical location of the (near) crash.

The data recorded is also needed to allow Volvo Cars to comply with its legal requirements specified in laws and by government authorities applicable to Volvo Cars (Art. 6(1)(c) GDPR). The provision of personal data is thus required by such laws.

2.2.3. Emergency Call (eCall)

The Emergency Call (eCall) is a feature which automatically makes a call to a call center in the event that one or more sensors within the vehicle detect a severe accident. This function can also be triggered manually by pushing and holding the SOS button for at least 2 seconds. Please be mindful that this is not recommended unless you are experiencing an emergency, and abuse of emergency response systems may sanctioned under applicable laws.

When an emergency call is made, we automatically collect the following vehicle data from the car and process it:

  • Vehicle identification number (VIN);
  • Vehicle propulsion or engine specification;
  • Vehicle model specification;
  • Time of the incident;
  • Location of the incident;
  • Direction of the vehicle travel.

The data is only collected when the eCall is made. We process this data for the purpose of protecting the vital interests of the driver and of other occupants in the car (Art. 6(1)(d) GDPR), as well as under a legal obligation (Art. 6(1)(c) GDPR) to equip all modern cars sold In the European Economic Area with eCall.

By default, the "eCall" service in Volvo vehicles is routed to a third-party service provider (this is called a eCall or TPS eCall third-party service); this provider varies by region, and you can get more information by contacting us. You can choose to have the call routed to the public emergency service at any time by modifying your car settings accordingly.

The service provider or the emergency service may forward the information data to specialized emergency services (for example ambulance), if necessary.

The personal data will be retained for a period of 90 days, and the processing is limited to the emergency situations referred to above.

2.2.4. Roadside Assistance

Our optional roadside assistance service helps you in the event of a flat tire, breakdown or accident. By activating the black On Call button in the car or using the contact feature in the Volvo Cars app (previously Volvo On Call app), the car makes a call to the roadside assistance service. If you are subscribed to this service, roadside assistance support may be able to send suitable help to the driver of the vehicle whenever the driver may need assistance, such as sending out a tow truck, in accordance with the terms of the service.

When the car makes the call to Roadside Assistance, we automatically collect and process the following vehicle information:

  • Vehicle identification number (VIN);
  • Vehicle propulsion or engine specification;
  • Vehicle model specification;
  • Time of the call;
  • Location at time of the call;
  • Direction of the vehicle travel.

The Roadside Assistance service is offered in association with insurance companies that vary by country; you can get more information by contacting us. These insurance companies operate the call center that takes your call. The third-party service provider will forward some of this data to the specialized services you request (for example tow services).

We process this data in the course of providing the roadside assistance service to you (Art. 6(1)(b) GDPR).

We will process the data for a period of 8 years, except for geolocation data, which is deleted after 90 days.

2.3. Processing of Data Related to Maintenance and Repairs

2.3.1. Service Planning

If you activate the service planning feature, we automatically, and continuously collect and analyze certain vehicle diagnostic-related information. Using this feature, we collect and process the following vehicle information:

  • Data about the car - vehicle identification number (VIN), hardware versions, and software versions;
  • Status and statistics from components (engine, throttle, steering, high-voltage batteries, brakes, etc.);
  • Driving data (mileage, engine hours, driving conditions e.g., city/highway driving, etc.)

We process the data mentioned above in the course of performing a service for you (Art. 6(1)(b) GDPR). You can turn the service on and off at any time. As part of the service, the car provides you with information that helps you keep your car in good condition by predicting early signs of vehicle issues and then helping you to set up a maintenance program before you visit a workshop. For example, we use the information collected to: prompt you to change certain filters earlier or later than at the recommended fixed period of time if their actual wear and tear requires this, or to schedule production and delivery of spare parts, which is an important component in our sustainability goals and also in our endeavor to provide you with a premium service and repair experience by optimizing content, logistics and workshop utilization.

We share the data with Volvo Car Canada Limited in order to administer deliveries and bookings and, if you have opted in to this, to tailor special offers for you. Service planning will not directly perform bookings, and thus the data is not shared with workshops.

We will store data connected to the car high-voltage battery and VIN for 10 years in order follow up on the battery state of health. The other data will be kept for three years. Data connected to the car high-voltage battery will be kept in relation to the VIN for 10 years in order follow up on the battery state of health.

2.3.2. Connected Service Booking

If you activate the Connected Service Booking, when you send a booking request from the vehicle to your workshop to make an appointment to have your vehicle serviced or repaired, we automatically collect and process the following vehicle information:

  • Your identifiers (Volvo ID, email address, first and last name)
  • Data related to the desired service (type of service, date and time, your message to the workshop entered in the message field)
  • Data related to the selected workshop (such as name and address)
  • Depending on the service requested, vehicle identity, software version, diagnostic trouble codes, service requirement, time since last service, fluid levels, odometer value, as well as your own description of the purpose of the booking (if any)

To activate the service, you will need to create a Volvo ID and register it for your vehicle, and also connect your vehicle to the internet. You can read more about how your data is processed when you create a Volvo ID here.

We use this data to book the service, organize performance, contact you in matters regarding the service booked or that are a direct consequence of using the service, such as sending confirmations and notifications. (In other words for the purposes of GDPR, our legal basis for this processing is your contract with us (Art. 6.1. b) GDPR).

We share this data with Volvo Canada Limited and the retailer selected (which might be a service/repair workshop, body paint workshop, car reconditioning specialist, or car logistics service).

We will store your data for a period of 15 months; however please note that the Volvo service partner retailer providing the service may subject to various retention and documentation obligations and may also be required by law to disclose personal data to the authorities under the applicable law. This information may be found in the privacy policy of the service partner.

2.3.3. Diagnostic Read-out in Workshops

If servicing or repairs are carried out on your vehicle by one of our authorized service centers or partners, your vehicle is connected to the Vehicle Information Diagnostic for Aftersales system ("VIDA") for this purpose, and we will receive the following vehicle information and other information about the problem from such authorized service centers or partners:

  • Diagnoses;
  • Fault codes;
  • Data about the vehicle (VIN, software version) and condition of the vehicle.

This data is of purely technical nature, and we process it in order to follow up on the quality of our cars and manage our product manufacturer obligations, for product development as well as safety follow-up purposes (if necessary). This data is kept for the lifetime of the vehicle.

For the purpose of GDPR, we process this data in our legitimate interests mentioned previously (Art. 6(1)(f) GDPR) and, where applicable, also to fulfill legal and other official requirements, such as safety-related recalls under applicable law (e.g. Art. 6(1)(c) GDPR).

2.3.4. Bug Reporting

When you enable the bug reporting function, when you visit an authorized Volvo workshop or service partner, we automatically collect and process the vehicle data below:

  • Vehicle identification number (VIN)
  • Start-up diagnostics
  • Vehicle configuration
  • Head unit local configuration
  • Android Automotive diagnostics
  • Vehicle network diagnostics
  • Software versions
  • Reports and logfiles targeted to developers

We process the data mentioned above if you consent to this (Art. 6(1)(a) GDPR) and use it to collect software bugs reports, understand the impact of the bugs, generate a fix for these bugs and maintain our software in good health.

After we have processed the data above, we will delete or anonymize your data on our server after 90 days.

2.4. Third-Party Apps

The infotainment system for new car models runs on the Google Android Automotive operating system. In this regard, Google is an independent controller for the purpose of GDPR and an independent organization for the purpose of the Personal Information Protection and Electronic Documents Act (PIPEDA) and other privacy laws when it comes to processing your personal data.

Third-party apps you download in the car from the PlayStore are also offered by independent controllers/independent organizations, similar to how they operate on a smartphone. For further information, please refer to the individual service providers' own terms and conditions, as well as their privacy notices.

2.5. Law Enforcement Requests

Occasionally, we receive requests from law enforcement or regulatory agencies (police, customs authorities, etc.) to provide various types of data related to our cars. As a general approach, we only provide personal data when legally required (Art. 6(1)(c) GDPR). We do provide data that is technical in nature and which does not in itself reveal a link with an individual (e.g., serial number of a car part connected to a VIN number, service history for a VIN number, etc.).

When we are presented with a request from a law enforcement authority that includes personal data, but we are not under a legal obligation to provide the data, we make an assessment of necessity and proportionality of the requested information and we may decide to provide all or part of the requested information (Art. 6(1)(f) GDPR).

We keep records of the requests received and responses provided, without the actual data provided (where applicable); however this is not an additional processing of personal data.

3. Your rights in relation to the processing of personal data

3.1. Your rights under the EU General Data Protection Regulation

As a data subject, you have specific legal rights granted by the General Data Protection Regulation relating to the personal data we process about you. These are briefly explained below, and you can exercise them by filling out the dedicated form indicated below.

  1. Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
  2. Right to access your personal data: You may ask us for information regarding personal data that we hold about you. We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you a reasonable fee that we base on administrative costs. You have the right to information about our safeguards for the transfer of your personal data to a country that is outside the EU and the EEA if you request that we confirm whether or not we process your personal data and we transfer your personal data to a country that is outside the EU and the EEA.
  3. Right to rectification: You may obtain our rectification of incorrect or incomplete personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
  4. Right to restriction: You may obtain our restriction of the processing of your personal data, if:
    1. you contest the accuracy of your personal data, for the period we need to verify the accuracy,
    2. the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
    3. we no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims, or
    4. you object to their processing while we verify whether our legitimate interests override yours.
  5. Right to portability: You have the right to receive your personal data that you have provided to us and, where technically feasible, to request that we transmit your personal data (that you have provided to us) to another organization, if:
    1. we process your personal data by automated means;
    2. we base the processing of your personal data on your consent or our processing of your personal data is necessary for the execution or performance of a contract to which you are a party;
    3. your personal data are provided to us by you; and
    4. your right to portability does not adversely affect the rights and the freedoms of other persons.
    You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your hold the right to have your personal data transmitted from us to another organization if such transmission is technically feasible.
  6. Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject;
    3. for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes; or
    4. for the establishment, exercise, or defense of legal claims.
  7. Right to object: You may object to the processing of your personal data at any time due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing, or for the establishment, exercise, or defense of legal claims. If you object to the processing, please specify whether you also request the erasure of your personal data; otherwise we will only restrict it. You also have the right to object at any time, regardless of the reason, to the processing of your personal data for direct marketing (which includes profiling to the extent that it is related to such direct marketing), if such processing was based on our legitimate interest. If the marketing was based on your consent, you can withdraw consent (see above).
  8. Right to lodge a complaint: You can lodge a complaint to your local data protection supervisory authority or with any other data protection authority in the EU. However, we would appreciate it if you first contact us to try and solve your problem – you can find our contact details below.

You can exercise your rights in relation to us by filling out this form, which will help us to deal with your request properly. The online form contains the information that we need to verify your identity and review your request. For requests submitted by telephone or email, you will need to provide us with sufficient information that allows us to reasonably verify that you are the person whose personal data we collected and describe your request in sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.

You can exercise these rights in relation to all of the joint controllers mentioned in this notice.

3.2. Your rights under Canadian Law

If our processing of your personal data is subject to Canadian law, the following section applies to you:

Accessing and correcting your personal data: For residents of Canada, you have a right to request access to your personal data and to request a correction to it if you believe it is inaccurate. If you would like to have access to the personal data we have about you, or if you would like to have it corrected, please fill out this form, which will help us to deal with your request properly. In some cases, we may not be able to allow you to access certain personal data in certain circumstances: for example, if it contains personal data of other persons, or for legal reasons.

To help protect against fraudulent requests for access to your personal data, we may ask you for information to allow us to confirm that the person making the request is you or is authorized to access your information before granting access. You will need to provide us with sufficient information that allows us to reasonably verify that you are the person whose personal data we collected, and you must describe your request in sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and correction requests using the information provided, we may ask you for additional pieces of information.

3.2.1. Right to withdraw consent: If you have given consent for the processing of your personal data, you may withdraw your consent with effect for the future. Please note that if you withdraw consent that is necessary for us to provide you with products or services, we may no longer be able to provide those products or services to you. You may withdraw any consent you have provided to our use of personal data to market to you without withdrawing consent needed to provide our goods and services. Your withdrawal of consent does not have retroactive effect, and there may be cases where we are permitted under the applicable law to process certain personal data without consent.

3.2.2. Security: In order to help prevent unauthorized access to or disclosure of personal data, we have put in place physical, electronic, and organizational procedures to help safeguard and secure the personal data we collect. Personal data may be accessed by persons within our organization or our third-party service providers who require such access to carry out the purposes described in this Privacy Notice or are otherwise permitted or required by applicable law. Personal data we collect are managed from our offices in Canada and European Union.

Even though we have taken steps to help protect the personal data in our control, you should know that we cannot fully eliminate security risks associated with personal data. No security measures can provide absolute protection. We cannot ensure or warrant the security of any information you provide to us.

3.2.3. International Data Transfers: Personal data that we collect may be stored and processed in Canada and the European Union. Personal data processed and stored in another country may be subject to disclosure or access requests by the governments, courts, or law enforcement or regulatory agencies in that country, according to its laws. By providing us with personal data, you consent to any such transfer of information outside of your country.

4. Children's Privacy

Our products and services are not intended to be used by children. We do not knowingly solicit or collect any personal data about children under the age of sixteen (16) or knowingly allow children to order our products, communicate with us, or use any of our online services or mobile applications. If a child has provided us with personal data, a parent or guardian of that child may contact us to have that data deleted from our records. If you believe that we might have any data from a child under the age of sixteen (16), please tell us using the Contact Information listed below. We will take all reasonable steps to delete the child's data as soon as possible except where necessary to protect the safety of the child or others as required by law. We do not have actual knowledge that we sell personal data of minors under the age of sixteen (16) years.

5. How we protect your information

To protect your personal data from loss, theft, and unauthorized access, use, or disclosure, we have implemented technical, administrative, and physical security measures, including, for certain data, 256-bit encryption, access controls, and secure development processes. Unfortunately, no method of transmission over the Internet, method of electronic storage, or other security measure is 100% secure or impenetrable. As such, we cannot guarantee the security of any information you provide to us or that we process.

6. Contact information

In order to exercise your rights, please see section 3 above. If you have any other questions or complaints regarding the subject matter of personal data protection, you can contact us at the following contact details:

Company: Volvo Car Corporation

Mailing Address: Volvo Car Corporation, Assar Gabrielssons Väg, SE-405 31 Gothenburg, Sweden



7. Changes to this notice

We reserve the right to modify our privacy practices and update this privacy notice as needed, at our discretion. Whenever we make substantial changes to this notice, and in particular when this notice underlies your consent, we will inform you of the changes. This privacy notice is current as of the date which appears at the top of the document.