Privacy Notice – Volvo Valet from Volvo Cars
Birdseye is a service offered to Volvo Cars customers or customers of an entity in the Partner Group, which allows customers to schedule a service appointment directly through the Volvo Valet app and have their vehicle picked up from their chosen location with the option to have a loaner delivered.
Birdseye is only available in certain markets.
Last updated: September 22, 2020
Who we are
The data controller for all personal data collected and processed in relation to the Birdseye service is Volvo Car Canada Limited, 9130 Leslie Street, Richmond Hill, ON L4B 0B9 Canada. Volvo Car Canada Limited may hereinafter also be referred to as "Volvo Cars," "we," or "us".
Personal Data Collected
The use of the Birdseye service involves the processing of the following categories of personal information:
- Drivers performing the pickup and delivery service, as well as customers using the service, need to create an account. In this case we will process first and last name, contact details (email and personal and work phone numbers), and password (hashed). This is done in the course of our provision of the service to our customers, in order to identify the driver and the customer and ensure communication with them. We also require drivers to upload a photo of themselves out of our legitimate interest to ensure that the customer can see the person that will greet them and take over their vehicle.
- When a pickup and delivery is performed, we track the location of the driver through their smart phone. This is done in order to calculate the estimated time for the service.
- When a customer uses the pickup and delivery service, we collect more information about the customer:
- Customer Pickup & Delivery Service History – in order to know which services have been completed.
- Customer Driver's License – if the customer uses a loaner vehicle.
- Customer Insurance Card – needed if the customer uses a loaner vehicle.
- Customer License Plate and VIN number – needed to identify the vehicle.
- Pickup Address – needed to provide the service.
- Pickup Notes entered by customer (if any).
- Service Notes entered by the workshop (if any).
- Drop-off Address – needed to provide the service.
- Drop-off Notes entered by customer (if any).
- When we send customers push notifications with the status updates of the service through the Birdseye mobile app, we use the following categories of data in order to keep track of notifications sent:
- Unique Device Identifier.
- Push Notification Token.
- Push Notification Title (may contain the names of customers, drivers, vehicle make/model/color).
- Push Notification Body (may contain the names of customers, drivers, vehicle make/model/color).
- When feedback is left after performance of the service, we collect the names of the customer and of the driver, the rating, and comments given by the customer.
- The quality of our service is essential, and because liability issues may arise regarding alleged damages to the car, we keep photos of the vehicle, along with timestamps and location, out of our interest to defend our (and our partners and drivers involved in the service) rights and interests.
The data categories mentioned under 1, 2, 3, and 5 above are processed in the course of our performance of the Birdseye service. Category 4 is processed based on customer's consent to receive push notifications. Category 6 is processed based on our legitimate interest to ensure quality of the service.
Birdseye is addressed to persons holding a valid driver's license; therefore we do not process personal data of children.
The following retention times are applicable for our processing of personal data mentioned above:
- Data about drivers (all categories of data except 6): 1 year from last activity in the service;
- Data about customers (all categories of data except 6): 3 years;
- Data from category 6: 5 years from the service, unless disputes arise, in which case the period is extended with the time required to finalize the dispute.
Recipients of your data
Disclosure to Volvo Cars group companies
Your personal information may be shared with any company that is a member of our group, which includes our ultimate parent company based in Sweden, when we consider that it is in our legitimate interests to do so for internal administrative purposes (e.g. storage of data, CRM), or for auditing and monitoring of our internal processes.
We may also share your personal information with our group companies when they provide products and services to us, such as information technology systems.
Access to your personal information is limited to those employees who need to know the personal information.
Disclosure to third parties
We will share your personal information with the following categories of third parties on a need-to-know basis:
- Amazon Web Services Ireland Limited and its subprocessors (European Union) – Data Hosting
- Google Inc, together with its subprocessors (see list of datacenters at https://www.google.com/about/datacenters/inside/locations/index.html, under Standard Contractual Clauses) –
- Analytics – Google Analytics is used to track events inside the Birdseye mobile apps, such as clicks, location, page views, etc. This allows us to optimize the product and carry out Pickup and Deliveries. The following information is tracked in Google Analytics.
- Data Visualization – Tools to create charts, graphs, and other visualizations of data for analyzing and improving the Birdseye service.
- Geolocation – Location data is used to locate pickup and drop-off locations for cars engaging in pickup and delivery.
- Branch Metrics Inc. (United States of America, under Standard Contractual Clauses) – Push Notifications.
- Twilio Inc. and its subprocessors (United States of America, under Twilio's binding corporate rules and the Standard Contractual Clauses) – SMS Communication.
- Slack – An internal communication tool used by Volvo Cars. Your data may be shared between our employees on this tool as a result of investigating a bug or issue.
All of such third parties act as our processors and are limited by contract in their ability to use your personal data for any purpose other than to provide services for us in compliance with each data privacy agreement in place.
We might also disclose your personal information to other third parties in the following eventualities:
- If you so request or authorize;
- to persons demonstrating legal authority to act on your behalf;
- where it is in our legitimate interests to do so, to run, grow, and develop our business, meaning:
- if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if the company or substantially all of its assets are acquired by a third party, personal data held will be transferred along with the assets they relate to;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
- In order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person, or to prevent any illegal activity.
Except as expressly detailed above, we will never share, sell, or rent any of your personal data to any third party.
You can exercise your rights in relation to us by filling out this form.
In order to exercise your rights, please use the applicable web form mentioned above. If you have any other questions regarding the subject matter of personal data protection, you can contact our group data protection officer at the following contact details:
Email address: email@example.com
Changes to our Privacy Notice
We reserve the right to modify our privacy practices and update and make changes to this privacy notice at any time and at our discretion. For this reason, we encourage you to refer to this privacy notice on an ongoing basis. This privacy notice is current as of the date which appears at the top of the document. We will treat your personal data in a manner consistent with the privacy notice under which they were collected, unless we have your consent to treat them differently.