Article Version 2025.28.0
This privacy notice explains how Volvo Cars (as defined below) process data related to vehicles and connected services provided by Volvo Cars.
For an explanation of vehicle features and functions, please check the owner’s manual for the relevant model. Please note that if there are any differences between this notice and the owner’s manual related to the processing of personal data, this notice takes precedence.
Since the processing of data depends on the features and functions with which the vehicle is equipped, and on the services which you choose to activate, this document presents the widest extent of possible processing. If you have an older vehicle, or if a new model is not equipped with a certain feature or function, the data processing associated with that feature will not happen.
This privacy notice does not apply to:
Please note that Volvo Cars has other privacy notices that should be read together with this information for a complete picture. We have listed these for you below. You can easily access them by following the links directly.
Please refer to the below for information on processing of personal location information.
You can find below:
The entity responsible for the processing of personal data referred to below is Volvo Car Korea, having its registered office at 5th floor Pinnacle Tower, 343 Hak-Dong-Ro, Gang-Nam-Gu, Seoul, Korea, hereinafter referred to as “Volvo Cars”, “we”, or “us”. If other entities are processing personal data together with us, as so called joint controllers, this will be specified.
The Driving Journal automatically logs all your trips. This may be useful if, for example, you want to manage your mileage expenses. The Driving Journal must be activated by you, otherwise the data is not collected.
If you enable the Driving Journal, we will collect your identifiers such as first and last name, phone number, E-mail address, your vehicle identification number (VIN), and the vehicle’s location as well as other trip related information such as your routes, time, distance, fuel and/or electric consumption and mileage. Depending on your vehicle model only start and finish position is collected or the full route.
We process this data based on your consent.
As a rule, the Driving Journal’s data is stored for up to 400 days depending on car model. You can disable the Driving Journal at any time, and by doing so the data will stop being collected. This does not trigger the deletion of previously collected information.
Over the air software updates enable your vehicle to update and maintain the latest software without visiting a workshop. Using the latest software ensures you can fully utilize our updated services. By using the latest software, you are also improving your protection against cybersecurity incidents.
To maintain vehicle software and provide necessary software updates, we process the following data:
The legal basis for us to process the data mentioned above is your consent.
We will retain records of the software updates made for the entire vehicle lifetime.
You can agree or disagree to automatic software updates at any time in the privacy settings. If you agree, software updates are downloaded automatically, and you will be notified when the update is ready to install. If you disagree, you will be notified when a new update is available and can be downloaded. If you don’t want to use over the air software updates, you can have updates installed in a workshop with the required connection to our systems.
Our vehicles are equipped with Connected Safety, a service offered by us, which informs you about current traffic hazards while you drive the vehicle. This information is based on information sent from other vehicles or from public sources where applicable. This information is used to alert you on changing road conditions or potential road hazard early on by displaying appropriate warnings, allowing you to adapt your driving style accordingly. If your own vehicle detects a potential road hazard, such as reduced friction between your tires and the road or if the hazard warning lights are activated, this information is sent to Volvo Cars. The information is aggregated and anonymized before sent to vehicles approaching your own vehicle’s position.
The data that we collect and process to support Connected Safety is:
The legal basis for us to process the data mentioned above is performance of the contract or your consent. You can switch the service on and off at any time. In addition, the abovementioned data is processed anonymously and transmitted to traffic agencies and companies, in order to avoid and reduce dangers posed by road traffic, but also to improve road safety, to reduce maintenance costs and contribute to a sustainable traffic environment. Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Sweden, hereinafter referred to as “Polestar”) are joint controllers for these purposes. As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.
We will retain the information for 1 week.
Digital key can fully replace the conventional car key, and allows you to conveniently lock, unlock, or start your vehicle with your smartphone or smart watch. In addition, it is also possible to share your key with additional users through various digital channels.
Digital key only requires network connection during the initial one-time set-up, for sharing of keys, or revoking keys. Once set-up, the key will work via Bluetooth, Near Field Communication (NFC), and Ultra-Wideband Technology (UWB). During set-up, your key will be added to your wallet app in your smart device. From your wallet app you can share your key through messaging apps, mail, or via Airdrop®. You can also easily revoke keys you have shared, either through the wallet app, or in the vehicle infotainment system.
The following data is processed when using digital key:
The legal basis for us to process the data mentioned above is performance of the contract or your consent.
We will retain your data as long as you have a valid contract.
The Real Time Traffic Information service receives information about road traffic information from a 3rd party service provider.
We process the following data from the car:
Car models equipped with sensors that can identify traffic signs in real time as you drive do this through local processing (in the car) only.
The legal basis for us to process the data mentioned above is performance of the contract or your consent. You can switch the service on and off at any time.
The data will be stored by Volvo Cars as long as the subscription is active. Once the subscription is inactive, VIN, speed and position are stored for maximum of 90 days, unless a longer time is required under local applicable law.
Intelligent Speed Assist (ISA) is a mandatory function in some jurisdictions that uses road sign data to assist cars in keeping the speed limit. In order to know the speed limit on the current road ISA uses the car’s navigation system to fetch road sign data. The navigation system in turn needs the car’s position to provide the correct data.
In addition, Volvo Cars is legally required to report aggregated data on your usage of the vehicle, like:
To support ISA and the reporting, the following data is processed:
The legal basis for us to process the data mentioned above is to fulfil our legal obligations or your consent.
We retain the information until it has been aggregated and sent to relevant authorities.
Speech Messaging is part of a larger voice command system with which you can control features of your infotainment system, and lets you create and send SMS messages by giving verbal instructions. To initiate a dialogue using voice commands, you first need to activate this function. Voice control will remain activated until you deliberately stop it or until you have not responded to three prompts from the system.
The following data is processed when using Speech Messaging:
The legal basis for us to process the data mentioned above is performance of the contract or your consent.
We will retain the information until the message has been sent.
This function shows information on air quality, such as pollution and pollen levels.
Initially, information on the air quality from within the car is shown.
If you choose to share the location of the car, information of the air quality from outside the vehicle will also be presented.
The legal basis for us to process the data mentioned above is performance of the contract or your consent.
The data will be deleted after it has been presented in the car.
This service will enhance functions in the vehicle such as Pilot Assist and Adaptive Cruise Control by providing up-to-date map data of your current location.
To enable Map Delivery System, the following data is processed:
The legal basis for us to process the data mentioned above is performance of the contract or your consent.
We will retain the data until the map data has been downloaded.
The Active Safety Data Recorder (ASDR) primary purpose is to record data related to traffic accidents or collision-like situations. This information will be processed by our research and development department to help us better understand the circumstances in which traffic accidents, injuries, and damage occur.
By giving your consent, Volvo Cars collects and processes the following data for future development purposes and active safety-related complaints:
The legal basis for us to process the data mentioned above is your consent, and we keep it for 10 years before we delete or anonymise it.
The vehicle stores safety-related information relating to crash or near-crash situations in an Event Data Recorder (EDR) – also known as the car’s “black box”. The safety-related information includes data such as:
The period recorded is usually up to 30 seconds and the EDR does not record any data during normal driving conditions.
The legal basis for us to process the data mentioned above is to fulfil our legal obligations or your consent.
The data will be retained as per the legal requirements until such time as it is overwritten by new events.
Emergency Call (eCall) automatically triggers an emergency call and sending of data in the event of certain types of accidents, detected by activation of one or more sensors within the vehicle. That means an eCall will be made by the car automatically even if all occupants in the car are unconscious, and the data mentioned below is automatically transmitted to the call centre. eCall can also be triggered manually by pushing and holding the SOS button for at least 2 seconds.
When an eCall is made, the following data is processed:
By default, and where available, eCall is routed to a third-party services provider (this is called a third party service eCall or TPS eCall); this supplier varies by region, and you can get more information by contacting us regarding which suppliers is used in your region. You can at any time choose to have the call routed to the public emergency service, by modifying your settings.
The data is only collected when the eCall is made, and the only entities having access to it are Volvo Cars and the third party providing the service (or the emergency service itself, if selected). However, they may forward this data to specialised emergency services (for example ambulance) if necessary.
The legal basis for us to process the data mentioned above is to fulfil our legal obligations or your consent.
We will retain the data for 200 days, and the processing is limited to the emergency situations referred to above.
With Call Centre Services we provide you with the ability to connect to our call centre from within the vehicle by pressing the “on call”/assist button, through a call from within the app or by calling the call centre directly. Services offered as part of the Call Centre Services are described below:
Roadside Assistance (RSA)
RSA involves supporting you when you experience a technical fault with your vehicle, such as a flat tire or a fault with the engine/motor. In some cases, the agent at the call centre is able to provide guidance on the call to you on how to remedy the issue. In other cases, the repair can be made at the roadside (called a ‘spot repair’) or, where that is not possible, your vehicle will need towing to a workshop to be fixed. The agent will assess what response is appropriate during the call. Where roadside recovery is needed (spot repair or a tow), assistance vehicles can be provided by a third party, such as a roadside vehicle towing and repair company, who then will process the related data.
Stolen Vehicle Tracking (SVT)
SVT is a way to locate your vehicle if stolen. A vehicle may be reported stolen by:
For the SVT process to be initiated an official police report must be filed and the report case number needs to be submitted to the call centre.
Remote Vehicle Immobilisation/Mobilisation (RVI/RVM)
RVI/RVM can be used to enable or disable the immobiliser in the vehicle. If the immobiliser is enabled, the vehicle will not be able to be started until the immobiliser is disabled. The vehicle can then be remotely mobilised. This service is initiated by the call centre agent.
In order to provide you with the services described above, we will automatically collect the following data when contacting the call centre through the “on call”/assist button in the vehicle or through the Volvo Car App:
Depending on the nature and scope of the request, for any of the call centre services above, we may need to process additional information necessary for the delivery of requested assistance, for example:
The legal basis for us to process the data mentioned above is performance of the contract or your consent.
We will retain the data for 200 days.
The goal of the Intrusion Detection System (IDS) is to detect and prevent against anomalies and violations that could be possible cybersecurity threats for the vehicle systems. This means that we will monitor how software and apps behave to ensure they are not violating what they are permitted to do. IDS will be monitoring the system in real-time and report violations to Volvo Cars.
We will process the following data:
The legal basis for us to process the data mentioned above is to fulfil our legal obligations.
We will retain the pseudonymized information for the lifetime of the vehicle. In case of a detected vulnerability we will keep the data for 1 year after the investigation has been concluded.
We need to ensure that our cars with a hybrid or full-electric powertrain are safe in order to protect our drivers, their families and the general public from danger and unnecessary inconvenience. To ensure this, we will collect and use information related to batteries to enable early detection of potential concerns and to identify new potential fault types. If we think it is needed, we will also contact and inform you of potential concerns.
The data we collect and use are:
The legal basis for us to process the data mentioned above is our legitimate interests mentioned above as well as to fulfil our legal obligations, such as conducting safety-related recalls, or your consent.
We will retain the information mentioned above for the lifetime of the vehicle.
Service planning helps you keep your vehicle in good condition and observe the vehicle’s health.
If applicable in your country, we will send you service-related communication.
When your vehicle has an internet connection, service planning works by continuously providing Volvo Cars, retailers, and workshops with diagnostic data. Providing diagnostic data remotely, will enable your workshop to prepare your upcoming visit even better. In addition, data will be shared with our national sales company and retailers to administer bookings and deliveries of parts if needed.
Service planning also helps us schedule production and delivery of spare parts, which is an important component for our sustainability goals by optimizing content, logistics and workshop utilization.
In order to provide you with service planning, the following data will be collected:
The legal basis for us to process the data mentioned above is performance of the contract or your consent. You can switch the service on and off at any time.
We will retain the information for 3 years, except for information on the vehicle’s high-voltage battery, which is retained for 10 years.
If servicing or repairs are carried out on your vehicle at a service centre, workshop, or partner, we will receive and use information for fault tracing, to manage our product manufacturer obligations, for product research and development purposes, such as to monitor and improve the quality of our vehicles, their safety features, and other functions.
The data we collect and use are:
The legal basis for us to process the data mentioned above is our legitimate interests as well as to fulfil our legal obligations, such as conducting safety-related recalls or your consent.
We will retain the information mentioned above for the lifetime of the vehicle.
Bug Reporting is a tool that can be activated by workshops to enable us to collect information on software bugs. The tool is used to identify and investigate the impact of issues and will enable us to solve software related problems as well as maintain our software in good health. By activating Bug Reporting, we will collect and process the following data from your vehicle:
The legal basis for us to process the data mentioned above is our legitimate interest or your consent.
We will retain your data until the issue with your vehicle has been solved, or for 90 days, whichever occurs later.
In order to fully investigate issues with your vehicle that you bring to our attention, we need to use the following data from your vehicle together with some basic customer data such as name and contact details:
The data will be used to identify potential problems with the vehicle, manage a potential warranty case and potential product safety issues. If the data can’t be collected, Volvo Cars will not be able to investigate the problems.
The legal basis for us to process the data mentioned above is our legitimate interest or your consent.
We will retain your data until the problem with your vehicle has been solved.
When a traffic accident occurs involving one of our vehicles, we investigate what happened for the purpose of improving the safety of our vehicles as well as the traffic environment in general. If it would be beneficial for our research, we will send out a survey to you to get additional information on the accident.
When researching, the following data will be processed:
The legal basis for us to process the data mentioned above is our legitimate interest or your consent.
We will retain your data for 10 years.
We process vehicle data (listed below) in order to obtain statistical information about our vehicles and how they are used. We use this information for product research and development purposes, in particular to improve and monitor the quality of vehicles and their safety features. This also serves to manage Volvo Cars’ warranty commitments.
Data categories used:
Volvo cars also collects the following information on the vehicle’s high-voltage battery (where applicable):
The legal basis for us to process the data mentioned above is your consent.
The data Vehicle identification number (VIN), Identifiers of the vehicle’s hardware and software versions, and Diagnostic trouble codes (DTC), are retained for 2 years, while the information on the vehicle’s high-voltage battery is retained for the lifetime of the battery.
In the case of hybrid or electric vehicles, Volvo Cars and Polestar Performance AB (a Swedish company headquartered in Gothenburg, Assar Gabrielssons Väg 9, SE-405 31, Gothenburg, Sweden, hereinafter referred to as “Polestar”) share analysis data from their respective vehicles. The analysis data exchanged between Volvo Cars and Polestar, as listed above, is of a purely technical nature and does not involve actual customer data. The analysis data collected via the Volvo Cars and Polestar platforms is exchanged between the two companies for the purposes of improving and monitoring the quality of the vehicle, the performance of the electric and hybrid features, and the safety features.
As so-called joint controllers under GDPR, Volvo Cars and Polestar are jointly responsible for this processing of analysis data. Volvo Cars and Polestar have agreed that Volvo Cars is responsible for providing information to its customers, and that the respective rights afforded by GDPR will be exercised by Volvo customers in relation to Volvo Cars.
If you provide your consent by enabling Vehicle Analytics & Improvements, we will collect and use data (listed below) to get information about your vehicle and how it is being used. We use this information for fault tracing, product research and development purposes, such as to monitor and improve the sustainability and quality of our vehicles, their safety features and other functions. If we think it is needed, we will also contact and inform you of potential problems or faults.
The data we collect and use:
The legal basis for the collection and use of the data mentioned above is your consent.
We keep the data for five years, other than the information on the car’s high-voltage battery, which is retained for the life of the battery. At the five-year mark, we will delete the data or, if we see a need to keep the data, we make sure it’s completely anonymised.
If you have a vehicle with an internal combustion engine we will collect data from your vehicle in order to be reported pursuant to applicable law.
The data collected is:
The legal basis for us to process the data mentioned above is to fulfil our legal obligations or your consent.
The information above is kept until the data has been reported.
Personal data needs to be shared or may be shared with law enforcement authorities (e.g., police, courts), to comply with a legal obligation, or our legitimate interest in providing data, when a crime is suspected, or when it is necessary to establish, exercise or defend ourselves against legal claims or based on your consent.
We provide law enforcement with the least amount of personal data that is necessary. Example of data type that we can give out are; serial number of car part connected to a VIN number or a IMEI-number.
We share data with various organisations to run our business, to maintain our relationship with you, and to provide you with products and services. We describe these situations below.
Where we refer to these organisations as our ‘suppliers”, ‘processors’ or ‘sub-processors’, each one of these organisations is limited by contract in their ability to use your personal data for any purpose other than to provide services to us or on our behalf, as instructed by us. In each case, we only share the personal data, including telematics data, we deem necessary to achieve the respective purpose.
Other group companies within Volvo Cars and its sub-processors
IT-suppliers and their sub-processors
Law enforcement authorities (e.g., police, courts)
Other service providers (such as mobile network operators, connectivity providers and charging operators)
Any party approved by you
3rd party vehicle owners
Retailer, repairers, workshops
Specifically, we provide your personal information to third parties as follows:
Name of Recipient | Items of Personal Information provided | Recipient’s Purpose of Use | Period of Retention and Use by Recipient |
---|---|---|---|
Volvo Car Corporation | All collected items | Management of customer data, provision of services and improving and monitoring the quality of the provided services | Until fulfillment of the purpose of personal information provision or request of deletion by customer |
We delegate the processing of your personal information as follows, and the delegates may process personal information according to the purpose of the delegation:
Delegatee | Description of Delegated Services |
---|---|
TDCX Korea Co., Ltd. (티디씨엑스코리아 유한회사) | Customer call center, Call center Services, service related customer general inquiries, outbound/inbound calls, vehicle related inquiries, dealer network inquiries, surveys, RSA, email inquiries, 1:1 web inquiries |
Samsung Fire Insurance. (삼성화재서비스손해사정㈜) | Emergency roadside assistance service, Call center Services |
MPC Plus Inc. ((주)피씨플러스) | RSA call center services, RSA services, outbound calls |
Samsung Fire Insurance RSA partners | On site RSA services (actual towing, emergency services) |
AWS (Amazon Web Service) 아마존웹서비스 | Hosting cloud in Seoul to provide solution for connected car cloud service of Volvo Assistance (web server, data base, firewall) |
Volvo Car Corporation | Provision of services (including Volvo Assistance) and improving and monitoring the quality of the provided service |
ECARX Sweden AB | Provision of connected car cloud services for Volvo Assistance on EX30 and subsequent EV models |
WirelessCar Sweden AB | Provision of call center services and improving and monitoring the quality of the provided service |
Geely Auto Group Co., Ltd. | Provision of services and improving and monitoring the quality of the provided service |
We transfer personal information outside Korea as follows. You have the right to refuse to consent to the transfer of personal information. If you wish to refuse a transfer of your personal information overseas, please contact [dataprotection@volvocars.com] to communicate your request. However, if you refuse, we may not be able to provide the services stated in this privacy notice.
Transferee’s Name (Contact) | Country in which Transferee is Located | Transferee’s Purposes for Using the Personal Information | Items of Personal Information to be Transferred | Time/Method of Transfer, ground of transfer | Retention and Use Period by Transferee |
---|---|---|---|---|---|
Volvo Car Corporation (globdpo@volvocars.com) | Sweden | Provision of services (including Volvo Assistance) and improving and monitoring the quality of the provided service | All collected items | At the time of service use through electronic transmission; delegation for contractual performance | Until fulfillment of the purpose of personal information provision |
ECARX Sweden AB (privacy@ecarxgroup.com) | Sweden | Provision of connected car cloud services for Volvo Assistance on EX30 and subsequent EV models | All collected items | At the time of service use through electronic transmission; delegation for contractual performance | Until fulfillment of the purpose of personal information provision |
Geely Auto Group Co., Ltd. (geelyauto.privacy@geely.com) | China | Public Key infrastructure, Over the air update, Manufacturing engineering system, Quality | All collected items | At the time of service use through electronic transmission; delegation for contractual performance | Until fulfillment of the purpose of personal information provision |
WirelessCar Sweden AB (Function.dpo@wirelesscar.com) | Sweden | Provision of call center services and improving and monitoring the quality of the provided service | All collected items | At the time of service use through electronic transmission; delegation for contractual performance | Until fulfillment of the purpose of personal information provision |
You have specific legal rights relating to the personal data we process about you. The rights may differ depending on which jurisdiction you are in and the nature of the processing.
Generally, your rights concern the possibility to:
As mentioned, these rights are not absolute and in some cases data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfil your request.
If you would like to submit a rights request, you can get in touch with us by completing this form. We kindly ask that you use the form as it sets out the information that we need to verify your identity and effectively process your request. However, should you prefer not to use the form, you are always welcome to contact us and submit your request using the contact information in the next section.
You also have a right to submit a complaint to your local data protection authority should you have concerns about how we use your personal data. However, we would appreciate it if you reached out and raised your concerns directly with us first to allow us to try to resolve them together. You can find our contact information below.
We take the following technical, administrative and physical measures required to ensure the security of your personal information:
The technical measures are as follows:
The administrative measures are as follows:
The physical measures are as follows:
If you have any questions about how we use your personal data, you can contact us.
Chief Privacy Officer
Person in Charge of Protection of Personal information
We continuously develop our products and services and will review and update this privacy notice as a result. As such we encourage you to revisit this privacy notice regularly. The date at the top of this privacy notice lets you know when it was last updated. [You can find previous versions of this privacy notice through [link].] We will handle your personal data in a manner consistent with the privacy notice under which it was collected unless we have your consent to handle it differently.