On Demand
App Store rating 4.8 / 5Download

Privacy policy

Valid from and including 15 April 2024.

1. Introduction

2. Processing activities

2.1 Administering and managing your user account

2.2 Identity and driver’s licence check

2.3 Administering and managing admin accounts for corporate customers

2.4 Managing reservations and rentals of vehicles

2.5 Providing customer support (including roadside assistance)

2.6 Recording customer support calls

2.7 Complying with a legal obligation

2.8 Investigating damages on and loss of vehicles

2.9 Marketing (direct marketing)

2.10 Marketing (tailored advertising and retargeting)

2.11 Marketing (statistical performance analysis)

2.12 Performing user surveys

2.13 Ensuring that vehicles rented out are used within the agreed territory

2.14 Offering of discounts

2.15 Evaluating, developing and improving our services

2.16 Complying with requests from law enforcement authorities as well as enforcing the user agreement

2.17 Reporting to Biluthyrarna Sverige

2.18 Enforcing the user agreement and detecting and preventing misuse of the Service

2.19 Measuring and assessing vehicle data to develop and improve our services

2.20 Segmentation

3. Consent

4. Collection of personal data

4.1 Online

4.2 Offline

4.3 Other sources

5. What happens if you do not provide us with your personal data?

6. With whom do we share your personal data?

7. Will we transfer your personal data outside of the EU/EEA?

7.1 General

7.2 Safety measures when transferring data outside of the EU/EEA

8. Security

8.1 Security measures

8.2 Transmissions

8.3 Access

9. Personal Data Processed by Volvo Car Corporation as Controller

10. Third party services and apps

11. Cookies

12. Automated decision-making including profiling

13. What rights do you have?

14. Contact

15. Amendments to this privacy policy

  1. Introduction

    Volvo Car Mobility Sweden AB, reg. no 556575-8298, with address Mäster Samuelsgatan 20 111 44 Stockholm, Sweden, is providing vehicles for rental through a car sharing service (the “Service”) to users who have entered into a certain user agreement with regard to the Service and with employees at companies that have entered into customer agreements with regard to the Service.

    Volvo Car Mobility Sweden AB is hereinafter referred to as “we”, “our” and “us”, will as controller process your personal data as described below.

    We respect your privacy and are committed to protecting your personal data. This privacy policy, inter alia, contains information about the purposes for which we process your personal data, with whom we share it, and what rights you have in relation to your personal data in connection with your use of the Service.

  2. Processing activities

    We process personal data in the ways and for the purposes set forth below.

    For each purpose, we must have a legal basis. A legal basis could e.g. be (i) your consent to the relevant processing activity, (ii) that the processing is necessary in order for the performance of an agreement with you, or (iii) that we or a third party have a legitimate interest to process the personal data which is not overridden by your interest of not having the personal data processed. Below, the categories of personal data, retention period and legal basis that we rely on for each purpose will be identified. Where automated decision-making (including profiling) occurs for any purpose, information regarding this is provided in section 12.

    1. Administering and managing your user account

      Processing activities

      • Creating and administering your account for using the Service

      • Creating login features and verifying you at login

      • Ensuring your identity and age

      • Checks against Biluthyrarna Sverige’s information list

      • Checking of address through Swedish Population Address Register (“SPAR”)

      • Credit information check to ensure your solvency

      • Identification of the country you are in

      • Managing your customer choices (e.g. profile and settings)

      Categories of personal data

      • Your name

      • Personal identity number

      • Possession of driver’s licence and licence information (if the licence is valid, licence number, expiration date and information on whether the licence has been reported as lost or stolen)

      • Credit information from credit information companies

      • User data for your user account (customer number, username, password)

      • Contact information (e-mail address, mobile phone number, address)

      • Type of membership

      • Company (if your account is connected to a corporate account)

      • IP address

      Legal basis:

      Performance of the user agreement. This processing is required for us to be able to carry out our obligations pursuant to the user agreement that we have entered into with you with regard to the Service.

      Retention period:

      Until your user account is terminated and for three months thereafter in order to determine if further retentions is required to establish, exercise or defend legal claims.

    2. Identity and driver’s licence check

      Processing activities

      • Identity and driver’s licence check

      Categories of personal data

      • Personal identity number

      • Driver’s licence expiration date

      • Copy of driver’s licence

      • The driver’s licence’s issuing country

      • Biometric data (for checks of non-Swedish licences)

      Legal basis:

      Legal obligation. We are obligated under law to check that you have a valid driver’s licence. Identity and driver’s licence checks will primarily be conducted by way of checks against the Swedish Transport Agency’s Record of Road Traffic but if you do not have a Swedish driver’s licence or such checks otherwise are not possible or appropriate, we will ask you to provide a copy of your licence.

      Explicit consent for specific purposes under GDPR article 9:

      For checks of driver’s licences issued in other countries than Sweden or where the check of a Swedish licence in accordance with our ordinary routines are not possible or appropriate, we will use facial recognition technology for verification purposes, which involves the use of biometric data. As biometric data constitutes a specific category of data under the GDPR, such licence checks will require your explicit consent. If you do not give us your explicit consent, or withdraws a given consent, you will not be able to continue using the Service.

      Retention period:

      Where we have checked your identity and verified your driving licence is valid we will retain a note of the fact that the checks have been performed and verified on our system until such time as your user account is terminated and for three months thereafter. Copies of driver’s licences are stored during a period of 60 days from when the relevant check was made.

    3. Administering and managing admin accounts for corporate customers

      Processing activities

      • Creating and administering an admin account for our corporate service

      • Creating targeted offers and discounts for your company regarding our corporate service

      Categories of personal data

      • Your name

      • The name of your employer/the company you work on behalf of

      • User data for your admin account (customer number, username, password)

      • Contact information (e-mail address, mobile phone number, address)

      Legal basis:

      Legitimate interest. This processing is necessary for us to carry out our obligations pursuant to the customer agreement that we have entered into with your company with regard to the Service and to provide the Service to your company and its users as well as to administer, invoicing, reminders, payments, claim and our accounting.

      Retention period:

      During the term of our customer agreement with your company and for a period of 2 years thereafter. Information relating to payments and where processing is required under law will be retained for a period of 7 years after the termination of the customer agreement.

    4. Managing reservations and rentals of vehicles

      Processing activities

      • Delivery (including notifications and correspondence regarding the delivery)

      • Managing payments (including analysis of possible payment solutions which may include inspection of payment history and obtaining of credit information)

      • Vehicle adjustments based on user preferences

      • Inspection of mileage, fuel levels etc. prior to and after use

      • Managing of complaints

      • Checking if congestion charges or bridge tolls has been charged during the rental period

      • Checking compliance with and enforcing the user agreement

      • Recovering vehicles

      Categories of personal data

      • Name

      • Personal identity number

      • Confirmation that you a valid driver’s licence and licence information

      • Contact information (e-mail address, mobile phone number, address)

      • User account details

      • Payment information (credit card number, billing address, transaction sum)

      • Payment history and credit information

      • Rental information (such as which vehicle that has been rented, within which geographical area the vehicle may be used, time and place for pick-up and drop-off, relevant use restrictions and requests for certain features by the user).

      • GPS position of the vehicle

      Legal basis:

      Performance of the user agreement and each reservation. This processing is required for us to be able to carry out our obligations pursuant to the user agreement and each reservation.

      Retention period:

      Until your user account is terminated and for 6 months thereafter to be able to handle potential complaints, as well as for such longer time necessary that is necessary in order for us to establish, exercise or defend legal claims. The vehicle’s GPS position will however only be stored during a period of 6 months from the end of a journey and, if applicable during such longer time that is necessary in order for us to establish, exercise or defend legal claims.

    5. Providing customer support (including roadside assistance)

      Processing activities

      • Customer identification

      • Providing customer support (via our app, by phone or in digital channels, including social media)

      • Investigating and handling complaints and claims in connection with usage of the Service

      • Locating vehicle in case of an incident or another customer support matter

      Categories of personal data

      • Your name

      • Personal identity number

      • Contact information (e-mail address, mobile phone number, address)

      • Information provided by you in connection with the customer support matter and information related to that event already held by us

      • Information regarding time and place for pick-up and delivery and return of a vehicle

      • Information regarding time and place of an incident during use of the Service

      • GPS position of the vehicle

      Legal basis:

      Legitimate interest. This processing is necessary to meet our and your legitimate interest in managing complaints and customer support matters.

      Retention period:

      Until the customer support matter is completed as well as during the time necessary in order for us to establish, exercise or defend legal claims.

    6. Recording customer support calls

      Processing activities

      • Quality assurance and training customer support personnel

      • Verification of information received by phone

      Categories of personal data

      • Information provided by you during a customer support phone call

      Legal basis:

      Legitimate interest. This processing is necessary to meet our legitimate interest in ensuring the quality of our customer support services, train our personnel and verify information provided by you during the call.

      Retention period:

      Recorded calls are stored during a period of three months as well as during the time necessary in order for us to establish, exercise or defend legal claims.

    7. Investigating damages on and loss of vehicles

      Processing activities

      • Creating a damage report for the relevant insurance company

      • Communicating with you in order to collect information regarding the course of events

      • Investigating how damages arose on the vehicle

      Categories of personal data

      • Name

      • Personal identity number

      • Possession of driver’s licence

      • Contact information (e-mail address, mobile phone number, address)

      • Information regarding the reservation

      • Information provided by you during the investigation, including information generated from your usage of the vehicle

      • Damage number

      • App activity

      • Vehicle data

      • GPS position of the vehicle

      Legal basis:

      Legitimate interest. This processing is necessary to meet our and your legitimate interest in investigating damages on the vehicle.

      Retention period:

      The data will be processed until the investigation of the damages is completed and any possible compensation from the insurance company is disbursed as well as during the time necessary in order for us to establish, exercise or defend legal claims.

    8. Marketing (direct marketing)

      Processing activities

      • To send marketing communication regarding the Service or similar services that you have requested or which may be of interest for you.

      • To display relevant marketing communication to you.

      • To help us better understand your specific interests and preferences so that we can tailor communications to your needs.

      • To analyse the information we collect for the purpose of putting you into a target group so we can create targeted offers and discounts and other customised communications.

      Categories of personal data

      • Contact information such as name, e-mail address, telephone number, postal address.

      • Purchase history, activity on our website and in our app and (to the extent this can be linked to you).

      • E-mail open and click rate and data on advertising cookies.

      • Information about frequent flyer programme bonuses/loyalty programmes of which you are a member.

      Legal basis:

      Legitimate interest. This processing is necessary in order to honour our legitimate interest in creating relevant advertisements. Where applicable, the processing will be based on your consent to advertising cookies.

      Retention period:

      Until your user account is terminated and for 2 years thereafter.

    9. Marketing (tailored advertising and retargeting)

      Processing activities

      • To show you relevant and tailored advertisements from Hertz, when you visit our advertising partners’ websites, on third-party websites and within social media channels and direct communications (this is commonly known as “retargeting”). To enable us to find and contact the right audiences and provide advertising to those people.

      Categories of personal data

      • E-mail open and click rate and data on advertising cookies.

      Legal basis:

      Consent alternatively legitimate interest. This processing based on your consent to receive marketing from us or, in the case you have bought a service from us, our legitimate interest to display and send you marketing. We consider our advertising partners such as Meta, Google and LinkedIn as jointly responsible with us (joint controllers) in these scenarios. Where applicable, the processing will be based on your consent to advertising cookies.

      Retention period:

      Until your user account is terminated and for 2 years thereafter.

    10. Marketing (statistical performance analysis)

      Processing activities

      • Statistical performance analysis of our marketing communications.

      Categories of personal data

      • E-mail open and click rate and data on advertising cookies.

      Legal basis:

      Consent alternatively legitimate interest. This processing is necessary in order to honour our legitimate interest to measure the efficiency of our marketing activities whenever web activity is concerned, subject to the user having accepted advertising cookies on our website.

      Retention period:

      Until your user account is terminated and for 2 years thereafter.

    11. Performing user surveys

      Processing activities

      • Conducting and analysing the results from customer surveys, for instance through forms, interviews and requests via our difference communication channels

      • Compiling statistics of usage of the Service

      Categories of personal data

      • Name

      • Contact information

      • Age

      • Address

      • Booking history

      • The answers you provide

      Legal basis:

      Legitimate interest. This processing is necessary to meet our legitimate interest to carry out user surveys to develop our services. Participation in such surveys are always optional.

      Retention period:

      The data will be processed during a maximum of 2 years after the survey was carried out.

    12. Ensuring that vehicles rented out are used within the agreed territory

      Processing activities

      • Checking where the vehicle is located in the event that it is not returned on time or it is driven outside the agreed territory

      Categories of personal data

      • Name

      • Contact information (e-mail address, mobile phone number, address)

      • GPS position of the vehicle

      Legal basis:

      Legitimate interest. This processing is necessary to meet our legitimate interest to enforce the user agreement and to protect our property.

      Retention period:

      Until your user account is terminated as well as for the time necessary to establish, exercise or defend legal claims. The vehicle’s GPS position will however only be stored during a period of 6 months from the end of a journey and, if applicable during such longer time that is necessary in order for us to establish, exercise or defend legal claims.

    13. Offering of discounts

      Processing activities

      • Registration of discount code based on membership, employment etc.

      Categories of personal data

      • Your name

      • Personal identity number

      • Contact information (e-mail address, mobile phone number, address)

      • Membership discount status

      Legal basis:

      Legal claims. This processing is necessary to meet our and your legitimate interest to provide you with discount offers that you are entitled to due to memberships etc.

      Retention period:

      Until your user account is terminated as well as for the time necessary to establish, exercise or defend legal claims.

    14. Evaluating, developing and improving our services

      Processing activities

      • Analysing on an anonymised and aggregated basis to which extent our customers purchases other products and services from us and our group companies.

      • Adjusting our services to become more user friendly (e.g. by changing the user interface to simplify the flow of information or to highlight features that are often used by our users in our digital channels)

      • Obtaining supporting information to develop and improve our range of vehicles and stations

      • Obtaining supporting information to improve IT systems in the purpose of increasing the level of security for our users

      • Analysing the data we collect for this purpose. Based on the data we collect (e.g. age and gender) you are sorted into a group of customers (so called customer segment) in which analyses are performed on an aggregated level based on anonymous data, without any connection to you as an individual. The result of the analysis is a basis for improving our services.

      Categories of personal data

      • Name

      • Personal identity number

      • Contact information (e-mail address, mobile phone number, address)

      • Age

      • Gender

      • Residential area

      • Account level

      • Journey type

      • Correspondence and feedback regarding our services

      • Purchase and user generated data (e.g. clicking and visit history)

      • Technical data regarding units used and their settings (e.g. language settings, IP address, browser settings, operating system, resolution and platform)

      • Information regarding how you have interacted with us, i.e. how you have used the service, login method, where and for how long webpages have been visited, response time, downloading errors, how you reach and leave the service etc.

      • Booking history and booking data

      • Vehicle data

      Legal basis:

      Legitimate interest. This processing is necessary to meet our and our users’ legitimate interest to have our services evaluated, developed and improved.

      Retention period:

      Until your user account is terminated and for three months thereafter. Analyses are however only made on aggregated level based on anonymous data.

    15. Complying with requests from law enforcement authorities as well as enforcing the user agreement

      Processing activities

      • Providing information regarding the use of our vehicles to police and other law enforcement authorities following requests by them, e.g. in relation to the investigation of a crime or the violation of laws or regulations, including traffic rules (e.g. speeding)

      Categories of personal data

      • Name

      • Personal identity number

      • Contact information (e-mail address, phone number, address)

      • Time and duration of use of vehicle

      • Location of start and finish of booking

      • Payment history

      • GPS position of the vehicle

      • IP address

      • Other data related to the use of the Service, such as booking data, vehicle data and damage data

      Legal basis:

      Legal obligation alternatively legitimate interest. This processing will be performed when so required under law. We may also provide information to authorities when necessary to meet such authorities’ legitimate interest to investigate a crime or a violation of laws or regulations and/or our own legitimate interest to enforce the user agreement and ensure your compliance therewith.

      Retention period:

      Until your user account is terminated as well as for the time necessary to comply with any legal obligation or to establish, exercise or defend legal claims. The vehicle’s GPS position will however only be stored during a period of 6 months from the end of a journey and, if applicable during such longer time necessary in order for us to comply with any legal obligation or to establish, exercise or defend legal claims.

    16. Reporting to Biluthyrarna Sverige

      Processing activities

      • Reporting to Biluthyrarna Sverige’s information list containing information regarding breaches against conditions for usage of car rental- vehicles and causing of damages to rented vehicles

      Categories of personal data

      • Name

      • Personal identity number

      • Reasons for reporting, see further in section 6(g).

      Legal basis:

      Public interest alternatively legitimate interest. This processing is necessary in order to carry out a task of public interest. Credit information business is regarded as a task of public interest and our reporting is a prerequisite for Biluthyrarna Sverige to be able to maintain such information list. This processing is further necessary to meet our and other car rental service providers’ legitimate interest to establish, exercise or defend legal claims.

      Retention period:

      Supporting information is stored until the information has been published by Biluthyrarna Sverige and is screened within 72 hours from reporting.

    17. Enforcing the user agreement and detecting and preventing misuse of the Service

      Processing activities

      • Retaining information regarding any breach by you of the user agreement

      Categories of personal data

      • Name

      • Personal identity number

      • E-mail address

      • Phone number

      • Information regarding any breach of the user agreement which could include (without limitation) payment history, GPS position of vehicle, time and duration of vehicle use

      Legal basis:

      Legitimate interest. This processing is necessary to meet our legitimate interest to enforce the user agreement and detect and prevent misuse of our services and our terms and condition.

      Retention period:

      Until your user account is terminated and for 2 years thereafter.

    18. Measuring and assessing vehicle data to develop and improve our services

      Processing activities

      • Measuring and assessing the use of technical features in our vehicles on an aggregate level to evaluate the need and demand of certain features as well as the need of informing our users of the existence of such features.

      • Understand the service need of our vehicle fleet on an aggregated basis.

      Categories of personal data

      • Vehicle data (e.g. use of automatic windows, seat heating, driving assistance etc.)

      Legal basis:

      Legitimate interest. Processing is necessary to meet our legitimate interest to evaluate our users’ use of certain technical features in our vehicles and helps us determine the equipment level of the vehicles. The processing also helps us understand if there is a need to provide additional information about certain features in the vehicles, such as safety features. Further, the processing will help us understand the general service need of our vehicle fleet on an aggregated level.

      Retention period:

      The data will be anonymized after 18 months following its collection.

    19. Segmentation

      Processing activities

      • Sorting users into customer segments.

      Categories of personal data

      • Age, gender, app activity (such as time to completed onboarding, time to first reservation) and reservation activity.

      Legal basis

      : Legitimate interest. Processing is necessary to meet our legitimate interest to identify, serve and maintain potential high frequency.

      Retention period:

      Until your user account is terminated .

  3. Collection of personal data

    We process personal data collected directly from you as well as from third parties, including but not limited to from the following sources.

    1. Online

      We collect personal data from the following online sources.

      1. Our websites.

      2. Our mobile apps.

      3. Technology integrated in our vehicles, equipment technology or via telematics.

      4. Our official social network pages.

      5. Your device’s web browser.

      6. Third party social network pages.

    2. Offline

      We collect personal data from following offline sources.

      1. Calls to or from our customer support, emergency road side assistance, customer contact or member care centres.

      2. In connection with a reservation (including an abandoned or interrupted reservation).

      3. When you register your user account.

      4. Transactions you complete with us, including options you make, charges you incur and any incidents or accidents that may occur.

      5. Claims management service providers (either affiliated directly with us, or operated by a third party).

    3. Other sources

      We also obtain personal data from the following sources.

      1. Companies within our group in case you have provided information to such company in connection with your application to use the Service.

      2. Your employer (if your employer has a customer agreement with us).

      3. Credit rating companies and banks.

      4. Insurance companies.

      5. Public records, Swedish Transport Agency’s Record of Road Traffic, SPAR.

      6. Biluthyrarna Sverige – Only a “Yes” is obtained regarding whether you are on the list. See further below in section 6(g).

  4. What happens if you do not provide us with your personal data?

    Some of the personal data you provide to us is necessary for us to be able to fulfil our obligations pursuant to the user agreement that you enter into with us. If you choose not to provide certain personal data, we will not be able to fulfil our obligations and we are forced to decline your user account and consequently the rental of vehicles. We will inform you of what personal data is required when asking you to provide your personal data.

  5. With whom do we share your personal data?

    In order to fulfil the purposes listed above, and pursuant to what is stated below, we may share your personal data with the following recipients.

    1. Disclosure to our group companies:

      We may share your personal data with companies within the same group as us for the purposes set out in this policy.

    2. Disclosure to companies you use:

      We may share your personal data with companies you use in connection with your rental, including your credit card provider and other companies that process your charges.

    3. Disclosure to sources that we collect information from:

      In order to collect information from the sources listed in section 4.3, we also need to share certain information about you to these sources. We will therefore share your personal identity number, and in some cases additional information such as name and address, with theses sources.

    4. Protective and legal uses, including disclosures to public authorities, courts and professional advisers:

      We may use, share and disclose your personal data for where we are requested to do so as we believe necessary or appropriate, including to:

      1. comply with applicable law and legal processes;

      2. process, handle or otherwise respond to claims for damages, including for bodily injury or property damage;

      3. recover our vehicles or any monies due, e.g. debt collection agencies;

      4. respond to requests from public and government authorities;

      5. enforce our terms and conditions;

      6. protect our rights, privacy, safety or property, and/or that of our subsidiaries, you or others;

      7. protect our operations and those of any of our subsidiaries; and

      8. allow us to pursue available remedies or limit the damages that we may sustain.

    5. Emergency assistance:

      We may share your personal data with emergency services providers, such as law enforcement agencies, roadside assistance providers, and ambulance providers, in order to deliver related services.

    6. Disclosure to our service providers and agents:

      We may use other companies as our service providers or agents to act on our behalf and assist us in the conduct of our business, performing services for us under our instruction. These services may include hosting certain websites or databases, carrying out data analysis and conducting customer satisfaction surveys or other research. We will seek to require our service providers and agents to maintain appropriate security standards to protect your personal data and use the personal data we provide to them only for the purposes we specify.

    7. Disclosure for corporate transactions:

      We may disclose your personal data to a third party in connection with any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

    8. Disclosure to Biluthyrarna Sverige:

      In the cases described below, information is reported to Biluthyrarna Sverige’s information list. We will transfer your personal data (name, address, personal identity number, as well as the basis for the reporting in the form of a code) to Biluthyrarna Sverige who will process the data in the information list as well as give access to the information to its members being car rental companies with recommendations not to rent out vehicles to listed individuals. The basis for the reporting applies to if you (i) do not return the vehicle after the rental period, (ii) do not pay your parking tickets, (iii) do not pay your rental fee or other payments, (iv) misuse the vehicle, (v) are reported to the police for unauthorized use, or vi) without permission hand over the vehicle to another driver. The purpose of the transmission of the personal data to Biluthyrarna Sverige’s information list is to reduce the risk of damage and expenses for us, for member car rental companies and, in the long term perspective, for the public. The information list is kept with permission from the Swedish Data Protection Authority (Sw. Integritetskyddsmyndigheten). In connection with the personal data being registered in the information list, a letter is sent to the data subject being registered with information regarding the registration as well as the purpose of the registration and that the data will be stored for 24 months by Biluthyrarna Sverige. For more information regarding how Biluthyrarna Sverige processes your personal data, please see www.biluthyrarna.se.

    9. Disclosure to insurance companies:

      We may share your personal data with insurance companies in order to investigate and settle matters relating accidents and damages to our vehicles during your use of the Service.

  6. Will we transfer your personal data outside of the EU/EEA?

    1. General

      We may transfer your personal data to countries outside the EU/EEA which have not received an adequacy decision by the EU Commission (as further set out in Section 7.2(a) below). This means that the laws of such country are not recognized as providing an adequate level of protection for personal data. In such cases, we will put in place adequate safeguards (including security measures) to ensure that your personal data is adequately protected.

      For information regarding whether we have transferred your personal data to a country outside of the EU/EEA, what countries we have transferred your personal data to as well as what security measures that have been implemented, please contact us by sending a written request to us via the contact information listed in section 14. You can find more information about which countries are deemed to have an “adequate level of protection” on the European Commission’s website, and you can read more about the European Commission’s Standard Contractual Clauses here.

    2. Safety measures when transferring data outside of the EU/EEA

      Countries outside of the EU/EEA may have laws that allow public authorities to request access to personal data stored in the country for the purpose of combating crime or safeguarding national security. Regardless of whether we or any of our providers process your personal data, we will ensure that a high level of protection is guaranteed when transferring that data and that appropriate protection measures have been taken, in accordance with applicable data protection requirements (such as the GDPR). Such appropriate safeguards include, but are not limited to, ensuring:

      1. if the European Commission has decided that the country outside of the EU/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR. This means for example that the personal data is still protected from unauthorized disclosure, and that you may still exercise your rights with regard to your personal data; or

      2. the European Commission’s Standard Contractual Clauses have been entered into between us and the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the GDPR still applies, and that your rights are still protected. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organizational measures so that your data remain protected during the transfer to the relevant country outside the EU/EEA.

  7. Security

    1. Security measures

      We store and access personal data in various locations and cloud services. Servers that store information for us are primarily located in Sweden and Europe, although storage may occur in other locations as well. We use reasonable administrative, technical and organizational measures (a) to safeguard personal data against loss, theft, unauthorized use, disclosure, or modification, and (b) to ensure the integrity of your personal data. To help us protect your privacy, you should maintain the secrecy of any user-IDs and passwords, membership numbers, or other identifiers or credentials you may have set up or were provided with in connection with your participation in or use of our products, services, or websites.

    2. Transmissions

      As you may be aware, there is no completely secure method of transmitting or storing data. There are risks related to all kinds of transmission (such as loss, fault, monitoring and misuse of transferred data) due to the different ways to transmit are different from each other (e.g. postal mail, text messages, faxes, and transfers via the Internet or wireless networks). If you have reason to believe that any account with us is no longer secure, you must immediately contact us.

      We try to strike a balance between the security of your data and your convenience. As a result, we may sometimes use a method of communication that is less secure than a less convenient alternative. For example, we may send you an e-mail or a text message in unencrypted form (i.e. instantly readable) because many of our customers are unable to access encrypted (i.e. coded) e-mail or messages. This means that our message, if misrouted or intercepted, could be read more easily than encrypted messages. Such messages may contain personal data. Please do not include confidential information, such as your credit card number or account passwords, in any e-mail or text you send to us or on any posting you make to a public area of a third-party social network page, especially since any such posting immediately becomes public. For a more secure way to communicate with us over the Internet, please see our contact information in our app.

    3. Access

      We restrict access to our employees and providers who need to use it in order to process it on our behalf, and who are contractually by law required to keep your personal data secure and confidential. We aim to choose the option for data processing that best safeguards the integrity of your personal data toward any third party.

  8. Personal Data Processed by Volvo Car Corporation as Controller

    Most of the cars provided through the Service are Volvo cars. When using such a vehicle, our group company Volvo Car Corporation will process certain personal data generated by the vehicle as controller. Information regarding this processing is found in Volvo Car Corporation’s privacy notice for car generated data.

  9. Third party services and apps

    When using our vehicles, you may access applications and other services linked with the vehicle but provided by a third party, which may, for example, require transmission of location data and other vehicle-recorded data to this third party. Neither we nor any of our group companies are responsible for the collection or use of personal data in applications or services provided by a third party, and recommends that you carefully review applicable terms for (and any privacy policy related to) such applications or services before you use them. If you have questions concerning a certain third party use of your personal data, please contact the third party directly. We also recommend looking for privacy choices and controls in third party applications after downloading.

  10. Cookies

    In general, you can visit our websites without telling us who you are or revealing any information about yourself. However, to be able to provide you with certain services or offerings, we often need to record certain items of personal data, such as your name and e-mail address. We may also collect (by means of cookies) anonymous information on how you have used our websites prior to such recording. This information will be helpful to us in order to improve our websites or marketing. All our websites open to our customers include information concerning our use of cookies. For certain countries there is also an online procedure for accepting or declining cookies. For more information regarding our use of cookies, please our cookie policy published at https://www.volvocars.com/se/v/legal/cookies.

    Our webpages are not directed to individuals below 13 years of age, and we do not knowingly collect personal data from such individuals.

    Data processed through our websites as set out in this section 13 is processed by Volvo Car Corporation, reg. no 556074-3089, with address Assar Gabrielssons Väg, SE-405 31, Göteborg, Sweden, as controller.

  11. Automated decision-making including profiling

    Sometimes we use automated decision-making. It can e.g. be an automated rejection of a reservation. Usage of automated decision-making could for instance mean that you do not have the possibility to reserve certain vehicles based on your age or any vehicle based on your credit rating which you have provided or we which have obtained electronically without personal contact. This information is relevant since we made a risk assessment implying that it is not commercially desirable to rent out certain categories of vehicles to people under a certain age or with a low credit rating.

    You have the right not to be subject to a decision based solely on any form of automated decision-making, including profiling, if the decision may have legal consequences for you or in a significant way affects you in any other way. However, we have the right to use automated decision-making if it is necessary for entering into or performance of an agreement between you and us or if you have given consent to the processing.

    We make this kind of automated decisions in the following cases:

    1. When taking decisions regarding if you fulfil our drivers’ licence requirements (see section 2.2).

    2. When checking our age requirements (see section 2.1).

    3. In relation to credit assessments, including credit checks and checks against Biluthyrarna Sverige’s information list (see sections 2.1 and 2.4).

    4. When checking the validity of your credit card (see section 2.4).

    5. When segmenting and sorting our users into different customer segments (see section 2.9 and 2.20).

    If you are not approved under the automated decisions described above, you will not have access to our services. We have several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can contact us via the contact information provided in section 14 to express your opinion and oppose the decision.

  12. What rights do you have?

    Below is a summary of the rights you have in relation to our processing of your personal data. The exercise of these rights is free of charge and you may exercise the rights by contacting us via the contact information provided in section 14. Do not hesitate to contact us if you have any questions regarding your rights.

    Please note that we will always make an assessment of a request to exercise a right to determine whether the request is valid. All rights listed below are not absolute and exceptions may apply.

    In addition to the rights set forth below, you always have the right to lodge a complaint with the Swedish Data Protection Agency (www.imy.se) regarding our processing of your personal data.

    1. Right of access.

      You are upon request entitled to receive a copy of your personal data that we process and also to obtain supplementary information about our processing of your personal data.

    2. Right to rectification.

      You have the right to have your personal data corrected and/or completed if it is inaccurate and/or incomplete.

    3. Right to erasure.

      You have the right to request that we erase your personal data without undue delay where:

      1. the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

      2. you withdraw your consent to a processing activity and there is no other legal basis for the processing;

      3. you make a valid objection to the processing of your personal data;

      4. the personal data has been unlawfully processed; or

      5. the personal data has to be erased for compliance with a legal obligation.

    4. Right to restrict processing.

      You have the right to request restriction of the processing of your personal data where:

      1. the accuracy of the personal data is under examination;

      2. the processing is unlawful or is no longer needed for the purposes of the processing but you oppose the erasure of personal data and request restriction instead;

      3. we no longer need the personal data but you need the personal data for the establishment, exercise or defence of legal claims; or

      4. you have objected to the processing of your personal data and such objection is under verification.

    5. Right to data portability

      . Under certain circumstances you have the right to receive the personal data concerning you which you have provided to us in order to transmit such data to another service provider if the processing of the personal data is based on your consent or the performance of an agreement.

    6. General right to object.

      You have the general right to, at any time, object to the processing of your personal data that is based on our legitimate interests. If you object, we have to demonstrate that we have compelling legitimate grounds for such processing or that we need the personal data for the establishment, exercise or defence of legal claims. You also have the right to object to automated decision-making (including profiling) under certain circumstances.

    7. Right to object to direct marketing.

      You have a right to, at any time, object to the processing of your personal data for direct marketing purposes. If you do this, we may no longer process your personal data for such purposes.

  13. Contact

    You may contact us through our app or the following communication channels:

    Volvo Car Mobility Sweden AB
    Mäster Samuelsgatan 20
    111 44 Stockholm
    Sweden
    help@volvocarmobility.com

  14. Amendments to this privacy policy

    We may, at any time and for any reason, make amendments to this privacy policy by publishing the updated version of the privacy policy on our website or on applicable mobile applications or other websites. The updated privacy policy will be applicable with immediate effect upon publication, however it will not apply retroactively. Upon making a significant change to this privacy policy, we will state the date for such update on the first page of this policy and provide information with regard thereto on our websites, by e-mail or in our app.

Download as PDF