LDV Privacy Notice for our cars
Important Notice:
This Privacy Notice is a general version that applies uniformly to all our products and services. By using any of our products or services, you agree to be bound by this Privacy Notice. Please note that the products and/or services configured for different vehicle models may vary. You may review the specific products and/or services associated with the vehicle model you have purchased and apply this Privacy Notice accordingly. However, if a product or service has its own separate privacy notice, that separate privacy notice shall take precedence. For matters not covered in the separate privacy notice, this Privacy Notice shall apply.
This Privacy Notice does not apply to:
Data processing activities carried out by third-party companies and organisations that provide services for in-vehicle connected devices;
Specific products and/or services with separate privacy policies that are not incorporated into this Privacy Notice.
Unless otherwise specified, the terms used in this Privacy Notice shall be interpreted in accordance with the applicable data protection laws. The applicable data protection laws vary by jurisdiction, please refer to Section F for the laws that apply in different jurisdictions.
We provide modern electric cars with a smart entertainment system which can be connected to your mobile phone globally. Our brands include Maxus and LDV. The specific brands in different jurisdictions are illustrated in Section F.
In context with the provision of the smart entertainment system and the app, we process personal data.
The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements.
Section A provides you with information about the controller responsible for the processing of your personal data and the controller's data protection officer (DPO).
Section B details how we process of your personal data.
Section C outlines your rights regarding the processing of your personal data.
Section D explains key data protection terms according to the EU the General Data Protection Regulation (GDPR).
Section E provides the effective date of this Privacy Notice and other relevant information.
Section F contains special provisions applicable to jurisdictions outside the EU, including Australia.
TABLE OF CONTENTS
A. Information on the Controller
I. Identity and Contact Details of the Controller
II. Contact Details of the Controller's Data Protection Officer
B. Information on the Processing of Personal Data
1. Details on personal data processed
2. Details on the processing of personal data
II. Use of the Navigation System on the Audio Visual and Navigation System (AVN)
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
IV. Use of Personalized Settings
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
VII. Use of AVM (Around View Monitor)
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
1. Details on personal data processed
2. Details on the processing of personal data
XI. Use of third-party apps on our Audio Visual and Navigation (AVN) System
1. Details on personal data processed
2. Third-party apps provider embedded in the AVN
3. Potential data transfers to third countries without an appropriate level of protection
XII. Use of OMS (Occupant Monitoring System)
1. Details on personal data processed
2. Details on the processing of personal data
XIII. Compliance with legal requirements.
1. Details on personal data which are processed
2. Details on the processing of personal data
C. Information on the Rights of Data Subjects
III. Right to Erasure ("Right to Be Forgotten")
IV. Right to Restriction of Processing
1. Right to Object on Grounds Relating to the Particular Situation of the Data Subject
2. Right to Object to Direct Marketing
VII. Right to Withdraw Consent
VIII. Right to Lodge A Complaint With A Supervisory Authority
D. Information About the Technical Terms of the GDPR Used in this Privacy Notice
E. Effective date of and changes to this Privacy Notice
F. Additional Information For Other Jurisdictions
1. Interpretation of the technical terms of the Privacy Act and Apps used in this part
2. Identity and contact details of the App entity
3. Collection, usage and disclosure of personal information
5. Cross-border disclosure of personal information
6. Access, correction and complaints
1. Interpretation of the technical terms of the Privacy Act used in this part
2. Identity and address of the agency
3. Collection, usage and disclosure of personal information
4. Rights to access and correct personal information
SAIC MAXUS Automotive Co., Ltd.
No.2500, Jungong Rd, Yangpu, Shanghai
dpo@maxuseu.eu
dpo@saicmotor.com
DPO for EU: dpo@maxuseu.eu
DPO for other jurisdictions: dpo@saicmotor.com
In this Privacy Notice, we provide you with general information on our personal data processing activities, including those related to the infotainment system, intelligent driving system, and road safety assurance. In particular, the relevant information is divided into the following subsections in Section B:
I. Use of the Driver Account
II. Use of the Navigation System on the Audio Visual and Navigation System (AVN)
III. Use of Voice Recognition
IV. Use of Personalized Settings
V. Use of Phone Connectivity
VI. Use of ADAS (Advanced Driver Assistance System)
VII. Use of AVM (Around View Monitor)
VIII. Use of DMS (Driver Monitoring System)
IX. Use of E-Call
X. Use of FOTA (Firmware Over-The-Air Updates)
XI. Use of Third-Party Apps on our Audio Visual and Navigation (AVN) System
XII. Use of OMS (Occupant Monitoring System)
XIII. Compliance with Legal Requirements
Your rights to personal data protection can be found in Section C.
We wish to provide you the best experience when you use our cars. Therefore, we offer you an app and have equipped the cars with a well-invented system. The cars include two devices which communicate with and can be controlled by the app: the Audio Visual Navigation ("AVN") and the Telematic Box ("TBOX"). All communications between the devices and the app occur via our Telematics Service Platform ("TSP Backend"). The AVN provides you infotainment applications, such as the navigation and the message centre functions. The TBOX facilitates network access for the vehicle and uploads data to the TSP Backend.
For certain functions, the AVN communicates directly with and transfers personal data to third parties (e.g. Amazon). In providing the functions outlined in this Data Privacy Information, we process your personal data and wish to inform you of the details of the processing. However, you may choose to use our cars without enabling the online functionalities of the app that require the processing of personal data. When you use the AVN for the first time or download the app, we will ask you if you want to enable all functionalities of the app system, including those that require personal data processing. Certain AVN functionalities that involve the processing of personal data can be enabled or disabled individually, while others may be subject to system limitations.
In connection with our electric cars, we offer an app to view and remotely control certain functions of the car and to send information (e.g., navigation destinations or Points of Interest (POIs)) to the car. In order to use these functions, the vehicle needs to be linked to your driver account. In this context, we process personal data for the following purposes:
Creation and provision of an driver account so that you can remotely control your vehicle and view the vehicle status
Provision of the function to bind and unbind your vehicle to your driver account
Provision of the function to check and control the vehicle state
Provision of the Find My Car function
Provision of the Charging Management function
Provision of the message centre
Provision of the Feedback function
Processing your feedback
Provision of the My Calendar function
Provision of energy consumption function
Provision of digital key function
Provision of local weather information
You receive more detailed information on this below:
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Protocol Data | Protocol data which accrue for technical reasons when using our app to access content from our server: The data which accrues during such access is defined by the network protocol for the transmission of information between your device and the server of our app. These include IP address, type and version of the mobile operating system used, the content accessed and date and time of access. |
User of the app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, our app cannot access content from our server. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been completely resolved. |
| Registration Data | Data that you provide when registering your driver account for our app: These include the following mandatory information: phone number or email address, password. Additionally, these include the following optional information: account name, date of birth, profile photo |
User of the app | Provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the mandatory information is not provided, a registration and the creation of a driver account is not possible. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. Account name and password information used for the purpose of energy consumption tracking is stored in the vehicle and retained at the third-party cloud service provider for as long as you maintain your account. |
| Login Data | Data that you provide when logging into your driver account: This includes: mobile phone number or email address and password. When logging into your driver account with your vehicle, this also includes a unique identifier stored in a QR code. |
User of the app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot log into your driver account. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Additional Account Data | Data that you can add to your driver account, e.g. account name, date of birth, profile photo, emergency contact name, emergency contact number, security code, alarm settings, favourite places and radio stations and records of travel plans. | User of the app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain functions may not work properly such as searching from the favourites list on the AVN. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. Account name, emergency contact name, emergency contact number are cached in the in-vehicle system for 30 days by default or until you log out. |
| Basic Vehicle Data | Basic information on your vehicle that is automatically obtained from your vehicle and viewable in the app: This includes VIN number, engine number, brand name, vehicle model name, gearbox model, vehicle colour, TBOX serial number, ICGM serial number, AVN serial number, and market code. |
User of the vehicle | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. VIN number, brand name, vehicle model name, vehicle colour, market code are cached in the in-vehicle system for 30 days by default or until you log out. VIN number used for the purpose of energy consumption tracking is stored in the vehicle and retained at the third-party cloud service provider for as long as you maintain your account. |
| Vehicle Status Data | Information on the current status of your vehicle that is automatically obtained from your vehicle and viewable and, where possible, changeable in the app: This includes data on remaining gas/power, remaining mileage, tire pressure, battery voltage, engine status, EPS Status, handbrake status, temperature, window/ skylight status, door status, engine status, clutch status, illegal unlock status, impact sensor status. |
User of the vehicle | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app and remote control function via the app are not available. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Location Data | Data on the location of your vehicle as well as your mobile phone: This includes vehicle GPS location and mobile phone GPS location. |
User of the vehicle/app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain functions, such as the find my car function are not available. |
We process the location data of your phone only temporarily when you use the check and control the vehicle state or Find my car function. The data will be deleted in 3 months after the data use has been expired. |
| Facial Recognition Data | Your facial features and images. | User of the vehicle | Provision is not a statutory or contractual requirement. There is no obligation to provide the data. If the data is not provided, you cannot log into your driver account via FaceID, but you can still log in via other methods such as entering your driver account name and passwords or scanning the QR code. |
Please notice the function of log in with facial recognition data is only provided in certain regions. We do not store the original image data, once the facial features have been extracted, the original image data is deleted automatically. The facial features are stored in the vehicle, and will not be transmitted to the cloud. You can delete the facial features in your driver account manually. |
| Battery Data | Data on the status of the battery of your vehicle: This includes remaining power, remaining charging time, charging current, charging voltage, remaining mileage, In-vehicle and External Charging Status, In-vehicle and External Charging Control Signals |
User of the vehicle | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Feedback Data | Data that you provide to us when using the feedback function: This includes the content of your feedback. |
User of the app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot respond to your feedback. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Calendar Data | Data that you provide to us when enabling the synchronisation of your calendar with our app: This includes date and time of appointment, anniversary or commemoration day. This also includes information that you provide in our app, such as theme, remarks, remind time and remind date. |
User of the app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot send you a reminder when the anniversary day arrives. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Bluetooth data | Including Bluetooth mac address to activate the digital key function and generate the digital key control ID and Bluetooth key signal to locate your car. | User of the vehicle/app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot use the digital key function; certain functions, such as the find my car function are not available. |
We process your Bluetooth mac address no longer than is necessary for the purposes for which the personal data are processed. Your Bluetooth mac address will be stored only until you delete your driver account. Your Bluetooth key signal is not stored. |
| Digital key control ID | Data to identify you when you request the unlocking of your vehicle. | Generated by us | - | We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Advertising Management Data | Information regarding consents you gave for advertisement purposes as well as information regarding your potential objections to advertisements: These include date and time of the consent, the IP-address of the device used to give consent, date and time of any withdrawal of consent or of an objection against the processing of persona data for advertisement purposes. |
User of the vehicle/app | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot process your consents to and /or objections regarding advertisements. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored only until you delete your driver account. |
| Additionally this includes records of the information regarding consent-based advertising, as well as details of advertisements displayed in cases where consent is not required under applicable regulations. | Generated by us | - |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
Creation and provision of an driver account in order to remote control your vehicle and view the vehicle status remotely: After the initial registration of your driver account, you may store additional data in your driver account. This includes the optional storage of contact information, addresses and settings, such as language settings. This also includes the function to login and logout from the app. |
Registration Data Login Data Additional Account Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
| To register and log into the vehicle's infotainment system using facial recognition (FaceID). Facilitates access without requiring a physical key or password. Please notice this function is only available in certain regions. For specific functionality, please refer to the vehicle. | Facial recognition data | Automated decision-making occurs as the system analyses the facial features of the user and compares them against pre-registered data to determine access. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | No recipient |
Provision of the function to bind and unbind your vehicle to your driver account: In order to remote control your vehicle and view the vehicle status remotely via our app, it is necessary to bind your vehicle to your driver account. To bind your vehicle to your driver account, you need to scan the QR code displayed on the AVN with the app. This also includes managing the binding relationship, which enables you to view information on your vehicle that is automatically obtained from your vehicle: This includes VIN number, engine number, brand name, model name, gearbox model, colour, TBOX serial number, AVN serial number. |
Registration Data Login Data Basic Vehicle Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
Provision of the function to check and control the vehicle state: With our app you can check the vehicle status. This enables you to ensure that the vehicle is secure to drive or securely locked when in a parking position. This function also enables you to control the vehicle state remotely, such as locking or unlocking the vehicle or changing the temperature of the AC or the seat heating. In particular, it also allows you to check the energy consumption on your phone by reviewing the mileage, cumulative power consumption, average speed and travel time. In order to provide these functions remotely (i.e. without a connection between your mobile phone and your car), the relevant Vehicle Status Data are exchanged between your mobile phone and our servers as well as between your car and our servers via the internet. This function also enables you to set vehicle alarms and receive alerts in our app. This includes low battery alerts, security alerts, geo-fence alerts, speed alerts, engine start alerts or alerts when there is anything abnormal about your vehicle. |
Protocol Data Registration Data Login Data Basic Vehicle Data Vehicle Status Data Location Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer Map SDK provider Third-Party Service Provider for cloud-based data processing and storage |
Provision of the Find My Car function: When using the Find My Car function we will use your mobile phone GPS location as well your vehicles GPS location in order to show you the shortest way on foot to your car. These GPS locations are only retrieved from your mobile phone and your vehicle once you access the Find My Car function in the app. After being activated by your Bluetooth key signal, the horn and lighting functions will be activated to help you locate your car. |
Protocol Data Registration Data Login Data Location Data Additional Account Data Vehicle Status Data Bluetooth Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer Map SDK provider |
Provision of the Charging Management function: This function enables you to see the current battery and charging status. You may also schedule the charging times by connecting the charger via Bluetooth. Moreover, the function allows you to set a charging limit for your vehicle based on your preferences. |
Protocol Data Registration Data Login Data Basic Vehicle Data Battery Data Location Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer Maps SDK |
Provision of the message centre: We provide you with important messages such as alerts, operation information and news (including advertisements about LDV service). These messages are accessible via the inbox functions in the app and in the AVN. |
Protocol Data Message Data Login Data Additional Account Data Vehicle Status Data Advertising Management Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
Provision of the Feedback function: With the Feedback function in the app, you can provide feedback, such as reporting errors or suggestions for further improvements. |
Protocol Data Registration Data Login Data Feedback Data |
No automated decision-making takes place | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is to obtain feedback on our service in order to improve our services. |
Developer |
Processing your feedback: We will process your feedback to improve our services. |
Feedback Data | No automated decision-making takes place. | Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is to process your feedback in order to improve our services. |
Developer |
Provision of My Calendar function: Subject to your consent, this function allows us to synchronize your calendar on your mobile phone with our app, so we can send you reminders for appointments, anniversaries or commemoration days. This function allows you to set a theme, remind date, remind time and make a remark for your anniversary. |
Protocol Data Registration Data Login Data Calendar Data |
No automated decision-making takes place | Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
Provision of energy consumption function: This function allows user to see the energy consumption statistics. Including mileage, cumulative power consumption, average speed and travel time. |
Protocol Data Registration Data Login Data |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
Provision of digital key function: This function allows you to unlock and start the vehicle with your app instead of the key. |
Bluetooth mac address Digital key control ID |
No automated decision-making takes place | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Developer |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for this third country. Transfers to this country are based on the European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
Map SDK provider: HERE Europe B.V. Kennedyplein 222, 5611 ZT Eindhoven, Netherlands |
Controller | - |
Through our Audio Visual and Navigation system (AVN) you have the possibility to use a navigation system. The basic functions are available without an internet connection and without us or our service providers processing any of your personal data when you use these functions. This includes in particular, the search for a specific location or points of interests in the area, calculation of routes and the navigation function, battery range function. Certain other functions, such as considering real time traffic data for finding the best route, require an internet connection. When you use the online navigation system, we process your personal data for the following purposes:
Provision of information on real time traffic
Provision of online search function
If you are using our navigation system via voice recognition, please also view the chapter on voice recognition (Section B.III).
You receive more detailed information on this below:
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Protocol Data | Protocol data which accrue for technical reasons when an internet connection is established between your vehicle and our servers: The data which accrues during such access is defined by the network protocol for the transmission of information between your vehicle and our servers. These include IP address to facilitate secure communication. |
User of navigation system | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation functions cannot be provided. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
| Location Data | GPS location of your vehicle Navigations send to Map SDK provider when user uses the function for searching a location, online navigation and real-time traffic. |
User of navigation system | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation functions cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be deleted in 3 months after the data use has been expired. |
| Navigation Function Data | Data that you enter in the search function of our navigation system: These include all data entered as search terms, selected from the recent destination list, from the favourites list, from labels provided by you, such as home or work addresses, from your travel plans and Point of Interest categories, or via voice command. If you are using voice command please also view the chapter on voice recognition Section B.III. |
User of navigation system | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based search cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. Your home address is stored until you delete it in the AVN. All other data is stored for a maximum period of one year. The labels provided by you, such as home or work addresses, are stored locally in the car's navigation system until manually deleted by you. Your search history is capped at 50 entries, rolling over as needed. Your route data is not stored. The vehicle does not store your travel plans and POI information, but you may check your inbox for historical messages synced from the IoT centre, which deletes messages after seven days. The third-party cloud service provider retains your messages until you delete them in the app or vehicle. |
| Recent Locations | Data selected in the search function as destination. | User of navigation system | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored for no longer than one year. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
Provision of our navigation function with real time traffic data: A basic navigation function is available without an internet connection. For an enhanced navigation, the route is calculated on our server, considering real time traffic data. For this purpose, data on your location and your destination are temporarily processed on our server. We process information on your location regularly to provide convenient navigation services (e.g. calculate in the background if better routes are available, check traffic events nearby, etc.). |
Protocol Data Location Data Recent Locations |
No automated decision-making takes place. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Map SDK provider Developer Third-Party Service Provider for cloud-based data processing and storage |
Provision of our online search function: For this purpose, data that you enter into our search functions is temporarily processed on our server. When logged into your driver account in your car, you can also view and select addresses, Point of Interests (e.g. gas stations, food and beverage stores and hotels)etc. which you added to your driver account via the app. Moreover, you can search for nearby charging stations and check their availability. |
Protocol Data Search Function Data Location Data For viewing and selecting data stored in your driver account: Registration Data (Section B.I.1) Login Data (Section B.I.1) Additional Account Data (Section B.I.1)1 |
No automated decision-making takes place. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Map SDK provider Developer |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for the third country. Transfers to this country are not based on European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
Map SDK provider: HERE Europe B.V. Kennedyplein 222, 5611 ZT Eindhoven, Netherlands |
Controller | Netherlands | - N/A |
Our Audio Visual and Navigation (AVN) system supports navigation through voice recognition. The voice recognition function enables you to control various features of the AVN using voice commands. Examples include setting a new destination, zooming in or out of the map, or cancelling a route. Voice recognition may also be used to control media, such as skipping songs or changing tracks in the music app. Your voice commands are converted into machine-readable commands by our voice recognition provider.
You receive more detailed information on this below:
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Protocol Data | Protocol data which accrue for technical reasons when an internet connection is established between your vehicle and our servers: The data which accrues during such access is defined by the network protocol for the transmission of information between your vehicle and our servers. These include IP address to facilitate secure communication. |
User of voice recognition | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the voice recognition function. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
| Voice Command Data | Data that you provide via voice command: This includes the content and the audio of your voice commands recorded after activating the voice recognition function-either by saying "Hello LDV" or by pressing the Voice Recognition button on the steering wheel-until the function is deactivated. Exclusions: This does not include any audio recorded before the activation of the voice recognition or when activating voice recognition function or the phrase "Hello LDV" itself. The phrase "Hello LDV" is recognized offline by your vehicle and is not transmitted or stored. |
User of voice recognition | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the voice recognition function. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored for three years. The audio of your voice commands is processed real-time in the cloud and is immediately deleted once a response is generated. |
Machine-readable data generated from your voice commands commands (e.g., text-based transcriptions of recognized commands such as navigation destinations or music player controls): This includes all commands which our voice recognition provider was able to identify from the recorded voice, such as destination addresses for the navigation system or commands for the music player. |
Generated by us | - | We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored for no longer than three years. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
Provision of the Voice Recognition function: After activating the voice recognition function (by saying "Hello LDV" or by pressing the Voice Recognition button on the steering wheel), the vehicle records your voice until the voice recognition function is deactivated. Your voice data is then transmitted to our voice recognition provider in order to convert it into machine-readable commands. These machine-readable commands can then be used by the AVN system in your vehicle for various functions, such as setting a destination addresses for the navigation system or adjusting the music player. Voice records are not transmitted to us or our voice recognition provider before or for activating voice recognition. Activating voice recognition by saying "Hello LDV" (i.e. recognizing the phrase "Hello LDV" as an activation command) is performed offline by your vehicle. |
Protocol Data Voice Command Data |
No automated decision-making takes place. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | Voice Recognition Provider Developer Cloud Server |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for the third country. Transfers to this country are based on the European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
Our personalized settings allow you to customize the vehicle's functions to match your individual driving preferences. This includes settings for volume, sound effects, air conditioning temperature and airflow, as well as vehicle-related options such as Bluetooth and WLAN connectivity.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Personalized Settings | Bluetooth phonebook Vehicle personalized settings (volume level, sound effect settings, air conditioning temperature, seat position, etc.) Bluetooth and WLAN names and passwords |
User of personalized settings | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the personalized setting function. |
Bluetooth phonebook data is encrypted and stored in the vehicle infotainment system. The data is deleted when Bluetooth is disconnected or when manually deleted by you. The vehicle settings data are encrypted and stored locally in the vehicle infotainment system without being uploaded to the cloud. Settings are reset to default values upon factory reset. Bluetooth and WLAN names and passwords are stored in the vehicle infotainment system and are deleted when you delete the device from the Bluetooth pairing list or performs a factory reset. |
| Remote Air Conditioning Control (Pre-conditioning) Data | Vehicle identification number (VIN), location data | User of personalized settings | Provision is not a statutory or contractual requirement. There is no obligation to provide the data. If the data is not provided, the Remote Air Conditioning Control (Pre-conditioning) function will be unavailable. |
Data is not stored. |
| Intelligent Climate Control (Air Conditioning Auto Start/Stop) Data | Cabin temperature, external temperature, air quality indicators | User of personalized settings | Provision is not a statutory or contractual requirement. There is no obligation to provide the data. If the data is not provided, the Intelligent Climate Control (Air Conditioning Auto Start/Stop) function will be unavailable. |
|
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| The vehicle infotainment system uses the contact list to provide personalized settings parameters for dialling contacts saved on the user's phone. These parameters are saved so that the owner doesn't need to readjust them every time they get in the car. This allows for automatic connection of paired Bluetooth devices and seamless connection to previously connected wireless hotspots. | Personalized Settings | No automated decision-making takes place. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | No recipient |
| To enable remote control of the air conditioning system before entering the vehicle. | Remote Air Conditioning Control (Pre-conditioning) Data | No automated decision-making takes place. | ||
| To adjust the air conditioning system based on internal and external environmental factors to maintain optimal cabin comfort. | Intelligent Climate Control (Air Conditioning Auto Start/Stop) Data | Automated decision-making occurs as the system adjusts the air conditioning settings in response to real-time cabin and external temperature readings, optimizing for user comfort. |
Our phone connectivity feature allows you to screen mirror your phone onto the car's display screen. This enables you to conveniently access and control navigation, videos, music, and games on your phone through the display screen. Currently, we support phone connectivity applications such as Apple CarPlay and Google Android Auto.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Phone Connectivity | The vehicle infotainment system periodically receives vehicle speed signals, gear position signals, reverse signals, and GPS signals from the local positioning chip, which is integrated with other components of the vehicle. When QDrive / Apple CarPlay/Android Auto is turned on for navigation, it obtains GPS, speed, gear, and reversing information through the standard Android system interface and sends this data to the phone. The vehicle system does not store the information locally. When the navigation in QDrive / Apple CarPlay/Android Auto is turned off, the vehicle system stops collecting and sending GPS, speed, gear, and reversing information to the phone. During QDrive /Apple CarPlay/Android Auto connectivity, user actions such as pause/start, previous track, next track, volume control, screen turning off, ongoing calls, audio activities, and microphone activities will transmit key values to the QDrive / Apple CarPlay/Android Auto background service in the car via CAN signals. This background service will transmit the key values to QDrive / Apple CarPlay/Android Auto, which will respond to these inputs according to its own logic. When you select a multimedia application in QDrive / Apple CarPlay/Android Auto in the car, the phone will transmit multimedia audio and video streams to the entertainment system for display and playback. If you stop multimedia playback or disconnects QDrive / Apple CarPlay/Android Auto, the audio and video streams from the phone side will cease transmission to the entertainment system. When performing QDrive / Apple CarPlay/Android Auto wireless connection, the car will search for the Bluetooth and WIFI addresses of the phone and establish wireless connection through WIFI. |
User of phone connectivity | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the phone connectivity function. |
QDrive Apple CarPlay / Android Auto on the vehicle infotainment system do not locally store phone connectivity data. When using the phone connectivity feature, activities rely on mobile apps that support this function, and navigation records, such as those accessed through CarPlay's map navigation, are stored solely on the user's phone, not on the vehicle's system. However, once a wireless connection is established, the vehicle will store the phone's MAC address and maintain a record of Bluetooth connections, retaining this information until you actively delete it. The system can save a maximum of five connected Bluetooth devices. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| QDrive Apple CarPlay/Android Auto in the vehicle infotainment system sends vehicle positioning information, vehicle speed, and gear position information to the connected smartphone. The navigation software on the smartphone uses this data to provide navigation services within the QDrive / Apple CarPlay /Android Auto connection. User actions, such as previous track, next track, volume control, etc., are transmitted as key values from the vehicle infotainment system to QDrive / Apple CarPlay/Android Auto, which then processes these inputs to control the multimedia software on the smartphone. QDrive / Apple CarPlay/Android Auto in the vehicle infotainment system establishes connections using Bluetooth and Wi-Fi addresses for data communication. | Phone Connectivity | No automated decision-making takes place. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | No recipient |
Our ADAS (Advanced Driving Assistance System) uses a forward-facing camera module installed on the windshield to recognize road environment information ahead and make judgments based on that information. It provides functions such as lane-keeping assist, forward collision assist, adaptive cruise control, integrated cruise control, speed limit sign display, and intelligent speed assist.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Vehicle Exterior Images | Once the ADAS is activated, the collected vehicle exterior image data in front of the vehicle may contain personal information such as pedestrians outside the vehicle and license plates of passing vehicles. | Vehicle exterior environment | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the ADAS function. |
The ADAS data is not transmitted outside the vehicle and is used and deleted locally in the vehicle. No storage or transfer of the data is performed. |
| Cruise Assistance Data | Vehicle speed, gear position, location information, button position, pedal input (accelerator and brake), wheel speed, three-axis acceleration, power mode, camera data (5R7V), radar data (5R7V), SN number | Vehicle's sensors and cameras | Provision is not a statutory or contractual requirement, but necessary for the operation of the cruise assistance functions. If not provided, the cruise assistance feature cannot be activated. | Data is not stored. |
| Collision Detection Data | AEB (Autonomous Emergency Braking) function switch status, FCM (Forward Collision Mitigation) function switch status, driver's seat belt switch status, accelerator pedal input, steering angle, brake pedal input, three-axis acceleration, yaw rate signal, vehicle speed, collision status, gear position, FVCM (front-view camera module) video stream data | Vehicle sensors and cameras | Provision is necessary for safety features. If data is not provided, the automatic emergency braking system cannot function as intended. | Data is not stored. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| The ADAS recognizes the road environment information ahead and makes judgments based on this information to provide the driver with safety or comfort functions. | Vehicle Exterior Images | After the Lane Keeping Assist function is activated, if there is a risk of lane departure, it will provide warnings or actively correct the driver. After the Forward Collision Assist function is activated, if there is a collision risk with the preceding vehicle, it will provide warnings or actively apply the brakes. With the Adaptive Cruise Control function activated, it automatically controls the vehicle's acceleration and deceleration based on the driver's seat speed. After the Integrated Cruise Control function is activated, it automatically controls the vehicle's longitudinal and lateral movement.. After the Speed Limit Sign Display and Intelligent Speed Assist functions are activated, if a speed limit sign is detected, it will provide warnings or actively limit the speed. After the Automatic High Beam Control function is activated, it automatically controls the switching between high and low beams. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | No recipient |
| Cruise Assistance (including Adaptive Cruise Control, Integrated Cruise Control, Smart Lane Change Assistance, and MAP) senses road conditions through radar, video, and geo-location s, sending out warning and taking over the vehicle when danger is detected. | Cruise Assistance Data | These functions automatically adjust vehicle speed and lane position based on the surrounding environment and driver input. | Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). | No recipient |
| The system uses camera and radar data to detect potential hazards and alert or control the vehicle to prevent or mitigate collisions. | Collision Detection Data | If a collision risk is detected, the system activates the brakes or warns the driver. | Art. 6 (1) (c) GDPR (processing is necessary for compliance with a legal obligation [UN Regulation No. 158] to which the controller is subject) | No recipient |
Our AVM system compiles real-time image information to create a seamless, fused view of the vehicle's surroundings, allowing the driver to observe a 360-degree panoramic perspective on the car's display screen. It helps identify blind spots and facilitates safer, more intuitive parking maneuvers.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Around View Videos | When the AVM function is activated, the camera will be turned on in parking and other scenarios, there is a possibility that personal information such as pedestrians or license plates of passing vehicles may appear in the captured external video stream data. | Vehicle exterior environment | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the AVM function. |
The data only appear on the screen to show the exterior environment. The data will not be stored or transmitted. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| The AVM function captures surrounding video stream data through cameras to help drivers identify blind spots when reversing or turning. | Around View Videos | No automated decision-making takes place. | Art. 6 (1) (c) GDPR(processing is necessary for compliance with a legal obligation [UN Regulation No. 158] to which the controller is subject) | No recipient |
The DMS (Driver status Monitoring System) continuously monitors the driver's condition in real-time and detects whether the driver is fatigued, distracted, or engaged in behaviours such as smoking or making phone calls while driving. Once detected, the system can issue prompt messages to alert the driver about these issues, avoiding potential safety risks. DMS utilizes an infrared camera positioned inside the vehicle's A-pillar, facing the driver. Additionally, facial and fatigue-related algorithms are embedded in the entertainment system. These algorithms can detect and identify the driver's behaviour during the driving process, and synchronize the detection results with the entertainment system in a timely manner. This allows for prompt and effective alerts to be delivered to the driver through the entertainment system. DMS does not record the driver's identifiable facial information. It only uses facial features to detect different behaviours. The DMS facial and fatigue-related algorithms detect facial key points and driver behaviour. By analysing the coordinates of these key points and their changes, the system can define driver fatigue, distraction, and abnormal driving behaviour. After detection, the system implements immediate deletion of in-vehicle videos, images, and data.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| In-vehicle videos/images | in-vehicle videos, images, vehicle status information, and the recognition results of DMS | user of DMS | DMS is based on Regulation (EU) 2019/2144 and Regulation (EU) 2021/1341, and is directly used to fulfil the legal responsibilities or obligations of car companies and serve drivers. When the DMS is performing in-vehicle driver status monitoring services, it will use in-vehicle video and images to determine driver fatigue, driver distraction, abnormal driving behaviour and other conditions, and then automatically delete these videos, images and data. To help us improve DMS, it only records data such as the frequency of your use of this application, system crash data, overall usage, performance data, and the source of the application. We will not combine the information we store in the analysis software with the personal identity information you provide in the application. |
the in-vehicle videos and images are immediately deleted after being used to assess the driver's fatigue level, distraction, and abnormal driving behaviour. |
| Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, where applicable, legitimate interests | Recipient |
|---|---|---|---|---|
| The DMS algorithm detects facial key points and driver behaviour related to fatigue. By obtaining the coordinates of key points through the model, it analyses the variations of these key points to define driver fatigue, distraction, and abnormal driving behaviour. | In-vehicle videos/images | When the vehicle reaches a certain speed, facial key point detection and driver behaviour analysis algorithms integrated into the entertainment system will be utilized to monitor facial key points and driver behaviour related to fatigue. By using models, the algorithm obtains the coordinates of key points and analyses their variations to define driver fatigue, distraction, and abnormal driving behaviour. | Art. 6 (1) (c) GDPR(processing is necessary for compliance with a legal obligation [EU-2019/2144] to which the controller is subject) | No recipient |
The eCall system is an emergency call system installed on the vehicle and currently deployed exclusively in the EU. When the vehicle has a serious traffic accident, it automatically calls 112 for help. At the same time, it also provides the vehicle information and location information to the local rescue organization. In addition, the system can initiate a manual call button.
The eCall system is automatically triggered by the airbag signal. When the vehicle collides, the aibag in the vehicle deploys, sending a signal to the eCall system through CAN network, and which activates the emergency call function of eCall system. After eCall is triggered, the "Minimum Set of Data" (MSD) is transmitted in standard protocol format to the local Public Safety Answering Point (PSAP) through a wireless communication network. Following a successful analysis, a voice call is established between the vehicle and the PSAP to confirm with the rescue operations are needed.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| ECALL MSD Data | Message identifier, emergency call type, vehicle model, VIN, fuel tank type, Crash timestamp, Vehicle Location, vehicle orientation at time of collision , two most recent vehicle positions, Number Of Passengers, Location Of Impact(front,rear,driver Side,non Driver Side,other), deltaV(Difference between velocity just after and just before impact), collision position, rollover detection (optional) | User of vehicle | In accordance with the EU regulation EN-16072, providing eCall emergency services to users requires the collection of those data. | Prior to triggering an eCall, when the vehicle starts, location data collected and stored every 5 seconds on a rolling basis, retaining only the two positions before a collision. The two most recent vehicle positions are automatically deleted each time the vehicle is turned off. eCall securely stores the MSD data in the internal memory and deletes it 13 hours after activation. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| When an automatic or manual eCall is triggered, the eCall system sends notification and relevant location information to the most appropriate PSAP by means of mobile wireless communications networks. This carries a defined standardized minimum set of data, notifying that there has been an incident that requires emergency services response and establishes an audio channel between the vehicle occupants and the PSAP. | eCall MSD Data | The eCall system automatically sends MSD data to PSAP when triggered by an accident or manual eCall. | Art. 6 (1) (c) GDPR(processing is necessary for compliance with a legal obligation [EN-16072] to which the controller is subject ) | Developer PSAP |
The FOTA (Firmware Over-The-Air) system periodically checks the software version in the vehicle, notifying users of new software updates. Upon obtaining your consent, the system downloads and installs the latest updates to improve vehicle performance and safety. You can check for available software updates on the vehicle system page within the entertainment system. It will display information about the new version, download progress, and allow you to choose a suitable time for installation. During the system update process, the vehicle will temporarily be unavailable until the installation is complete.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Basic Vehicle Data | VIN scheduled upgrade time ECU (Electronic Control Unit) firmware version ECU name ECU host name Serial number Bluetooth MAC address phone number (for entertainment system logs) |
User of FOTA | To ensure the safety and quality of their products, as well as to ensure that users receive timely software upgrade notifications related to their personal driving safety. | We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be stored for no longer than ten years. |
| Cloud Diagnostics Data | GPS location, vehicle fault status | User of FOTA | Retained in accordance with applicable legal and regulatory requirements, including but not limited to data retention obligations under cybersecurity, vehicle safety, and telecommunications laws in relevant jurisdictions. The specific retention period may vary depending on national legislation and regulatory compliance obligations. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
Collect controller software version to determine if the vehicle's software needs updating and push new software versions to the vehicle to improve the user's driving experience or fix potential software defects, ensuring the vehicle is in a safer state. Enables the vehicle's software to be upgraded remotely, ensuring safety and performance improvements. Collects and uploads logs to cloud servers for analysis, including system operation logs and fault data. |
Basic Vehicle Data | The ECU firmware version is automatically collected when the vehicle starts. | Art. 6 (1) (c) GDPR(processing is necessary for compliance with a legal obligation [R156] to which the controller is subject ) | Operator |
| Helps diagnose faults remotely by collecting vehicle status data, including location for timely repair assistance. | Cloud Diagnostics Data | No automated decision-making occurs. | Art. 6 (1) (c) GDPR(processing is necessary for compliance with a legal obligation [R156] to which the controller is subject ) | No recipient |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Operator SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for this third country. Transfers to this country are based on the European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
The Audio Visual and Navigation (AVN) system provides the possibility to use third-party apps, such as Amazon Music and the Weather app. With these apps, you can use functions offered by third-party providers process personal data to fulfil these services. The AVN system does not activate these apps by default, and users must enable them via settings. Once activated, the relevant provider may collect personal data from you. The specific data collected, its processing purposes (such as for advertising personalization or profiling), and any further details of the data processing are determined by the third-party provider. The data processing activities by third parties are the responsibility of the third parties. If you need to learn about data processing or exercise your rights, please refer to the third party's Privacy Notice or contact them directly.
If you are using our AVN via voice recognition please also view the chapter on voice recognition ( Section B.III).
You will find more detailed information below:
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Location Data | Latitude, Longitude, Location Name | User of AVN system | Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the weather feature. |
Location Data is not stored. Weather data is cached for 1 hour, then deleted. Historical weather data is not stored. |
| Operational Data | Authentication token for Amazon Music | User of AVN system | Provision is not a statutory or contractual requirement, nor is it necessary to enter into a contract. There is no obligation for the data subject to provide this data. However, if the data is not provided, account login convenience for Amazon Music may be affected. | The authentication token is stored for the duration of the user session and deleted upon logout or expiration. |
The following third-party provider apps are embedded in our AVN:
| App | Third-party Provider | Further Information of the Provider of the App |
|---|---|---|
| Amazon Music App | Amazon.com Services LLC, Amazon.com.ca, Inc., Amazon Digital UK Ltd, Amazon Digital Germany GmbH, Amazon.com Sales, Inc., Amazon Seller Services Private Limited, Amazon Australia Services Inc., Amazon Commercial Services Pty Ltd, Servicios Comerciales Amazon México, S. de R.L. de C.V., Amazon Serviços de Varejo do Brasil Ltda., or relevant affiliates depending on your country of residence. | https://www.amazon.de/-/en/gp/help/customer/display.html?nodeId=200738950&view-type=content-only |
| Weather App | AccuWeather, Inc. | https://www.accuweather.com/de/privacy |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Operator: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for this third country. Transfers to this country are based on the European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
It is possible that when you use a third-party app, personal data may be transferred to third countries for which there is no so-called adequacy decision of the European Commission and for which no suitable guarantees are provided. In this respect, there is a risk that there is no adequate level of protection for the personal data transferred. This means that your personal data processed by the third-party provider may not be subject to a level of protection comparable to the GDPR. In particular, this means that the principles for the processing of personal data set out in Art. 5 GDPR may not be complied with. In addition, you may not have enforceable rights and effective remedies with respect to the processing of personal data. By activating the respective third-party app, you accept these possible risks on your own responsibility.
Our OMS (Occupant Monitoring System), currently deployed exclusively within the EU, includes functions such as the Interior Monitoring Camera, and the Occupant Reminder System. These functions are designed to enhance passenger safety and improve user experience by utilizing various sensors and cameras.
| Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation of the data subject to provide the data | Storage duration |
|---|---|---|---|---|
| Occupant Photos | Photos of occupants | Occupants of the vehicle | Provision is not a statutory or contractual requirement. There is no obligation to provide the data. If the data is not provided, the Interior Monitoring Camera may not be available. |
Photos are stored locally in the vehicle until manually deleted by user. |
| Occupant Status | Photos of occupants, heartbeats of occupants | Occupants of the vehicle | Provision is not a statutory or contractual requirement. There is no obligation to provide the data. If the data is not provided, the Occupant Reminder System will be unavailable |
Photos are processed and deleted locally immediately after uploading to the cloud and synced with the mobile app. Photos on the cloud and mobile app are stored until manually deleted by user. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient |
|---|---|---|---|---|
| The Interior Monitoring Camera allows users to take photos manually or via voice command, enabling you to record or monitor interior conditions for entertainment purposes. | Occupant Photos | No automated decision-making occurs. | Art. 6 (1) (a) GDPR (User consent) | No recipient. |
| The Occupant Reminder System utilizes millimetre-wave radar to detect occupants in the vehicle after locking the doors. If any occupants are detected, a photo is taken and uploaded to the cloud, with notifications sent to the user's mobile device. | Occupant Status | No automated decision-making occurs. | Art. 6 (1) (a) GDPR (User consent) | Third party cloud service provider for data storage and processing. |
In order to comply with legal requirements, SAIC MAXUS processes your user ID, the VIN, the condition of your vehicle and, if necessary, other personal data.
SAIC MAXUS is subject to various legal requirements that it must comply with. These can be e.g. Protection against unauthorised use, legitimate CO2 emission, general safety requirements of the Vehicles.
| Categories of Personal Data Processed | Personal Data Included in the Categories | Sources of the Data | Obligation of the Data Subject to Provide the Data | Storage Duration |
|---|---|---|---|---|
| Vehicle Status Data | Information on the current status of your vehicle that is automatically obtained from your vehicle and viewable and, where possible, changeable in the app: This includes data on remaining gas/power, remaining mileage, tire pressure, battery voltage, engine status, EPS Status, handbrake status, temperature, window/ skylight status, door status, engine status, clutch status, illegal unlock status, impact sensor status. |
User of the vehicle | the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | The storage period depends on the respective processing purpose specified by the legal provisions. |
| Location Data | Data on the location of your vehicle as well as your mobile phone: This includes vehicle GPS location and mobile phone GPS location. |
User of the vehicle | the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | The storage period depends on the respective processing purpose specified by the legal provisions. The data will be deleted in 3 months after the data use has been expired. |
| Battery Data | Data on the status of the battery of your vehicle: This includes remaining power, remaining charging time, charging current, charging voltage, remaining mileage |
User of the vehicle | the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | The storage period depends on the respective processing purpose specified by the legal provisions. |
| Purpose of the Processing of Personal Data | Categories of Personal Data Processed | Automated Decision-Making | Legal Basis and, Where Applicable, Legitimate Interests | Recipient | Note |
|---|---|---|---|---|---|
| Regulation (EU) 2019/2144 | Onboard Intrusion Detection and Prevention System (Protection against cyberattack) | Basic Vehicle Data; Vehicle Status Data; Location Data; |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | SAIC Motor Developer Supervisory Authority of the National Vehicle Type Approval |
|
| Regulation (EU) 2019/2144 | Advanced driver distraction warning Driver drowsiness and attention warning Intelligent Speed Assistance |
Vehicle Status Data | the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | NA(The features are implemented offline onboard) | |
| Commission Implementing Regulation (EU) 2021/392 | CO2 Emission Statistics | Basic Vehicle Data; Vehicle Status Data; Battery Data; CO2 Emission Data |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) | SAIC Motor Supervisory Authority of the National Vehicle Type Approval |
|
| Regulation (EU) 2015/758 | Ecall System | Basic Vehicle Data; Vehicle Status Data in accordance with the Regulation(EU) 2015/758; Latest 3 Geo-location coordinates without tracking the vehicle. |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR); | Public Safety Answering Points | The Ecall System is activated by default in the whole lifecycle the vehicle. There would be a warning icon if the function is unavailable. |
| Recipient | Recipient's Role | Transfer to Third Countries And/Or International Organisations | Adequacy Decision or Appropriate or Suitable Safeguards for Transfers to Third Countries And/Or International Organisations |
|---|---|---|---|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor | China | The European Commission has not issued an adequacy decision for this third country. Transfers to this country are based on the European Commission's standard contractual clauses for transferring personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
The data processing activities depend on your car model. The above data categories are not generally applied to our all car models. You may contact us for further details.
As a data subject, you have the following rights with regard to the processing of your personal data:
Right of access (Article 15 of the GDPR)
Right to rectification (Article 16 of the GDPR)
Right to erasure ("right to be forgotten") (Article 17 of the GDPR)
Right to restriction of processing (Article 18 of the GDPR)
Right to data portability (Article 20 of the GDPR)
Right to object (Article 21 of the GDPR)
Right to withdraw consent (Article 7 paragraph 3 of the GDPR)
Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)
You may contact us for the purpose of exercising your rights using the contact information in Section A.
Where applicable, you can find information on any specific modalities and mechanisms that facilitate the exercise of your rights, particularly regarding data portability and the right to object, in the information on the processing of personal data in Section B of this Privacy Notice.
Below you find more detailed information on your rights with regard to the processing of your personal data:
As a data subject, you have the right to obtain access and information under the conditions provided in Article 15 of the GDPR.
In particular, you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the GDPR).
You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR.
In particular, that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.
You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to erasure ("right to be forgotten") under the conditions provided in Article 17 of the GDPR.
In particular, you have the right to request the erasure of your personal data, and we are obliged to erase it without undue delay if one of the conditions listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the GDPR).
If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR).
The right to erasure ("right to be forgotten") does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the GDPR).
You can find the full extent of your right to erasure ("right to be forgotten") in Article 17 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to restriction of processing under the conditions provided in Article 18 of the GDPR.
This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the GDPR).
Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR).
You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to data portability under the conditions provided in Article 20 of the GDPR.
This right allows you to receive your personal data with which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, provided that the processing is based on consent or contract and is carried out by automated means (Article 20 paragraph 1 of the GDPR).
You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR in the information regarding the legal basis of processing in Section B of this Privacy Notice.
In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).
The full extent of your right to data portability is available in Article 20 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to object under the conditions provided in Article 21 of the GDPR.
We will inform you of your right to object in our first communication with you.
More details are provided below:
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.
You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the GDPR in the information regarding the legal basis of processing in Section B of this Privacy Notice.
In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
The full extent of your right to objection is available in Article 21 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Privacy Notice.
If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
The full extent of your right to objection is available in Article 21 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
If processing is based on consent, as a data subject, you have the right withdraw consent at any time under Article 7 paragraph 3 of the GDPR, to withdraw your consent at any time. Withdrawal does not affect the legality of prior processing. We inform you of this before you grant your consent.
You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR in the information regarding the legal basis of processing in Section B of this Privacy Notice.
As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the GDPR.
The terms used in this Privacy Notice are defined as per the GDPR.
The full scope of the definitions of the GDPR can be found in Article 4 of the GDPR, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
You will find more detailed information on the most important technical terms of the GDPR used in this Privacy Notice below:
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"Data Subject" means the respective identified or identifiable natural person, to which the personal Data refers to;
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
"International organisation" means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
"Third country" means a country which is not a member state of the European Union ("EU") or the European Economic Area ("EEA");
"Special categories of personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
The effective date of this Privacy Notice is 【2025-09-05】.
It may be necessary to modify this Privacy Notice due to technical developments and/or amendment of statutory or official requirements.
We provide Smart Connected Vehicles and Connected Services in Australia under the brand LDV. In context with the provision of our products and services, we are bound by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles set out in Schedule 1 of the Privacy Act ("APPs"). The Protection of personal information is important to us, and the following parts provide information on our personal information handling practices.
"personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
"sensitive information" means: (a) information or an opinion about an individual's: (i) racial or ethnic origin; or (ii) political opinions; or (iii) membership of a political association; or (iv) religious beliefs or affiliations; or (v) philosophical beliefs; or (vi) membership of a professional or trade association; or (vii) membership of a trade union; or (viii) sexual orientation or practices; or (ix) criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates.
"APP entity" means an agency or organisation.
"organisation" means: (a) an individual; or (b) a body corporate; or (c) a partnership; or (d) any other unincorporated association; or (e) a trust; that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
Under the Privacy Act and the Apps, we constitute an App entity. The identity and contact details are as follows:
SAIC MAXUS Automotive Co., Ltd.
No.2500, Jungong Rd, Yangpu, Shanghai
privacy@saicmotor.com
We collects, uses and discloses information about your use of Connected Services (including in some cases personal information) for the purposes specified in the Privacy Notice above.
We only use your personal information collected in connection with your use of Connected Services for the purpose of providing the Connected Services to you or as otherwise permitted, required or authorised by law (including by the Privacy Act). If you want to use Connected Services, but do not provide us with your personal information, we may not be able to provide you with all Connected Services or may only be able to provide those Connected Services to you with limited functionality.
We may collect your sensitive personal information (including in some cases biometric templates) that is reasonably necessary for our provision of services and with your consent (unless we are required or authorised by or under an Australian law or a court/tribunal order).
If you provide us with personal information about another person (such as a joint vehicle owner or authorised driver or contact person), you need to tell the other person about this notice so they are aware that you have provided their information to us and that they can read this notice to understand how their information will be handled. You must obtain all necessary consents from the other person before supplying their personal information to us (including a parent or legal guardian's permission for minors).
We may use the contact information we collect from you for direct marketing purposes, to provide you with promotional information about our products and services. The marketing communications may be carried out by a number of methods, such as email, telephone, SMS, etc. If you do not wish to receive any marketing communication, you can request us using the contact details in paragraph 2 "Identity and contact details of the App entity". We will stop using or disclosing your personal information for the purpose of direct marketing.
We work with related entities and service providers that located overseas. You agree that in our daily operation, we may disclose your personal information to overseas recipients located in China and France.
Unless an exception in the Apps applies, we would take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Apps (other than Australian Privacy Principle 1) in relation to the information.
Right to access: You have the right to request the access to your personal information held by us. We may charge you with a reasonable fee for the access.
Right to correction: You have the right to correct your personal information held by us. We take reasonable steps to ensure the information we held is accurate, up-to-date, complete, relevant and not misleading. We will not charge you for the correction.
Right to Complain: If you believe our practices constitute a breach of the Privacy Act or the Apps, you can contact us. We will try our best to resolve the matter with you. If your concerns are not resolved to your satisfaction, you can lodge a complaint with the Office of the Australian Information Commissioner by visiting https://webform.oaic.gov.au/prod?entitytype=Complaint&layoutcode=ComplaintWF , and filling the privacy complaint form.
The request for access and correction, and the submission of complaint need to be submitted to us via the contact details provided in paragraph 7 "Contacting us". We will respond to your request within a reasonable period.
If you would like to make an enquiry or complaint about how we handle your personal information, or if you wish to request access or correction to your personal information, or you have questions or comments about this part, you can contact us using the information provided in Section A of this Privacy Notice.
Alternatively, you may contact our general agent in the Australian region, who will assist us in handling your request.
Company Name: SAIC MAXUS Automotive Co., Ltd.
Privacy Mailbox Address: privacy@saicmotor.com
Address: No.2500, Jungong Rd, Yangpu, Shanghai
We provide Smart Connected Vehicles and Connected Services in New Zealand under the brand [LDV]. In context with the provision of our products and services, we are bound by the Privacy Act 2020 ("Privacy Act"). The Protection of personal information is important to us, and the following parts provide information on our personal information handling practices.
"Personal information" (a) means information about an identifiable individual; and (b) includes information relating to a death that is maintained by the Registrar-General under the Births, Deaths, Marriages, and Relationships Registration Act 2021 or any former Act.
"agency" means (a) an individual who is ordinarily resident in New Zealand; or; (b) a public sector agency; or (c) a New Zealand private sector agency; or; (d) a court or tribunal, except in relation to its judicial functions.
"foreign person or entity" (a) an individual who is neither present in New Zealand; nor ordinarily resident in New Zealand; (b) a body, incorporated or unincorporated, that is not established under the law of New Zealand; and does not have its central control and management in New Zealand; (c) the Government of an overseas country.
Under the Privacy Act, the identity and address of the agencies that collect or hold the information are as follows:
Agency Name: SAIC MAXUS Automotive Co., Ltd.
Address: No.2500, Jungong Rd, Yangpu, Shanghai
DPO Mailbox Address: privacy@saicmotor.com
We collects, uses and discloses information about your use of Connected Services (including in some cases personal information) for the purposes specified in the Privacy Notice above.
We only use your personal information collected in connection with your use of Connected Services for the purpose of providing the Connected Services to you or as otherwise permitted, required or authorised by law (including by the Privacy Act). If you want to use Connected Services, but do not provide us with your personal information, we may not be able to provide you with all Connected Services or may only be able to provide those Connected Services to you with limited functionality.
We may collect your sensitive personal information (including in some cases biometric templates) that is reasonably necessary for our provision of services as illustrated in the Privacy Notice above, and we adopt stricter protection standard for the processing of sensitive information.
If you provide us with personal information about another person (such as a joint vehicle owner or authorised driver or contact person), you need to tell the other person about this notice so they are aware that you have provided their information to us and that they can read this notice to understand how their information will be handled. You must obtain all necessary consents from the other person before supplying their personal information to us (including a parent or legal guardian's permission for minors).
Right to access: You have the right to obtain confirmation from us as to whether or not we hold personal information about you, and request the access to your personal information held by us. We will respond your request in any case not later than 20 working days after the day on which the request is received.
Right to correction: You have the right to correct your personal information held by us. We take reasonable steps to ensure the information we held is accurate, up-to-date, complete, and not misleading. We will respond your request in any case not later than 20 working days after the day on which the request is received, and inform you our decision of whether to grant the request.
If you would like to make an enquiry or complaint about how we handle your personal information, or if you wish to request access or correction to your personal information, or you have questions or comments about this part, you can contact us using the information provided in Section A of this Privacy Notice.
Alternatively, you may contact our general agent in New Zealand, who will assist us in handling your request.
Company Name: SAIC MAXUS Automotive Co., Ltd.
Privacy Mailbox Address: privacy@saicmotor.com
Address: No.2500, Jungong Rd, Yangpu, Shanghai