Data Protection Notice for our cars
We, MAXUS, provide modern electric cars with a smart entertainment system which can be connected to your mobile phone .
In context with the provision of the smart entertainment system and the app, we process personal data.
The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR).
In Section A of this Data Protection Notice we provide you with information about the controller responsible for the processing of your personal data and the controller s data protection officer.
In Section B you find information about the processing of your personal data.
In Section C you further find information on your rights regarding the processing of your personal data.
The technical terms relating to data protection used in this Data Protection Notice have the meaning used in the General Data Protection Regulation. You will find more detailed information about this in Section D.
A. Information on the controller
I. Identity and contact details of the controller
II. Contact details of the controller s data protection officer
B. Information on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
II. Use of the Navigation System on the Audio Visual and Navigation System (AVN)
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
IV. Use of Personalized Settings
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
VII. Use of AVM(Around View Monitor)
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal data
1. Details on personal data which are processed
2. Details on the processing of personal datathr
XI. Use of third-party apps on our Audio Visual and Navigation (AVN) System
1. Third-party apps provider embedded in the AVN
2. Potential data transfers to third countries without an appropriate level of protection
XII. Compliance with legal requirements.
1. Details on personal data which are processed
2. Details on the processing of personal data
C. Information on the rights of data subjects
III. Right to erasure ( right to be forgotten )
IV. Right to restriction of processing
1. Right to object on grounds relating to the particular situation of the data subject
2. Right to object to direct marketing
VII. Right to withdraw consent
VIII. Right to lodge a complaint with a supervisory authority
E. Effective date of and changes to this Data Protection Notice
SAIC Mobility Europe S.à.r.l.
N.4 Rue Robert Stümper 2557 Luxembourg
dpo@maxuseu.eu
dpo@saicmotor.com
N.4 Rue Robert Stümper 2557 Luxembourg
dpo@maxuseu.eu
dpo@saicmotor.com
In this Privacy Notice, we provide you with general information on our personal data processing activities. The information includes data processing activities of the infotainment system onboard, those of intelligent driving system and those of road safety assurance. In particular, the Information on the processing of personal data is presented in the Section B. The information of the infotainment system is written in the Subsections I-V. And information regarding the intelligent driving system can be found in Subsection VI. And information regarding road safety assurance can be found in Subsection VII-X. Section B. Your rights to personal data protection can be found in Section C.
We wish to provide you the best experience when you use our cars. Therefore, we offer you the app and equipped the cars with a well-invented system. In our cars there are two devices which communicate with and can be controlled by the app: the Audio Visual Navigation ( AVN ) and the Telematic Box ( TBOX ). All communication between the devices and the app runs via our Telematics Service Platform ( TSP Backend ). The AVN provides you infotainment applications, such as the navigation or the message centre. The TBOX is responsible for providing network access for the vehicle and upload data to the TSP Backend. For certain functions the AVN communicates directly with and transfers personal data to third parties (e.g. Amazon). For the provision of the functions ,outlined in this Data Privacy Information we process your personal data and want to inform you on the details of the processing. However, you can use our cars without using the online functionalities of the system that require the processing of personal data. When you use the AVN for the first time and when you download the app, we will ask you if you want to enable all functionalities of the system, including those that require the processing of personal data. You can turn on and off individual functionalities of the AVN, that require the processing of personal data.
In connection with our electric cars we provide our app to view and remote control certain functions of the car and to send information, such as navigation destinations or Points of Interest (POIs), to the car. In order to use these functions, the car needs to be bound to the driver account. In this context, we process personal data for the following purposes:
· Creation and provision of an driver account so that you can remote control your vehicle and view the vehicle status remotely
· Provision of the function to bind and unbind your vehicle to your account
· Provision of the function to check and control the vehicle state
· Provision of the Find My Car function
· Provision of the Charging Management function
· Provision of the Rescue Call function
· Provision of the message centre
· Provision of the Feedback function
· Processing your feedback
· Provision of the My Calendar function
· Provision of energy consumption function
· Provision of digital key function
· Provision of local weather information
You receive more detailed information on this below:
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Protocol Data |
Protocol data which accrue for technical reasons when using our app to access content from our server: The data which accrues during such access is defined by the network protocol for the transmission of information between your device and the server of our app. These include IP address, type and version of the mobile operating system used, the content accessed and date and time of access. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, our App cannot access content from our server. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
|
Registration Data |
Data that you provide when registering your account for our app: These include the following mandatory information: name, address, email address, password. Additionally, these include the following optional information: gender, date of birth |
User of the app |
Provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the mandatory information is not provided, a registration and the creation of a user account is not possible. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Login Data |
Data that you provide when logging into your account: This includes: mobile phone number, email address and password. When logging into your account with your vehicle, this also includes a unique identifier stored in a QR code. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot log into your account. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Additional Account Data |
Data that you can add to your account, e.g. security code, alarm settings, emergency contact, favourite places and radio stations and records of travel plans. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain functions may not work properly such as searching from the favourites list on the AVN. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Basic Vehicle Data |
Basic information on your vehicle that is automatically obtained from your vehicle and viewable in the app: This includes VIN number, engine number, brand name, model name, gearbox model, colour, TBOX serial number, AVN serial number. |
User of the vehicle |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Vehicle Status Data |
Information on the current status of your vehicle that is automatically obtained from your vehicle and viewable and, where possible, changeable in the app: This includes data on remaining gas/power, remaining mileage, tire pressure, battery voltage, engine status, EPS Status, handbrake status, temperature, window/ skylight status, door status, engine status, clutch status, illegal unlock status, impact sensor status. |
User of the vehicle |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app and remote control function via the app are not available. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Location Data |
Data on the location of your vehicle as well as your mobile phone: This includes vehicle GPS location and mobile phone GPS location. |
User of the vehicle/app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain functions, such as the find my car function are not available. |
We process the location data of your phone only temporarily when you use the check and control the vehicle state or Find my car function. The data will be deleted in 3 months after the data use has been expired. |
|
Battery Data |
Data on the status of the battery of your vehicle: This includes remaining power, remaining charging time, charging current, charging voltage, remaining mileage |
User of the vehicle |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, the data cannot be viewed via the app. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Message Data |
Data in messages which we deliver to the inbox in your vehicle and the app: This includes important messages such as alarms, operation information and news. |
Generated by us |
- |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Feedback Data |
Data that you provide to us when using the feedback function: This includes the content of your feedback. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot respond to your feedback. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Calendar Data |
Data that you provide to us when enabling the synchronisation of your calendar with our app: This includes date and time of appointment, anniversary or commemoration day. This also includes information that you provide in our app, such as theme, remarks, remind time and remind date. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot send you a reminder when the anniversary day arrives. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Bluetooth mac address |
Data to activate the digital key function and generate the digital key control ID. |
User of the app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot use the digital key function. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Digital key control ID |
Data to identify you when you request the unlocking of your vehicle. |
Generated by us |
- |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Advertising Management Data |
Information regarding consents you gave for advertisement purposes as well as information regarding your potential objections to advertisements: These include date and time of the consent, the IP-address of the device used to give consent, date and time of any withdrawal of consent or of an objection against the processing of persona data for advertisement purposes. |
User of the vehicle/app |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot process your consents to and /or objections regarding advertisements. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored until the user deletes the driver account. |
|
Additionally this includes documentation on the information we provided to you on a consent and/or on advertisement we carry out without your consent. |
Generated by us |
- |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
Creation and provision of an driver account in order to remote control your vehicle and view the vehicle status remotely: After the initial registration of your account, you may store additional data in your account. This includes the optional storage of contact information, addresses and settings, such as language settings. This also includes the function to login and logout from the app. |
Registration Data Login Data Additional Account Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of the function to bind and unbind your vehicle to your account: In order to remote control your vehicle and view the vehicle status remotely via our app, it is necessary to bind your vehicle to your account. To bind your vehicle to your account, you need to scan the QR code displayed on the AVN with the app. This also includes the binding relationship management, which enables you to view information on your vehicle that is automatically obtained from your vehicle: This includes VIN number, engine number, brand name, model name, gearbox model, colour, TBOX serial number, AVN serial number. |
Registration Data Login Data Basic Vehicle Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of the function to check and control the vehicle state: With our app you can check the vehicle status. This enables you to ensure that the vehicle is secure to drive or securely locked when in a parking position. This function also enables you to control the vehicle state remotely, such as locking or unlocking the vehicle or changing the temperature of the AC or the seat heating. In particular, it also allows you to check the energy consumption on your phone by reviewing the mileage, cumulative power consumption, average speed and travel time. In order to provide these functions remotely (i.e. without a connection between your mobile phone and your car), the relevant Vehicle Status Data are exchanged between your mobile phone and our servers as well as between your car and our servers via the internet. This function also enables you to set vehicle alarms and receive alerts in our app. This includes low battery alerts, security alerts, geo-fence alerts, speed alerts, engine start alerts or alerts when there is anything abnormal about your vehicle. |
Protocol Data Registration Data Login Data Vehicle Status Data Location Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer Map SDK provider |
|
Provision of the Find My Car function: When using the Find My Car function we will use your mobile phone GPS location as well your vehicles GPS location in order to show you the shortest way on foot to your car. These GPS locations are only retrieved from your mobile phone and your vehicle once you access the Find My Car function in the app. After providing the security code the honking/lighting function will be unlocked to help you find your car in the dark. |
Protocol Data Registration Data Login Data Location Data Additional Account Data Vehicle Status Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer Map SDK provider |
|
Provision of the Charging Management function: This function enables you to see the current battery and charging status. You may also schedule the charging times by connecting the charging connector via Bluetooth. Moreover, you may set a charging target. |
Protocol Data Registration Data Login Data Battery Data Location Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer Maps SDK |
|
Provision of the Rescue Call function: This function enables you to quickly set off a rescue call to the number saved on your account. We determine the relevant rescue number for you according to the country selected when you first bound your vehicle to the app. |
Protocol Data Registration Data Login Data Additional Account Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of the message centre: We provide you with important messages such as alerts, operation information and news (including advertisements about Maxus service). These messages are accessible via the inbox functions in the app and in the AVN. |
Protocol Data Message Data Login Data Additional Account Data Vehicle Status Data Advertising Management Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of the Feedback function: With the Feedback function in the app you can provide feedback to us, such as on errors suggestions for further improvements. |
Protocol Data Registration Data Login Data Feedback Data |
No automated decision-making takes place |
Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is to obtain feedback on our service in order to improve our services. |
Developer |
|
Processing your feedback: We will process your feedback to improve our services. |
Feedback Data |
No automated decision-making takes place. |
Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is to process your feedback in order to improve our services. |
Developer |
|
Provision of My Calendar function: Subject to your consent, this function allows us to synchronize your calendar on your mobile phone with our app, so we can send you reminders for appointments, anniversaries or commemoration days. This function allows you to set a theme, remind date, remind time and make a remark for your anniversary. |
Protocol Data Registration Data Login Data Calendar Data |
No automated decision-making takes place |
Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of energy consumption function: This function allows user to see the energy consumption statistics. Including mileage, cumulative power consumption, average speed and travel time. |
Protocol Data Registration Data Login Data |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Provision of digital key function: This function allows you to unlock and start the vehicle with your app instead of the key. |
Bluetooth mac address Digital key control ID |
No automated decision-making takes place |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Developer |
|
Recipient |
Recipient s role |
Transfer to third countries and/or international organisations |
Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor |
China |
There is no adequacy decision of the European Commission for the third country concerned. Transfers to the third country concerned take place on the basis of standard contractual clauses of the European Commission for the transfer of personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
|
Map SDK provider: HERE Europe B.V. Kennedyplein 222, 5611 ZT Eindhoven, Netherlands |
Controller |
- |
- |
Through our audio visual and navigation system (AVN) you have the possibility to use a navigation system. The basic functions are available without an internet connection and without us or our service providers processing any of our personal data when you use these functions. This includes in particular, the search for a specific location or points of interests in the area, calculation of routes and the navigation function, battery range function. Certain other functions, such as considering real time traffic data for finding the best route, require an internet connection. When you use the online navigation system, we process your personal data for the following purposes:
· Provision of information on real time traffic
· Provision of online search function
If you are using our navigation system via voice recognition, please also view the chapter on voice recognition (à Section B.III).
You receive more detailed information on this below:
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Protocol Data |
Protocol data which accrue for technical reasons when an internet connection is established between your vehicle and our servers: The data which accrues during such access is defined by the network protocol for the transmission of information between your vehicle and our servers. These include IP address, HTTPS protocol (to secure Telenav Cloud) and API-key (to make sure only SAIC vehicles can connect to Telenav cloud). |
User of navigation system |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation functions cannot be provided. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
|
Location Data |
GPS location of your vehicle Navigations send to Map SDK provider when user uses the function for searching a location, online navigation and realtime traffic. |
User of navigation system |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation functions cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. The data will be deleted in 3 months after the data use has been expired. |
|
Search Function Data |
Data that you enter in the search function of our navigation system: These include all data entered as search terms, selected from the recent destination list, from the favourites list, from labels provided by you, such as home or work addresses or from Point of Interest categories, or via voice command. If you are using voice command please also view the chapter on voice recognition à Section B.III. |
User of navigation system |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based search cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. Your home address is stored until you delete it in the AVN. All other data is stored for a maximum period of one year. |
|
Recent Locations |
Data selected in the search function as destination. |
User of navigation system |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, cloud-based navigation cannot be provided. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored for one year. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
Provision of our navigation function with real time traffic data: A basic navigation function is available without an internet connection. For an enhanced navigation, the route is calculated on our server, considering real time traffic data. For this purpose, data on your location and your destination are temporarily processed on our server. We process information on your location regularly to provide convenient navigation services (e.g. calculate in the background if better routes are available, check traffic events nearby, etc.). |
Protocol Data Location Data Recent Locations |
No automated decision-making takes place. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Map SDK provider Developer |
|
Provision of our online search function: For this purpose, data that you enter into our search functions is temporarily processed on our server. When logged into your driver account in your car, you can also view and select addresses, Point of Interests (e.g. gas stations, food and beverage stores and hotels)etc. which you added to your account via the app. Moreover, you can search for nearby charging stations and check their availability. |
Protocol Data Search Function Data Location Data For viewing and selecting data stored in your driver account: Registration Data (à Section B.I.1) Login Data (à Section B.I.1) Additional Account Data (à Section B.I.1) |
No automated decision-making takes place. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Map SDK provider Developer |
|
Recipient |
Recipient s role |
Transfer to third countries and/or international organisations |
Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor |
China |
There is no adequacy decision of the European Commission for the third country concerned. Transfers to the third country concerned take place on the basis of standard contractual clauses of the European Commission for the transfer of personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
|
Map SDK provider: HERE Europe B.V. Kennedyplein 222, 5611 ZT Eindhoven, Netherlands |
Controller |
- |
- |
It is possible to navigate through our audio visual and navigation (AVN) system by using voice recognition. The voice recognition function enables you to operate certain functions on the AVN using only your voice. This function may be used for several different functions such as the navigation. Setting a new destination, zoom in or out of the map or cancelling the route are only some examples for voice commands. Voice recognition may also be used for switching to the next song in the music app. When using the voice recognition function, your voice commands are converted into machine-readable commands by our voice recognition provider.
You receive more detailed information on this below:
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Protocol Data |
Protocol data which accrue for technical reasons when an internet connection is established between your vehicle and our servers: The data which accrues during such access is defined by the network protocol for the transmission of information between your vehicle and our servers. |
User of voice recognition |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the voice recognition function. |
Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved. |
|
Voice Command Data |
Data that you provide via voice command: This includes the content of your voice commands, i.e. your voice, which is recorded after activating the voice recognition function (by saying Hello Maxus or by pressing the Voice Recognition button on the steering wheel) until the voice recognition function is deactivated. (This does not include your voice before activating voice recognition or when activating voice recognition by saying Hello MAXUS : Recognizing the phrase Hello MAXUS is performed offline by your vehicle.) |
User of voice recognition |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the voice recognition function. |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored for three years. |
|
Machine-readable data generated from your voice commands: This includes all commands which our voice recognition provider was able to identify from the recorded voice, such as destination addresses for the navigation system or commands for the music player. |
Generated by us |
- |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
Provision of the Voice Recognition function: After activating the voice recognition function (by saying Hello MAXUS or by pressing the Voice Recognition button on the steering wheel), your vehicle records your voice until the voice recognition function is deactivated. The record or your voice is then transmitted to our voice recognition provider in order to generate machine-readable commands from your voice commands. These machine-readable commands can then be used by the audio visual and navigation (AVN) system in your vehicle for various functions, such as setting a destination addresses for the navigation system or adjusting the music player. Voice records are not transmitted to us or our voice recognition provider before or for activating voice recognition. Activating voice recognition by saying Hello MAXUS (i.e. recognizing the phrase Hello MAXUS as an activation command) is performed offline by your vehicle. |
Protocol Data Voice Command Data |
No automated decision-making takes place. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
Voice Recognition Provider Developer |
|
Recipient |
Recipient s role |
Transfer to third countries and/or international organisations |
Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor |
China |
There is no adequacy decision of the European Commission for the third country concerned. Transfers to the third country concerned take place on the basis of standard contractual clauses of the European Commission for the transfer of personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
Our personalized settings allow you to customize the vehicle's functions to match your individual driving preferences. This includes settings for volume, sound effects, air conditioning temperature and airflow, as well as vehicle-related options such as Bluetooth and WLAN connectivity.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Personalized Settings |
Bluetooth phonebook Save personalized settings parameters such as volume level, sound effect settings, air conditioning temperature, seat position, etc. Save paired Bluetooth names and passwords, connected WLAN names and passwords. |
User of personalized settings |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the personalized setting function. |
After you choose to synchronize the Bluetooth phonebook, depending on the vehicle model, the Bluetooth phonebook is encrypted and stored in the vehicle infotainment system, and when you no longer want to use it, you can manually delete it., or the Bluetooth phonebook is only temporarily stored in the memory during the Bluetooth connection phase and is deleted when the Bluetooth connection is disconnected The vehicle settings data is encrypted and stored in the vehicle infotainment system, without being uploaded to the cloud. When the factory reset is clicked, all vehicle settings parameters are restored to their default values. The encrypted Bluetooth names and passwords are stored in the vehicle infotainment system. If the user deletes the device from the Bluetooth pairing list or performs a factory reset, the Bluetooth names and passwords will also be deleted. The WLAN names and passwords are encrypted and stored in the vehicle infotainment system. When a factory reset is performed, the WLAN names and passwords are also deleted. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
The vehicle infotainment system uses the contact list to provide personalized settings parameters for dialling contacts saved on the user's phone. These parameters are saved so that the owner doesn't need to readjust them every time they get in the car. This allows for automatic connection of paired Bluetooth devices and seamless connection to previously connected wireless hotspots. |
Personalized Settings |
No automated decision-making takes place. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
No recipient |
Our phone connectivity feature allows you to screen mirror your phone onto the car's display screen. This enables you to conveniently access and control navigation, videos, music, and games on your phone through the display screen. Currently, we support phone connectivity applications such as Apple CarPlay and Google Android Auto.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Phone Connectivity |
The vehicle infotainment system periodically receives vehicle speed signals, gear position signals, reverse signals, and GPS signals from the local positioning chip, which is integrated with other components of the vehicle. When CarPlay/AndroidAuto is turned on for navigation, it obtains GPS, speed, gear, and reversing information through the Android standard system interface and sends it to the phone. The car machine does not store the information locally. When the navigation in CarPlay/AndroidAuto is turned off, CarPlay/AndroidAuto in the car machine stops collecting and sending GPS, speed, gear, and reversing information to the phone. In CarPlay/AndroidAuto connectivity, user actions, previous track/next track/volume +/- IBDU will transmit key values to the CarPlay/AndroidAuto background service in the car via CAN signals. The background service will transmit the key values to CarPlay/AndroidAuto, which will respond to the keys according to its own logic. When the user selects a multimedia application in CarPlay/AndroidAuto in the car, the phone will transmit multimedia audio and video streams to the entertainment host for display and playback. When the user stops multimedia playback or disconnects CarPlay/AndroidAuto, the audio and video streams on the phone side stop transmitting to the entertainment host. When performing CarPlay/AndroidAuto wireless connection, the car will search for the Bluetooth address and WIFI address of the phone and perform wireless connection through WIFI. |
User of phone connectivity |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the phone connectivity function. |
CarPlay and Android Auto on the vehicle infotainment system do not locally save phone connectivity data |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
CarPlay/Android Auto in the vehicle infotainment system sends vehicle positioning information, vehicle speed, and gear position information to the connected smartphone. The navigational software on the smartphone uses this information to provide navigation services within the CarPlay /Android Auto connection. User operations such as previous track, next track, volume control, etc., are transmitted as key values from the vehicle infotainment system to CarPlay/Android Auto, which then controls and processes the multimedia software on the smartphone. CarPlay//Android Auto in the vehicle infotainment system establishes connections using Bluetooth and Wi-Fi addresses for data communication. |
Phone Connectivity |
No automated decision-making takes place. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
No recipient |
Our ADAS system uses a forward-facing camera module installed on the windshield to recognize road environment information ahead and make judgments based on that information. It provides functions such as lane-keeping assist, forward collision assist, adaptive cruise control, integrated cruise control, speed speed limit sign display, and intelligent speed assist.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Vehicle Exterior Images |
After the ADAS is started, the collected vehicle exterior image data in front of the vehicle may contain personal information such as pedestrians outside the vehicle and license plates of passing vehicles. |
vehicle exterior environment |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the ADAS function. |
the ADAS data is not transmitted outside the vehicle and is used and deleted locally in the vehicle, no storage or transfer of the data is performed. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
The ADAS system recognizes the road environment information ahead and makes judgments based on this information to provide the driver with safety or comfort functions. |
Vehicle Exterior Images |
After the Lane Keeping Assist function is activated, if there is a risk of lane departure, it will provide warnings or actively correct the driver. After the Forward Collision Assist function is activated, if there is a collision risk with the preceding vehicle, it will provide warnings or actively apply the brakes. With the Adaptive Cruise Control function activated, it it automatically controls the vehicle's acceleration and deceleration based on the driver's set speed. After the Integrated Cruise Control function is activated, it automatically controls the vehicle's longitudinal and lateral movement.. After the Speed Limit Sign Display and Intelligent Speed Assist functions are activated, if a speed limit sign is detected, it will provide warnings or actively limit the speed. After the Automatic High Beam Control function is activated, it automatically controls the switching between high and low beams. |
Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). |
No recipient |
Our AVM system is a set of real-time image information that seamlessly stitches together a fused view of the vehicle's surroundings, allowing the driver to observe a 360-degree panoramic perspective on the car's display screen. It helps to visually identify blind spots and facilitates safer and more intuitive parking maneuvers.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Around View Videos |
When the AVM function is activated, there is a possibility that personal information such as pedestrians or license plates of passing vehicles may appear in the captured external video stream data. |
vehicle exterior environment |
Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the AVM function. |
the AVM data is not transmitted outside the vehicle and is used and deleted locally in the vehicle, no storage or transfer of the data is performed. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
The AVM function captures surrounding video stream data through cameras to help drivers identify blind spots when reversing or turning. |
Around View Videos |
No automated decision-making takes place. |
Art. 6 (1) (c) GDPR processing is necessary for compliance with a legal obligation [UN Regulation No. 158] to which the controller is subject |
No recipient |
The DMS (Driver status Monitoring System) continuously monitors the driver's state in real-time and detects whether the driver is fatigued, distracted, or engaged in behaviours such as smoking, making phone calls, etc., during the driving process. Once detected, the system can issue prompt messages to alert the driver about these issues, avoiding potential safety risks. DMS utilizes an infrared imaging camera positioned on the driver's side of the vehicle, inside the A-pillar, facing the driver. Additionally, a series of facial and fatigue-related algorithms are embedded in the entertainment system. These algorithms can detect and identify the driver's behaviour during the driving process, and synchronize the detection results with the entertainment system in a timely manner. This allows for prompt and effective alerts to be delivered to the driver through the entertainment system. DMS does not record the driver's identifiable facial information. It only uses facial features to detect different behaviours. The DMS facial and fatigue-related algorithms detect facial key points and driver behaviour. By analysing the coordinates of these key points and their changes, the system can define driver fatigue, distraction, and abnormal driving behaviour. After detection, the system implements immediate deletion of in-vehicle videos, images, and data.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
In-vehicle videos/images |
in-vehicle videos, images, vehicle status information, and the recognition results of DMS |
user of DMS |
DMS is based on Regulation (EU) 2019/2144 and Regulation (EU) 2021/1341, and is directly used to fulfil the legal responsibilities or obligations of car companies and serve drivers. When the DMS is performing in-vehicle driver status monitoring services, it will use in-vehicle video and images to determine driver fatigue, driver distraction, abnormal driving behavior and other conditions, and then automatically delete these videos, images and data. To help us better understand the operation of the DMS, the DMS will only record data such as the frequency of your use of this application, system crash data, overall usage, performance data, and the source of the application. We will not combine the information we store in the analysis software with the personal identity information you provide in the application. |
the in-vehicle videos and images are immediately deleted after being used to assess the driver's fatigue level, distraction, and abnormal driving behaviour. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
The DMS algorithm detects facial key points and driver behavior related to fatigue. By obtaining the coordinates of key points through the model, it analyzes the variations of these key points to define driver fatigue, distraction, and abnormal driving behavior. |
In-vehicle videos/images |
When the vehicle reaches a certain speed, facial key point detection and driver behavior analysis algorithms integrated into the entertainment system will be utilized to monitor facial key points and driver behavior related to fatigue. By using models, the algorithm obtains the coordinates of key points and analyzes their variations to define driver fatigue, distraction, and abnormal driving driving behavior. |
Art. 6 (1) (c) GDPR processing is necessary for compliance with a legal obligation [EU-2019/2144] to which the controller is subject |
No recipient |
eCall system is an emergency call system installed on the vehicle. When the vehicle has a serious traffic accident, it can automatically call 112 for help. At the same time, it also provides the vehicle information and location information to the local rescue organization. In addition, the system can not only call automatically, but also set the manual call button.
The automatic call of eCall is triggered by collecting the signal of air bag. When the vehicle collides, the air bag in the vehicle will pop up, and the signal will be sent to eCall system through CAN network, and then activate the emergency call function of eCall system. After eCall is triggered, the "Minimum Set of Data" in standard protocol format will be transmitted to the local " Public Safety Answering Point " through wireless communication network. After the analysis is successful, a normal voice call will be established between the vehicle terminal and the " Public Safety Answering Point " to confirm with the driver whether or not to carry out rescue operations.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
ECALL MSD Data |
VIN Crash timestamp Vehicle Location Number Of Passengers Location Of Impact front rear driver Side non Driver Side other deltaV Difference between velocity just after and just before impact(delta-v) |
User of vehicle |
In accordance with the EU regulation EN-16072, providing eCall emergency services to users requires the collection of those data. |
eCall securely stores the MSD data at the internal memory. eCall will not keep the MSD data beyond 13 hours from the point of initiating an eCall.. Once this time period has expired, your vehicle will delete eCall MSD data automatically. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
when automatic or manual ecall triggered, ecall provides notification and relevant location information to the most appropriate Public Safety Answering Points (PSAP), by means of mobile wireless communications networks and carries a defined standardized minimum set of data, notifying that there has been an incident that requires response from the emergency services and establishes an audio channel between the occupants of the vehicle and the most appropriate PSAP. |
eCall MSD Data |
when automatic or manual ecall triggered, eCall system provide to the PSAP for emergency services |
Art. 6 (1) (c) GDPR processing is necessary for compliance with a legal obligation [EN-16072] to which the controller is subject |
PSAP(Public Safety Answering Points) |
The FOTA (Firmware Over-The-Air) feature will periodically check the software version in the vehicle. If there is a new software version available, you will be notified with the information about the new version. After obtaining your permission, the new software package will be downloaded and the installation process process will begin upon your confirmation. You can check for available software updates on the vehicle system page in the entertainment system. It will display information about the new version, download progress, and allow you to choose a suitable time for installation. During the system update process, the vehicle will temporarily be unavailable for use until the installation installation is complete.
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation of the data subject to provide the data |
Storage duration |
|
Basic Vehicle Data |
VIN scheduled the upgrade time ECU firmware version |
User of FOTA |
To ensure the safety and quality of their products, as well as to ensure that users receive timely software upgrade notifications related to their personal driving safety |
We process your data no longer than is necessary for the purposes for which the personal data are processed. At the most, the data is stored for three year. |
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interests |
Recipient |
|
Collect controller software version to determine if the vehicle's software needs updating and push new software versions to the vehicle to improve the user's driving experience or fix potential software defects, ensuring the vehicle is in a safer state. |
Basic Vehicle Data |
Automatically collect ECU firmware version when the vehicle starts. |
Art. 6 (1) (c) GDPR processing is necessary for compliance with a legal obligation [R156] to which the controller is subject |
Operator |
|
Recipient |
Recipient s role |
Transfer to third countries and/or international organisations |
Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
|
Operator SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor |
China |
There is no adequacy decision of the European Commission for the third country concerned. Transfers to the third country concerned take place on the basis of standard contractual clauses of the European Commission for the transfer of personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
The audio visual and navigation (AVN) system provides the possibility to use third-party apps, such as Amazon Music. With these apps you can use functions offered by third-party providers under their own responsibility. The relevant app is not activated by default but first needs to be activated by you in the relevant settings. Once the respective app is activated, the provider of the respective app may receive personal data from you. We do not have any knowledge about the personal data the provider actually obtains. We also do not have any knowledge about specific purposes of the processing of data collected by the provider of the relevant third-party app or about any further details of the data processing of the relevant provider. In particular, we also do not know whether the relevant provider only processes the data collected to provide the function of the relevant plug-in (e.g. to stream music) or, beyond this, for any other purposes (e.g. to create usage profiles or to personalise advertising).
If you are using our AVN via voice recognition please also view the chapter on voice recognition (à Section B.III).
You receive more detailed information on this below:
The following third-party provider apps are embedded in our AVN:
|
App |
Third-party provider |
Further information of the provider of the app |
|
Amazon Music App |
It depends on your country of residence which entity provides the Amazon Music App to you: Amazon.com Services LLC, Amazon.com.ca, Inc., Amazon Digital UK Ltd, Amazon Digital Germany GmbH, Amazon.com Sales, Inc., Amazon Seller Services Private Limited, Amazon Australia Services Inc., Amazon Commercial Services Pty Ltd, Servicios Comerciales Amazon México, S. de R.L. de C.V., Amazon Serviços de Varejo do Brasil Ltda., or one of their affiliates. |
https://www.amazon.de/-/en/gp/help/customer/display.html?nodeId=200738950&view-type=content-only |
|
Weather App |
AccuWeather, Inc. |
It is possible that when you use a third-party app, personal data may be transferred to third countries for which there is no so-called adequacy decision of the European Commission and for which no suitable guarantees are provided. In this respect, there is a risk that there is no adequate level of protection for the personal data transferred. This means that your personal data processed by the third-party provider may not be subject to a level of protection comparable to the GDPR. In particular, this means that the principles for the processing of personal data set out in Art. 5 GDPR may not be complied with. In addition, you may not have enforceable rights and effective remedies with respect to the processing of personal data. By activating the respective third-party app, you accept these possible risks on your own responsibility.
In order to comply with legal requirements, SAIC Motor processes your userid, the VIN, the condition of your vehicle and, if necessary, other personal data.
SAIC Motor is subject to various legal requirements that it must comply with. These can be e.g. Protection against unauthorised use, legitimate CO2 emission, general safety requirements of the Vehicles.
|
Basic Vehicle Data |
Basic information on your vehicle that is automatically obtained from your vehicle and viewable in the app: This includes VIN number, engine number, brand name, model name, gearbox model, colour, TBOX serial number, AVN serial number. |
User of the vehicle |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
The storage period depends on the respective processing purpose specified by the legal provisions. |
|
Vehicle Status Data |
Information on the current status of your vehicle that is automatically obtained from your vehicle and viewable and, where possible, changeable in the app: This includes data on remaining gas/power, remaining mileage, tire pressure, battery voltage, engine status, EPS Status, handbrake status, temperature, window/ skylight status, door status, engine status, clutch status, illegal unlock status, impact sensor status. |
User of the vehicle |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
The storage period depends on the respective processing purpose specified by the legal provisions. |
|
Location Data |
Data on the location of your vehicle as well as your mobile phone: This includes vehicle GPS location and mobile phone GPS location. |
User of the vehicle |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
The storage period depends on the respective processing purpose specified by the legal provisions. The data will be deleted in 3 months after the data use has been expired. |
|
Battery Data |
Data on the status of the battery of your vehicle: This includes remaining power, remaining charging time, charging current, charging voltage, remaining mileage |
User of the vehicle |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
The storage period depends on the respective processing purpose specified by the legal provisions. |
|
Regulations |
Functions of relevancy |
Categories of personal data processed |
Legal basis and, where applicable, legitimate interests |
Recipients |
Note |
|
Regulation (EU) 2019/2144 |
Onboard Intrusion Detection and Prevention System (Protection against cyberattack) |
Basic Vehicle Data ; Vehicle Status Data; Location Data; |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
SAIC Motor Developer Supervisory Authority of the National Vehicle Type Approval |
|
|
Regulation (EU) 2019/2144 |
Advanced driver distraction warning Driver drowsiness and attention warning Intelligent Speed Assistance |
Vehicle Status Data |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
NA The features are implemented offline onboard |
|
|
Comission Implementing Regulation (EU) 2021/392 |
CO2 Emission Statistics |
Basic Vehicle Data; Vehicle Status Data; Battery Data; CO2 Emission Data |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR) |
SAIC Motor Supervisory Authority of the National Vehicle Type Approval |
|
|
Regulation (EU) 2015/758 |
Ecall System |
Basic Vehicle Data; Vehicle Status Data in accordance with the Regulation(EU) 2015/758; Latest 3 Geo-location coordinates without tracking the vehicle. |
the necessity to fulfill legal obligations (Art. 6 Para. 1 let. c GDPR); |
Public Safety Answering Points |
The Ecall System is activated by defaut in the whole lifecycle the vehicle. There would be a warning icon if the function is unavailable. |
|
Recipient |
Recipient s role |
Transfer to third countries and/or international organisations |
Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations |
|
Developer: SAIC overseas intelligent mobility technology CO. Ltd 7th Floor, Intelligent Connected New Energy Vehicle Innovation Incubator, No.36 South YuTian Rd. JiaDing District, Shanghai, P.R.China |
Processor |
China |
There is no adequacy decision of the European Commission for the third country concerned. Transfers to the third country concerned take place on the basis of standard contractual clauses of the European Commission for the transfer of personal data to processors in third countries. The European Commission's decision on standard contractual clauses can be obtained here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32004D0915. A copy of the standard contractual clauses can be obtained from our Data Protection Officer (Section A.II.). |
The data processing activities depends on your car model. The above data categories are not generally applied to our all car models. You may contact us to have a further detail.
As a data subject, you have the following rights with regard to the processing of your personal data:
· Right of access (Article 15 of the General Data Protection Regulation)
· Right to rectification (Article 16 of the General Data Protection Regulation)
· Right to erasure ( right to be forgotten ) (Article 17 of the General Data Protection Regulation)
· Right to restriction of processing (Article 18 of the General Data Protection Regulation)
· Right to data portability (Article 20 of the General Data Protection Regulation)
· Right to object (Article 21 of the General Data Protection Regulation)
· Right to withdraw consent (Article 7 paragraph 3 of the General Data Protection Regulation)
· Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)
You may contact us for the purpose of exercising your rights using the contact information in Section A.
Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B of this Data Protection Notice.
Below you find more detailed information on your rights with regard to the processing of your personal data:
As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the General Data Protection Regulation.
This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the General Data Protection Regulation).
You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.
This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.
You can find the full extent of your right to rectification in Article 16 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to erasure ( right to be forgotten ) under the conditions provided in Article 17 of the General Data Protection Regulation.
This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the General Data Protection Regulation).
If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the General Data Protection Regulation).
The right to erasure ( right to be forgotten ) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the General Data Protection Regulation).
You can find the full extent of your right to erasure ( right to be forgotten ) in Article 17 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the General Data Protection Regulation.
This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the General Data Protection Regulation).
Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).
You can find the full extent of your right to restriction of processing in Article 18 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.
This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to Article 6 paragraph 1 point (b) of the General Data Protection Regulation and the processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).
You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation or on a contract pursuant to Article 6 paragraph 1 point (b) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Notice.
In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation).
You can find the full extent of your right to data portability in Article 20 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation.
At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.
More detailed information on this is given below:
As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.
You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Notice.
In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Data Protection Notice.
If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Data Protection Notice.
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the General Data Protection Regulation.
The technical terms relating to data protection used in this Data Protection Notice have the meaning used in the General Data Protection Regulation.
The full scope of the definitions of the General Data Protection Regulation can be found in Article 4 of the General Data Protection Regulation, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Notice below:
Personal data means any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data Subject means the respective identified or identifiable natural person, to which the personal Data refers to;
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
International organisation means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
Third country means a country which is not a member state of the European Union ( EU ) or the European Economic Area ( EEA );
Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person s sex life or sexual orientation.
The effective date of this Data Protection Notice is 8th November 2023.
It may be necessary to modify this Data Protection Notice due to technical developments and/or amendment of statutory or official requirements.