This version was published, and is valid from, 2023/09/01
This notice provides information on the Volvo Group’s processing of personal data of its consultants (“Privacy Notice”). If you are or have been engaged as a consultant of a Volvo Group company, we may process personal data about you.
For the purpose of this notice, the “Volvo Group” means AB Volvo (publ.) and entities directly or indirectly controlled by AB Volvo including but not limited to entities belonging to any of the Volvo Group principal Business Areas and Truck Divisions (as may exist from time to time) such as Volvo Trucks, Volvo Buses, Volvo Construction Equipment, Renault Trucks, Arquus, Volvo Penta, Mack Trucks, Volvo Financial Services, Volvo Group Connected Solutions,
Volvo Technology, Volvo Group Purchasing, Volvo Group Real Estate, Volvo Treasury, Volvo Information Technology, Volvo Group Trucks Operations, Volvo Autonomous Solutions and Volvo Energy.
This Privacy Notice applies only when Volvo Group is collecting or otherwise processing personal data for Volvo Group’s purposes (i.e., when Volvo Group (either alone or in common with other entities) is a controller and therefore determines the purposes for which and the manner in which any personal data is processed).
This Privacy Notice does not apply when Volvo Group is collecting or otherwise processing personal data on behalf of another company, such as Volvo Group’s independent dealers, importers, suppliers, and customers.
In addition to this Privacy Notice, some Volvo Group systems, applications, and processes may contain their own privacy notices, which provide additional details about what specific personal data is collected and how it is stored, used, and transferred.
The Volvo Group company that you are or have been engaged by (below referred to as “Volvo”) is the controller of the personal data that Volvo obtains from you and the other sources described below.
“Controller” means that it is Volvo that decides on the purpose and means for the processing of your personal data. Volvo is responsible for the processing of your personal data under applicable data privacy laws and regulations.
If you have questions regarding the processing of your personal data, please contact the Volvo Group Privacy Officer at email@example.com or by post or phone at:
+46 (0)31 66 00 00
For the purposes of this Privacy Notice, “personal data” is any information about a specific individual or that identifies or may identify a specific individual. In other words, it is any piece of information than can be linked to you.
For the purposes of this Privacy Notice, the term "process” or “processing” means any use of personal data, including but not limited to the collection, recording, organization, storing, adaptation, alteration, transferring, making available, blocking, deletion or destruction of personal data.
Volvo may process your personal data based on any one or more of the following legal grounds, see also further details below.
Volvo may process the following categories of data which, in itself or in combination with other data, may constitute personal data and for the general purposes stated in Table 1 below.
Please note that the below list is a list of examples only and not intended as an exhaustive list. Volvo will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.
Table 1 – Categories, Purpose and Legal Ground for Processing
Categories of Personal Data
Purposes of Processing
Legal Ground for Processing
Individual data, such as name, date of birth, social security number (or equivalent), gender, nationality, preferred language, and photo
Organizational data, such as consultancy number, services description, place of work, business unit, department, manager and direct reports
Contact data, such as work location, home address, email and telephone number
Consultancy administration data, such as consultancy contract and information about assignment start date and termination date
Time data, such as working hours, worked time, vacation and sick leave
Security data, such as access cards, access rights and use of access cards and access rights
Health and safety data, such as information about work related incidents and sick leave
Performance and evaluation data, such as evaluations and assessments in connection with previous and ongoing assignments
Competence data, such as learning records and training activities and relevant work authorizations
Travel administration data, such as information on business trips, booking details, passport number, travel invoices and allowances
IT-related data, such as user-ID, passwords, log-in details as well as data and logs about your use of Volvo’s IT equipment, application or services, as per Volvo’s IT policies, as applicable from time to time
Help desk and support data, such as questions from you / your Volvo manager / HR relating to your assignment or IT-equipment or support provided to you in relation to the same
Maintenance / repair / service data, such as tracking and logging of activities undertaken by you in connection with maintenance, repair or service on a department car
Vehicle data, such as vehicle related data or vehicle generated data which is automatically generated if you use a Volvo-owned product, such as a truck
Image material, such as video footage that is being recorded on a Volvo Group company closed-circuit television system (“CCTV”) installed on the applicable Volvo Group company premises or other video and related security/monitoring systems whether on Volvo Group premises or not but to which we have a legitimate purpose in viewing / accessing
Next of kin data, such as the name and contact details of persons indicated by you to be contacted in case of an emergency
Specifically about special categories of personal data
It is specifically noted that some aspects of health and safety data may be regarded as special categories of personal data under applicable data privacy laws and shall be handled with extra care and require additional protective measures.
Volvo will only process special categories of personal data if Volvo is authorized by agreement to process such data, has a legal obligation or a legitimate business need to process such data (including but not limited to prudent practices to help manage widespread health emergencies). In such cases, Volvo will inform you and (if required by law to do so) seek your explicit consent to process such data. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Specifically about CCTV monitoring
Volvo may use CCTV monitoring (as defined above) where permitted by law. CCTV monitoring is generally used to control and prevent unauthorized access to Volvo’s premises and equipment, however in some countries it may also be used for the purpose to ensure compliance with health and safety guidelines and procedures and for overall production improvement purposes. CCTV images and recordings are securely stored and only accessible on a need-to-know basis (for example, to look into an incident).
Specifically about automated decision-making
Volvo does not regularly and systematically perform automated decision making producing a legal effect concerning individuals or that would have a similarly significant effect. In the event that you are interacting with a Volvo company that is performing such automated decision making you should receive a specific notice that outlines the details of the automated decision making.
Volvo will primarily obtain your personal data from yourself, your employer, your Volvo manager or Human Resources, or such other third party to whom you have directed us to obtain your personal data.
Some personal data might also be automatically generated from Volvo’s IT-system, or equivalent, for example when creating your user-id to Volvo systems.
Except for certain information that is required by law, your decision to provide any personal data to Volvo is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide Volvo with your personal data.
However, please note that it is necessary for Volvo to process certain personal data relating to you to administer your consultancy assignment with Volvo, such as the provision of IT tools and services, access rights to Volvo’s premises and time recording. Accordingly, Volvo may not be able to engage you as a consultant if you do not provide certain necessary personal data or do not allow Volvo to process such necessary personal data in connection with your assignment.
Your personal data may be shared with other Volvo Group companies and with certain categories of third parties (as further detailed below), which may involve transferring your personal data to other countries.
Sharing of personal data within the Volvo Group
The Volvo Group is a global organization with offices and operations throughout the world, and your personal data may be transferred or be accessible internationally throughout the Volvo Group’s global business and between its various entities and affiliates.
Any transfers of your personal data to other Volvo Group companies (including transfers from within the EU/EEA to outside the EU/EEA) will be governed by an intercompany agreement based on EU approved Standard Contractual Clauses or such other mechanisms as have been recognized or approved by the relevant authorities from time to time. Such agreement reflect the standards contained in European data privacy laws (including the EU General Data Protection Regulation). Having this agreement in place means that all Volvo Group entities must comply with the same internal rules. It also means that your rights stay the same no matter where your data are processed by Volvo Group.
Sharing of personal data with third parties outside of the Volvo Group
In addition to the sharing of personal data between Volvo Group companies as set out above, Volvo may also share your personal data with certain categories of third parties, including:
Any third party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws and regulations.
Further, in the event that any Volvo Group company that is located within the EU/EEA transfers personal data to external third parties that are located outside of the EU/EEA the relevant Volvo Group company will satisfy itself that there are appropriate safeguards in place which provide adequate levels of protection of your personal data as required by applicable data privacy laws (including the EU General Data Protection Regulation). For example, this may include the use of EU approved Standard Contractual Clauses or such other mechanism as have been recognized or approved by the relevant authorities from time to time.
If you have questions about how Volvo will share your personal data, please contact the Volvo Group Privacy Officer via the contact details set out above.
Volvo utilizes appropriate and reasonable legal, technical and organizational security measures, including information technology security and physical security measures, to adequately protect personal data.
These measures are appropriate to the risks posed by the processing of personal data and to the sensitivity of the personal data and take into account the requirements of applicable local law. In addition, the measures are continuously improved in line with the development of available security products and services.
Volvo requires all persons to abide by applicable security policies related to personal data when using Volvo systems.
Volvo will normally keep your personal data during the term of the consultancy assignment and as documented in our data retention schedule and applicable supplements. When your assignment has ended, Volvo will only process the personal data deemed necessary for the fulfillment of the purposes for which it was collected and only up and until such purpose has been fulfilled or, if later, for such time as may be required to comply with local legal obligations or to satisfy any legal requirements in the event of an actual, threatened or anticipated dispute or claim.
You may be entitled, where provided for under applicable data privacy laws and regulations, to:
Please note that Volvo may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of Volvo’s legal obligations and the exception to such rights.
You also have the right to lodge any complaints you may have regarding Volvo’s processing of your personal data to a supervisory authority. For more information about these rights and how to exercise them, please contact the Volvo Group Privacy Officer via the contact details set out above.
Volvo encourages the periodic review of this Privacy Notice to stay aware of any changes to it.
We reserve the right to amend this Privacy Notice as needed. When we do, we will note near the top of this Privacy Notice the date that any such changes are made and/or when they become effective.