Volvo Group logo

Customer Representative Privacy Notice

 

This version was published, and is valid from, 2023/09/01

 

This notice provides information on processing of personal data of its customers and prospects representative by a company which is part of the Volvo Group (“Privacy Notice”). If you are, or have been, an individual, or the employee of a company, that has bought, or rented,leased or hired a product or service or asked for an offering in a role as prospect by a Volvo Group company, we may process personal data about you.

For the purpose of this notice, the “Volvo Group” means AB Volvo (publ.) and entities directly or indirectly controlled by AB Volvo including but not limited to entities belonging to any of the Volvo Group principal Business Areas and Truck Divisions (as may exist from time to time) such as Volvo Trucks, Volvo Buses, Volvo Construction Equipment, Renault Trucks, Arquus, Volvo Penta, Mack Trucks, Volvo Financial Services, Volvo Group Connected Solutions, 

Volvo Technology, Volvo Group Purchasing, Volvo Group Real Estate, Volvo Treasury, Volvo Information Technology, Volvo Group Trucks Operation, Volvo Autonomous Solutions and Volvo Energy.

This Privacy Notice applies only when a company which is part of the Volvo Group is collecting or otherwise processing personal data for its own purposes (i.e., when a company of the Volvo Group (either alone or in common with other entities) is a controller and therefore determines the purposes for which and the manner in which any personal data is processed).

Please note that the processing of vehicle related personal data is not covered by this Privacy Notice but by the Privacy Notice for Operators and Drivers.

This Privacy Notice does not apply when a company of the Volvo Group is collecting or otherwise processing personal data on behalf of another company, such as Volvo Group’s independent dealers, importers, suppliers and customers.

In addition to this Privacy Notice, some systems, applications, and processes of a company of the Volvo Group may contain their own privacy notices, which provide additional details about what specific personal data is collected and how it is stored, used, and transferred.

 

Select language

The Volvo Group company that you are or have,  on behalf of yourself or your employer, bought, hired, leased or rented a product or a service from (below referred to as “Volvo”) is the controller of the personal data that Volvo obtains from you and the other sources described below.

“Controller” means that it is Volvo that decides on the purpose and means for the processing of your personal data. Volvo is responsible for the processing of your personal data under applicable data privacy laws and regulations.

If you have questions regarding the processing of your personal data, please contact the Volvo Group Privacy Officer at gpo.office@volvo.com or by post or phone at:

AB Volvo,
Att: Group Privacy Office, Dept AA14100, VGHQ
SE-405 08
Göteborg, Sweden 
+46 (0)31 66 00 00

For the purposes of this Privacy Notice, “personal data” is any information about a specific individual or that identifies or may identify a specific individual. In other words, it is any piece of information than can be linked to you.  

For the purposes of this Privacy Notice, the term "process” or “processing” means any use of personal data, including but not limited to the collection, recording, organization, storing, adaptation, alteration, transferring, making available, blocking, deletion or destruction of personal data.

Legal basis

Volvo may process your personal data based on any one or more of the following legal grounds, see also further details below.

  • Contractual obligation Volvo may process your data if such processing is necessary to fulfil a contractual obligation towards you e.g. to fulfill the terms and conditions of an order or a service contract signed by you or your employer.
  • Legal obligation. Volvo may process your personal data if such processing is necessary to comply with a legal obligation, e.g. to comply with court orders and legal reporting requirements.
  • Legitimate interests. Volvo may process your personal data if such processing is necessary for the purposes of a legitimate interest pursued by Volvo or a third party. It is generally considered to be in Volvo’s legitimate interest to manage its daily operations, including managing its customer relationships but also, more generally, to further develop the products and services it offers (whether by itself or in conjunction with third parties) and including new innovative products and services. 

    Where it is stated herein that Volvo relies on its legitimate interests for a given processing purpose, Volvo is of the opinion that its legitimate interests are not overridden by your interests, rights or freedoms given (i) the transparency Volvo provides on the processing activity, (ii) Volvo’s privacy by design approach, (iii) Volvo’s regular privacy review and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact the Volvo Group Privacy Officer via the contact details set out above.
  • Vital interests. Volvo may process your personal data to protect the vital interest of you and others if Volvo has valid reasons to believe that such processing of your personal data may prevent or reduce any significant potential harm to you or others.
  • Consent.  Volvo may ask for your explicit consent to process certain personal data, for example for marketing purpose. Such consent is your choice and is entirely voluntary.

Volvo may process the following categories of data which, in itself or in combination with other data, may constitute personal data and for the general purposes stated in Table 1 below.

Volvo will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.

Table 1 – Categories, Purpose and Legal Ground for Processing

Categories of Personal Data

Purposes of Processing

Legal Ground for Processing

Contact data, such as name, e-mail address and telephone number, next of kin, passport and ID data 

 

 

  • Verifying identity
  • Enabling keeping an up-to-date record of customer representatives and prospects in Volvo’s CRM systems
  • Enabling the provision of products, services, events and business administration
  • Enabling sending offerings, quotes and provision of products and services
  • Enabling recalls and handling of product related claims (such as warranty claims and product liability claims)
  • Enabling promotional communication and marketing (such as the provision of newsletters, information material and promotional and advertising material, invitations to events etc.)
  • Enabling customer surveys (such as dealer satisfaction surveys, product quality surveys and process improvement surveys)
  • Enabling provision of product specific open source code related information through approved Volvo processes
  • Application of export licenses Detect, prevent and report fraud and crime (including money laundering)
  • Sale of any ownership interest in a service or financing contract (“capital market” activity)
  • Sale of receivables
  • Handling of reports in the whistleblowing channel
  • Handling of potential or confirmed conflict of interests
  • Perform business partners screening
  • Contractual obligation (to manage the provision of products and services and warranty claims)
  • Legal obligation (to manage recalls and product liability related claims)
  • Legitimate interest (to manage customer relationships)
  • Legitimate interest (to manage customer information requests)

 

 

Organizational data, such as company name, company’s management, job position, place of work and country

 

 

  • Enabling keeping an up-to-date record of customer representatives in Volvo’s CRM systems
  • Handling of reports in the whistleblowing channel
  • Handling of potential or confirmed conflict of interests
  • Perform business partners screening

 

 
 
 
  • Legitimate interest (to manage  customer relationships)
  • Legal obligation (Perform business partners screening)

 

Individual data, such as preferred language, photo/video, clothing size and food preferences

  • Enabling communication and marketing. 
  • Enabling communication in preferred language
  • Enabling the provision of personalized services (such as merchandise products in the right size)

 

  • Legitimate interest (to manage customer relationship)
  • Consent (when deemed necessary, to manage customer relationship)

 

 

 

IT-related data, such as user-ID, passwords, permissions, settings and other attributes associated with your user account, log-in details as well as data and logs about your use of Volvo’s IT equipment, application or services

 

 

  • Enabling the use of Volvo’s  customer related applications and systems
  • Enabling promotional communication and marketing (such as the provision of newsletters, information material and promotional and advertising material, invitations to events etc.)
  • Performing research and development to verify, validate, enhance and maintain products, solutions, services and applications and to develop new products, solutions, services and applications

 

 

 

  • Contractual obligation (to provide agreed services)
  • Legitimate interest (to manage  customer user access, to analyze usage of as well as maintain and develop products, solutions, services and applications, data protection and cyber security in general)

 


Vehicle related unique identifiers, such as the vehicle-ID (VIN and chassis ID)IP number, MAC address, SIM card number, IMEI

 

 
  • Enabling provision of product specific open source code related information through approved Volvo processes

 

  • Legitimate interest (to manage  customer information requests)

 

 

Manufacturing / repair / service data, such as tracking and logging of activities (including warranty claims) undertaken by you in connection with manufacturing, maintenance, repair or service on products

 

 

  • Enabling solving quality issues related to Volvo products/services, involving the use of vehicle/product related data or vehicle/product generated data.

 

  • Enabling the handling of warranty claims and product liability issues

 

 

  • Contractual obligation (to manage warranty claims and service and repair obligations)

 

  • Legal obligation (to manage recalls and product liability issues)

 

 

Image material, such as video footage that is being recorded on a Volvo Group company closed-circuit television system (“CCTV”) installed on the applicable Volvo Group company premises or other video and related security/monitoring systems whether on Volvo Group premises or not.

 

 

  • Manage safety and security at Volvo Group facilities

 

 

  • Legitimate interest (to maintain security and safety, prevent fraud or theft; and (where applicable) to assist with regulatory compliance)


Financial data, such as credit or payment information (including payment, credit and default/debt history, court proceedings or enforcement actions that relate to you) and bank account details

 

 

  • Enabling payment of products and services
  • Perform credit underwriting
  • Report and manage payment default
  • Sale of any ownership interest in a service or financing contract (“capital market” activity)
  • Sale of receivables

 

  • Contractual obligation (to manage agreed payments)

 

 

 

Contractual data, such as purchase orders, contracts and other agreements between you and Volvo

 

  • Enabling contract management services
  • Report and manage payment default
  • Sale of any ownership interest in a service or financing contract (“capital market” activity)
  • Sale of receivables

 

  • Contractual obligation (to manage contractual obligations such as the provision of products and services)

 

Data linked with the rental/lease/hire/use/loan of a Vehicle like driver’s license number and status, license plate

  •  Enabling rental and lease services
  • Loan of a Volvo vehicle for research and development purposes
  • Performance of a contract
  • Legitimate interest

Crime and fraud related data (mostly received from fraud prevention agencies and credit reference agencies)

  • Prevention of fraud and crime (including money laundering)
  • Detection of fraud and crime (including money laundering)
  • Reporting of fraud and crime (including money laundering)
  • Handling of reports in the whistleblowing channel
  • Legitimate interest
  • Legal obligation

Screening and sanctions related data including adverse media reports, presence on sanction lists, watchlists, political exposure, ultimate beneficial owners of the customer’s company, gift/hospitality recipient information (such as name, company/employer, involvement of any public official, role).

  • Perform sanction screening for export control requirements 
  • Perform business partner screening and due diligence
  • Prevent and detect corruption and conflicts of interests
  • Handling of reports in the whistleblowing channel
  • Legal obligation
  • Legitimate interest

Usage data: data about the use that you make of a product or a service including routines and habits (that does not come from telematics data)

  • Application of export licenses
  • Filling of end-user certificates
  • Development of products and services
  • Provision of services including “Equipment as a Service”
  • Offering of specific or bespoke financing products or services
  • Perform credit underwriting
  • Optimization of customer’s operations 
  • Selection of the right vehicle specification for the considered use
  • Legitimate interest
  • Performance of a contract
  • Legal obligation

Insurance related data including accidents, insurance company’s name, etc. 

  • Handling of claims
  • Developing and providing insurance related products and services, including but not limited to “connected insurance”
  • Legitimate interest
  • Performance of a contract

 

Specifically about special categories of personal data

It is specifically noted that some aspects of health and safety data may be regarded as special categories of personal data under applicable data privacy laws and shall be handled with extra care and require additional protective measures.

Volvo will only process special categories of personal data if Volvo has a legal obligation or a legitimate business need to process such data (including but not limited to prudent practices to help manage widespread health emergencies).  In such cases, we will inform you and (if required by law to do so) we will seek your explicit consent to process such data.

You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Specifically about CCTV monitoring

Volvo may use CCTV monitoring (as defined above) where permitted by law. CCTV monitoring is generally used to control and prevent unauthorized access to Volvo’s premises and equipment, however in some countries it may also be used for the purpose to ensure compliance with health and safety guidelines and procedures and for overall production improvement purposes. CCTV images and recordings are securely stored and only accessible on a need-to-know basis (for example, to look into an incident).

Specifically about automated decision-making

Volvo does not regularly and systematically perform automated decision making producing a legal effect concerning individuals or that would have a similarly significant effect. In the event that you are interacting with a Volvo company that is performing such automated decision making you should receive a specific notice that outlines the details of the automated decision making. 

Volvo will primarily obtain your personal data from yourself or your employer or third parties with whom we do business (brokers, dealers, sales representative etc) or from which we get the data like for example financial and credit data and crime related data we get from credit reporting body, credit reference agencies, fraud prevention agencies. Such third parties are responsible for ensuring that they have the rights to use and share your data with others before sharing with us.

Some personal data might also be automatically generated from Volvo’s IT-system, or equivalent, for example when creating your user-id to Volvo systems.

Except for certain information that is required by law, your decision to provide any personal data to Volvo is voluntary.

However, please note that it is necessary for Volvo to process certain personal data to interact with its customers for business purposes and contractual obligations. Not providing personal data may hinder the handling and delivery of the products and services that you or your employer might expect from Volvo. 

Your personal data may be shared with other Volvo Group companies and with certain categories of third parties (as further detailed below), which may involve transferring your personal data to other countries.

Sharing of personal data within the Volvo Group

The Volvo Group is a global organization with offices and operations throughout the world, and your personal data may be transferred or be accessible internationally throughout the Volvo Group’s global business and between its various entities and affiliates.

Any transfers of your personal data to other Volvo Group companies (including transfers from within the EU/EEA to outside the EU/EEA) will be governed by an intercompany agreement based on EU approved Standard Contractual Clauses or such other mechanisms as have been recognized or approved by the relevant authorities from time to time. Such agreement reflect the standards contained in European data privacy laws (including the EU General Data Protection Regulation).

Having this agreement in place means that all Volvo Group entities have to comply with the same internal rules. It also means that your rights stay the same no matter where your data are processed by Volvo Group.

Sharing of personal data with third parties outside of the Volvo Group

In addition to the sharing of personal data between Volvo Group companies as set out above, Volvo may also share your personal data with certain categories of third parties, including:

  • Business partners, such as Volvo Group’s suppliers and service providers in connection with their provision of products and services to the Volvo Group, such as IT service providers and transport (including customs and trade) providers and intermediaries.
  • Independent dealers & bodybuilders, such as Volvo Group’s private dealers for the purposes of managing and developing the business relationship (including warranty claims) with a customer or a customer lead;
  • Professional advisors such as insurers, lawyers and other professional advisors in connection with insurance claims, audits and the receipt of advisory services.
  • Counterparties and their advisors, such as in connection with business transactions and other projects or collaborations (including merger, acquisition projects, Insurance companies).
  • Emergency service providers, such as the police, fire brigade, ambulance and roadside assistance to protect the vital interest of you and other such as in connection with emergency assistance.

Governmental authorities:             

  • In the field of law enforcement,: regulatory authorities and other public and judicial bodies in connection with legal obligations such as court orders or legal reporting requirements or if considered necessary in exceptional cases to protect the vital interest of you or others.
  • Public authorities in charge of export control and customs
  • Public authorities requiring personal data to grant access to restricted premises

Financial partners and other stakeholders:                                               

  • credit reference/ credit rating agencies, 
  • debt collection agencies
  • fraud prevention agencies, 
  • banks and capital markets partners
  • insurance companies, insurance brokers and insurance assessors

Any third party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws and regulations.

Further, in the event that any Volvo Group company that is located within the EU/EEA transfers personal data to external third parties that are located outside of the EU/EEA the relevant Volvo Group company will satisfy itself that there are appropriate safeguards in place which provide adequate levels of protection of your personal data as required by applicable data privacy laws (including the EU General Data Protection Regulation).

For example, this may include the use of EU approved Standard Contractual Clauses or such other mechanism as have been recognized or approved by the relevant authorities from time to time.

If you have questions about how Volvo will share your personal data, please contact the VOLVO Group Privacy Officer via the contact details set out above

Volvo utilizes appropriate and reasonable legal, technical and organizational security measures, including information technology security and physical security measures, to adequately protect personal data.

These measures are appropriate to the risks posed by the processing of personal data and to the sensitivity of the personal data and take into account the requirements of applicable local law. In addition, the measures are continuously improved in line with the development of available security products and services.

Volvo requires all persons to abide by applicable security policies related to personal data when using Volvo systems. 

Volvo will keep your personal data as long as a legitimate business purpose exists for doing so (including but not limited to taking into account contractual periods, warranty and product liability requirements, legal reporting obligations and/or retention requirements necessary for anticipated disputes).

You may be entitled, where provided for under applicable data privacy laws and regulations, to:

  • Request access to the personal data Volvo process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of the specific pieces and categories of personal data.
  • Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete.
  • Object to the processing of your personal data (for direct marketing and other purposes): this right entitles you to request that Volvo no longer processes your personal data.
  • Request the erasure or deletion of your personal data: this right entitles you to request the erasure or deletion of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
  • Request the restriction of the processing of your personal data: this right entitles you to request that Volvo processes your personal data only in limited circumstances, including with your consent.
  • Request portability of your personal data: this right entitles you to receive a copy (in a portable and, if technically feasible, readily usable format) of your personal data, or request Volvo to transmit such personal data to another data controller.
  • In the event that our processing of your personal data or part thereof is based on your consent, to withdraw at any time your consent, in which case Volvo will cease any further processing activities of your personal data or the relevant part thereof (however such withdrawal will not affect the legality of the data processing activities prior to the withdrawal).

Please note that Volvo may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case by case basis of Volvo’s legal obligations and the exception to such rights.

You also have the right to lodge any complaints you may have regarding Volvo’s processing of your personal data to a supervisory authority. For more information about these rights and how to exercise them, please contact the Volvo Group Privacy Officer via the contact details set out above.

Volvo encourages the periodic review of this Privacy Notice to stay aware of any changes to it.

We reserve the right to amend this Privacy Notice as needed. When we do, we will note near the top of this Privacy Notice the date that any such changes are made and/or when they become effective.