Index
Polestar – Car Privacy Notice
1. Introduction
This privacy notice explains how Polestar processes car generated data, when you use a Polestar car and connected services provided by Polestar and its partners. Learn more about who we are and how you can contact us.
It is important to us to be transparent and that you are informed about how we use your personal data. In this privacy notice, you will find information about the processing of personal data associated with different car features, but you will not find the explanation of the features themselves here – for this, check the owner’s manual. This notice takes precedence, in case of any discrepancy between the notice and the owner’s manual with regard to the processing of personal data.
The scope of the data processing activities depends on the model of your car, the services with which your car is equipped, and on the services which you choose to activate. This notice describes the widest extent of processing possible. If you have an older car model, or if a new model is not equipped with a certain feature, the data processing associated with that feature will not occur.
This privacy notice does not apply to:
- The provision of the internet service in your car, which is supplied by a mobile network operator independently from Polestar.
- Your use of the Google Automotive Services: Polestar cars come with Google built-in, meaning that the infotainment system runs on the Android Automotive operating system offering Google Automotive Services (e.g., Google Maps, Google Assistant and Google Play Store). The infotainment system also offers the possibility to log-in with a Google account. In these instances, Google is the responsible data controller and Polestar is not involved in the processing of your personal data. For more information, see Google Privacy Policy. Your use of the Google Automotive Services is further governed by the Google Terms of Service and Google Maps Terms of Service.
- Your use of third-party applications and services in the car: the features available in the Google Play Store are offered by independent vendors, similarly with how they operate on a smartphone. When you connect your vehicle with a third-party application, your personal data and the data related to your vehicle is transferred to the third-party providing the application to enable the connection and your use of the third-party service. For further information, refer to the individual service providers’ own terms and conditions as well as their privacy policies.
- Your use of third-party value-added services based on vehicle data (such as pay-as-you-drive insurance).
Polestar has other privacy documents that should be read together with this notice for a complete picture of how your data is used by Polestar. Access them on the links below:
This privacy notice uses the term “personal data” in line with the EU General Data Protection Regulation (GDPR). Personal data includes “personal information” as that term is defined in the Australian Privacy Act 1988 (Cth). This privacy notice is designed to meet both the requirements of the GDPR and the Australian Privacy Act 1988 (Cth).
The concepts “controller” and “joint controllers” are terms used in the EU GDPR. A controller is the company that determines the purposes (why) and the means (how) of personal data processing – in other words, the controller is responsible for the processing of the personal data. When two or more companies jointly determine the purpose and means of the personal data processing, those companies are called joint controllers. In the text and in each of the tables below you will find who the controller or joint controllers is/are for each processing.
2. When do we process your personal data?
2.1 Overview
In this section, you will find information about what personal data we process about you, for what purposes, what our legal basis for the processing is, how long we will process your personal data for, and who is responsible for each processing purpose. We may process your personal data for several of the purposes at once. The information about the processing activities is divided into the following sections:
- 1.Road safety and mobility management: vehicle functions that inform you about the road conditions and warn you of external hazards, such as connected safety and road sign information; internal responses, such as emergency services (eCall), roadside assistance; and crash investigation devices such as the event data recorder (vehicle’s “black box”) and active safety data recorder. Read more.
- 2.Maintenance and repair: processing activities related to software updates and bug reporting features. Read more.
- 3.Polestar remote vehicle services: processing activities necessary to provide Polestar connected services available in the Polestar mobile app or on polestar.com.
- 4.Polestar system apps in the vehicle: processing necessary to provide Polestar system apps in the vehicle such as the Range app, Performance app and Air Quality app. Read more.
- 5.Contacts with you: processing activities necessary for vehicle-related customer care. Read more.
- 6.Development of business, products, and services: processing activities necessary for our continuous work with developing our business, systems, products and services. Read more.
- 7.Legal obligations and voluntary undertakings and in the event of claims, disputes, supervision etc., processing activities necessary for emissions reporting, monitoring cyber security threats and sharing of personal data with authorities. Read more.
3. Where do we get your personal data from?
We mainly collect your personal data directly from your vehicle, but in some cases, we also collect personal data from other sources, namely when:
- service is performed on your vehicle: we collect information about the services performed on your vehicle at a Polestar service point.
- you are in contact with our Customer Services (e.g., Customer Care; Customer Support): we receive information for example, in case of a Roadside Assistance request.
- we receive a request on your behalf from one of Polestar’s affiliates.
- we need to check the registered owner with authorities (Driver and Vehicle Licensing Agency) in recall matters: we collect your name, address, telephone number and e-mail address from the authority.
- we receive a request for change of ownership from the registered owner of the vehicle: we collect the new owner’s e-mail address from the registered owner.
4. Disclosure of your personal data
4.1 How we disclose your personal data and who we disclose it to
To provide our products and services and to comply with laws and regulations, we need to share your personal data with others, including other companies within the Polestar Group and third parties assisting us in various parts of our business and helping us to deliver our products and services. The categories of recipients are listed below.
- Polestar affiliates;
- Polestar service providers: we use others to help us provide our Services (e.g., IT service providers responsible for operation maintenance and technical support of our IT solutions; mail and messaging services; banks and payment service providers; providers of analytics services). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes;
- Others’ services: you may connect your vehicle with others’ services e.g., providers of in-car or mobile applications and social media;
- Authorities: in certain circumstances, we may be legally required to disclose information to government or law enforcement authorities, e.g. the police, the privacy protection authority, tax authorities, public courts, authorities for official registering of the vehicle, or enforcement agencies. This may be in response to valid and lawful requests, such as subpoenas, court orders or other legal processes. We may also disclose information when necessary to protect the rights, property, or safety of you, us, or others. We comply with all applicable laws and regulations regarding the disclosure of information to government authorities. We carefully review each request to ensure its validity and legality, as well as the impact of the data disclosure on the subjects concerned by the request before disclosing any information. We strive to protect your privacy and rights to the extent permitted by law. In the event of a government request for information, we will make reasonable efforts to notify you unless prohibited by law or court order. If you have any questions or concerns about our practice of disclosing information to authorities, please contact us;
- Business partners, e.g., Volvo Car Corporation, workshops and service points, finance and leasing companies, insurance companies, vehicle charging service, legal counsels, advertising agencies/companies, and market research companies, and;
- Providers of social media platforms.
Polestar Automotive Australia Pty Ltd may disclose personal information it collects from individuals in Australia to recipients overseas, including in Sweden, Germany, Ireland, the United Kingdom, and the United States.
4.2 Processing of your personal data outside of EU/EEA
We strive to process your personal data within the EU/EEA area. However, Polestar is a company with an international presence. In some situations, such as when we share your information with one of our affiliates, a business partner or subcontractor operating outside the EU/EEA, your personal data will be transferred outside the EU/EEA.
We transfer personal data to the United States and the United Kingdom for IT system hosting services, IT support services and customer care services.
We always ensure that the same high level of protection applies to your personal data according to the GDPR, even when the data is transferred outside of the EU/EEA. As regards the United Kingdom, the Commission has decided that it ensures an adequate level of protection (article 45 of the GDPR), but regarding transfers to the United States we have entered into EU Model Clauses with all relevant third parties (article 46 of the GDPR) or they are certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S Data Privacy Framework and/or the Swiss-U.S. Data Privacy Framework with the U.S. Department of Commerce. In addition, we take additional technical and organisational security measures when needed, such as encryption and pseudonymisation. Our processors supporting delivering the Polestar products and services are limited by contract in their ability to use your personal data for any purpose other than to provide support for us in compliance with each data processing agreement in place
5. Information security
To protect your personal information from loss, theft, and unauthorised access, use, or disclosure, we have implemented technical, administrative, and physical security measures including encryption of transmitted and stored data, and access right concepts. Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure or impenetrable.
6. Your rights
Below, you can find a list of your rights related to our processing of your personal data. If you wish to exercise any of your rights, fill in this web form or contact us in any other way. If you have any objections or complaints about the way we process your personal data, please let us know and we will try to help.
You always have the right to lodge a complaint with the supervisory authority where you live, work or where you believe an infringement has taken place. In Australia, you may make a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner (OAIC). In Sweden, you have the right to lodge a complaint with the Swedish Supervisory Authority for Privacy Protection (IMY).
6.1 Right to information and a copy of your personal data
6.1.1 Personal data held by Polestar Performance AB
You have the right to know if Polestar Performance AB processes personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. Furthermore, you have the right to receive a copy of all personal data we have about you.
If you are interested in specific information, please indicate it in your request. For example, you can specify if you are interested in a certain type of information, such as what specific contact details we have about you, or if you want information from a certain period.
6.1.2 Requesting access to personal information held by Polestar Automotive Australia Pty Ltd
You can request access to your personal information from Polestar Automotive Australia Pty Ltd on polestar.com/au/data-subject-right-request/, by providing full details of your request. We may not be able to provide you with access to your personal information in some circumstances, including where access may impact the privacy of another individual or due to another applicable exemption under the Australian Privacy Principles. If this is the case, we will inform you in writing. We may charge a reasonable fee for providing you with access to your personal information.
6.2 Right to have erroneous or outdated personal data corrected, updated or completed
If the personal data we hold about you is incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.
Once we have corrected your personal data, or it has been supplemented, we will inform those we have shared your data with (when applicable) about the update - if it is not impossible or too cumbersome. If you ask us, we will of course also tell you who we have shared your data with.
If you request to have data corrected, you also have the right to request that we restrict our processing during the time we investigate the matter.
6.3 Right to have personal data deleted
In some cases, you have the right to have your data deleted, namely when:
- 1.the data is no longer needed for the purposes for which we collected it,
- 2.you withdraw your consent and there is no other legal ground for the processing (if applicable),
- 3.the data is used for direct marketing, and you unsubscribe from it,
- 4.you oppose use that is based on our legitimate interest, and we cannot show compelling grounds for the processing which override your interests and rights,
- 5.the personal data has been used unlawfully, or
- 6.deletion is required to fulfil a legal obligation.
If we delete personal data following your request, we will also inform those we have shared your data with (when applicable) - if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
6.4 Objecting to our use
You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your situation, evaluate if our interests in using the personal data outweigh your interests in the personal data not being used for that purpose. If we are unable to provide compelling legitimate grounds that override yours, we will stop using the personal data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.
You always have the right to object to, and unsubscribe from, direct marketing.
6.5 Right to withdraw your consent
You have the right to withdraw your consent for a specific processing at any time. You can withdraw your consent by contacting us.
Your withdrawal will not affect processing that has already been carried out.
6.6 Right to request restriction
Restriction means that the data is marked so that it may only be used for certain limited purposes. The right to restriction applies:
- 1.when you believe the personal data are incorrect/inaccurate and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are correct or not.
- 2.if the use is unlawful but you do not want the personal data to be erased.
- 3.when we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, exercise or defend legal claims.
- 4.if you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.
Even if you have requested that we restrict our use of your data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone’s rights. We may also use the information for reasons relating to an important public interest.
We will let you know when the restriction expires.
If we limit our use of your data, we will also inform those we have shared your data with (when applicable) - if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
6.7 Right to data portability
If the processing is based on your consent or an agreement between us, you have the right to obtain personal data that you have provided to us in a structured, commonly used and machine-readable format and transfer it to another controller (“data portability”).
7. How can you view and change your privacy settings?
In the privacy settings menu in the centre display, you can turn on or off the sharing and usage of your data for specific services. The privacy settings include microphone, location and app permissions and the data sharing options with Polestar and Google. In the vehicle onboarding guide, you have a first opportunity to set your privacy preferences for Polestar and Google data sharing. After the onboarding guide has been completed, you can manage your vehicle privacy preferences in Settings, then tapping on Privacy.
By default, the settings on data sharing with Polestar are turned off, however please note that you cannot completely opt out of all vehicle data collection processes, as some vehicle services are mandated by law, such as for example, Emergency Assistance (eCall). Read more about Emergency Assistance (eCall) further up in the document.
8. Contacts & About us
Polestar Performance AB (referred to as “Polestar”, “we”, “us” and “our”) is the controller who processes your personal data as described in this notice. If other entities are processing personal data together with us, as so-called joint controllers, this is mentioned explicitly.
Polestar Performance AB is also the primary point of contact for data subjects in the EU that wish to exercise their rights and the main responsible party for providing information to data subjects, for the uses of data where the controller is a company in the Polestar Group. You are of course entitled to exercise your rights under the GDPR in respect of and against each controller mentioned in this policy. Polestar Automotive Australia Pty Ltd is the primary point of contact for individuals in Australia.
Each controller’s identity and contact details are listed below.
Polestar Performance AB is a Swedish legal entity with company registration number 556653-3096, with mailing address Assar Gabrielssons Väg 9, 405 31 Gothenburg, Sweden, and visiting address Polestar HQ, Assar Gabrielssons Väg 9, 418 78 Göteborg.
Polestar Automotive Australia Pty Ltd is an Australian legal entity with company registration number ACN: 645 163 202 with address 65 EPPING ROAD, North Ryde NSW 2113, Australia.
Polestar has appointed a Data Protection Officer for the Polestar Group who can be reached via e mail or via post as set out below:
- E-mail address: dpo@polestar.com
- Postal address: Polestar Performance AB, Attention: The Data Protection Officer, 405 31 Göteborg, Sweden
Volvo Car Corporation is a Swedish legal entity with company registration number 556074-3089, with address 405 31 Gothenburg, Sweden.
9. Changes to this privacy notice
We reserve the right to change this privacy notice from time to time. We will inform you of any changes by posting the updated privacy notice on our website (including clarification of updates). If we make any material changes to our privacy notice, we will send a notification by e-mail. We encourage you to contact us if you have any questions about the privacy notice or about how we process your personal data.