Index
Customer Privacy Policy
1. Introduction
1.1 General
This privacy policy covers all processing of personal data performed by Polestar Performance AB and/or Polestar Automotive Australia Pty Ltd ("Polestar", “our”, “us” or "we"), except for:
processing of your data relating to our cars, which is explained in our Car Privacy Notice, and
processing of your data in relation to our apps, which is explained in our privacy notice for each app.
It is important to us that you always feel safe and informed about how we process your personal data. In this privacy policy, you can learn more about what personal data we collect and process about you, why we do it, how we use and disclose the personal data and how we ensure that your personal data is handled in accordance with applicable legislation, and what rights you have. You can of course contact us, or our data protection officer, if you have questions about our processing of your personal data. See contact details.
This policy is updated continuously to reflect the measures taken by Polestar in relation to your personal data. Read more.
This privacy policy uses the term “personal data” in line with the EU General Data Protection Regulation (GDPR). Personal data includes “personal information” as that term is defined in the Australian Privacy Act 1988 (Cth), but it also includes some information (e.g cookie data) that is not protected as personal information under the Australian Privacy Act 1988 (Cth).This privacy policy is designed to meet both the requirements of the GDPR and the Australian Privacy Act 1988 (Cth).
The concepts “controller” and “joint controllers” are terms used in the EU GDPR. A controller is the company that determines the purposes (why) and the means (how) of personal data processing – in other words, the controller is responsible for the processing of the personal data. When two or more companies jointly determine the purpose and means of the personal data processing, those companies are called joint controllers. In the text and in each of the tables below you will find who the controller or joint controllers is/are for each processing.
2. When do we process your personal data?
2.1 Overview
In this section, we will inform you about what personal data we process about you, for what purposes, what our legal basis for the processing is, how long we will process your personal data for, and who the controller/controllers are for each processing purpose. We may process your personal data for several of the following purposes at once. The information is divided into the following parts:
- 1.
Polestar website, which includes information about our processing of personal data related to our chat function, your account on polestar.com and our processing of personal data collected using cookies. Read more.
- 2.
When providing our products and services, which includes information about our processing of personal data relating to your Polestar ID accounts, your purchase of products and services, your reservation of a build slot for a vehicle and our waiting list for such build slots, test drive bookings, service bookings, our referral program, our Polestar Fleet Portal, our administration of request for change of ownership of a vehicle and our Guest Wi-Fi. Read more.
- 3.
When we are in contact with you, which includes information about our processing of personal data relating to our customer support, our contacts with you on social media and on Polestar Community, our virtual and digital consultations, our events and competitions and our contact with you to remind you of non-completed orders. Read more.
- 4.
When marketing our business, brands, products and services, which includes information about our processing of personal data relating to marketing through telephone, e-mail, websites, social media and press releases and our use in marketing material of photos and videos of participants at events. In this section you will also find information about our profiling for marketing purposes. Read more.
- 5.
When developing our business, products and services, which includes information about our processing of personal data relating to our use of surveys and market research, training of our employees and our continuous work with developing our business, systems, products and services. Read more.
- 6.
E-mail analyses. We use technologies such as tracking pixels or click-through links when sending you e-mails. The purpose of using tracking pixels is to analyse if and how many emails are delivered and opened. The purpose of using click-through links is to analyse which links in our emails are clicked, to understand what interest there is in specific content. We use the result to make our e-mails more relevant or to stop them from being sent. By deactivating the display of images in your e-mail client, we will not be able to measure the opening rate of our e-mails using tracking pixels and the e-mail will not be displayed completely. However, if you click on text or graphic links in the e-mail, we will still be able to track whether the e-mail has been opened. To avoid that such data is collected and tracked, do not click on text or graphic links in the e-mails.
- 7.
When you apply for a job at Polestar. Read more.
- 8.
To comply with laws, legal obligations and voluntary undertakings and in the event of claims, disputes, supervision etc. This part includes information about our processing of personal data relating to recalls, claims and complaints, data subject requests, requests for access to personal information, data subject complaints, data breaches and supervision, disputes, bookkeeping, financial reporting, transfer of data in the event of merger and acquisition and sharing of personal data with authorities. Read more.
2.2 Polestar’s website
2.2.1 Web analytics/cookies
When you visit our website, we collect certain information about you using cookies and other tracking technologies. This is for our website to function, to improve the user experience of our website, to collect visitor statistics and to provide you with relevant marketing in various channels (see more details regarding the marketing purpose). For more information on how we manage cookies, see our Cookie Policy. Polestar Performance AB is controller for the processing relating to web analytics/cookies.
2.2.2 The chat
To chat with you and answer your questions and provide you with requested information, products and services, we process your personal data. Read more about our processing related to the chat under customer support. Polestar Performance AB and Polestar Automotive Australia Pty Ltd are joint controllers for processing relating to the chat.
2.2.3 Your Polestar ID account on polestar.com
For you to be able to create and log in to your account on our website and use those web services that require a Polestar ID, we will process your name, email address, phone number, password, relevant market and preferred language. Our legal basis for processing your personal data is to take steps at your request prior to entering into a contract or perform the contract (GDPR, article 6.1 (b)). We will continue to process your personal data for up to thirty (30) days after you have terminated your account. Polestar Performance AB is controller for the processing relating to your Polestar ID account.
2.5.1 Profiling
To ensure that marketing and other communication you receive from us is relevant to you considering your specific situation, we will combine certain types of data to predict your personal preferences and categorise you into a “segment affiliation”. One segment usually consists of 5,000-15,000 individuals with similar preferences, interests and behaviour. Everyone categorised into the same segment affiliation will receive the same type of marketing. The segments we create can for example include, "people that visited the product page, started configuration and chose the colour void".
For this purpose, we process your IP address, information on your browsing on our website, e.g. product interest and configuration, device information, unique online identifiers and interaction in relation to our ads on third-party websites (your “Online Web Behaviour Data”), in pseudonymised form. If you consent to the use of cookies for targeting and ads, we will combine your Online Web Behaviour Data with aggregated data obtained from third party data providers through cookies, such as information about your personal preferences, demographics and content consumption (“Third Party Data”), and data that you provide us with when you interact with us, such as e-mail address, phone number, postal code, country of residence, your interests, purchased products or services and your interactions with us (“Customer Data”). This data will determine your segment affiliation.
Your segment affiliation may also be used to create so-called lookalike audiences, meaning that we create a target audience based on the same characteristics of the individuals belonging to a certain segment affiliation. This enables us to target potential customers with similar interests, behaviour or characteristics as the people that already have shown an interest in our products and services. In other words, we will use your segment affiliation to target other individuals with the same characteristics.
We will also use your segment affiliation to get a better general understanding of you and your needs, provide better customer support and to keep track of your interactions with us.
Besides segment affiliation, we build customer profiles to ensure a personalized delivery experience when you purchase a vehicle from us. The customer profile is created by the use of analytics models based on generative artificial intelligence, and provides a summary of your interactions with us and personalised recommendations for the handover of your vehicle. For more information on the personal data we process to create your customer profile, please see the section "Personalised handover" above.
Your segment affiliation and your customer profile will not produce any legal effects or affect you in any similar way. The legal basis for placing, collecting and having access to the mentioned information from cookies is your consent, read more in our Cookie Policy. The legal basis for creating profiles, placing you in a segment affiliation, creating lookalike audiences and for sending you marketing based on your segment affiliation is your consent to marketing and profiling.
3. Where do we get your personal data from?
We mainly collect your personal data directly from you, but in some cases, we also collect personal data from other sources, namely when:
you decide to finance your vehicle through leasing or a loan: we collect information about the status of your finance or leasing application from the finance or leasing company.
service is performed on your vehicle: we collect information about the services performed on your vehicle in the workshop.
we need to check the registered owner with the organisation that holds current registered owner details in recall matters: we collect your name, address, telephone number and other information from the organisation.
we receive a request for change of ownership from the registered owner of the vehicle: we collect the new owner’s e-mail address from the registered owner.
we create some personal data about you, such as Vehicle Identification Number (VIN) and individual number plate of your purchased vehicle, which will be personal data about you. We may also observe and infer personal data about you, such as your online behaviour and segment affiliation. Read more.
4. Disclosure of your personal data
4.1 How we disclose your personal data and who we disclose it to
To provide our products and services and to comply with laws and regulations, we need to share your personal data with others, including other companies within the Polestar Group and third parties assisting us in various parts of our business and helping us to deliver our products and services. The categories of recipients are listed below.
IT providers, e.g. companies that manage the necessary operation, technical support and maintenance of our IT solutions,
Polestar affiliates,
Subcontractors: mail and messaging services, banks and payment service providers, providers of analytics services,
Authorities, in certain circumstances, we may be legally required to disclose information to government or law enforcement authorities, e.g. the police, the privacy protection authority, tax authorities, public courts, authorities for official registering of the vehicle, or enforcement agencies. This may be in response to valid and lawful requests, such as subpoenas, court orders or other legal processes. We may also disclose information when necessary to protect the rights, property, or safety of you, us, or others.
We comply with all applicable laws and regulations regarding the disclosure of information to government authorities. We carefully review each request to ensure its validity and legality, as well as the impact of the data disclosure on the subjects concerned by the request before disclosing any information. We strive to protect your privacy and rights to the extent permitted by law.
In the event of a government request for information, we will make reasonable efforts to notify you unless prohibited by law or court order. If you have any questions or concerns about our practice of disclosing information to authorities, please contact us,
Business partners, e.g. workshops, finance and leasing companies, insurance companies, legal counsels, printing companies (marketing purposes), advertising agencies/companies, market research companies, and
Providers of social media platforms.
Polestar Automotive Australia Pty Ltd may disclose personal information it collects from individuals in Australia to recipients overseas, including in Sweden, Germany, Ireland, the United Kingdom, and the United States.
4.2 Processing of your personal data outside of EU/EEA
Polestar Performance AB strives to process your personal data within the EU/EEA area. However, your personal data will be transferred outside the EU/EEA in some situations, such as when we share your information with a business partner or subcontractor operating outside the EU/EEA.
Polestar Performance AB transfers personal data to the following countries outside of the EU/EEA: the United States and the United Kingdom.
We always ensure that the same high level of protection applies to your personal data according to the GDPR, even when the data is transferred outside of the EU/EEA. As regards the United Kingdom, the Commission has decided that it ensures an adequate level of protection (article 45 of the GDPR), but regarding transfers to the United States we have entered into EU Model Clauses with all relevant third parties (article 46 of the GDPR) or they are certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S Data Privacy Framework and/or the Swiss-U.S. Data Privacy Framework with the U.S. Department of Commerce. In addition, we take additional technical and organisational security measures when needed, such as encryption and pseudonymisation.
5. Your rights
Below, you can find a list of your rights (to the extent you are data subjects under GDPR) related to our processing of your personal data. If you wish to exercise any of your rights, fill in this web form or contact us in any other way.
If you have any objections or complaints about the way we process your personal data, please let us know and we will try to help.
You always have the right to lodge a complaint with the supervisory authority where you live, work or where you believe an infringement has taken place. In Australia, you may make a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner (OAIC). In Sweden, you have the right to lodge a complaint with the Swedish Supervisory Authority for Privacy Protection (IMY).
5.1 Right to information and a copy of your personal data
5.1.1 Personal data held by Polestar Performance AB
You have the right to know if Polestar Performance AB processes personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. Furthermore, you have the right to receive a copy of all personal data we have about you.
If you are interested in specific information, please indicate it in your request. For example, you can specify if you are interested in a certain type of information, such as what specific contact details we have about you, or if you want information from a certain period.
5.1.2 Requesting access to personal information held by Polestar Automotive Australia Pty Ltd
You can request access to your personal information from Polestar Automotive Australia Pty Ltd. on polestar.com/au/data-subject-right-request/, providing full details of your request. We may not be able to provide you with access to your personal information in some circumstances, including where access may impact the privacy of another individual or due to another applicable exemption under the Australian Privacy Principles. If this is the case, we will inform you in writing. We may charge a reasonable fee for providing you with access to your personal information.
5.2 Right to have erroneous or outdated personal data corrected, updated or completed
If the personal data we hold about you is incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.
Once we have corrected your personal data, or it has been supplemented, we will inform those we have shared your data with (when applicable) about the update - if it is not impossible or too cumbersome. If you ask us, we will of course also tell you who we have shared your data with.
If you request to have data corrected, you also have the right to request that we restrict our processing during the time we investigate the matter.
5.3 Right to have personal data deleted
In some cases, you have the right to have data held by Polestar Performance AB deleted, namely when:
- 1.
the data is no longer needed for the purposes for which we collected it,
- 2.
you withdraw your consent and there is no other legal ground for the processing (if applicable),
- 3.
the data is used for direct marketing and you unsubscribe from it,
- 4.
you oppose use that is based on our legitimate interest and we cannot show compelling grounds for the processing which override your interests and rights,
- 5.
the personal data has been used unlawfully, or
- 6.
deletion is required to fulfil a legal obligation.
If we delete personal data following your request, we will also inform those we have shared your data with (when applicable) - if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
5.4 Objecting to our use
You have the right to object to processing that is based on Polestar Performance AB’s legitimate interest. If you object to the use, we will, based on your situation, evaluate if our interests in using the personal data outweigh your interests in the personal data not being used for that purpose. If we are unable to provide compelling legitimate grounds that override yours, we will stop using the personal data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.
You always have the right to object to, and unsubscribe from, direct marketing.
5.5 Right to withdraw your consent
You have the right to withdraw your consent for a specific processing by Polestar Performance AB at any time. You can withdraw your consent by contacting us.
Your withdrawal will not affect processing that has already been carried out.
5.6 Right to request restriction
Restriction means that the data is marked so that it may only be used by Polestar Performance AB for certain limited purposes. The right to restriction applies:
- 1.
when you believe the personal data are incorrect/inaccurate and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are correct or not.
- 2.
if the use is unlawful but you do not want the personal data to be erased.
- 3.
when we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, exercise or defend legal claims.
- 4.
if you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.
Even if you have requested that we restrict our use of your data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone’s rights. We may also use the information for reasons relating to an important public interest.
We will let you know when the restriction expires.
If we limit our use of your data, we will also inform those we have shared your data with (when applicable) - if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
5.7 Right to data portability
If the processing is based on your consent or an agreement between us, you have the right to obtain personal data that you have provided to Polestar Performance AB in a structured, commonly used and machine-readable format and transfer it to another controller (“data portability”).
6. Contacts
Polestar Performance AB is the primary point of contact for data subjects in the EU that wish to exercise their rights and the main responsible for providing information to data subjects, for the uses of data where the controller is a company in the Polestar Group. Data subjects are of course entitled to exercise their rights under the GDPR in respect of and against each controller mentioned in this policy. Polestar Automotive Australia Pty Ltd is the primary point of contact for individuals in Australia.
Each controller’s identity and contact details are listed below.
Polestar Performance AB is a Swedish legal entity with company registration number 556653-3096, with mailing address Assar Gabrielssons Väg 9, 405 31 Gothenburg, Sweden, and visiting address Polestar HQ, Assar Gabrielssons Väg 9, 418 78 Göteborg.
Polestar Automotive Australia Pty Ltd is an Australian legal entity with company registration number ACN: 645 163 202 with address 65 EPPING ROAD, North Ryde NSW 2113, Australia. Polestar Automotive Australia Pty Ltd is – within the joint controllership – generally responsible for marketing, sales and customer relations as well as market specific services in its market.
Polestar has appointed a Data Protection Officer for the Polestar Group who can be reached via email or via post as set out below:
E-mail address: dpo@polestar.com
Postal address: Polestar Performance AB, Attention: The Data Protection Officer, 405 31 Göteborg, Sweden
Prominate Ltd., a UK legal entity with company registration number 07795532, with address 21 Lombard Street, London, ECV3 9AH, United Kingdom.
7. Changes to this privacy policy
We reserve the right to change this privacy policy from time to time. We will inform you of any changes by posting the updated privacy policy on our website (including clarification of updates). If we make any material changes to our privacy policy, we will send a notification by e-mail. We encourage you to contact us if you have any questions about the privacy policy or about how we process your personal data.