We are updating our Terms of Use and our Privacy Notice. The updated Terms of Use and Privacy Notice will enter into effect for existing customers on 5^th October 2023. After this date, you will need to agree to the updated Terms of Use and acknowledge the Privacy Notice in order to continue using our services. Use of our services from this date onwards will be subject to the updated Privacy Notice.

Note regarding the updates of the Privacy Notice: We have restructured and amended our Privacy Notice in order to reflect the changes that we have made to our Terms of Use and to provide further clarity on how we collect, use and disclose your personal data. The changes include in particular the following:

We encourage you to review the updated Terms of Use and Privacy Notice in full. The updated Terms of Use and the updated Privacy Notice are available for download under https://connect.kia.com/eu/downloads.

Last updated: 24 October 2023

This privacy notice (the “Privacy Notice”) of Kia Connect GmbH, registered under the registration number HRB 112541, ("Kia", "we" or "us") applies to the collection and processing of personal data in connection with the provision of our services via our app (the "Kia Connect App") and via the relevant vehicle’s head unit (the "Head Unit", together, the “Services”) and is addressed to our customers using these Services (“you”, “your”).

In addition to the Services, Kia may offer the purchase of certain features for its customers to use with their vehicle, such as upgrades or other add-ons to the software of the customer’s vehicle (“Upgrades”). This Privacy Notice also provides certain information about the processing of personal data in connection with the purchase of such Upgrades.

Kia takes the protection of your personal data and your privacy very seriously and will process your personal data only in accordance with the GDPR and other applicable data protection and privacy laws.

Please note that in addition to this Privacy Notice, where appropriate, we may inform you about the processing of your personal data separately, for example in consent forms or separate privacy notices.

Unless expressly stated otherwise, Kia Connect GmbH is the controller of the personal data collected and processed as set out in this Privacy Notice.

If you have any questions about this Privacy Notice or our processing of your personal data, or if you wish to exercise any of your rights, you may contact us at:

Kia Connect GmbH, Theodor-Heuss-Allee 11, 60486 Frankfurt am Main, Germany

Email: info@kia-connect.eu

You may also use our contact form, which is available here: https://connect.kia.com/eu/customer-support/contact-form/

Alternatively, you may also contact our data protection officer at the contact details provided in Section 3 below.

We have appointed an external data protection officer (“DPO”). You may contact our DPO at:

Kia Connect GmbH

Data Protection Officer

Theodor-Heuss-Allee 11

60486 Frankfurt am Main, Germany

Email: dpo@kia-connect.eu

Details about the purposes of and the legal bases for our processing of your personal data, and the categories of personal data that we may process, are set out in Sections 5–11 below.

Please note that we will process personal data only to the extent permitted by law and to the extent necessary for the relevant purpose.

We will mainly process your personal data for the purposes of concluding with you the contract relating to the provision of the Services, and the purchase of Upgrades (“Kia Connect Terms of Use”) and for the performance of this contract. Further details about the Services and Upgrades are provided in the in the Kia Connect Terms of Use.

We may also process your personal data for the other purposes specified in Sections 5–11 below.

For example, this may include the processing of personal data for the purposes of: (i) communicating with you; (ii) direct marketing; or (iii) analysing relevant data to improve our Services, develop new mobility and mobility-related products and/or services, and/or to ensure that the relevant products or services can be provided securely.

For the purposes mentioned in (iii), we may analyse the data based on statistical and mathematical models. Furthermore, we may also process your personal data for the purpose of complying with applicable laws or other legal obligations (e.g. disclosure of relevant personal data to courts or criminal prosecution authorities), or if we have separately informed you about such purposes. 

Generally, in connection with the Services and Upgrades, we collect and process your personal data: (i) in order to take steps at your request prior to entering into a contract (“conclusion of contract”) or to the extent necessary for the performance of our contract with you (Art. 6 (1) b) GDPR);  or (ii) to the extent to which the processing is necessary for the purposes of our or a third party’s legitimate interests (Art. 6 (1) f) GDPR).

With respect to certain processing activities, we may process your personal data: (i) to the extent necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) c) GDPR); or (ii) where we have obtained your prior consent to the relevant processing of your personal data for a specific purpose (Art. 6 (1) a) GDPR).

Unless otherwise expressly stated in this Privacy Notice, the personal data listed in Sections 5–11 below are provided to us directly by you (e.g. by entering certain personal data in the Kia Connect App) or are collected directly from your vehicle (e.g. its sensors and related applications as made accessible via the Head Unit). 

Generally, you have the right not to provide your personal data to us. However, in some cases (e.g. for the use of certain Services), we may require certain personal data from you to be able to process your enquiry or to provide the relevant Services or Upgrades. We will inform you about the required personal data accordingly.

The details about our processing activities as provided in this Privacy Notice also apply with regard to third-party usage of the relevant vehicle. However, in general the processing of data by Kia is based on vehicle-bound information as described in this Privacy Notice.

Therefore, Kia will not be able to identify the relevant person driving the car, unless such person is logged in with their personal profile or other identifiers related to the relevant person are provided.

The Kia Connect Terms of Use require you to inform other users/drivers of the vehicle about: (i) the activation of the Services; (ii) the data processing activities described in this Privacy Notice; and (iii) the fact that the Services may require the collection and processing of location data (GPS data).

Please note that if another person uses the Kia Connect App and is connected to the same vehicle as you are (please refer to Section 4.1.2 of the Kia Connect Terms of Use for more details about the sharing of the vehicle), this person may also see the vehicle's location data in their account on the Kia Connect App (by using the "Find my Car" Service), even if you are using the vehicle at this time. While this person will not be able to access your live routes, they may be able to see the live location of the vehicle.

Sign-up process for the Kia Connect App: To use the Kia Connect App, you need to sign up and create a “Kia Account”. The Kia Account is also required to register for other services provided by Kia group members or certain third parties in Europe. Details about our processing of your personal data in connection with the Kia Account are provided in a separate privacy notice which is accessible here: https://connect.kia.com/eu/kia-account-docs/.

In addition, you need to accept the Kia Connect Terms of Use.

Establishing the link between the end user device (i.e. smartphone) on which the Kia Connect App is installed and the respective vehicle requires verification.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), email address, name, password, salutation, birthday, mobile number, country, preferred language, verification PIN, car ID, activation code, the fact that you accepted the Kia Connect Terms of Use.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us, or for the conclusion of the contract with us (Art. 6 (1) b) GDPR).

Log-in process: To use the Services provided in the Kia Connect App or to purchase Upgrades, you need to log into the Kia Connect App. After logging in, you can add and remove your Kia vehicle(s) and use the Services or purchase Upgrades accordingly. 

For this purpose, the following categories of personal data are processed: Email and password.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Climate Control: This Service enables you to remotely control and schedule the air conditioning of your electric vehicle, including defrost functions, via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Charging (electric and plug-in hybrid vehicles only): This Service enables you to remotely initiate and stop the charging of an electric and plug-in hybrid vehicle’s battery and to schedule the charging via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/close status; tyre pressure status; brake/engine oil status; charging information; reserve charging information; charging time; charging plug type information).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Door Control: This Service enables you to remotely lock/unlock the vehicle’s doors via certain user interfaces. You will be able to lock or unlock all doors. To ensure safety and security when using this Service, the Service will check several pre-conditions. This Service can help in situations where you cannot remember whether you locked the vehicle correctly by allowing you to perform this action remotely.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status; tyre pressure status; gear/seat status; fuel level; brake/engine oil status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Vehicle Configuration, Profile Backup and Restore: This Service enables you to check and change vehicle settings in the Kia Connect App. You can also back up settings information and apply it to your vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, user phone number, SMS authentication code, user PIN code, report time, vehicle setup information, system setup information, navigation setup information, navigation point of interest (POI) information, list of favourite radio stations, profile picture (if provided).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Heated and Ventilated Seats (electric vehicles only): This Service enables you to remotely control the front and rear seat heating and ventilation of your electric vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Window Control: This Service enables you to remotely control the windows of your vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Hazard Light Control: This Service enables you to remotely turn off the hazard lights.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on tail lamps and hazard lights; engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Charging Door Control: This Service enables you to remotely control the charging door of your vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on charging door; engine and gears; door, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Frunk: This Service enables you to remotely open the vehicle’s frunk via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status; tyre pressure status; gear/seat status; fuel level: brake/engine oil status), remote frunk eligibility check.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Battery Conditioning: This Service enables you to remotely initiate and stop the conditioning of an electric vehicle’s battery via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status; tyre pressure status; gear/seat status; fuel level; brake/engine oil status; battery conditioning on/off status), remote battery conditioning eligibility check.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Light: This Service enables you to activate the flashing hazard light for a short period via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on tail lamps and hazard lights; engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Remote Horn and Light: This Service enables you to activate the flashing hazard light and horn signal for a short period via the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on tail lamps and hazard lights; engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Send POI to Car: This Service enables you to send a point of interest (POI) to the vehicle's navigation system and immediately use the POI (e.g. as a destination for route planning) once the vehicle's ignition is turned on.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, point of interest (POl) information, search keyword, smartphone language settings.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Find my Car and First Mile Navigation: This Service enables you to locate the vehicle and to navigate to it using your smartphone. The vehicle’s location will be displayed in the Kia Connect App. Please note that if another person uses the Kia Connect App and is connected to the same vehicle as you are (please refer to Section 4.1.2 of the Kia Connect Terms of Use for more details about vehicle sharing), this person may also see the vehicle’s location data in their account for the Kia Connect App (by using the “Find my Car” Service), even if you are using the vehicle at this time. While this person will not be able to access your live routes, they may be able to see the live location of the vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, address, name, location information of user and vehicle, waypoint information, date, time, time stamp and speed.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

My Trips: This Service provides a summary (for the last 90 days) of every journey with date and time, average and maximum speed, distance driven and travel time.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, driving information (run distance, average speed, maximum speed, total fuel consumption, total power consumption, electric power consumption, driving time, warm-up time, average odometer reading).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Last Mile Navigation: This Service enables you to continue navigating to your final destination using your smartphone after parking your vehicle. 

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, address, name, location information of user and vehicle, waypoint information, time, speed.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Vehicle Status: This Service displays the following vehicle information in the Kia Connect App:

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Vehicle Report: You receive a report in the Kia Connect App that includes vehicle diagnostics information and information on driving patterns (number of vehicle starts, driving distance and driving time/idle time). This informs you of issues that require maintenance or repairs and provides information on the severity of the issue, the urgency of repairs/maintenance and the recommended actions.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, vehicle status information (engine status), driving pattern information (car speed information (maximum and average speed), acceleration status information, distance driven, battery consumption information (for electric vehicles)).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Vehicle Diagnostics: Provision of an automated diagnostics service. Upon turning on the ignition, the vehicle automatically performs a diagnostics scan (Diagnostics Trouble Code (“DTC”)). If a malfunction is detected, you receive a message explaining the malfunction, its severity and the recommended action to be taken.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, results of the DTC scan, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status; tyre pressure status; gear/seat status; fuel level; brake/engine oil status; battery status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Energy Consumption (electric vehicles only): This Service visualises the current and average energy consumption, driving distance and energy recuperation information in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, cumulative odometer reading, total power consumption (motor power consumption, climate power consumption, electric device power consumption, battery care power information, regenerated power information).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR). 

Vehicle Alert: Whenever any of the vehicle’s windows are open while the ignition is off, a notification message will be displayed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Burglar Alarm (only for vehicles that are equipped with a burglar alarm system): Whenever the burglar alarm sounds, a notification message will be displayed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status; engine status; doors, boot, windows and bonnet open/closed status; tyre pressure status; gear/seat status; fuel level; brake/engine oil status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Battery Discharge Alarm: Whenever the state of charge of the 12V battery drops below a certain level, a notification message will be displayed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, battery status, vehicle status alert type.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Rear Passenger Alarm: Whenever movement is detected on the rear seat and the vehicle is in the parking gear, a notification message will be displayed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Vehicle Idle Alarm: Whenever the vehicle is in the parking gear while the engine is running and a door is opened, a notification message will be displayed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

High-Voltage Battery Monitoring Warning System (electric vehicles only): The status of the high-voltage battery is monitored: Whenever a malfunction is detected, a notification message will be displayed in the Kia Connect App and the Head Unit.

For this purpose, the following categories of personal data are processed: Air conditioning status, engine status, doors/boot/bonnet/sunroof/windows status, air temperature, defrost status, charging status, heating steering wheel status, side mirror/rear window heating status, tyre pressure status, 12V battery status, malfunction indicator lamp status, smart key battery status, fuel level status, washer fluid status, brake oil warning lamp status, sleep mode status, time, remote waiting time alert, system cut-off alert status, tail lamp status, hazard light status.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us, but also our customers and other third parties (Art. 6 (1) f) GDPR). The legitimate interests are: ensuring the proper provision and function of our Services, providing safe Services and products to our and Kia group customers, protecting our customers’ health and life, protecting our customers’ property, and protecting the health, life and property of other people in or around the vehicle.

Valet Parking Mode: This Service enables you to monitor the vehicle’s location, the time ignition was last turned off, driving time, driving distance and top speed in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), valet mode status information (activation status, valet mode start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Valet Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle travels beyond the selected distance limit, speed limit and idle time limit you have predefined in the Kia Connect App. The permitted travel distance is the vehicle’s distance from the location where the Service was activated.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, valet alert status information (activation status, valet alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected distance limit, selected speed limit, selected idle time limit.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Geofence Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle exits an allowed area or enters a restricted area. You can set the boundaries for allowed areas and restricted areas in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, geofence alert status information (activation status, geofence alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected allowed areas, selected restricted areas.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Speed Alert: When activated in the Head Unit, this Service enables you to receive notifications in the Kia Connect App if your vehicle exceeds the speed limit you have preset in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, speed alert status information (activation status, speed alert status start and end time, run time, mileage time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected speed limit.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Time Fencing Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle is driven outside of the time windows you have predefined in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, time fencing alert status information (activation status, time fencing alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected time windows.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Idle Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle is driven beyond the idle time limit you have predefined in the Kia Connect App.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, idle alert status information (activation status, idle alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected idle time limit.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

This Service allows you to synchronise the “Preferred Dealer” information between the MyKia website and the MyKia app and the Kia Connect App. Synchronisation is optional and must be enabled before it can be used. If you choose not to synchronise the “Preferred Dealer” information, the “Preferred Dealer” feature in the Kia Connect App is still available but the information shown may differ from the information in MyKia.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), email address, UUID, dealer name, dealer address, dealer contact details, dealer information, dealer opening hours.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

This Service enables you to use your smartphone to carry out services such as locking and unlocking your vehicle, activating the vehicle’s climate control or starting the vehicle (only from inside the vehicle) using the built in ultra-wide band (“UWB”) functionality and near-field-communication (“NFC”) functionality of your smartphone. It allows you to share and manage your Digital Key with multiple devices, e.g. those belonging to family and friends. Please note that when using this Service, data is exchanged between the mobile smart device and the vehicle using the UWB or NFC functionalities. This data is not transmitted to us.

For this purpose, the following categories of personal data are processed: User information (such as user ID, profile name, email address, phone number), smart device information (such as device ID, device name, device types, OS version, app version), Digital Key information (such as Digital Key ID, Digital Key status, Digital Key type, access authorization/profile, vehicle ID, ID of the physical key fobs, number of shared keys); for shared Digital Keys: Additional information such as the start and end dates (or fixed term) of Digital Key use, name of the shared Digital Key user(s), user authentication policy/authorization profile as specified by you, diagnostics information (error codes), vehicle status information.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

The home menu map displays your current location. The home menu search bar can be used to search for points of interest (POI).

For this purpose, the following categories of personal data are processed: GPS data, search keyword, smartphone language setting.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

You can use certain functions of the Kia Connect App with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) to unlock. Your biometric data is stored only locally on your smartphone and is not transmitted to us. Therefore, we are not able to access this data. Only the information on whether verification of the biometric data was successful is transmitted to the Kia Connect App by a system function of your smartphone. You can turn off the use of Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) at any time in the respective settings of your smartphone.

For this purpose, the following categories of personal data are processed: Information on whether the verification of the biometric data was successful.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

By activating "Product/Service Improvement", data regarding the performance, usage, operation and condition of the vehicle will be processed by us in order to improve product and service quality based on your consent. Your consent is voluntary and can be withdrawn at any time by deactivating the respective button. The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. To activate "Product/Service Improvement", it is also necessary to activate the geographic information system ("GIS") for technical reasons.

For this purpose, the following categories of personal data are processed: Status information on the following: air control system; battery; technical and stability-related systems; dashboard usage; air conditioning and heating; engine, brake and powertrain; function; gears and consumption; warning and assistance system; steering and tyres; engine and charging; electric vehicle (EV)-specific usage; multimedia-related usage (e.g. "like" feature) and status as well as GPS and speed information.

Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).

The Notification Centre enables you to receive messages from Kia on the Head Unit screen. This may include inter alia Recall Campaign Notifications regarding your vehicle, Service Reminders and Service Action Notifications.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, reading time, UTC time.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Kia Connect Live services include the following:

For this purpose, the following categories of personal data are processed: GPS data, service requests and server search responses (point of interest (POI) data), dealer POI data, fuel-related information, parking-related information, speed camera information, electric vehicle (EV) station information, weather information, traffic information, unit of distance (kilometres, miles, metres), language settings, telecom carrier information, unique identifiers (e.g. vehicle identification number (VIN), driver ID, service ID), phone number, date and local time, protocol version, navigation device information (e.g. hardware version, software version), route information (e.g. start point, settings, goal point, estimated time), league match information request, team match information request, league ID , league match version, team code ID, country of interest ID, country code, league version, team version, logo version.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

We will also process the data listed above for the purpose of improving the Kia Connect Live services.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving the Kia Connect Live services.

When listening to the radio, this Service allows you to: (i) identify the name of the song currently being played and the performing artist; (ii) to retrieve the corresponding album cover. The Service must be activated by clicking the “SoundHound” logo in the radio screen. Upon activation, a short audio sample will be recorded from the radio audio and sent to the SoundHound Service. Upon successful identification, the name of the song, the performing artist and – if available – the album cover will be displayed on the Head Unit’s radio screen.

For this purpose, the following categories of personal data are processed: Device ID, the source type (USB music, radio, Bluetooth music), a unique request ID for all transactions, date, time and result (title, performing artist and album cover) of each SoundHound search.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

This Service enables the use of spoken commands to access and control certain functions of your vehicle and to draft and send text messages via a connected mobile device. Online Voice Recognition is operated in an online (cloud) environment. Upon the activation of our Services in the Head Unit of your vehicle, Online Voice Recognition is activated as a default setting. This Service requires the transfer of your personal data (i.e. voice samples) to our service provider Cerence B.V. and its sub-processors, which may be located in countries outside the EU/EEA and may not provide for an adequate level of data protection (please refer to Sections 9 and 10 for more details). You can prevent the transfer of your personal data to Cerence B.V. and its sub-processors by deactivating the Online Voice Recognition Service in the respective settings of your Head Unit. If you deactivate the Online Voice Recognition Service, the voice recognition functionality of your vehicle may be limited or disabled.

Cerence B.V. transforms the voice samples into text samples, semantically interpreting them (if necessary), and then sends the result back to the vehicle.

For this purpose, the following categories of personal data are processed: Voice recording, GPS data (location), point of interest (POI), Cerence user ID. The latter is a unique ID for registering with the server of Cerence B.V. The Cerence user ID and vehicle identification number (VIN) or any other identifiers are not linked to each other. This means that Cerence B.V. cannot identify a natural personal from the data transmitted to it.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Voice recording and GPS data will also be collected and stored for the purpose of performing and improving the Online Voice Recognition Service.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving the Online Voice Recognition Service.

This Service enables you to synchronise your Google Calendar or Apple Calendar on your smartphone with the integrated calendar function of the Head Unit. This allows you to see your private calendar on the Head Unit screen and to use it to set a destination. This Service is compatible with Google Calendar and Apple Calendar.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), email address, email account calendar ID, Google token or iCloud password, calendar entries (e.g. title of appointment, date and time, address).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

This Service enables you to enjoy your favourite music and audio (podcasts, audio books) streaming services over the integrated screen and speakers via the vehicle’s infotainment system. Please note that this Service does not include the subscription with the respective streaming service. You need to create an account and set up a subscription with your favourite streaming service provider separately. The Service is not activated on your Head Unit by default but instead needs to be activated via the Kia Connect Store. It will be available for up to three years from the start of the Kia Connect services free period (i.e. from the warranty start date of your vehicle). Further information about this Service is provided in Section 4.2.2.5 of the Kia Connect Terms of Use.

For this purpose, the following categories of personal data are processed: User authentication data (e.g. email address, user identifier), Service information (tokenised credentials for each content provider), vehicle information (VIN, brand, engine type, country of sale, model name, model year, Head Unit platform, Head Unit model), warranty start date.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Recall Campaign Notifications: We will send you notifications about open recall campaign(s) to your vehicle using the Notification Centre referred to above. Recall campaign notifications may also be sent to you by other means (e.g. within the Kia Connect App, via email to your registered email address or by mailed letter).

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Service Reminders: We will send you reminders for upcoming regular maintenance dates for your Kia vehicle using the Notification Centre referred to above.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date).

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

Service Action Notifications: We may also inform you about outstanding recommended service actions (such as software updates, part replacements with improved parts or quality checks to be carried out on certain components of your Kia vehicle). Information on recommended service actions may be provided to you via the Notification Centre referred to above and/or within the Kia Connect App or via email to your registered email address.

This processing is subject to your prior consent, which you may give by activating the respective consent button in the consent list of the Kia Connect App. Your consent is voluntary and can be withdrawn at any time (e.g. by deactivating the respective consent button in the consent list of the Kia Connect App). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), sequence ID, read status, UTC time, odometer, warranty start date.

Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).

Mandatory Vehicle Inspection Reminders (such as TÜV in Germany or MOT in the UK): We will inform you about upcoming mandatory vehicle inspections. For example, reminders about the “Ministry of Transport” test (commonly referred to as “MOT”) for vehicles in the UK. Use of this Service requires that you provide Kia with the correct date of the last mandatory vehicle inspection and the date the vehicle was first registered.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date), last vehicle inspection date, first registration date.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

The like button for USB music and radio allows you to mark and add songs to a playlist of your favourite songs. You can like or unlike songs via the like button integrated in the music function of the infotainment system.

For this purpose, the following categories of personal data are processed: The source type (USB music, radio, Bluetooth music), the name of the song, artist and album, the like/unlike information, GPS data, ambient air temperature, vehicle speed, weather (based on your current location) and time information.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

The “Maps and Infotainment OTA Update” enables

updates of the maps in the vehicle's navigation system (“Maps Update”); and/or 

updates of infotainment software or enhancements of Head Unit software (“Infotainment Update”) 

from our servers to the embedded telematics system using the “over-the-air” method.

The Map and Infotainment OTA Update is part of the Services requested by you and is therefore activated by default.

Further information about the Maps Update and the Infotainment OTA Update is provided in Section 4.2.3.2 of the Kia Connect Terms of Use.

For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), vehicle software version, Diagnostics Trouble Codes, vehicle manufacturing date, GPS data (longitude, latitude, altitude), telecommunications provider, language settings, country code or region code, Head Unit identifiers (e.g. type, system version, platform, manufacturer), relevant metadata.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR.

For the avoidance of doubt, if you receive the Maps Updates and/or Infotainment Updates by accessing the web page https://update.kia.com/EU/E1/Main or at the dealership, these updates are not offered to you via the “over-the-air” method, and we are not the controller for related processing of personal data.

Vehicle System OTA Update enables the embedded software of certain control units of the vehicle to be updated with newer versions of the software or with updated parameters (“Vehicle System Update”) from our servers using the “over-the-air” method. We may provide you with Vehicle System OTA Updates for various reasons and purposes, in particular to remedy a defect within the warranty period, within the scope of the manufacturer's guarantee or for other security-related reasons. Further information about Vehicle System OTA Updates is provided in Section 4.2.3.3 of the Kia Connect Terms of Use.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), vehicle status information (ignition, climate, battery, front bonnet, transmission lever position, lamp, parking brake), usage history (OTA Update), diagnostics information (error codes, OTA result, software recovery result) and software version information (electronic control unit), source version ID of vehicle, target version ID of vehicle, provision status, package name, update result, TMU’s phone number (MDN or MIN), telecommunications company, device ID, platform manufacturer, platform name, OMADM version.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR.

For the avoidance of doubt, if you receive Vehicle System Updates by accessing the web page https://update.kia.com/EU/E1/Main or at the dealership, these Updates are not offered to you via the “over-the-air” method, and we are not the controller for the related processing of personal data.

As referenced in the Kia Connect Terms of Use, Kia may offer Upgrades. Upgrades can be purchased in the store section of the Kia Connect App (“Kia Connect Store”). Please refer to Section 5 of the Kia Connect Terms of Use for more details about Upgrades.

The Upgrades themselves will not require the processing of personal data, unless the relevant Upgrade includes or relates to a Service referenced above. In such case, we will inform you about the processing of personal data in connection with such Service in the relevant Section above. Please note that in some cases, the use of the Service “Vehicle System OTA Update” will be required to install an Upgrade. Please refer to Section 7.2 above for more details about the personal data processed in connection with Vehicle System OTA Update and the applicable legal basis for such processing.

Each Upgrade is linked to a specific vehicle as identified by its unique vehicle identification number (VIN). This means that we will process information about the purchased Upgrade, the relevant VIN and information about the electronic control unit of the vehicle. The processing is necessary for the performance of the contract relating to the purchase of the relevant Upgrade (Art. 6 (1) b) GDPR.)

It is possible for a vehicle to be linked to the Kia Connect accounts of several users. Where this is the case, we will inform the user who first linked their Kia Connect account to the relevant vehicle (“Main User”) and any other additional users who have linked the vehicle to their Kia Connect account (“Shared Users”) via email about the purchase of an Upgrade by another Shared User and the activation and deactivation (if applicable) of the respective Upgrade.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), name, email address, technical data (e.g. device information, IP address, User ID, UUID), information relating to the relevant Upgrade.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).

You can select Upgrades and purchase and/or activate them in the in the Kia Connect Store (as defined in Section 8.1 above). Details about the processing of your personal data in connection with the Kia Connect Store and the purchase process are provided in the Kia Connect Store Privacy Notice, which is accessible in the Kia Connect Store and is also made available here: https://connect.kia.com/eu/downloads.

The processing of your payment is subject to a separate privacy notice, which will be made available to you before you issue the payment for the relevant Upgrade in the Kia Connect Store. This separate Privacy Notice is also available here: https://connect.kia.com/eu/downloads.

In addition to the processing activities set out above, we may also process your personal data for the following purposes:

Communication: We may process your personal data to communicate with you in relation to the Services or the contract that you have entered into with us (e.g. to provide customer support, to inform you about technical issues with the Services, to perform our contractual obligations, to inform you about changes to the Kia Connect Terms of Use or this Privacy Notice) via several communication channels, including the Head Unit of your vehicle (for example, through the Notification Centre or the infotainment system), email, telephone and notifications within the Kia Connect App (for this purpose, the Kia Connect App provides a separate inbox). When you contact us via available communication channels (e.g. contact form on our website or in the Kia Connect App, email or telephone), we may process your personal data to handle your request and communicate with you accordingly in relation to your request. Certain fields in the contact form in the Kia Connect App will be pre-filled to make using the contact form more convenient for you. For information about communication regarding our marketing activities, please see Section 11.3 below. For information about our communication with you regarding Upgrades purchased for your vehicle, please see Section 8.2 above.

For this purpose, the following categories of personal data are processed: Contact details (e.g. email address, telephone number), data relevant for the use of the Notification Centre (i.e. unique identifiers, such as the vehicle identification number (VIN), sequence ID, read status, UTC time), data relevant for the sending of the notifications within the Kia Connect App (User ID, country, language, device ID, system token, platform, UUID, Contact ID), data relevant for pre-filling the contact form in the Kia Connect App (email address, vehicle identification number (VIN), language, UUID), name, information provided by you in relation to the relevant request, contract data.

Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR), or for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: providing the best possible service for our customers and appropriately answering and processing our customers’ requests.

Technical Support: Where a technical issue has been detected in relation to your vehicle and the Services, we might be required to read out information from your vehicle for the purpose of analysing such information and to resolve the detected issue. Subject to your prior consent, we will collect and process what is known as a log file of the Head Unit from your vehicle, which contains certain categories of personal data. Your consent is voluntary and can be withdrawn at any time (e.g. by using our contact form available in the “Customer Support” section under “Contact Us” on our website (https://connect.kia.com/eu/customer-support/contact-form/)). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. However, please note that the refusal to grant or the withdrawal of your consent might prevent us from offering or completing an analysis of the detected issue of your vehicle and the Services.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), time stamps, geolocation data/GPS coordinates (such as your previous destinations) as well as vehicle diagnostics information regarding the performance, usage, operation and condition of the vehicle.

Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).

Marketing: We may contact you via the Head Unit of your vehicle, email and/or notifications within the Kia Connect App (the Kia Connect App provides a separate inbox) to provide you with promotional information regarding our products and/or services, to ask you to participate in surveys or to provide your feedback.

In relation to emails and notifications within the Kia Connect App, this is usually subject to your prior consent and to the scope of such consent. You may give your consent by activating the respective consent button in the consent list of the Kia Connect App or by other relevant means (if applicable). Your consent is voluntary and can be withdrawn at any time (e.g. by deactivating the respective consent button in the consent list of the Kia Connect App). You may also unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in each promotional email that we send. The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. You also have the right to object to the processing of your personal data for direct marketing purposes (see Section 12.6 below for more details).

If you provide us with your email address as part of signing up to the Services and unless you have objected, we may send you information about similar Kia Connect services or products to the relevant email address without asking you for your prior specific consent. This is because specific consent from you as an existing customer is not required in such cases. This also applies to sending you such information via notifications within the Kia Connect App to the inbox which is provided separately within the app. However, you have the right to opt out from receiving such electronic mail marketing at any time without incurring any costs (other than the transmission costs according to the basic rates) (e.g. by deactivating the respective buttons in the “Service-related Advertising” list of the Kia Connect App). You may also unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in each promotional email that we send. You also have the right to object to the processing of your personal data for direct marketing purposes (see Section 12.6 below for more details).

For this purpose, the following categories of personal data are processed: Name, contact details (e.g. email), technical data (e.g. device information, IP address, User ID, UUID), information about your consent (e.g. date and time of opt-in).

Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR; Sec. 7 (2) No. 2 of the German Act against Unfair Competition (“UWG”)), or it is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR; Sec. 7 (3) UWG). Our legitimate interests are: promoting our services and products.

Feedback and Surveys: From time to time, we may invite you to provide your feedback and/or participate in surveys relating to us and our services, including support services (see Section 11.1 above for details about our communication with you). If you provide your feedback or participate in our surveys, we may process relevant personal data for the purpose of processing and evaluating the feedback or conducting, processing and evaluating the survey. This is in order to improve our services and adapt them to our customers’ needs.

In some cases, we may conduct surveys using the Salesforce Marketing Cloud platform provided by salesforce.com Germany GmbH or the online survey tool Surveymonkey provided by Momentive Europe UC (“Momentive”) (see Section 13 below for more details about these providers). To participate in surveys conducted on Surveymonkey, you may have to click a link which will be included in the survey invitation. When you click on the link, you will be referred to a website of Momentive on which the survey will be conducted. Momentive will process the survey related information on our behalf and for our purposes. Furthermore, Momentive may: (i) collect and process information about your device and other technical data to avoid multiple participations; and (ii) use cookies to recognise whether the participant has already visited the survey and to reassign responses that the relevant participant has already given. More information about Momentive’s processing of personal data is available at https://www.surveymonkey.com/mp/legal/privacy/.

For this purpose, the following categories of personal data are processed: Name (if relevant and provided), content data (e.g. your feedback and/or responses), technical data (IP address, UUID, operating system version, device type, device ID/MAC address, system and performance information and browser type).

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving our services.

Route Satisfaction: From time to time, we may ask you via the Head Unit of your vehicle (through the infotainment system) to submit your feedback in order to measure your satisfaction with our route guidance and location information.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), geolocation data (e.g. GPS coordinates for live traffic information), the Integrated Circuit Card Identifier of your vehicle’s SIM card (ICCID), a unique request ID for any transaction, your satisfaction score.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving our services.

Location-based Advertising: On eligible vehicles, the Service “Live Point of Interest (POI) and Online POI Search” (see Section 6.2 above) will be enhanced by data provided through our partner 4.screen (see https://www.4screen.com/). Based on this enhancement of the Service, you can opt to receive information on stores or restaurants (such as their location) via branded pins on the map or via the search function of the map. You can also opt to receive special deals and offers from stores and restaurants in the proximity of your vehicle.

For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), location data, service request, profile ID, user ID.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: the provision of an optimised Service to you through the inclusion of additional features for the POI search.

Data Sharing: Details about our sharing of your personal data with third parties are provided in Section 13 below.

Operation of Business: We may process certain categories of the personal data referred to above for internal management and administration purposes, including record management or maintaining other internal protocols.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring the appropriate and efficient operation of our business.

Legal Compliance: We may process certain categories of the personal data referred to above (e.g. records of any consents that you have given, together with the date and time, as well as content and means of consent) to comply with applicable laws, directives, recommendations or requests from regulatory bodies (e.g. requests to disclose personal data to courts or regulatory bodies, including the police).

Legal basis: Such processing may be necessary: (i) for compliance with a legal obligation to which we are subject (Art. 6 (1) c) GDPR); or (ii) for the purpose of our legitimate interests (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring our compliance with applicable legal obligations.

Legal Proceedings and Investigations: We may process certain categories of the personal data referred to above in order to assess, enforce and defend our rights and interests.

Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: protecting our interests and enforcing our rights.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time (Art. 7 (3) GDPR). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.

Furthermore, under applicable data protection law, you may have the right to: obtain access to your personal data (Art. 15 GDPR), have your personal data rectified (Art. 16 GDPR), have your personal data erased (Art. 17 GDPR), have the processing of your personal data restricted (Art. 18 GDPR), data portability (Art. 20 GDPR) and to object to the processing of your personal data (Art. 21 (1) and (2) GDPR).

You also have the right to lodge a complaint with the competent data protection authority (Art. 77 GDPR).

Please note that these rights could be subject to certain limitations under applicable local data protection laws.

Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data and certain additional information. Such information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data has been or will be disclosed. However, please note that the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Subject to the relevant purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure ("right to be forgotten"): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may have the obligation to erase such personal data.

Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be flagged accordingly and may only be processed by us for certain purposes.

Right to data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit this data to another controller without hindrance from us.

RIGHT TO OBJECT: UNDER CERTAIN CIRCUMSTANCES AND WHERE THE PROCESSING IS BASED ON LEGITIMATE INTERESTS (ART. 6 (1) F) GDPR), YOU MAY HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA BY US AND WE MAY BE REQUIRED TO NO LONGER PROCESS YOUR PERSONAL DATA.

FURTHERMORE, WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IN THIS CASE YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES BY US. 

Right to make arrangements for the storage and communication of data after one’s death: You have a right to make specific arrangements for the storage and communication of your personal data after your death, and we will act accordingly. You may also make general arrangements with a third party, which will let us know about your instructions in due time.

Any access to your personal data at Kia is restricted to those individuals that have a need to know in order to fulfil their job responsibilities.

Kia may disclose your personal data for the respective purposes and in compliance with applicable data protection laws to the recipients and categories of recipients listed below:

We are a member of an international group of companies. Therefore, we may transfer personal data within the Kia group and to other third parties as noted in Section 13 above.

Some of these recipients may be located or have relevant operations outside of your country and the EU/EEA (e.g. in the Republic of Korea, the United Kingdom or the USA) (“Third Country”).

For some Third Countries, the European Commission has determined that they provide an adequate level of protection for personal data (e.g. the Republic of Korea, the United Kingdom), which also includes the USA to the extent that the receiving company in the USA participates in the EU-U.S. Data Privacy Framework (see https://www.dataprivacyframework.gov) (“Adequate Jurisdictions”).

Where we transfer personal data to a recipient that is located in a Third Country which has not been determined an Adequate Jurisdiction, we (or our processors in the EU/EEA that transfer personal data to sub-processors in such Third Countries, as applicable) provide appropriate safeguards by way of entering into data transfer agreements adopted by the European Commission (standard contractual clauses) with the recipients or taking other effective measures to provide an adequate level of data protection.

A copy of the respective safeguards may be requested from us or our data protection officer (see Section 2 and Section 3 above).

Your personal data is stored by Kia and/or our service providers for no longer than is necessary for the purposes for which the personal data is collected, and which are set out above.

When we no longer require your personal data for such purposes, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we are required to retain the relevant personal data to comply with legal or regulatory obligations to which we are subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 10 years).

Reset of Kia Account and/or Head Unit: You can reset the Head Unit and you can reset or deactivate the Kia Account by setting the respective preference / selecting the respective option (e.g. in the Kia Connect App and/or in the Head Unit, as appropriate).

In such a case, the relevant personal data related to your Kia Account and/or in the Head Unit will be blocked and then deleted, unless retention periods apply (see Section 15.1 above).

Upon resetting the Kia Account and/or Head Unit, you will be logged out of the Kia Connect App and/or Head Unit and will have to perform a new log-in procedure or log in with different credentials if you intend to use the Services via the Kia Connect App and/or Head Unit.

Please note that when you

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful forms of processing.

However, as the internet is an open system, the transmission of data via the internet is not completely secure. While we constantly improve our security measures in line with technical developments and in order to ensure an appropriate level of security for any of your personal data that we process, we cannot guarantee the security of your data transmitted to us using the internet.

You may choose to activate offline mode in the Head Unit by setting the respective preference. If offline mode is turned on, all Service functions are disabled and no personal data, in particular no GPS data, is collected. An offline mode icon is displayed at the top of the Head Unit screen in the vehicle.

This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Privacy Notice carefully, and to regularly review any changes we might make in accordance with the terms of this Privacy Notice.

We will publish the updated Privacy Notice on our websites, in the Kia Connect App and the Head Unit. The date of the last update is mentioned at the top of this Privacy Notice.

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“GDPR” means: (i) Regulation (EU) 2016/679 (General Data Protection Regulation); or (ii) with regard to the United Kingdom, Regulation (EU) 2016/679 as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended from time to time (also known as the UK GDPR).

“personal data” means any information relating to an identified or identifiable natural person.

“process”/ ”processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

The following local law amendments apply:

Section 15.1 shall be amended as follows: Your personal data is stored by Kia and/or our service providers strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 7 years. This retention period may be extended, in particular if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation)).

Regarding the data retention period under Section 15.1, in Belgium, personal data relating to the contractual relationship in contracts, communications or commercial letters may be stored for a duration of up to 10 years from the end of the contractual relationship between Kia and you. If such data is relevant in the frame of any administrative or judicial proceedings, it can be stored by Kia for the whole duration of these proceedings, including the expiration of any recourse. The contact details of the Belgian data protection authority are as follows: Autorité de protection des données Gegevensbeschermingsautoriteit, Rue de la presse 35 1000 Brussels, Tel.: +32 (0)2 274 48 00, Fax: +32 (0)2 274 48 35, Email: contact(at)apd-gba.be

Section 15.1 shall be replaced as follows: Your personal data is stored by Kia and/or our service providers strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which in the case of accounting documents may require retention for up to 8 years from their date of issue). If such data is relevant in the context of any administrative or judicial proceedings, it can be stored by Kia for the whole duration of these proceedings, including the expiration of any recourse. The contact details of the Hungarian data protection authority are as follows: Nemzeti Adatvédelmi és Információszabadság Hatóság, Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C., Tel.: +36-1-391-1400, Fax: +36-1-391-1410, Email: ügyfelszolgalat@naih.hu

Notwithstanding anything to the contrary as indicated in the above Privacy Notice, the following will apply to the extent that Italian law will apply to the processing of your personal data: (i) in no event will Kia process your personal data for profiling purposes without your consent; (ii) if you are an existing customer and have provided Kia with your email address, and without prejudice to your right to object pursuant to Section 12.6 above, Kia may send you marketing communications via email relating to products or services similar to the products or services previously purchased by you; (iii) with reference to storage periods, Kia will retain personal data processed for marketing or profiling purposes, if any, for 24 and 12 months, respectively, unless the Italian data protection supervisory authority authorises Kia to retain it for a longer period. The contact details of the Italian data protection supervisory authority are as follows: Garante per la Protezione dei Dati Personali Piazza Venezia n. 11 - 00187 Rome, www.gpdp.it - www.garanteprivacy.it, Email: garante@gpdp.it, Fax: (+39) 06 696773785, Tel.: (+39) 06 696771

Section 15.1 shall be amended as follows: The standard statutory data retention period for general bookkeeping purposes is 7 years in the Netherlands. Note that this retention period may be extended, in particular if the applicable law so requires and/or if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation).

Section 12.6 shall be amended as follows: Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, if you granted consent for the processing for such purposes, you have the right to withdraw at any time your consent for the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us. Section 15.1 shall be amended as follows: Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. the standard statutory data retention period for general bookkeeping purposes is 5 years from the end of the previous financial years in Poland. Note that this retention period may be extended, in particular if the applicable law so requires and/or if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation)). The contact details of the Polish data protection authority are as follows: Prezes Urzędu Ochrony Danych Osobowych, Urząd Ochrony Danych Osobowych ul. Stawki 2 00 -193 Warszawa, Email: kancelaria@uodo.gov.pl

The contact details of the Slovak data protection authority are as follows: Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27, Slovak Republic https://dataprotection.gov.sk/uoou/sk, Tel.: + 421 2 32 31 32 14, Email: statny.dozor@pdp.gov.sk 

Section 12.1 para. 2 shall be replaced as follows: You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you within six months, unless there is legitimate cause to do so we may charge a reasonable fee based on administrative costs. Section 15 shall be replaced as follows: 15.1 Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will block it and once the period for the statute of limitation has elapsed (e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 10 years), we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it. 15.2 Where no legal or regulatory retention periods apply, as a rule, all personal data processed in connection with the provision of the Services is blocked and subsequently erased or anonymised immediately after provision of the individual Services has been completed with the following exception: 

15.2. Termination of account: If you choose to terminate your use of the Services (e.g. by setting the respective preference in the Kia Connect App) and/or the Kia Connect Account (e.g. by setting the respective preference in the Head Unit), all personal data related to your Kia Account will be blocked and subsequently deleted as explained above.

Regarding the data retention period under Section 15.1, in Switzerland, personal data relating to the contractual relationship in contracts, communications or commercial letters may be stored for a duration of up to 10 years from the end of the contractual relationship between Kia and you.

The contact details of the Swiss data protection authority are as follows: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB). Feldeggweg 1. CH - 3003 Bern Switzerland. Telephone: +41 (0)58 462 43 95.

Section 14 shall be complemented with the following information: Your personal data is stored in the following countries/jurisdictions: [WORLDWIDE].

Regarding references to the GDPR, to the extent that Swiss data protection laws and related laws apply, references to Articles of the GDPR shall be read as references to the respective Articles of the Swiss Federal Act on Data Protection as from 1st September 2023 (“FADP”), and references to sections of the UWG shall be read as references to the respective Articles of the Swiss Federal Act against Unfair Competition (“Swiss UWG”), namely:

This document is information asset of Kia and is protected by relevant laws and regulations.