Recipients and Categories of Recipients
Any access to your personal data at Kia is restricted to those individuals that have a need to know in order to fulfil their job responsibilities.
Kia may disclose your personal data for the respective purposes and in compliance with applicable data protection laws to the recipients and categories of recipients listed below:
Kia group companies – We may disclose your personal data to other companies that are members of the Kia group, including our affiliated companies in Europe and Kia Corporation in the Republic of Korea.
To the extent that we disclose such data to other members of the Kia group for internal administrative purposes, such disclosure is necessary for our operational and business interests (Art. 6 (1) f) GDPR). We may also disclose such data because it is necessary for the performance of our contract with you (Art. 6 (1) b) GDPR).
Furthermore, in some cases, the disclosure may be based on your consent (Art. 6 (1) a) GDPR). For example, by activating the respective consent button in the consent list of the Kia Connect App, you may agree to the sharing of certain vehicle data with the relevant Kia national sales company or distributor in your country in Europe for various purposes. Please refer to the consent list of the Kia Connect App for more details. Where you give such consent, your consent is voluntary and can be withdrawn at any time (e.g. by de-activating the respective consent button in the consent list of the Kia Connect App). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.
We will inform the Kia national sales company or distributor in your country about the vehicle-related notifications (see Section
6.7) we have sent to you to avoid you being sent the same message via multiple channels from different Kia group companies. This is necessary for the purpose of legitimate interests pursued by us and the relevant recipient of the information (Art. 6 (1) f) GDPR). The relevant recipient’s and our legitimate interests are: providing the best possible service for our customers, as sharing this information will avoid customer frustration caused by receiving the same message via multiple channels and from different Kia group companies.
Telecommunications providers – For the purpose of providing our Services to you (Art. 6 (1) b) GDPR), we may disclose your personal data to Vodafone GmbH, Ferdinand-Braun-Platz 1, 40549 Düsseldorf, Germany, which provides the relevant telecommunications services. Vodafone GmbH will process your personal data as an independent controller.
Service providers – We may disclose your personal data to certain third parties, whether affiliated or unaffiliated, that process such data as our service providers on our behalf under appropriate instructions as processors and as necessary for the respective processing purposes (Art. 28 (3) GDPR). These processors are subject to contractual obligations, which require them to implement appropriate technical and organisational security measures, to safeguard the personal data and to process the personal data only in accordance with our instructions. Our service providers include:
The service provider for the technical infrastructure and maintenance services relevant to the Services, which is Hyundai Autoever Europe GmbH, Kaiserleistraße 8a, 63067 Offenbach am Main, Germany.
The service providers for our customer data management platforms and connected car data management platforms, which are salesforce.com Germany GmbH, Erika-Mann-Strasse 31-37, 80636 Munich, Germany, and Amazon Web Services EMEA SARL, 38 avenue, John. F. Kennedy, L-1855, Luxembourg, with their servers located within the EU/EEA.
The service provider Momentive Europe UC, Second Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin 4, Ireland, which provides the online survey tool Surveymonkey and related services for the purpose of conducting and evaluating surveys.
The service provider Cerence B.V., CBS Weg 11, 6412EX Heerlen, Netherlands, which provides services in connection with the Online Voice Recognition Service.
Our affiliated entities in the EU/EEA, which provide services relating to customer support, including call centre services.
The service providers TomTom Global Content B.V. and HERE Europe B.V., which provide map-related services.
Other service providers engaged in connection with specific Services.
Governmental authorities, courts and similar third parties that are public bodies – We may disclose your personal data to governmental authorities, courts and similar third parties that are public bodies where we have a legal obligation to do so (Art. 6 (1) c) GDPR) or for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as independent controllers.
Outside professional advisors – We may disclose your personal data to our tax consultants, auditors, accountants, legal advisors and other outside professional advisors for the purpose of operating our business (Art. 6 (1) f) GDPR). In some cases, we may also disclose the data for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will usually process the relevant personal data as independent controllers.
Third-party acquirers – In the event that we sell or transfer all or any relevant portion of our assets or business (including reorganisation or liquidation), we may disclose your personal data to third-party acquirers (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as independent controllers.
Others – We may also disclose your personal data to other third parties (e.g. insurance companies, leasing companies, financial service providers, fleet companies, data aggregators); however, except in relation to ADAS as mentioned below, we will only share your personal data with such third parties where: (i) you have requested that we do so and gave your prior consent for such disclosure (Art. 6 (1) a) GDPR); (ii) such disclosure is necessary for the performance of our contract with you (Art. 6 (1) b) GDPR); or (iii) such disclosure is necessary for the performance of the relevant third party’s contract with you (Art. 6 (1) b) GDPR). These recipients will process the relevant personal data as independent controllers.
Within the scope of the Advanced Driver Assist System (“ADAS”), we collect and process a static set of telematics data and transfer this data to preselected data aggregators. This information is static; i.e. it does not include driving information, so it is not possible to profile individuals’ driving behaviour. The purpose of this processing is to protect against possible fraudulent practices, to improve and develop our ADAS to increase the number of vehicles with a high level of safety equipment and to simplify the insurance process for our customers. For this purpose, the following categories of personal data are processed: The vehicle build information (VBI), which may include the vehicle identification number (VIN), model, trim, model year, price, colour, fuel type, voltage system, emissions, class, power and fitted equipment including ADAS safety systems. The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving our Services, providing enhanced products and increasing the sales of ADAS vehicles as well as developing new products and customer services. In addition, your personal data as described above may be anonymised to perform our own analytics for improving and developing our products.