Effective from July 2023

1. Introduction
2. Controller
3. Data Protection Officer
4. Purposes, Legal Bases and Categories of Personal Data
5. Kia Connect App
6. Head Unit and in-car Services
7. Other Processing Activities
8. Your Rights
9. Recipients and Categories of Recipients
10. Cross-Border Data Transfer
11. Data Retention
12. Data Security
13. Offline Mode (Modem Off)
14. Updates
15. Definitions
16. Local Law Amendments

This privacy notice (the “Privacy Notice”) of Kia Connect GmbH, registered under the registration number HRB 112541, ("Kia", "we" or "us") applies to the collection and processing of personal data in connection with the provision of our services via our app (the "Kia Connect App") and via the relevant vehicle’s head unit (the "Head Unit", together, the “Services”) ) and is addressed to our customers using these Services (“you”, “your”).
Kia takes the protection of your personal data and your privacy very seriously and will process your personal data only in accordance with the GDPR and other applicable data protection and privacy laws.
Please note that in addition to this Privacy Notice, where appropriate, we may inform you about the processing of your personal data separately, for example in consent forms or separate privacy notices.

2.1.
Unless expressly stated otherwise, Kia Connect GmbH is the controller of the personal data collected and processed in connection with the provision of the Services.
2.2.
If you have any questions about this Privacy Notice or our processing of your personal data, or if you wish to exercise any of your rights, you may contact us at:
Kia Connect GmbH, Theodor-Heuss-Allee 11, 60486 Frankfurt am Main, Germany
Email: info@kia-connect.eu
You may also use our contact form, which is available here: https://connect.kia.com/eu/customer-support/contact-form/
Alternatively, you may also contact our data protection officer at the contact details provided in Section 3 below.

We have appointed an external data protection officer (“DPO”). You may contact our DPO at:
Kia Connect GmbH
Data Protection Officer
Theodor-Heuss-Allee 11
60486 Frankfurt am Main, Germany
Email: dpo@kia-connect.eu

Details about the purposes of and the legal bases for our processing of your personal data, and the categories of personal data that we may process, are set out in Sections 5–7 below.
Please note that we will process personal data only to the extent permitted by law and to the extent necessary for the relevant purpose.
Purposes
We will mainly process your personal data for the purpose of concluding with you the contract relating to the provision of the Services (“Kia Connect Terms of Use”) and providing our Services to you. Further details about the Services are provided in the respective service description in the Kia Connect Terms of Use.
We may also process your personal data for the other purposes specified in Sections 5–7 below.
For example, this may include the processing of personal data for the purposes of: (i) communicating with you; (ii) direct marketing; or (iii) analysing relevant data to improve our Services, develop new mobility and mobility-related products and/or services, and/or to ensure that the relevant products or services can be provided securely.
For the purposes mentioned in (iii), we may analyse the data based on statistical and mathematical models. Furthermore, we may also process your personal data for the purpose of complying with applicable laws or other legal obligations (e.g. disclosure of relevant personal data to courts or criminal prosecution authorities), or if we have separately informed you about such purposes.
Legal bases
Generally, in connection with the Services, we collect and process your personal data in order to take steps at your request prior to entering into a contract (“conclusion of contract”) or to the extent necessary for the performance of our contract with you (Art. 6 (1) b) GDPR), or to the extent to which the processing is necessary for the purposes of our or a third party’s legitimate interests (Art. 6 (1) f) GDPR).
With respect to certain processing activities, we may process your personal data to the extent necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) c) GDPR), or where we have obtained your prior consent to the relevant processing of your personal data for a specific purpose (Art. 6 (1) a) GDPR).
Sources
Unless otherwise expressly stated in this Privacy Notice, the personal data listed in Sections 5–7 below are provided to us directly by you (e.g. by entering certain personal data in the Kia Connect App) or are collected directly from your vehicle (e.g. its sensors and related applications as made accessible via the Head Unit).
Your right to not provide your personal data
Generally, you have the right to not provide your personal data to us. However, in some cases (e.g. for the use of certain Services), we may require certain personal data from you to be able to process your enquiry or to provide the relevant Services. We will inform you about the required personal data accordingly.
Third-party use of the vehicle or Services
The details about our processing activities as provided in this Privacy Notice also apply with regard to third-party usage of the relevant vehicle. However, in general the processing of data by Kia is based on vehicle-bound information as described in this Privacy Notice.
Therefore, Kia will not be able to identify the relevant person driving the car, unless such person is logged in with their personal profile or other identifiers related to the relevant person are provided.
The Kia Connect Terms of Use require you to inform other users/drivers of the vehicle about: (i) the activation of the Services; (ii) the data processing activities described in this Privacy Notice; and (iii) the fact that the Services require the collection and processing of location data (GPS data).
Please note that if another person uses the Kia Connect App and is connected to the same vehicle as you are, this person may also see the vehicle's location data in their account on the Kia Connect App (by using the "Find my Car" service), even if you are using the vehicle at this time. However, this person will not be able to access your live routes.

5.1.
SIGN-UP AND LOG-IN
5.1.1.
Sign-up process for the Kia Connect App: To use the Kia Connect App, you need to sign up and create an account ("Kia Account"). The Kia Account is also required for registering for other services provided by Kia group members in Europe. Details about our processing of your personal data in connection with the Kia Account are provided in a separate privacy notice which is accessible here: https://connect.kia.com/eu/kia-account-docs/.
You also need to accept the Kia Connect Terms of Use. Establishing the link between the end user device (i.e. smartphone) on which the Kia Connect App is installed and the respective vehicle requires verification.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), email address, name, password, salutation, birthday, mobile number, country, preferred language, verification PIN, car ID, activation code, the fact that you accepted the Kia Connect Terms of Use.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us, or for the conclusion of the contract with us (Art. 6 (1) b) GDPR).
5.1.2.
Log-in process: To use the Services via the Kia Connect App, you need to log in. After logging in, you can add and remove your Kia vehicle(s) and use the Services via the Kia Connect App.
For this purpose, the following categories of personal data are processed: Email and password.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.
REMOTE CONTROL
5.2.1.
Remote Climate Control (electric vehicles only): This Service enables you to remotely control and schedule the air conditioning of your electric vehicle including defrost functions via the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status, engine status, door/boot/window/bonnet open/closed status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.2.
Remote Charging (electric and plug-in hybrid vehicles only): This Service enables you to remotely initiate and stop the charging of an electric and plug-in hybrid vehicle's battery and to schedule the charging via the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status, engine status, door/boot/window/bonnet open/closed status, tyre pressure status, brake/engine oil status, charging information, reserve charging information, charging time, charging plug type information).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.3.
Remote Door Control: This Service enables you to remotely lock/unlock the vehicle's doors via certain user interfaces. You will be able to lock or unlock all doors. To ensure safety and security when using this Service, the Service will check several pre-conditions. This Service can help in situations where you cannot remember whether you locked the vehicle correctly by allowing you to perform this action remotely.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status, engine status, door/boot/window/bonnet open/closed status, tyre pressure status, gear/seat status, fuel level, brake/engine oil status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.4.
Remote Vehicle Configuration, Profile Backup and Restore: This Service enables you to check and change vehicle settings in the Kia Connect App. You can also back up settings information and apply it to your vehicle.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, user phone number, SMS authentication code, user PIN code, report time, vehicle setup information, system setup information, navigation setup information, navigation point of interest (POI) information, profile picture (if provided).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.5.
Remote Heated and Ventilated Seats (electric vehicles only): This Service enables you to remotely control the front and rear seat heating and ventilation of your electric vehicle.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.6.
Remote Window Control: This Service enables you to remotely control the windows of your vehicle.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.7.
Remote Hazard Light Control (for EV6 only): This Service enables you to remotely turn off the hazard lights.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on tail lamps and hazard lights; engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.2.8.
Remote Charging Door Control: This Service enables you to remotely control the charging door of your vehicle.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, vehicle status information (status information on charging door; engine and gears; door, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.3.
REMOTE GEOLOCATION SERVICES
5.3.1.
Send POI to Car: This Service enables you to send a point of interest (POI) to the vehicle's navigation system and immediately use the POI (e.g. as a destination for route planning) once the vehicle's ignition is turned on.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, point of interest (POl) information, search keyword, smartphone language settings.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.3.2.
Find my Car and First Mile Navigation: This Service enables you to locate the vehicle and to navigate to it using your smartphone. The vehicle's location will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, address, name, location information of user and vehicle, waypoint information, date, time, time stamp and speed.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.3.3.
My Trips: This Service provides a summary (for the last 90 days) of every journey with date and time, average and maximum speed, distance driven and travel time.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, driving information (run distance, average speed, maximum speed, total fuel consumption, total power consumption, electric power consumption, driving time, warm-up time, average odometer reading).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.3.4.
Last Mile Navigation: This Service enables you to continue navigating to your final destination using your smartphone after parking your vehicle.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, address, name, location information of user and vehicle, waypoint information, time, speed.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.4.
VEHICLE INFORMATION
5.4.1.
Vehicle Status: This Service displays the following vehicle information in the Kia Connect App:
● Door status
● Charging door status
● Boot/bonnet status
● Climate status
● State of charge of battery, charging plug status, charging status (electric vehicles only)
● Fuel level (fuel/hybrid vehicles only)
● Seat heating and ventilation status
● Window status
● Sunroof status
● 12V battery status
● Lights status
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.4.2.
Vehicle Report: You receive a report in the Kia Connect App that includes vehicle diagnostic information and information on driving patterns (number of vehicle starts, driving distance and driving time/idle time). This informs you of issues that require maintenance or repairs and provides information on the severity of the issue, the urgency of repairs/maintenance and the recommended actions.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, vehicle status information (engine status), driving pattern information (car speed information (maximum and average speed), acceleration status information, distance driven, battery consumption information (for electric vehicles)).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.4.3.
Vehicle Diagnostic: Provision of an automated diagnostic service. Upon turning on the ignition, the vehicle automatically performs a diagnostics scan (Diagnostics Trouble Code (“DTC”)). If a malfunction is detected, you receive a message explaining the malfunction, its severity and the recommended action to be taken.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometerreading, results of the DTC scan, vehicle status information (air conditioning status, engine status, door/boot/window/bonnet open/closed status, tyre pressure status, gear/seat status, fuel level, brake/engine oil status, battery status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.4.4.
Energy Consumption (electric vehicles only): This Service visualises the current and average energy consumption, driving distance and energy recuperation information in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, cumulative odometer reading, total power consumption (motor power consumption, climate power consumption, electric device power consumption, battery care power information, regenerated power information).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.
ALERTS AND SECURITY
5.5.1.
Vehicle Alert: Whenever any of the vehicle’s windows are open while the ignition is off, a notification message will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.2.
Burglar Alarm (only for vehicles that are equipped with a burglar alarm system): Whenever the burglar alarm sounds, a notification message will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, date and time stamp, GPS data, odometer reading, vehicle status information (air conditioning status, engine status, door/boot/window/bonnet open/closed status, tyre pressure status, gear/seat status, fuel level, brake/engine oil status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.3.
Battery Discharge Alarm: Whenever the state of charge of the 12V battery drops below a certain level, a notification message will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, battery status, vehicle status alert type.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.4.
Rear Passenger Alarm: Whenever movement is detected on the rear seat and the vehicle is in the parking gear, a notification message will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.5.
Vehicle Idle Alarm: Whenever the vehicle is in the parking gear while the engine is running and a door is opened, a notification message will be displayed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), car ID, SIM ID, date and time stamp, GPS data, odometer reading, vehicle status information (status information on engine and gears; doors, bonnet, boot and sunroof; heating, ventilation and air conditioning (HVAC); battery, fuel and distance to empty (DTE); fluids (washer fluid and brake oil); tyres, lamps and smart key; electric vehicle (EV) status).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.5.6.
High-Voltage Battery Monitoring Warning System (electric vehicles only): The status of the high-voltage battery is monitored: Whenever a malfunction is detected, a notification message will be displayed in the Kia Connect App and the Head Unit.
For this purpose, the following categories of personal data are processed: Air conditioning status, engine status, door/boot/bonnet/sunroof/window status, air temperature, defrost status, charging status, heating steering wheel status, side mirror / rear window heating status, tyre pressure status, 12V battery status, malfunction indicator lamp status, smart key battery status, fuel level status, washer fluid status, brake oil warning lamp status, sleep mode status, time, remote waiting time alert, system cut-off alert status, tail lamp status, hazard light status.
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us, but also our customers and other third parties (Art. 6 (1) f) GDPR). The legitimate interests are: ensuring the proper provision and function of our Services, providing safe Services and products to our and Kia group customers, protecting our customers’ health and life, protecting our customers’ property, and protecting the health, life and property of other people in or around the vehicle.
5.6.
REMOTE USAGE MONITORING
5.6.1.
Valet Parking Mode: This Service allows you to monitor the vehicle location, the time ignition was last turned off, driving time, driving distance and top speed in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), valet mode status information (activation status, valet mode start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.6.2.
Valet Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle travels beyond the selected distance limit, speed limit and idle time limit you have predefined in the Kia Connect App. The permitted travel distance is the vehicle’s distance from the location where the Service was activated.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, valet alert status information (activation status, valet alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected distance limit, selected speed limit, selected idle time limit.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.6.3.
Geofence Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle exits an allowed area or enters a restricted area. You can set the boundaries for allowed areas and restricted areas in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, geofence alert status information (activation status, geofence alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected allowed areas, selected restricted areas.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.6.4.
Speed Alert: When activated in the Head Unit, this Service enables you to receive notifications in the Kia Connect App if your vehicle exceeds the speed limit you have preset in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, speed alert status information (activation status, speed alert status start and end time, run time, mileage time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected speed limit.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.6.5.
Time Fencing Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle is driven outside of the time windows you have predefined in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, time fencing alert status information (activation status, time fencing alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected time windows.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.6.6.
Idle Alert: This Service enables you to receive notifications in the Kia Connect App if your vehicle is driven beyond the idle time limit you have predefined in the Kia Connect App.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), date and time stamp, GPS data, idle alert status information (activation status, idle alert status start and end time, run time, odometer time, idle engine time, maximum speed, run distance), vehicle indicators (location, speed, time, accuracy, direction), selected idle time limit.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.7.
PREFERRED DEALER INFORMATION
This Service allows you to synchronise the “Preferred Dealer” information between the MyKia website and the MyKia-App (if available in your country) and the Kia Connect App. Synchronisation is optional and must be enabled before it can be used. If you choose not to synchronise the “Preferred Dealer” information, the “Preferred Dealer” feature in the Kia Connect App is still available but the information shown may differ from the information in MyKia.
For this purpose, the following categories of personal data are processed: vehicle identification number (VIN), email address, UUID, dealer name, dealer address, dealer contact details, dealer information, dealer opening hours.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.8.
HOME MENU MAP AND SEARCH BAR
The home menu map displays your current location. The home menu search bar can be used to search for points of interest (POI).
For this purpose, the following categories of personal data are processed: GPS data, search keyword, smartphone language setting.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.9.
USE OF TOUCH ID AND FACE ID (IOS) OR FINGERPRINT AND FACE RECOGNITION (ANDROID)
You can use certain functions of the Kia Connect App with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) to unlock. Your biometric data is stored only locally on your smartphone and is not transmitted to us. Therefore, we are not able to access this data. Only the information on whether verification of the biometric data was successful is transmitted to the Kia Connect App by a system function of your smartphone. You can turn off the use of Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) at any time in the respective settings of your smartphone.
For this purpose, the following categories of personal data are processed: Information on whether the verification of the biometric data was successful.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
5.10.
PRODUCT AND SERVICE IMPROVEMENT
By activating "Product/Service Improvement", data regarding the performance, usage, operation and condition of the vehicle will be processed by us in order to improve product and service quality based on your consent. Your consent is voluntary and can be withdrawn at any time by deactivating the respective button. The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. To activate "Product/Service Improvement", it is also necessary to activate the geographic information system ("GIS") for technical reasons.
For this purpose, the following categories of personal data are processed: Status information on the following: air control system; battery; technical and stability-related systems; dashboard usage; air conditioning and heating; engine, brake and powertrain; function; gears and consumption; warning and assistance system; steering and tyres; engine and charging; electric vehicle (EV)-specific usage; multimedia-related usage (e.g. "like" feature) and status as well as GPS and speed information.
Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).

6.1.
NOTIFICATION CENTRE
The Notification Centre enables you to receive messages from Kia on the Head Unit screen. This may include inter alia Recall Campaign Notifications regarding your vehicle, Service Reminders and Service Action Notifications.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.2.
KIA CONNECT LIVE SERVICES
Kia Connect Live Services include the following:
● Live Traffic and Online Navigation: This Service provides live traffic information for calculating routes and displaying the traffic situation. Online navigation enables you to navigate to your desired destination based on a combination of real-time and historical traffic data.
● Live point of interest (POI): This Service provides information on nearby points of interest based on the current position of the vehicle.
● Weather: This Service provides local weather information.
● Parking: This Service provides on and off-street parking information based on the current position, nearby destination, nearby scrolled mark or nearby city centre.
● EV POI (only for electric vehicles and plug-in hybrid electric vehicles): This Service provides information on nearby charging stations including availability status based on the current position.
● Dealer POI: This Service provides location information of nearby Kia dealers based on the current position of the vehicle.
● Speed camera / danger zone alerts (if legally permissible in the country of use): This Service provides alerts in areas where accidents are particularly common and warns you about accident black spots or speed cameras.
● Sports league: This Service provides information on past and upcoming events for the selected sports and leagues.
For this purpose, the following categories of personal data are processed: GPS data, service requests and server search responses (point of interest (POI) data), dealer POI data, fuel-related information, parking-related information, speed camera information, electric vehicle (EV) station information, weather information, traffic information, unit of distance (kilometres, miles, metres), language settings, telecom carrier information, unique identifiers (e.g. vehicle identification number (VIN), driver ID, service ID), phone number, date and local time, protocol version, navigation device information (e.g. hardware version, software version), route information (e.g. start point, settings, goal point, estimated time), league match information request, team match information request, league ID , league match version, team code ID, country of interest ID, country code, league version, team version, logo version.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
We will also process the data listed above for the purpose of improving the Kia Connect Live Services.
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving the Kia Connect Live Services.
6.3.
ONLINE VOICE RECOGNITION
This Service enables the use of spoken commands to access and control certain functions of your vehicle and to draft and send text messages via a connected mobile device. Online Voice Recognition is operated in an online (cloud) environment. Upon the activation of our Services in the Head Unit of your vehicle, Online Voice Recognition is activated as a default setting. This Service requires the transfer of your personal data (i.e. voice samples) to our service provider Cerence B.V. and its sub-processors, which may be located in countries outside the EU/EEA and may not provide for an adequate level of data protection (please refer to Sections 9 and 10 for more details). You can prevent the transfer of your personal data to Cerence B.V. and its sub-processors by deactivating the Online Voice Recognition Service in the respective settings of your Head Unit. If you deactivate the Online Voice Recognition Service, the voice recognition functionality of your vehicle may be limited or disabled.
Cerence B.V. transforms the voice samples into text samples, semantically interpreting them (if necessary), and then sends the result back to the vehicle.
For this purpose, the following categories of personal data are processed: Voice recording, GPS data (location), point of interest (POI), Cerence user ID. The latter is a unique ID for registering with the server of Cerence B.V. The Cerence user ID and vehicle identification number (VIN) or any other identifiers are not linked to each other. This means that Cerence B.V. cannot identify a natural personal from the data transmitted to it.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
Voice recording and GPS data will also be collected and stored for the purpose of performing and improving the Online Voice Recognition Service.
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving the Online Voice Recognition Service.
6.4.
PERSONAL CALENDAR/NAVIGATION SYNCHRONISATION
This Service enables you to synchronise your Google Calendar or Apple Calendar on your smartphone with the integrated calendar function of the Head Unit. This allows you to see your private calendar on the Head Unit screen and to use it to set a destination. This Service is compatible with Google Calendar and Apple Calendar.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), email address, email account calendar ID, Google token or iCloud password, calendar entries (e.g. title of appointment, date and time, address).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.5.
VEHICLE-RELATED NOTIFICATIONS
6.5.1.
Recall Campaign Notifications: We will send you notifications about open recall campaign(s) to your vehicle using the Notification Centre referred to above. Recall campaign notifications may also be sent to you by other means (e.g. within the Kia Connect App, via email to your registered email address or by mailed letter).
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.5.2.
Service Reminders: We will send you reminders for upcoming regular maintenance dates for your Kia vehicle using the Notification Centre referred to above.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date).
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.5.3.
Service Action Notifications: We may also inform you about outstanding recommended service actions (such as software updates, part replacements with improved parts or quality checks to be carried out on certain components of your Kia vehicle). Information on recommended service actions may be provided to you via the Notification Centre referred to above and/or within the Kia Connect App or via email to your registered email address.
This processing is subject to your prior consent, which you may give by activating the respective consent button in the consent list of the Kia Connect App. Your consent is voluntary and can be withdrawn at any time (e.g. by deactivating the respective consent button in the consent list of the Kia Connect App). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), sequence ID, read status, UTC time, odometer, warranty start date.
Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).
6.5.4.
Mandatory Vehicle Inspection Reminders (such as TÜV in Germany or MOT in the UK): We will inform you about upcoming mandatory vehicle inspections. For example, reminders about the “Ministry of Transport” test (commonly referred to as “MOT”) for vehicles in the UK. Use of this Service requires that you provide Kia with the correct date of the last mandatory vehicle inspection and the date the vehicle was first registered.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), sequence ID, read status, UTC time, odometer, warranty start date), last vehicle inspection date, first registration date.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.6.
LIKE BUTTON FOR USB MUSIC AND RADIO
The like button for USB music and radio allows you to mark and add songs to a playlist of your favourite songs. You can like or unlike songs via the like button integrated in the music function of the infotainment system.
For this purpose, the following categories of personal data are processed: The source type (USB music, radio, Bluetooth music), the name of the song, artist and album, the like/unlike information, GPS data, ambient air temperature, vehicle speed, weather (based on your current location) and time information.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
6.7.
OTA UPDATES
The “Maps and Infotainment OTA Update” enables:
● updates of the maps in the vehicle's navigation system (“Maps Update”); and/or
● updates of infotainment software or enhancements of Head Unit software (“Infotainment Update”)
from our servers to the embedded telematics system using the “over-the-air” method.
Further information about the Maps Update and the Infotainment OTA Update are provided in Section 4.1.3 of the Kia Connect Terms of Use.
For this purpose, the following categories of personal data are processed: Unique identifiers (e.g. vehicle identification number (VIN)), vehicle software version, Diagnostics Trouble Codes, vehicle manufacturing date, GPS data (longitude, latitude, altitude), telecommunications provider, language settings, country code or region code, Head Unit identifiers (e.g. type, system version, platform, manufacturer), relevant metadata.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR.
For the avoidance of doubt, if you receive the Maps Updates and/or Infotainment Updates by accessing the web page https://update.kia.com/EU/E1/Main or at the dealership, these updates are not offered to you via the “over-the-air” method and we are not the controller for related processing of personal data.

In addition to the processing activities set out in Sections 5 and 6 above, we may also process your personal data for the following purposes:
7.1.
Communication: We may process your personal data to communicate with you in relation to the Services or the contract that you have entered into with us (e.g. to provide customer support, to inform you about technical issues with the Services, to perform our contractual obligations, to inform you about changes to the Kia Connect Terms of Use or this Privacy Notice) via several communication channels, including the Head Unit of your vehicle (using the Notification Centre), email, telephone and notifications within the Kia Connect App (for this purpose, the Kia Connect App provides a separate inbox). When you contact us via available communication channels (e.g. contact form on our website or in the Kia Connect App, email or telephone), we may process your personal data to handle your request and communicate with you accordingly in relation to your request. Certain fields in the contact form in the Kia Connect App will be pre-filled to make using the contact form more convenient for you. For information about communication regarding our marketing activities, please see Section 7.3 below.
For this purpose, the following categories of personal data are processed: Contact details (e.g. email address, telephone number), data relevant for the use of the Notification Centre (i.e. unique identifiers, such as the vehicle identification number (VIN), sequence ID, read status, UTC time), data relevant for the sending of the notifications within the Kia Connect App (User ID, country, language, device ID, system token, platform, UUID, Contact ID), data relevant for pre-filling the contact form in the Kia Connect App (email address, vehicle identification number (VIN), language, UUID), name, information provided by you in relation to the relevant request, contract data.
Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR), or for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: providing the best possible service for our customers and appropriately answering and processing our customers’ requests.
7.2.
Technical Support: Where a technical issue has been detected in relation to your vehicle and the Services, we might be required to read out information from your vehicle for the purpose of analysing such information and to resolve the detected issue. Subject to your prior consent, we will collect and process what is known as a log file of the Head Unit from your vehicle, which contains certain categories of personal data. Your consent is voluntary and can be withdrawn at any time (e.g. by using our contact form available in the “Customer Support” section under “Contact Us” on our website (https://connect.kia.com/eu/customer-support/contact-form/)). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. However, please note that the refusal to grant or the withdrawal of your consent might prevent us from offering or completing an analysis of the detected issue of your vehicle and the Services.
For this purpose, the following categories of personal data are processed: Vehicle identification number (VIN), time stamps, geolocation data/GPS coordinates (such as your previous destinations) as well as vehicle diagnostics information regarding the performance, usage, operation and condition of the vehicle.
Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).
7.3.
Marketing: We may contact you via the Head Unit of your vehicle, email and/or notifications within the Kia Connect App (the Kia Connect App provides a separate inbox) to provide you with promotional information regarding our products and/or services, to ask you to participate in surveys or to provide your feedback.
In relation to emails and notifications within the Kia Connect App, this is usually subject to your prior consent and to the scope of such consent. You may give your consent by activating the respective consent button in the consent list of the Kia Connect App or by other relevant means (if applicable). Your consent is voluntary and can be withdrawn at any time (e.g. by deactivating the respective consent button in the consent list of the Kia Connect App). You may also unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in each promotional email that we send. The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. You also have the right to object to the processing of your personal data for direct marketing purposes (see Section 8.6 below for more details).
If you provide us with your email address as part of signing up to the Services and unless you have objected, we may send you information about similar Kia Connect services or products to the relevant email address without asking you for your prior specific consent. This is because specific consent from you as an existing customer is not required in such cases. This also applies to sending you such information via notifications within the Kia Connect App to the inbox which is provided separately within app. However, you have the right to opt out from receiving such electronic mail marketing at any time without incurring any costs (other than the transmission costs according to the basic rates) (e.g. by deactivating the respective buttons in the “Service-related Advertising” list of the Kia Connect App). You may also unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in each promotional email that we send. You also have the right to object to the processing of your personal data for direct marketing purposes (see Section 8.6 below for more details).
For this purpose, the following categories of personal data are processed: Name, contact details (e.g. email), technical data (e.g. device information, IP address, User ID, UUID), information about your consent (e.g. date and time of opt-in).
Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR; Sec. 7 (2) No. 2 of the German Act against Unfair Competition (“UWG”)), or it is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR; Sec. 7 (3) UWG). Our legitimate interests are: promoting our services and products.
7.4.
Feedback and Surveys: From time to time, we may invite you to provide your feedback and/or participate in surveys relating to us and our services, including support services (see Section 4.3.3 above for details about our communication with you). If you provide your feedback or participate in our surveys, we may process relevant personal data for the purpose of processing and evaluating the feedback or conducting, processing and evaluating the survey. This is in order to improve our services and adapt them to our customers’ needs.
In some cases, we may conduct surveys using the Salesforce Marketing Cloud platform provided by salesforce.com Germany GmbH or the online survey tool Surveymonkey provided by Momentive Europe UC (“Momentive”) (see Section 9 below for more details about these providers).
To participate in surveys conducted on Surveymonkey, you may have to click a link which will be included in the survey invitation. When you click on the link, you will be referred to a website of Momentive on which the survey will be conducted. Momentive will process the survey related information on our behalf and for our purposes. Furthermore, Momentive may: (i) collect and process information about your device and other technical data to avoid multiple participations; and (ii) use cookies to recognise whether the participant has already visited the survey and to reassign responses that the relevant participant has already given. More information about Momentive’s processing of personal data is available at https://www.surveymonkey.com/mp/legal/privacy/.
For this purpose, the following categories of personal data are processed: Name (if relevant and provided), content data (e.g. your feedback and/or responses), technical data (IP address, UUID, operating system version, device type, device ID/MAC address, system and performance information and browser type).
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving our services.
7.5.
Data Sharing: Details about our sharing of your personal data with third parties are provided in Section 9 below.
7.6.
Operation of Business: We may process certain categories of the personal data referred to above for internal management and administration purposes, including record management or maintaining other internal protocols.
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring the appropriate and efficient operation of our business.
7.7.
Legal Compliance: We may process certain categories of the personal data referred to above (e.g. records of any consents that you have given, together with the date and time, as well as content and means of consent) to comply with applicable laws, directives, recommendations or requests from regulatory bodies (e.g. requests to disclose personal data to courts or regulatory bodies, including the police).
Legal basis: Such processing may be necessary: (i) for compliance with a legal obligation to which we are subject (Art. 6 (1) c) GDPR); or (ii) for the purpose of our legitimate interests (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring our compliance with applicable legal obligations.
7.8.
Legal Proceedings and Investigations: We may process certain categories of the personal data referred to above in order to assess, enforce and defend our rights and interests.
Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: protecting our interests and enforcing our rights.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time (Art. 7 (3) GDPR). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.
Furthermore, under applicable data protection law, you may have the right to: obtain access to your personal data (Art. 15 GDPR), have your personal data rectified (Art. 16 GDPR), have your personal data erased (Art. 17 GDPR), have the processing of your personal data restricted (Art. 18 GDPR), data portability (Art. 20 GDPR) and to object to the processing of your personal data (Art. 21 (1) and (2) GDPR).
You also have the right to lodge a complaint with the competent data protection authority (Art. 77 GDPR).
Please note that these rights could be subject to certain limitations under applicable local data protection laws.
8.1.
Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data and certain additional information. Such information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data has been or will be disclosed. However, please note that the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
8.2.
Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Subject to the relevant purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3.
Right to erasure ("right to be forgotten"): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may have the obligation to erase such personal data.
8.4.
Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be flagged accordingly and may only be processed by us for certain purposes.
8.5.
Right to data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit this data to another controller without hindrance from us.
8.6.
Right to object: Under certain circumstances and where the processing is based on legitimate interests (Art. 6 (1) f) GDPR), you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we may be required to no longer process your personal data.
Furthermore, where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.
8.7.
Right to make arrangements for the storage and communication of data after one’s death: You have a right to make specific arrangements for the storage and communication of your personal data after your death, and we will act accordingly. You may also make general arrangements with a third party, which will let us know about your instructions in due time.

Any access to your personal data at Kia is restricted to those individuals that have a need to know in order to fulfil their job responsibilities.
Kia may disclose your personal data for the respective purposes and in compliance with applicable data protection laws to the recipients and categories of recipients listed below:
● Kia group companies – We may disclose your personal data to other companies that are members of the Kia group, including our affiliated companies in Europe and Kia Corporation in the Republic of Korea.
● To the extent that we disclose such data to other members of the Kia group for internal administrative purposes, such disclosure is necessary for our operational and business interests (Art. 6 (1) f) GDPR). We may also disclose such data because it is necessary for the performance of our contract with you (Art. 6 (1) b) GDPR).
● Furthermore, in some cases, the disclosure may be based on your consent (Art. 6 (1) a) GDPR). For example, by activating the respective consent button in the consent list of the Kia Connect App, you may agree to the sharing of certain vehicle data with the relevant Kia national sales company or distributor in your country in Europe for various purposes. Please refer to the consent list of the Kia Connect App for more details. Where you give such consent, your consent is voluntary and can be withdrawn at any time (e.g. by de-activating the respective consent button in the consent list of the Kia Connect App). The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal.
● We will inform the Kia national sales company or distributor in your country about the vehicle-related notifications (see Section 6.5) we have sent to you to avoid you being sent the same message via multiple channels from different Kia group companies. This is necessary for the purpose of legitimate interests pursued by us and the relevant recipient of the information (Art. 6 (1) f) GDPR). The relevant recipient’s and our legitimate interests are: providing the best possible service for our customers, as sharing this information will avoid customer frustration caused by receiving the same message via multiple channels and from different Kia group companies.
● Telecommunications providers – For the purpose of providing our Services to you (Art. 6 (1) b) GDPR), we may disclose your personal data to Vodafone GmbH, Ferdinand-Braun-Platz 1, 40549 Düsseldorf, Germany, which provides the relevant telecommunications services. Vodafone GmbH will process your personal data as an independent controller.
● Service providers – We may disclose your personal data to certain third parties, whether affiliated or unaffiliated, that process such data as our service providers on our behalf under appropriate instructions as processors and as necessary for the respective processing purposes (Art. 28 (3) GDPR). These processors are subject to contractual obligations, which require them to implement appropriate technical and organisational security measures, to safeguard the personal data and to process the personal data only in accordance with our instructions. Our service providers include:
● The service provider for the technical infrastructure and maintenance services relevant to the Services, which is Hyundai Autoever Europe GmbH, Kaiserleistraße 8a, 63067 Offenbach am Main, Germany.
● The service providers for our customer data management platforms and connected car data management platforms, which are salesforce.com Germany GmbH, Erika-Mann-Strasse 31-37, 80636 Munich, Germany, and Amazon Web Services EMEA SARL, 38 avenue, John. F. Kennedy, L-1855, Luxembourg, with their servers located within the EU/EEA.
● The service provider Momentive Europe UC, Second Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin 4, Ireland, which provides the online survey tool Surveymonkey and related services for the purpose of conducting and evaluating surveys.
● The service provider Cerence B.V., CBS Weg 11, 6412EX Heerlen, Netherlands, which provides services in connection with the Online Voice Recognition Service.
● Our affiliated entities in the EU/EEA, which provide services relating to customer support, including call centre services.
● The service providers TomTom Global Content B.V. and HERE Europe B.V., which provide map-related services.
● Other service providers engaged in connection with specific Services.
● Governmental authorities, courts and similar third parties that are public bodies – We may disclose your personal data to governmental authorities, courts and similar third parties that are public bodies where we have a legal obligation to do so (Art. 6 (1) c) GDPR) or for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as independent controllers.
● Outside professional advisors – We may disclose your personal data to our tax consultants, auditors, accountants, legal advisors and other outside professional advisors for the purpose of operating our business (Art. 6 (1) f) GDPR). In some cases, we may also disclose the data for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will usually process the relevant personal data as independent controllers.
● Third-party acquirers – In the event that we sell or transfer all or any relevant portion of our assets or business (including reorganisation or liquidation), we may disclose your personal data to third-party acquirers (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as independent controllers.
● Others – We may also disclose your personal data to other third parties (e.g. insurance companies, leasing companies, financial service providers, fleet companies, data aggregators); however, except in relation to ADAS as mentioned below, we will only share your personal data with such third parties where: (i) you have requested that we do so and gave your prior consent for such disclosure (Art. 6 (1) a) GDPR); (ii) such disclosure is necessary for the performance of our contract with you (Art. 6 (1) b) GDPR); or (iii) such disclosure is necessary for the performance of the relevant third party’s contract with you (Art. 6 (1) b) GDPR). These recipients will process the relevant personal data as independent controllers.
● Within the scope of the Advanced Driver Assist System (“ADAS”), we collect and process a static set of telematics data and transfer this data to preselected data aggregators. This information is static; i.e. it does not include driving information, so it is not possible to profile individuals’ driving behaviour. The purpose of this processing is to protect against possible fraudulent practices, to improve and develop our ADAS to increase the number of vehicles with a high level of safety equipment and to simplify the insurance process for our customers. For this purpose, the following categories of personal data are processed: The vehicle build information (VBI), which may include the vehicle identification number (VIN), model, trim, model year, price, colour, fuel type, voltage system, emissions, class, power and fitted equipment including ADAS safety systems. The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: improving our Services, providing enhanced products and increasing the sales of ADAS vehicles as well as developing new products and customer services. In addition, your personal data as described above may be anonymised to perform our own analytics for improving and developing our products.

We are a member of an international group of companies. Therefore, we may transfer personal data within the Kia group and to other third parties as noted in Section 9 above.
Some of these recipients may be located or have relevant operations outside of your country and the EU/EEA (e.g. in the Republic of Korea, the United Kingdom or the United States of America) (“Third Country”). For some Third Countries, the European Commission has determined that they provide an adequate level of protection for personal data (e.g. the Republic of Korea, the United Kingdom) (“Adequate Jurisdiction”).
Where we transfer personal data to a recipient that is located in a Third Country which has not been determined an Adequate Jurisdiction, we (or our processors in the EU/EEA that transfer personal data to sub-processors in such Third Countries, as applicable) provide appropriate safeguards by way of entering into data transfer agreements adopted by the European Commission (standard contractual clauses) with the recipients or taking other effective measures to provide an adequate level of data protection.
A copy of the respective safeguards may be requested from us or our data protection officer (see Section 2 and Section 3 above).

11.1.
Your personal data is stored by Kia and/or our service providers for no longer than is necessary for the purposes for which the personal data is collected, and which are set out above.
When we no longer require your personal data for such purposes, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we are required to retain the relevant personal data to comply with legal or regulatory obligations to which we are subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 10 years).
11.2.
Reset of Kia Account and/or Head Unit: You can reset the Head Unit and you can reset or deactivate the Kia Account by setting the respective preference / selecting the respective option (e.g. in the Kia Connect App and/or in the Head Unit, as appropriate).
In such a case, the relevant personal data related to your Kia Account and/or in the Head Unit will be blocked and then deleted, unless retention periods apply (see Section 8.1 above).
Upon resetting the Kia Account and/or Head Unit, you will be logged out of the Kia Connect App and/or Head Unit and will have to perform a new log-in procedure or log in with different credentials if you intend to use the Services via the Kia Connect App and/or Head Unit.
Please note that when you
● deactivate your Kia Connect App account, the Head Unit Services in the vehicle’s Head Unit will still be operating.
● reset the Head Unit, your vehicle is disconnected from the Kia Connect App; however, this does not affect the Kia Connect App.

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful forms of processing.
However, as the internet is an open system, the transmission of data via the internet is not completely secure. While we constantly improve our security measures in line with technical developments and in order to ensure an appropriate level of security for any of your personal data that we process, we cannot guarantee the security of your data transmitted to us using the internet.

You may choose to activate offline mode in the Head Unit by setting the respective preference. If offline mode is turned on, all Service functions are disabled and no personal data, in particular no GPS data, is collected. An offline mode icon is displayed at the top of the Head Unit screen in the vehicle.

This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Privacy Notice carefully, and to regularly review any changes we might make in accordance with the terms of this Privacy Notice.
We will publish the updated Privacy Notice on our websites, in the Kia Connect App and the Head Unit. The date of the last update is mentioned at the top of this Privacy Notice.

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“GDPR” means: (i) Regulation (EU) 2016/679 (General Data Protection Regulation); or (ii) with regard to the United Kingdom, Regulation (EU) 2016/679 as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended from time to time (also known as the UK GDPR).
“personal data” means any information relating to an identified or identifiable natural person.
“process”/ ”processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

The following local law amendments apply:
Austria
Section 11.1 shall be amended as follows: Your personal data is stored by Kia and/or our service providers strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 7 years. This retention period may be extended, in particular if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation)).
Belgium
Regarding the data retention period under Section 11.1, in Belgium, personal data relating to the contractual relationship in contracts, communications or commercial letters may be stored for a duration of up to 10 years from the end of the contractual relationship between Kia and you. If such data is relevant in the frame of any administrative or judicial proceedings, it can be stored by Kia for the whole duration of these proceedings, including the expiration of any recourse. The contact details of the Belgian data protection authority are as follows: Autorité de protection des données Gegevensbeschermingsautoriteit, Rue de la presse 35 1000 Brussels, Tel.: +32 (0)2 274 48 00, Fax: +32 (0)2 274 48 35, Email: contact(at)apd-gba.be
Hungary
Section 11.1 shall be replaced as follows: Your personal data is stored by Kia and/or our service providers strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which in the case of accounting documents may require retention for up to 8 years from their date of issue). If such data is relevant in the context of any administrative or judicial proceedings, it can be stored by Kia for the whole duration of these proceedings, including the expiration of any recourse. The contact details of the Hungarian data protection authority are as follows: Nemzeti Adatvédelmi és Információszabadság Hatóság, Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C., Tel.: +36-1-391-1400, Fax: +36-1-391-1410, Email: ügyfelszolgalat@naih.hu
Italy
Notwithstanding anything to the contrary as indicated in the above Privacy Notice, the following will apply to the extent that Italian law will apply to the processing of your personal data: (i) in no event will Kia process your personal data for profiling purposes without your consent; (ii) if you are an existing customer and have provided Kia with your email address, and without prejudice to your right to object pursuant to Section 8.6 above, Kia may send you marketing communications via email relating to products or services similar to the products or services previously purchased by you; (iii) with reference to storage periods, Kia will retain personal data processed for marketing or profiling purposes, if any, for 24 and 12 months, respectively, unless the Italian data protection supervisory authority authorises Kia to retain it for a longer period. The contact details of the Italian data protection supervisory authority are as follows: Garante per la Protezione dei Dati Personali Piazza Venezia n. 11 - 00187 Rome, www.gpdp.it - www.garanteprivacy.it, Email: garante@gpdp.it, Fax: (+39) 06 696773785, Tel.: (+39) 06 696771
The Netherlands
Section 11.1 shall be amended as follows: The standard statutory data retention period for general bookkeeping purposes is 7 years in the Netherlands. Note that this retention period may be extended, in particular if the applicable law so requires and/or if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation).
Poland
Section 8.6 shall be amended as follows: Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, if you granted consent for the processing for such purposes, you have the right to withdraw at any time your consent for the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us. Section 11.1 shall be amended as follows: Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g. the standard statutory data retention period for general bookkeeping purposes is 5 years from the end of the previous financial years in Poland. Note that this retention period may be extended, in particular if the applicable law so requires and/or if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatened or pending litigation)). The contact details of the Polish data protection authority are as follows: Prezes Urzędu Ochrony Danych Osobowych, Urząd Ochrony Danych Osobowych ul. Stawki 2 00 -193 Warszawa, Email: kancelaria@uodo.gov.pl
Slovakia
The contact details of the Slovak data protection authority are as follows: Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27, Slovak Republic https://dataprotection.gov.sk/uoou/sk, Tel.: + 421 2 32 31 32 14, Email: statny.dozor@pdp.gov.sk
Spain
Section 8.1 para. 2 shall be replaced as follows: You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you within six months, unless there is legitimate cause to do so we may charge a reasonable fee based on administrative costs. Section 11 shall be replaced as follows: 11.1. Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will block it and once the period for the statute of limitation has elapsed (e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention for up to 10 years), we will erase it from our systems and/or records and/or take steps to properly anonymise it so that you can no longer be identified from it. 11.2. Where no legal or regulatory retention periods apply, as a rule, all personal data processed in connection with the provision of the Services is blocked and subsequently erased or anonymised immediately after provision of the individual Services has been completed with the following exception:
● Sign-up and log-in data is stored for the duration of the contract (i.e. up to seven years)
11.3. Termination of account: If you choose to terminate your use of the Services (e.g. by setting the respective preference in the Kia Connect App) and/or the Kia Connect Account (e.g. by setting the respective preference in the Head Unit), all personal data related to your Kia Account will be blocked and subsequently deleted as explained above.
This document is information asset of Kia and is protected by relevant laws and regulations.