Test Vehicle Privacy Notice
Effective from:
Published at:
This document describes how Volvo Cars (as defined below), and sometimes other entities, processes your personal data when it is collected by test vehicles on test tracks and public roads. Volvo Cars uses test vehicles for the purpose of research, development, and certification of cars and their functions, including assisted, connected, partly automated and autonomous driving functions. For these purposes, we use appropriately marked test vehicles to record data from various sensors, including video recording of the environment.
Volvo Cars test vehicles are used for multiple purposes, which entail different types of personal data processing, as we will explain below. The different types of test vehicles are as follows:
- AD-HMI Vehicles
- Certification Vehicles
- Data Collection Vehicles (hereinafter "DCVs")
You can find the following information below:
1. Who is responsible for the processing of your personal data
The responsibility for the processing of your personal data collected by the test vehicles is divided as described below:
- The entity responsible for the processing of your personal data collected by AD-HMI Vehicles, as well as Certification Vehicles, is Volvo Car Corporation, having its registered office at Assar Gabrielssons Väg, SE-405 31, Gothenburg, Sweden, company registration number 556074-3089, hereinafter referred to as "Volvo Cars," "we," or "us."
- The entities responsible for the processing of personal data collected by the DCVs are, jointly:
- Volvo Car Corporation, and
- Zenseact AB, company registration number 559228-9358, having its registered address at Lindholmspiren 2, 417 56 Gothenburg, Sweden, hereinafter referred to as “Zenseact.”
2. Personal data collected, why, and for how long
As previously stated, Volvo Cars test vehicles are used for multiple purposes, which entail different types of personal data processing – the different test vehicles, what data they collect, and process are described below.
Volvo Cars will not process any of the personal data mentioned below for any purposes other than the purposes explicitly described in this privacy notice. We have implemented relevant measures to, for example, limit the access to the personal data and remove non-relevant material.
2.1 AD-HMI Vehicles
Volvo Cars AD-HMI Vehicles are test vehicles that are driven on public roads and collect traffic data. The processing of traffic data, which involves processing of personal data, is necessary for research, statistical and analytic purposes, and for the development, testing, evaluation, verification and validation of software, hardware, systems and technologies related to the safety and/or functionality of AD/ADAS/DMS and related technologies. Such data consists of the following data categories:
- Video Data collected through the use of video recorders installed on AD-HMI test vehicles, which are positioned to capture the road and the public traffic environment in front of the AD-HMI vehicle. The cameras will record pedestrians, cyclists, people in or on vehicles, and license plates of vehicles in the vicinity of the AD-HMI vehicle. To accomplish our purposes, Volvo Cars need to collect data on real-world traffic environment and real-world traffic situations. Thus, the collected data must be authentic and cannot be modified by blurring, for example. We are not interested in identifying, and do not in any way attempt to identify, the individuals present in the data. Nor do we extract any other personal data from the collected data.
The legal basis for us to process the data mentioned above is our legitimate interests.
We will retain the data mentioned above for a maximum of 10 years to be able to reuse the data to test new versions of software during the lifetime of the components. We will regularly filter out and erase data that is no longer needed in order to keep only relevant traffic situations. Data that is incomplete or corrupted due to technical errors is also a candidate for removal.
2.2 Certification Vehicles
Volvo Cars make use of test vehicles for testing and certification of our new cars and their functions. These Certification Vehicles will collect and process data, including personal data. The processing of data is necessary to ensure that the Volvo Cars vehicles meet applicable quality and road safety standards, as well as other legal requirements. The data these vehicles collect consists of the following data categories:
- Sensor data – such as camera, LIDAR (light detection and ranging), radar and ultrasonic sensors that can detect persons and objects moving around in the public traffic environment where the collection takes place. The cameras will record pedestrians, cyclists, people in or on vehicles, and license plates of vehicles in the vicinity of the Certification vehicle. We are not interested in identifying, and do not in any way attempt to identify, the individuals present in the collected data.
- GPS – Geolocation data from the Certification Vehicle will be collected and stored in order to find relevant recorded data based on location.
The legal basis for us to process the data mentioned above is our legitimate interests.
We will retain the data for as long as it is necessary for the purposes mentioned above, but no longer than 10 years.
2.3 Data Collection Vehicles
Volvo Cars DCVs are driven on public roads to collect traffic data (hereinafter “Public Traffic Environment Data”). The processing of Public Traffic Environment Data, which involves the processing of personal data, is necessary for the purpose of developing safe and reliable software and sensors for advanced driver assistance systems (ADAS) and autonomous drive (AD) systems, with the overall purpose of protecting all lives on the road. Such data consists of the following data categories:
- Sensor Data such as camera, LIDAR (light detection and ranging), radar, and ultrasonic sensors which can detect persons and objects moving around in the public traffic environment where the collection takes place. The data is used for evaluating sensors, the output from software interpreting the sensor data, and the software used in ADAS and AD systems. The cameras will record pedestrians, cyclists, people in or on vehicles, and license plates of vehicles in the vicinity of the DCV. Volvo Cars need to collect data on real-world traffic environment and real-world traffic situations in order to be able to accomplish our purposes. Thus, this data must be authentic and cannot be modified by blurring, for example. We are not interested in and do not in any way attempt to identify the individuals present in the Public Traffic Environment Data. Nor do we extract any other personal data from the collected data.
- GPS Geolocation data from the DCV will be collected and stored in order to be able to develop our functionalities and to find relevant recorded data based on location.
- Annotations will be added to the data to be able to find relevant recorded data, such as annotations of sensitive places. Annotations can be made either by the drivers of the DCV or when the data is processed afterwards.
The legal basis for us to process the data mentioned above is our legitimate interests, as well as to fulfil our legal obligations specified in laws and by government authorities.
We limit our locations of interest to exclude school and hospital entrances, nursing homes, domestic violence shelters, courts, prisons, accident locations with injured individuals, beaches or public parks, private areas such as interiors of houses and their yards or balconies, and other places that might be sensitive for the persons being recorded.
We will retain the data for as long as it is necessary for the purposes mentioned above, but no longer than 10 years. We will regularly filter out and erase Public Traffic Environment Data that is no longer needed in order to keep only relevant traffic situations. Data that is incomplete or corrupted due to technical errors is also a candidate for removal. Drivers will also make annotations of recorded material when the data needs manual review and potential removal if the data can be considered intrusive or harmful for the individuals recorded by the sensors.
3. Sharing of your personal data
We will share your personal data with the following categories of third parties on a need-to-know basis:
- We will share the data with our intragroup entities in order to cooperate in research and development;
- We will share the data with suppliers, including service providers and technology service providers, in order to facilitate finding and correcting errors in the technology they provide;
- We will share the data with our suppliers that provide the IT infrastructure for the means to provide us with storage and data handling.
- With third parties, but only as necessary for compliance with a legal obligation to which we are subject (including but not limited to law enforcement authorities) or where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
All suppliers will act as processors and will be bound by contractual arrangements with us and in line with the purpose set out in this notice. Transfer of the data to third parties outside the EU will be done using Standard Contractual Clauses approved by the EU Commission. Additionally, supplementary measures will be implemented to ensure compliance and security during such transfers.
We can share anonymized data with other parties. Anonymized data cannot be attributed to a natural person and is no longer personal data. We might also share anonymized or data not attributed to a natural person with research entities conducting traffic-related research and with road traffic authorities for road safety improvements, such as to help them assess the quality of lane markings.
4. Your rights and controls
You have specific legal rights relating to the personal data we process about you. The rights may differ depending on which jurisdiction you are in and the nature of the processing. Generally, your rights concern the ability to:
- object to our processing of your data
- ask for a copy of the data we hold about you (the so-called subject access right)
- ask for the data to be transferred to another entity (so-called data portability)
- ask for the data to be corrected or restricted
- ask for the data to be deleted (so-called right to be forgotten)
As mentioned, these rights are not absolute, and in some cases data protection law limits their application. Should this be the case for a request you make to us, we will always explain why we cannot fulfill your request.
If you would like to submit a rights request, please use the form available here, clearly stating that your request refers to our Data Collecting Vehicle. We kindly ask that you use the form, as it sets out the information that we need to verify your identity and effectively process your request. However, should you prefer not to use the form, you are always welcome to contact us and submit your request using the contact information in the next section.
You also have a right to submit a complaint to your local data protection authority should you have concerns about how we use your personal data. However, we would appreciate it if you reached out and raised your concerns directly with us first to allow us to try to resolve them together. You can find our contact information here.
5. Contact information
If you have any questions about how we use your personal data, you can contact us at dataprotection@volvocars.com or contact the Volvo Car Corporation Data Protection Officer as follows:
Mailing Address: Volvo Car Corporation, Attention: The Data Protection Officer, avd 50092, VAK, 405 31 Gothenburg, Sweden.
Email: globdpo@volvocars.com
You can find contact information and other information regarding Zenseact's processing of personal data in their Privacy Policy, http://www.zenseact.com/privacy-policy/.
6. Updates to this notice
We continuously develop our products and services and will review and update this Privacy Notice as a result. As such, we encourage you to revisit this Privacy Notice regularly. The date at the top of this Privacy Notice lets you know when it was last updated. We will handle your personal data in a manner consistent with the Privacy Notice under which it was collected unless we have your consent to handle it differently.