Aston Martin Connected Cars Privacy Notice
Last revised: 26 July 2024
Aston Martin Lagonda Limited ("AML") is the controller of the personal data collected from or about individuals ("you", "your"), in some cases along with other entities within AML's group of companies (collectively "we", "us", "our") as further described in this privacy notice.
Changes to this privacy notice
We may modify or update this privacy notice from time to time.
If we make any material changes to the terms of this privacy notice then we will notify you of this through appropriate means and will provide a revised version, generally by posting an updated version and changing the date of last revision. The date of last revision is included at the top of the privacy notice.
Scope of this privacy notice
When you purchase and/or operate a connected vehicle and as part of the related services we offer to you, we will process personal data about you. "Personal data" includes any information that relates to you as an identified or identifiable individual and as otherwise understood in applicable data privacy laws throughout the world where applicable to you.
This privacy notice covers the collection of personal data through our connected vehicles and the Aston Martin connected vehicle mobile application (the "App"), as well as the subsequent processing of that data and your rights in connection with that processing.
Please read this privacy notice in conjunction with any other privacy notices or policies that we provide to you from time to time for specific purposes in relation to specific processing activities, so that you're fully informed of how your personal data is collected and used. For further information regarding AML’s privacy practices generally, please refer to our general privacy policy available at ASTON MARTIN LAGONDA PRIVACY POLICY.
What personal data do we process about you and why?
The table in Annex A provides a breakdown of the categories of personal data processed, as well as the purposes of processing and the lawful bases relied on for the purposes of applicable data privacy law.
We will generally process your personal data for the following purposes, including where such purposes form part of our legitimate interests or those pursued by a third party:
- performance of the terms of our agreement with you or to take steps at your request prior to entering into our agreement
- ensuring the quality and delivery of our products and services and developing new products and services
- enabling and improving the functionality and capabilities of the App, including by allowing data to be shared across devices
- fulfilment of our sales, service and administrative processes
- customer support, including providing updates in relation to the progress of your vehicle throughout the manufacturing process and enabling you to easily communicate with your preferred Aston Martin dealer
- marketing communications and market research
- fulfilment of our legal obligations
- enabling recovery in the event of a breakdown or theft of your vehicle
- ·operating and managing our global connected vehicle and driver IT support systems and services
Please note that in cases where we request certain information in order to enter into or perform the terms of our agreement with you, or to comply with applicable statutory requirements, if you decide not to provide us with the relevant information when requested, this could mean that we are unable to enter into an agreement with you or to comply with our obligations.
Your vehicle also has a ‘Privacy Mode’ feature to provide you with an enhanced level of personal privacy. When Privacy Mode is switched on, certain information about you will not be shared with AML or other third parties and certain connected vehicle features will not be available. You can find out more about Privacy Mode and the features it disables in the user manual and in-car settings.
How do we collect your personal data?
We collect your personal data in the following ways:
- by interacting directly with you, including collecting information that you provide in connection with your use of the vehicle by making selections through the use of in-car buttons, displays or other systems (such as the infotainment system integrated within the vehicle) or by use of the App
- by indirectly collecting technical data in relation to your use of the vehicle, including where such information is automatically collected by systems or programmes integrated within the vehicle (such as periodically refreshing data in order to enable remote vehicle status functionality)
- by indirectly collecting your data from the dealer where you purchased the vehicle, including for example any specific issues or preferences relating to the vehicle that you identify to the dealer and any other information that you provide in order to enable use of the App.
Who do we share your personal data with?
We may share your personal data with members of our group of companies and selected third parties, as discussed in more detail below.
Group affiliates
We may share your personal data with other members of our group of companies for the purposes of providing customer support, ongoing maintenance, marketing communications and business administration. Depending on the purposes of processing, this could involve other members of our group also acting as controllers of your personal data, including the following AML group affiliates:
- Aston Martin Lagonda of North America, Inc
- Aston Martin Lagonda of Europe GmbH
- Aston Martin Japan Ltd
- Aston Martin Lagonda (China) Distribution Co. Ltd
Third party service providers
We may use third party service providers to process your personal data on our behalf in specific circumstances or for specific purposes, including in relation to:
- IT and technology-based services, including in connection with data storage arrangements, the provision of App functionality and in-vehicle telecommunications and connectivity services and enhanced functionality features
- diagnostics and data analytics
- breakdown recovery and roadside assistance services
- image and video content
- marketing, communications and customer relationship management
- business administration and resource planning
Other third parties
We may also share your personal data with other third parties, including:
- professional advisors, such as lawyers, accountants and auditors that we interact with in the ordinary course of business and, to the extent necessary, to bring and defend legal claims
- third parties directly involved in, or reasonably related to, an acquisition or disposal of all or part of our business or assets
- ·other public authorities such as law enforcement agencies, emergency services, governmental authorities, courts and tribunals
Preferred dealers (e.g., your preferred dealer and/or dealer from which you purchased your vehicle)
We may share your personal data with the relevant dealership from which you purchased the vehicle, to the extent necessary in order to resolve any issues or complaints relating to your purchase and use of the vehicle, or a dealer that you have otherwise listed as your preferred dealer.
The vehicle owner and other App users
If a non-owner operates the vehicle, we will collect the personal data described in this privacy notice, and some of such personal data may be shared with the owner of the vehicle as described in Annex A. In addition, if the owner allows another user (e.g., in their family or household) to use their App, each person who uses the App will have access to certain data about the vehicle and its use. For example, the owner may have access to information through the App regarding the secondary user’s use of the vehicle, and the secondary user with App access may be able to view certain information through the App about the owner’s and others’ use of the vehicle.
How long do we keep your personal data?
Your personal data is retained for only as long as the specific purposes we set out in this privacy notice, including in the table in Annex A.
In some cases we may however anonymize data so that it is no longer personal data, for example where data is used for statistical purposes. In such cases the anonymized data may be retained for a longer period, but the underlying personal data will be automatically deleted.
Security measures
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy notice.
Your personal data is protected by technical security systems and additional authorization procedures, both during data transfer and when your data is filed and stored on our secure servers.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
However, please note that no data transmission over the internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. As a result, we cannot fully guarantee the security or integrity of any personal data.
Your rights
Under data privacy laws, depending on your country, or state or territory, of which you are a resident or data subject (as applicable) you may be able to exercise the following rights regarding your personal data:
- Access: you may have the right to obtain from us confirmation if your personal data is being processed by us in addition to certain related information, as well as the right to obtain a copy of your personal data undergoing the processing.
- Rectification: you may have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
- Objection: where we process your personal data on the basis of our legitimate interests, you may have the right to object to this processing for reasons relating to your particular situation. If this is the case, we will stop this processing of your personal data unless we can demonstrate compelling reasons why we need to process it which override your rights and freedoms, or where we need to process it for the purposes of legal claims. Where we process your personal data for direct marketing purposes, you may have the right to object to our processing of your personal data for this at any time.
- Portability: you may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit it to other data controllers. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
- Restriction: you may request that we restrict the processing of your personal data in certain cases, (so that we must suspend the processing, except for storage, with your consent or for legal claims) including for example where you object to us processing your personal data on the basis of our legitimate interests or where you want to establish the accuracy or the reason we are processing your personal data.
- Erasure: you may request to erase your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, or (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.
- Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. For example, this is the Office of the Australian Information Commissioner (“OAIC”) in Australia. While we would ask that you please get in touch with us in the first instance so that we can try to resolve your issue, you can contact the OAIC through their website (Contact us | OAIC) or by telephone on 1300 363 992.
- Right to refuse or withdraw consent: in cases where we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent either in full or in part, at any time and we will cease such processing; however, such a withdrawal of consent may mean that we are no longer able to provide you with services that require such processing.The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
Please be aware that not all of these rights are absolute and that there may be situations in which you cannot exercise them or where they are not relevant in the circumstances or applicable in your jurisdiction.
Automated decision-making
We do not conduct any automated decision-making using your personal data that has a legal or significantly similar effect.
International transfers
Some of the third parties with whom we share personal data are located outside of Australia, in third countries which may not be considered by the originating jurisdiction to provide an adequate level of protection for your personal data.
However, transfers made to third parties located in countries that have not been deemed to provide an adequate level of protection for the purposes of applicable data privacy laws only take place using a lawful data transfer mechanism or where appropriate, on the basis of permissible statutory derogations.
Examples of the mechanisms that we may rely on in this context include: (i) the UK International Data Transfer Agreement and the UK Data Transfer Addendum to the EU Standard Contractual Clauses; (ii) the EU Commission’s Standard Contractual Clauses; and (iii) other enforceable overseas data transfer agreements and/or mechanisms permitted under applicable data privacy laws. We may however adjust the type of mechanism used in order to address changing legal requirements and/or lawful transfer instruments.
Your personal data will be or is likely to be transferred to other jurisdictions including, in particular, the UK/EEA and the USA.
Please contact us using the contact details in the Contact Us section below if you'd like to receive further information in relation to how we approach international transfers of your personal data.
Contact Us
If you have any questions about this privacy notice, including any requests to exercise your data protection rights, please contact us by letter or email using the details below:
The Data Protection Officer
Aston Martin Lagonda, Banbury Road,
Gaydon, CV35 0DB,
United Kingdom
Email: data.officer@astonmartin.com
ANNEX A
DETAILS OF OUR DATA PROCESSING
Our lawful basis for processing is generally that the processing is reasonably necessary for one or more of the functions or activities described in this notice or in accordance with your consent provided pursuant to one or more of our data collection notices provided to you. Detailed information regarding the lawful basis for processing in the right-hand column below is relevant only to the extent that UK/EU GDPR or other international data privacy laws apply and require such information to be specified.
Purpose |
Types of Personal Data |
Lawful Basis for Processing (under UK/EU GDPR or other international privacy data laws to the extent applicable) |
Core enablers |
||
Enrollment/User Onboarding |
|
Performance of contract |
Subscription Management |
|
Performance of contract |
Unit Preferences |
|
Legitimate interests |
Change of Country |
|
Performance of contract |
Infotainment |
||
Online Navigation |
|
Performance of contract (for vehicle owners)
Consent (for other vehicle operators) |
Connected vehicle |
||
Geo-fence and Speed-fence
|
|
Performance of contract (for vehicle owners)
Consent (for other vehicle operators) |
Over The Air Software Update (OTASW) |
|
Legitimate interests |
Remote Vehicle Status including Car Finder & Feel Good |
|
Performance of contract (for vehicle owners)
Consent (for other vehicle operators) |
|
Performance of contract (for vehicle owners)
Legitimate interests (for other vehicle operators) |
|
Remote Trip Statistics and Journey Log |
|
Performance of contract (for vehicle owners)
Consent (for other vehicle operators) |
Remote Diagnostics |
|
Legitimate interests |
Protect Mode |
|
Performance of contract (for vehicle owners)
Legitimate interests (for other vehicle operators) |
Private eCall |
|
Performance of contract and/or vital interests |
Breakdown Call |
|
Legitimate interests and/or vital interests |
Stolen Vehicle Tracking |
|
Performance of contract (for vehicle owners)
Legitimate interests (for other vehicle operators) |
Anti-Theft Push Notification |
|
Performance of contract (for vehicle owners)
Legitimate interests (for other vehicle operators) |
Remote Lock / Unlock / Window Open / Close / Window Vent |
|
Performance of contract (for vehicle owners) |
Connected customer |
||
Account Management (Profile) |
|
Performance of contract |
|
Legitimate interests |
|
Order Updates |
|
Legitimate interests |
Pro-Active Communication on Vehicle Status |
|
Performance of contract (for vehicle owners)
Consent (for other vehicle operators) |
|
Performance of contract (for vehicle owners)
Legitimate interests (for other vehicle operators) |
|
Recalls Campaigns |
|
Legal obligation and/or legitimate interests |
Contact Dealer |
|
Legitimate interests |
Preferred Dealer |
|
Legitimate interests |
App Analytics |
Google Analytics:
|
Legitimate interests |
FullStory
|
Legitimate interests |
|
Caching |
|
Legitimate interests |
Compliance |
||
Accountability and Record-Keeping |
|
Legitimate interests and/or legal obligation |