Aston Martin Connected Cars Privacy Notice
Aston Martin Lagonda Limited ("AML") (ICO registration number: Z5475567) is the controller of the personal data collected from or about individuals ("you", "your"), in some cases along with other entities within AML's group of companies (collectively "we", "us", "our") as further described in this notice.
Scope of this notice
When you purchase and/or operate a connected car and as part of the related services we offer to you, we will process personal data about you. "Personal data" includes any information that relates to you as an identified or identifiable individual.
This privacy notice covers the collection of personal data through our connected cars and the Aston Martin connected vehicle mobile application (the "App"), as well as the subsequent processing of that data and your rights in connection with that processing.
Please read this notice in conjunction with any other privacy notices or policies that we provide to you from time to time for specific purposes in relation to specific processing activities, so that you're fully informed of how your personal data is collected and used.
What personal data do we process about you and why?
The table in Annex A provides a breakdown of the categories of personal data processed, as well as the purposes of processing and the lawful bases relied on for the purposes of applicable data protection law.
However, we will generally process your personal data for the following purposes, including where such purposes form part of our legitimate interests or those pursued by a third party:
- performance of the terms of our agreement with you or to take steps at your request prior to entering into our agreement
- ensuring the quality of our products and services and developing new products and services
- enabling and improving the functionality and capabilities of the App
- fulfilment of our sales, service and administrative processes
- customer support
- marketing communications and market research
- fulfilment of our legal obligations
Please note that in cases where we request certain information in order to enter into or perform the terms of our agreement with you, or to comply with applicable statutory requirements, your failure to provide the relevant information when requested could mean that we are unable to enter into an agreement with you or to comply with our obligations.
How do we collect your personal data?
We collect your personal data in the following ways:
- by interacting directly with you, including collecting information that you provide in connection with your use of the car by making selections through the use of in-car buttons, displays or other systems (such as the infotainment system integrated within the vehicle) or by use of the App
- by indirectly collecting technical data in relation to your use of the car, including where such information is automatically collected by systems or programmes integrated within the vehicle (such as periodically refreshing data in order to enable remote vehicle status functionality)
- by indirectly collecting your data from the dealer where you purchased the car, including for example any specific issues or preferences relating to the vehicle that you identify to the dealer
Who do we share your personal data with?
We may share your personal data with members of our group of companies and selected third parties, as discussed in more detail below.
Group affiliates
We may share your personal data with other members of our group of companies for the purposes of providing customer support, ongoing maintenance, marketing communications and business administration. Depending on the purposes of processing, this could involve other members of our group also acting as controllers of your personal data, including the following AML group affiliates:
- Aston Martin Lagonda of North America, Inc
- Aston Martin Lagonda of Europe GmbH
- Aston Martin Japan Ltd
- Aston Martin Lagonda (China) Distribution Co. Ltd
Third party service providers
We may use third party service providers to process personal data on our behalf in specific circumstances or for specific purposes, including in relation to:
- IT and technology-based services, including in connection with data storage arrangements, the provision of App functionality and in-vehicle telecommunications and connectivity services and enhanced functionality features
- diagnostics and data analytics
- roadside assistance
- image and video content
- marketing, communications and customer relationship management
- business administration and resource planning
Other third parties
We may also share personal data with other companies and business partners where they act in their capacity as separate data controllers. This includes:
- professional advisors, such as lawyers, accountants and auditors that we interact with in the ordinary course of business and, to the extent necessary, to bring and defend legal claims
- the relevant dealership from which you purchased the car, to the extent necessary in order to resolve any issues or complaints relating to your purchase and use of the car;
- third parties directly involved in, or reasonably related to, an acquisition or disposal of all or part of our business
- other public authorities such as law enforcement agencies, emergency services, governmental authorities, courts and tribunals
How long do we keep your personal data?
Your personal data is saved for only as long as the specific purposes we set out in this notice, including in the table in Annex A.
In some cases we may however anonymize data so that it is no longer personal data, for example where data is used for statistical purposes. In such cases the anonymized data may be retained for a longer period, but the underlying data will be automatically deleted.
Security measures
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
Your personal data is protected by technical security systems and additional authorization procedures, both during data transfer and when your data is filed and stored on our secure servers.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they are subject to a duty of confidentiality
Your rights
Under data protection laws, you may be able to exercise the following rights regarding your personal data:
- Access: you may have the right to obtain from us confirmation if your personal data is being processed by us in addition to certain related information, as well as the right to obtain a copy of your personal data undergoing the processing.
- Rectification: you may have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
- Objection: where we process your personal data on the basis of our legitimate interests, you may have the right to object to this processing for reasons relating to your particular situation. If this is the case, we will stop this processing of your personal data unless we can demonstrate compelling reasons why we need to process it which override your rights and freedoms, or where we need to process it for the purposes of legal claims. Where we process your personal data for direct marketing purposes, you may have the right to object to our processing of your personal data for this at any time.
- Portability: you may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit it to other data controllers. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
- Restriction: you may request that we restrict the processing of your personal data in certain cases, (so that we must suspend the processing, except for storage, with your consent or for legal claims) including for example where you object to us processing your personal data on the basis of our legitimate interests or where you want to establish the accuracy or the reason we are processing your personal data.
- Erasure: you may request to erase your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, or (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.
- Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. This is the Information Commissioner’s Office in the UK ("ICO"). While we would ask that you please get in touch with us in the first instance so that we can try to resolve your issue, you can contact the ICO through the live chat feature on their website (Contact us - public | ICO) or by telephone on 0303 123 1113.
- Right to refuse or withdraw consent: in cases we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
Please be aware that not all of these rights are absolute and that there may be situations in which you cannot exercise them or where they are not relevant in the circumstances.
Automated decision-making
We do not conduct any automated decision-making using your personal data that has a legal or significantly similar effect.
International transfers
Some of the third parties with whom we share personal data are located outside the UK and EEA, in third countries which are not considered to provide an adequate level of protection for your personal data.
However, transfers made to third parties located in countries that have not been deemed to provide an adequate level of protection only take place using a lawful data transfer mechanism. Examples of the mechanisms that we may rely on in this context include: (i) the UK International Data Transfer Agreement and the UK Data Transfer Addendum to the EU Standard Contractual Clauses; (ii) the EU Commission’s Standard Contractual Clauses; and (iii) where appropriate, on the basis of permissible statutory derogations. We may however adjust the type of mechanism used in order to address changing legal requirements and/or lawful transfer instruments.
Please contact us using the contact details in the Contact Us section below if you'd like to receive further information in relation to how we approach international transfers of your personal data.
Changes to this notice
We may modify or update this privacy notice from time to time.
If me make any material changes to the terms of this notice then we will notify you of this through appropriate means and will provide a revised version. The time of last revision is included at the bottom of the notice.
Contact Us
If you have any questions about this privacy notice, including any requests to exercise your data protection rights, please contact us by letter or email using the details below:
The Data Protection Officer
Aston Martin Lagonda, Banbury Road,
Gaydon, CV35 0DB,
United Kingdom
E-Mail: data.officer@astonmartin.com
Last revised: 6 June 2023
ANNEX A
DETAILS OF OUR DATA PROCESSING
Purpose |
Categories of Personal Data |
Lawful Basis for Processing |
Core enablers |
||
Enrolment/user onboarding |
· Acceptance of terms and conditions (including date and time of acceptance) |
Performance of contract |
· Acknowledgement of privacy notice (including date and time of acknowledgment) |
Legitimate interests |
|
Subscription management |
|
Performance of contract |
Change of country |
|
Performance of contract |
Infotainment |
||
Online navigation |
· Various vehicle related information for route calculation |
Performance of contract (for vehicle owners) Consent (for other vehicle operators) |
Connected car |
||
Over the air software update (OTASW) |
· Current software versions installed on relevant electronic control units · Current status of download/update of new software |
Legitimate interests |
Remote vehicle status including Car Finder & Feel Good |
· Various vehicle-related information (such as odometer, oil level, tyre pressure, window status and next service date) |
Performance of contract (for vehicle owners) Consent (for other vehicle operators) |
Protect mode |
|
Performance of contract |
Private eCall (applicable only in Australia, Canada, China, Japan, Mexico, New Zealand and USA) |
|
Performance of contract and/or vital interests |
Public EU eCall |
|
Legal obligation and/or vital interests |
Connected customer |
||
Account management (profile) |
|
Performance of contract |
|
Legitimate interests |
|
Pro-active communication on car status |
· Various vehicle-related information (such as odometer, oil level, tyre pressure, window status and next service date) |
Performance of contract (for vehicle owners) Consent (for other vehicle operators) |
Contact dealer |
|
Legitimate interests |
Preferred dealer |
· Selected dealer of choice or dealer of last interaction (by default)
|
Legitimate interests |
Compliance |
||
Accountability and record-keeping |
· Acceptance of terms and conditions (including date and time of acceptance) · Acknowledgement of privacy notice (including date and time of acknowledgment)
|
Legitimate interests and/or legal obligation |