Go to content

UVO Connect Legal Notice

    1. Introduction

    This Privacy Notice of Kia UVO Connected GmbH, registered under the registration number HRB 112541, ("Kia", "we" or "us") applies to the collection and processing of personal data in connection with the provision of Kia UVO services ("App Services") via the UVO app ("UVO App"). We at KIA take your privacy very seriously and will process your personal data only in accordance with applicable data protection and privacy law.

    We may change and/or supplement this Privacy Notice at any time. Such changes and/or supplements may be necessary in particular due to the implementation of new technologies or the introduction of new services. We will publish the changes on our websites and/or in the UVO App.

    2. Controller

    The responsible controller for any personal data collected and processed in connection with the provision of the App Services is Kia UVO Connected GmbH.

    3. Contact Point and Data Protection Officer

    3.1 If you have any questions about or in connection with this Privacy Notice or the exercise any of your rights, you may contact our customer call center:

    Kia UVO Connected GmbH
    Email: info@kia-uvo.eu
    Ordinary mail: Theodor-Heuss-Allee 11, 60486 Frankfurt am Main
    Phone: +49 8007773044

    3.2 Alternatively, you may also contact our data protection officer:

    Email: dpo@kia-uvo.eu
    Ordinary mail: Data Protection Officer, Theodor-Heuss-Allee 11, 60486 Frankfurt am Main

    4. Purposes, Legal Basis and Categories of Data

    In connection with the App Services we collect and process your personal data only insofar as the collection and processing is necessary for the conclusion or the performance of the contract for the provision of the App Services (Art. 6 (1) b) GDPR), or legitimate interests (Art. 6 (1) f) GDPR). For further details on the App Services, please consult the respective service description in the UVO Terms of Use - App. The (personal) data described in Sections 4.1 to 4.12 below is collected directly from the UVO App and is processed in connection with the App Services.

    We will further analyse and improve the App Services to develop new mobility and mobility related products and/or services, to secure our products and/or to improve our services. For these purposes, we automatically analyse the data based on statistical and mathematical models to identify potential for improvements.

    The data described in Sections 4.1 to 4.12 below is required to provide the App Services. Without the respective information, the App Services cannot be performed.

    We process your personal data for other purposes only if we are obligated to do so on the basis of legal requirements (for example, transfer to courts or criminal prosecution authorities), if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. If processing for another purpose takes place we will provide you with additional information, if appropriate. We do not engage in automated decision-making including profiling in connection with the App Services unless we have expressly notified you of such automated decision-making including profiling by other means.

    If another person uses the UVO App connected to the same vehicle as you, such other user may see the vehicle's location data by use of the UVO App (using the "Find My Car" service) even if you are using the vehicle at this time. This is only possible with a three kilometers radius of the current location of the vehicle. However, the other user cannot access your live routes.

    4.1 Sign-up process for UVO App:
    To use the UVO App users need to sign-up. Establishing the link between the end user device on which the UVO App is installed and the respective car requires verification.

    For this purpose the following categories of personal data are necessarily processed for the conclusion and/or the performance of the contract: email address, name, password, birthday, mobile number, verification PIN, Car ID, activation code.

    4.2 Log-in process:
    To use the UVO App services, users need to log-in. After logging in, users can add their vehicles and use the UVO services.
    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: email and password

    4.3 Remote Climate Control: The App Service enables the User to remotely control and schedule the air conditioning of their electric vehicle including defrost functions via the UVO App.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, GPS data, odometer information, vehicle status information (air condition status, engine status, door/trunk/window/hood open/close status).

    4.4 Remote Charging The App Service enables the User to remotely initiate and stop the charging of an electric vehicle's battery and schedule the charging via the UVO App.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, GPS data, odometer information, vehicle status information (air condition status, engine status, door/trunk/window/hood open/close status, tire pressure status, brake/engine oil status, charging information, reserve charging information, charging time, charging plug type information).

    4.5 Send to Car: The App Service enables the User to send a point of interest (POI) to the vehicle's navigation system and enables the User to immediately receive location information once the vehicle's ignition is turned on.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, point of interest (POl) information.

    4.6 Find my Car: The App Service that enables the User to locate the vehicle. The vehicle's location will be displayed in the UVO App.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, GPS data, date and time stamp.

    4.7 My Trips: The App Service provides a summary of every journey with date and time, average and maximum speed, distance driven and timing transit.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, GPS data, date and time stamp, driving information (run distance, average speed, max speed, sum of fuel consumption, total power consumption, electric power consumption, driving time, warm up time, average mileage).

    4.8 Vehicle Status: The App Service presents the User the following vehicle information in the UVO App:

    (a) Door status: locked/unlocked

    (b) Trunk/hood status: locked/unlocked

    (c) Climate status: on/off

    (d) State of charge of battery, charging plug status, charging status (electric vehicles only)

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, GPS data, odometer information, vehicle status information (air condition status, engine status, door/trunk/window/hood open/close, status, tire pressure status, gear/seat status, fuel level, brake/engine oil status); for electric vehicles, additionally: charging information, reserve charging information, charging time, charging plug type information).

    4.9 Vehicle Report: The User receives a report in the UVO App. The report includes vehicle diagnostic information and information on driving patterns. The User is informed about issues that require maintenance or repairs as well as information on the severity of the issue, the urgency of repairs/maintenance and the recommended actions.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: GPS data, VIN, Car ID, date and time stamp, vehicle status information (engine status), driving pattern information (car speed information (maximum and average speed), acceleration status information, distance driven, battery consumption information (for electric vehicles)).

    4.10 Vehicle Diagnostic: Provision of an automated diagnostic App Service. Upon turning on the ignition, the vehicle automatically performs a diagnostics scan (Diagnostics Trouble Code (DTC)). If a malfunction is detected, the User receives a message explaining the malfunction detected, its severity as well as the recommended action to be taken.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, odometer information, results of the DTC scan, GPS data, vehicle status information (air condition status, engine status, door/trunk/window/hood open/close status, tire pressure status, gear/seat status, fuel level, brake/engine oil status, battery status).

    4.11 Vehicle Alert: Provision of an alert notification system. Whenever the window is open while the ignition is off, the User will receive a notification message displayed in the UVO App.

    For this purpose the following categories of personal data are necessarily processed for the performance of the contract: VIN, Car ID, date and time stamp, GPS data, odometer information, vehicle status information (door/trunk/window/hood open/close status).

    4.12 Burglar Alarm (only for vehicles that are equipped with a burglar alarm system): Provision of an alarm notification system. Whenever the burglar alarm sounds, the User will receive a notification message displayed in the UVO App.

    For this purpose the following categories of personal data are necessarily processed for the performance of the App Services: VIN, Car ID, date and time stamp, GPS data, odometer information, vehicle status information (air condition status, engine status, door/trunk/window/hood open/close status, tire pressure status, gear/seat status, fuel level, brake/engine oil status).

    4.13 VCRM data: By activating "Product/Service improvement", data regarding the performance, usage, operation and condition of the vehicle will be processed by us in order to improve product and service quality based on your consent. Your consent is voluntary and can be withdrawn at any time by deactivating the respective button. Such a withdrawal will not affect the lawfulness of the processing prior to it. Once the data is collected and sent to our servers, we will anonymize it within 7 days. For the activation of "Product/Service improvement", also the activation of "GIS" is necessary due to technical reasons.

    For this purpose the following categories of personal data are processed based on your consent: Air control system status information, battery status information, status information regarding technical and stability-related systems, dashboard usage and status information, air conditioning and heating-related information, engine, brake and powertrain-related status information, function-related status information, gear and consumption-related information, warning and assistance system-related information, steering and tire-related information, engine and charging-related information, electric vehicle (EV)-specific usage and status information, multimedia-related usage and status information as well as GPS and speed information.

    5. Your Rights

    If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
    Pursuant to applicable data protection law you may have the right to: request access to your personal data, request rectification of your personal data; request erasure of your personal data, request restriction of processing of your personal data; request data portability, and object to the processing of your personal data.

    In addition, you also have the right to lodge a complaint with the competent data protection supervisory authority.

    Please note that these aforementioned rights might be limited under the applicable national data protection law.

    5.1 Right of Access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

    You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

    5.2 Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

    5.3 Right to erasure ("right to be forgotten"): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.

    5.4 Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

    5.5 Right to data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.

    5.6 Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.


    5.7 Right to make arrangements for the storage and communication of data after one’s death: You have a right to make specific arrangements for the storage and communication of your personal data after your death, and we will act accordingly. You may also make general arrangements with a third party, which will let us know about your instructions in due time.



    6. Recipients and Categories of Recipients

    Any access to your personal data at Kia is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.

    Kia may transfer your personal data for the respective purposes to the recipients and categories of recipients listed below:

    Private third parties – Affiliated or unaffiliated private bodies other than us that alone or jointly with others, determine the purposes and means of the processing of personal data.

    For the purpose of providing the App Services we need to transfer data (e.g. to our data processors – see below). For this technical service we rely on telecommunication services provided by telecommunication providers (currently Vodafone GmbH, Ferdinand-Braun-Platz 1, 40549 Dusseldorf, Germany).

    Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of Kia under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.

        - The data processors for the App Services are Hyundai Autoever Europe GmbH, Kaiserleistraße 8a, 63067 Offenbach am Main, Germany and Hyundai MnSoft Inc., 74, Wonhyoro, Yongsan-gu, Seoul, Korea.

        - The data processors for call center services are affiliates of Kia, which are located in the EU/EEA.

    Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

    7. Cross-Border Data Transfer

    Some of the recipients of your personal data will be located or may have relevant operations outside of your country and the EU/EEA, e.g. in the Republic of Korea, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. With regard to data transfers to such recipients outside of the EU/EEA we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC)) with the recipients or taking other measures to provide an adequate level of data protection. A copy of the respective measure we have taken is available via our data protection officer (see 3.2 above).

    8. Storage Period

    8.1 Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Kia is subject; e.g., personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 10 years).

    8.2 Where no legal or regulatory retention periods apply, as a rule, all personal data processed in connection with the provision of the App Services is deleted or anonymized immediately after provision of the individual services action has been completed with the following exceptions:

    Log-in data are stored for the duration of the contract (i.e. up to seven years)

    8.3 Termination of account: If you choose to terminate your use of the App Services (e.g. by setting the respective preference in the UVO App) all personal data related to your UVO account will be deleted, unless retention periods apply (see 8.1 above).

    8.4 Reset of account: Your UVO account may be reset by setting the respective preference (e.g. in the UVO App). Upon reset of the UVO account, you will be logged out of the UVO App and will have to perform a new log-in procedure or log in with different credentials if you intend to use the App Services.

    9. Offline Mode

    You may choose to activate an Offline Mode by setting the respective preference. If Offline Mode is turned on all UVO functions are disabled and no personal data, in particular no location data (GPS), is collected.

    10. Local Law Amendments

    The following local law amendments apply:

    Spain

    Section 5.2 para. 2 shall be replaced as follows:

    You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by You within six months unless there is legitimate cause to do so, we may charge a reasonable fee based on administrative costs.

    Section 8 shall be replaced as follows:

    8.1 Your personal data is stored by Kia and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When Kia no longer needs to process your personal data, we will block it and once the period for the statute of limitation has elapsed (e.g., personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 10 year), we will erase it from our systems and/or records and/or take steps to properly anonymize it so that you can no longer be identified from it.

    8.2 Where no legal or regulatory retention periods apply, as a rule, all personal data processed in connection with the provision of the App Services is blocked and subsequently erased or anonymized immediately after provision of the individual services action has been completed with the following exceptions:

    Log-in data are stored for the duration of the contract (i.e. up to seven years)

    8.3 Termination of account: If you choose to terminate your use of the App Services (e.g. by setting the respective preference in the UVO App) all personal data related to your UVO account will be blocked and subsequently deleted as explained above.



    Italy

    Regardless anything to the contrary as indicated in the above Privacy Notice, the following will apply to the extent Italian law will apply to the processing of your personal data: (i) in no event Kia will process your personal data for profiling purposes without your consent; (ii) if You are an existing customer and have provided Kia with your email address, and without prejudice to your right of object pursuant to point 5.6 above, Kia may send you marketing communications via email in relation to products or services similar to the products or services previously purchased by You; (iii) with reference to storage periods, Kia will retain personal data processed for marketing or profiling purposes, if any, for 24 and 12 months, respectively, unless the Italian data protection supervisory authority authorizes Kia to retain them for a longer period.

    The contact details of the Italian data protection supervisory authority are the following:

    Garante per la Protezione dei Dati Personali
    Piazza Venezia n. 11 - 00187 Rome
    www.gpdp.it - www.garanteprivacy.it
    Email: garante@gpdp.it
    Fax: (+39) 06 696773785
    Tel: (+39) 06 696771

    Netherlands

    Section 8.1 shall be amended as follows:

    The standard statutory data retention period for general bookkeeping purposes is 7 years in the Netherlands. Note that this retention period may be extended, in particular if the applicable law so requires and/or if necessary for the purposes of the legitimate interests pursued by Kia (for example due to threatening or pending litigation).