1. THIS NOTICE
1.1 This notice is provided by Kia (UK) Limited (company number 04415807) of Walton Green, Walton-On-Thames, Surrey, KT12 1FJ, (“we”, “us” or “our”), operating through its branch Kia Ireland, Unit A8 Calmount Park, Calmount Road, Dublin 12, Ireland and is addressed to all users of Kia Voice (together, “you”). It applies both during and after contact with us.
*1.2 This notice relates to personal information about you from which you can be identified. We refer to this information throughout this notice as “personal data”. Personal data does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection. Section 3 of this notice sets out examples of your personal data that we use.
*1.3 We are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal data about you. As a controller we use (or ‘process’) the personal data we hold on you in accordance with this notice.
*1.4 We take our data protection responsibilities seriously and this notice reflects the obligations set out in the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and any laws in England and Ireland giving effect to its provisions.
*1.5 This notice sets out how we collect and process your personal data. This notice also provides certain information that is legally required and lists your rights in relation to your personal data.
*1.6 If you need to contact us in connection with our processing of your personal data, then you can do so by contacting our Data Protection Officer at firstname.lastname@example.org or by post to Data Protection Officer, Kia (UK) Ltd, Walton Green, Walton-on-Thames, Surrey KT12 1FJ.
*1.7 Your personal data belongs to you and it is your choice whether you provide it to us. However, because we need certain items of your personal data in order to perform our obligations to you, please be aware that if you do not provide all of the requested detail we request from you then we may not be able to fulfil all of your requirements. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes during your relationship with us.
*1.8 Please read this notice carefully, so that you are aware of how and why we are using your data.
*1.9 This notice may be amended or updated from time to time. The changes will be made on http://www.kia.com/ie and http://www.kiaservice.ie and/or we may inform you accordingly of changes implemented.
*1.10 This notice does not form part of any contract to provide services.
2. PRINCIPLES OF DATA PROTECTION
*2.1 The GDPR requires that the personal data we hold about you must be:
*2.1.1 used lawfully, fairly and in a transparent way;
*2.1.2 collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
*2.1.3 relevant to the purposes we have told you about and limited only to those purposes;
*2.1.4 accurate and kept up to date;
*2.1.5 kept only as long as necessary for the purposes we have told you about; and
*2.1.6 kept securely.
3. PERSONAL DATA
*3.1 We may obtain personal data about you including but not limited to the following:
*3.1.1 Personal details: given name(s) or preferred name
*3.1.2 Location details: GPS location or textual address
*3.1.3 Contact details: phone number, email address
4. SOURCES OF PERSONAL DATA
We obtain your personal data from the following sources:
4.1.1 Directly from you when interacting with the voice assistant.
5. LEGAL BASIS FOR PROCESSING
*5.1 To process your personal data in connection with the purposes set out in section 6 of this notice, we will rely most commonly on one or more of the following legal bases:
*5.1.1 the processing is necessary in connection with a contract with us;
*5.1.2 the processing is required for compliance with a legal obligation;
*5.1.3 we have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights, or freedoms. When we rely on this legal basis our legitimate interests include fulfilling your requests that need to be passed on to our authorised dealer and repairer network;
*5.1.4 the processing is necessary for the performance of a task carried out in the public interest.
*5.2 In rare circumstances we may rely on the following legal bases:
*5.2.1 the processing is necessary to protect your vital interests or the interests of someone else; or
*5.2.2 the processing is required for compliance with a legal obligation;
*5.3 We do not need your consent if we process your data under one or more of the other legal bases set out above. Where your consent is required for processing, you have the right to withdraw this consent at any time. You can do this by contacting Kia Ireland Customer Service.
6. PURPOSES OF PROCESSING
*6.1 We need your personal data primarily to allow us to perform a contract with you [“PC”], to enable us to comply with legal obligations [“LO”], to perform a task carried out in the public interest [“PI”], to pursue legitimate interests of our own or those of third parties [“LI”], provided your interests and fundamental rights do not override those interests. We will use your personal data for a variety of different purposes including those listed below. We have indicated by [using the definitions PC, LO and LI] the relevant legal basis on which we are processing or will process your personal data, as well as indicating which categories of data are involved. Some of the legal bases for processing will overlap and there may be several which justify our use of your personal data.
6.2 We will use your personal data for a variety of different purposes including the following:
*6.2.1 Processing requests service bookings and passing on to our authorised dealer and repairer network [LI];
*6.2.2 Dealing with your enquiries or complaints such as when you contact our customer services team [LI];
*6.2.3 Recording your Kia history to process customer service interactions [LI];
7. SPECIAL CATEGORIES OF DATA and CRIMINAL OFFENCE DATA
*7.1 Some personal data may contain or consist of more sensitive personal data known as “Special Categories of Data”.
*7.2 Special Categories of Data require higher levels of protection. We need to have further justification for collecting, storing and using this type of data. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. In each case, where we process Special Categories of Data, we rely on one or more of the following additional legal bases:
*7.2.1 You have made the information public;
*7.2.2 Processing is necessary where it is needed for legal claims.
*7.3 We may process the following Special Categories of Data:
7.3.1 Information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, sex life and political opinions;
*7.3.2 Trade union membership;
*7.3.3 Information about your health.
*7.4 We envisage that we may hold data about criminal convictions. We may collect information about criminal convictions related to legal cases or as part of the recruitment process but will not seek to process this data other than in rare circumstances.
7.5 We do not seek to process any special categories of data when you use Kia Voice
8. RECIPIENTS OF PERSONAL DATA
*8.1 We may disclose the personal data you provide to us to our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this notice.
*8.1 The full network of Kia Ireland Authorised Dealers and Repairers can be found at https://www.kia.com/ie/find-a-dealer
*8.5 In addition, we may share your personal data with the following recipients:
*8.5.1 Legal and regulatory authorities, on request, or for the purposes of reporting any actual or suspected breach of law or regulation;
*8.5.2 External professional advisers such as accountants, auditors, lawyers and other outside professional advisers, subject to binding obligations of confidentiality;
*8.5.3 Any relevant party, law enforcement agency, tribunal or court, to the extent necessary for the establishment, exercise or defence of legal rights;
*8.5.4 Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; and
*8.5.5 Any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).
9. TRANSFERS OF PERSONAL DATA OVERSEAS
*9.1 We have third party data processors who work with companies (sub-processors) outside of the EU. We have ensured that those companies have the appropriate safeguards in place to provide an adequate level of data protection.
10. RETENTION OF PERSONAL DATA
*10.1 We will hold your personal data only for so long as is necessary for us to do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
*10.2 Where we no longer need to process your personal data for the purposes set out in this notice then we will delete your personal data from our system.
11. AUTOMATED DECISION MAKING
*11.1 Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
*11.1.1 Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights;
*11.1.2 In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights; or
*11.1.3 Where authorised by law and subject to certain conditions.
*11.2 If we make an automated decision on the basis of any particularly sensitive personal data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
*11.3 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
*11.4 We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
12. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
*12.1 You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and in Irish and UK law, including the right to:
*12.1.1 Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
*12.1.2 Request the correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
*12.1.3 Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
*12.1.4 Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
*12.1.5 Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
*12.1.6 Request the transfer of your personal data to another party.
*12.1.7 Lodge a complaint regarding the processing of your data with the Data Protection Commission
*12.2 In the circumstances where you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please follow the guidance in section 5.3 or contact our Data Protection Officer email@example.com in writing in accordance with section 1.6. After we have received notification that you have withdrawn your consent in relation to a particular purpose we will no longer process your information for that purpose, unless we have another legitimate basis for doing so in law.
*12.3 If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer firstname.lastname@example.org in writing in accordance with section 1.6.
13. IF YOU HAVE FURTHER QUESTIONS
Also Kia Ireland Customer Services are available at 4/7 at 0818 300 007
Kia Ireland’s full privacy notice can be found at https://www.kia.com/ie/data-protection/