Vehicle data Policy

Škoda Auto a.s., registered office: tř. Václava Klementa 869, Mladá Boleslav II, 293 01 Mladá Boleslav, Czech Republic, postal code: 29360, identification number: 001 77 041, registered with the Commercial Register maintained by the Municipal Court in Prague, File No. B 332 (“we”, “our”, “us” or “Škoda Auto” as applicable) informs you about the processing of data from the vehicle (“vehicle data”).

Please see the end of this policy for our legal and contact information.

We use various technologies that enable us to collect vehicle data. This policy provides you with information about what data we collect from the vehicle, when, how and why we, and the third parties we work with, use them. This policy also describes your rights related to the processing of personal data.

We may update this policy from time to time. All changes made to this policy will be published at Škoda Auto website and in the event of any substantial changes, we will notify you using an appropriate communication method.

We are controller of vehicle data transmitted from the vehicle via the Internet.

We may collect in particular the following types of vehicle data from the vehicle:

• Identification data: language, unique session ID.
• Technical information on the product: VIN, information on the manner of using the asset (e.g. driving data, vehicle status, mileage, diagnostic data, error memory entries, environmental data, information on the length of the route, vehicle speed and heading), information on maintenance / workshop visits, technical description of the asset (e.g. vehicle colour, infotainment data, HMI version).
• Localisation data: localisation data based on GPS.
• Network identifiers: IP address.

We may also combine vehicle data with other information we receive from third parties or publicly available sources where this is permitted by law. Please see our general Privacy Statement for further details of the sources of information we may use.

We use vehicle data for the following purposes:

• Product improvement and development: With your consent, we access vehicle data to compile statistics, analyses and reports about how you use our products and services so we can continually modify and improve our products and services to better serve you and respond to your needs. For example, we are able to develop and improve automated driving technology or driver assistance functions (e.g., emergency braking, assisted parking and lane assist).
  We may also provide the anonymized or aggregated analyses that does not allow identification of the vehicle or you as a person, for the purposes of improving third party products and services.

You may withdraw consent you have previously provided for the use of vehicle data by:

• Adjusting the settings in the mobile application.
• Contacting us using the contact details below.

After you withdraw your consent to the use of vehicle data for the above-mentioned purposes, we will no longer collect vehicle data for such purpose.

We do not process or retain vehicle data in an identifiable format for longer than is necessary. We process and retain vehicle data for purposes based on consent until the consent which permits such processing is withdrawn.

The only exceptions to the period mentioned above are where:

• the law, court or supervisory authority requires us to hold vehicle data for a longer period, or delete it sooner; or
• you have raised a legal claim, complaint or concern regarding the processing activities described in this policy, in which case we will retain vehicle data for a period of 6 years following the date of that claim, complaint or concern; or
• you exercise your right to have vehicle data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.

We disclose vehicle data to third parties or permit them to access that data in connection with the purposes mentioned above. We may disclose vehicle data to:

• Companies of the Volkswagen Group
• Distribution network (e.g. Škoda Service Partner)
• Service provider

Vehicle data may, upon request, be provided to public authorities, in particular the courts, the Police of the Czech Republic and other law enforcement authorities, as necessary and within the limits of the law.

All vehicle data is collected directly from you or indirectly from the vehicle as you use the vehicle and its features.

Vehicle data collected may be transferred to third countries, i.e. outside of the European Union (“EU”) and the European Economic Area (“EEA”), if you grant us your explicit consent to do so or if we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include:

• ensuring that countries outside of the EU and the EEA to which transfers are made have been deemed adequately protective of personal data for the purposes of data protection law by the relevant bodies; or
• imposing contractual obligations on the recipient of personal data using the standard contractual clauses issued by the European Commission and available at https://eur-lex.europa.eu/eli/dec_impl/2021/914, which the recipient in the third country has committed to in addition to other additional measures to follow.

We will send vehicle data to companies located in the United States of America ("USA") to servers located there. Such transfers are based on the adequacy decision for the USA which states that USA provides sufficient protection for personal data for companies that are certified under EU-US Data Privacy Framework.

9. Automated decision-making on the basis of vehicle data that may be of legal or otherwise significant concern

We do not envisage that any processing to make decisions that have a legal or significant effect on you will be carried out using purely automated means, however we will update this policy and inform you if this position changes.

In order to protect vehicle data against unauthorised access, disclosure, alteration or destruction, we have taken appropriate organisational and technical measures including physical, electronic and management procedures to protect and secure vehicle data.