Aston Martin Connected Car System Privacy Policy

Last revised: 19 July 2024

Aston Martin Lagonda Limited ("AML") is the controller of the personal data collected from or about individuals ("you", "your"), in some cases along with other entities within AML's group of companies (collectively "we", "us", "our") as further described in this privacy notice.

Changes to this privacy notice

We may modify or update this privacy notice from time to time.

If we make any material changes to the terms of this privacy notice then we will notify you of this through appropriate means and will provide a revised version, generally by posting an updated version and changing the date of last revision. The date of last revision is included at the top of the privacy notice.

Scope of this privacy notice

When you purchase and/or operate a connected vehicle and as part of the related services we offer to you, we will process personal data about you. "Personal data" includes any information that relates to you as an identified or identifiable individual.

This privacy notice covers the collection of personal data through our connected vehicles and the Aston Martin connected vehicle mobile application (the "App"), as well as the subsequent processing of that data and your rights in connection with that processing.

Please read this privacy notice in conjunction with any other privacy notices or policies that we provide to you from time to time for specific purposes in relation to specific processing activities, so that you're fully informed of how your personal data is collected and used. For further information regarding AML’s privacy practices generally, please refer to our general privacy policy available at ASTON MARTIN LAGONDA PRIVACY NOTICE.

What personal data do we process about you and why?

The table in Annex A provides a breakdown of the categories of personal data processed, as well as the purposes of processing and the lawful bases relied on for the purposes of applicable data privacy law.

We will generally process your personal data for the following purposes, including where such purposes form part of our legitimate interests or those pursued by a third party:

performance of the terms of our agreement with you or to take steps at your request prior to entering into our agreement
ensuring the quality and delivery of our products and services and developing new products and services
enabling and improving the functionality and capabilities of the App, including by allowing data to be shared across devices
fulfilment of our sales, service and administrative processes
customer support, including providing updates in relation to the progress of your vehicle throughout the manufacturing process and enabling you to easily communicate with your preferred Aston Martin dealer
marketing communications and market research
fulfilment of our legal obligations
enabling recovery in the event of a breakdown or theft of your vehicle
operating and managing our global connected vehicle and driver IT support systems and services

Please note that in cases where we request certain information in order to enter into or perform the terms of our agreement with you, or to comply with applicable statutory requirements, if you decide not to provide us with the relevant information when requested, this could mean that we are unable to enter into an agreement with you or to comply with our obligations.

Your vehicle also has a ‘Privacy Mode’ feature to provide you with an enhanced level of personal privacy. When Privacy Mode is switched on, certain information about you will not be shared with AML or other third parties and certain connected vehicle features will not be available. You can find out more about Privacy Mode and the features it disables in the user manual and in-car settings.

How do we collect your personal data?

We collect your personal data in the following ways:

by interacting directly with you, including collecting information that you provide in connection with your use of the vehicle by making selections through the use of in-car buttons, displays or other systems (such as the infotainment system integrated within the vehicle) or by use of the App
by indirectly collecting technical data in relation to your use of the vehicle, including where such information is automatically collected by systems or programmes integrated within the vehicle (such as periodically refreshing data in order to enable remote vehicle status functionality and sending location data automatically to our call centres through our Stolen Vehicle Tracking system when a theft alert is triggered by the vehicle)
by indirectly collecting your data from the dealer where you purchased the vehicle, including for example any specific issues or preferences relating to the vehicle that you identify to the dealer and any other information that you provide in order to enable use of the App.

Who do we share your personal data with?

We may share your personal data with members of our group of companies and selected third parties, as discussed in more detail below.

Group affiliates

We may share your personal data with other members of our group of companies for the purposes of providing customer support, ongoing maintenance, marketing communications and business administration. Depending on the purposes of processing, this could involve other members of our group also acting as controllers of your personal data, including the following AML group affiliates:

Aston Martin Lagonda of North America, Inc
Aston Martin Lagonda of Europe GmbH
Aston Martin Japan Ltd
Aston Martin Lagonda (China) Distribution Co. Ltd

Third party service providers

We may use third party service providers to process your personal data on our behalf in specific circumstances or for specific purposes, including in relation to:

IT and technology-based services, including in connection with data storage arrangements, the provision of App functionality and in-vehicle telecommunications and connectivity services and enhanced functionality features
diagnostics and data analytics
breakdown recovery and roadside assistance services
stolen vehicle tracking
image and video content
marketing, communications and customer relationship management
business administration and resource planning

Other third parties

We may also share your personal data with other third parties, including:

professional advisors, such as lawyers, accountants and auditors that we interact with in the ordinary course of business and, to the extent necessary, to bring and defend legal claims
third parties directly involved in, or reasonably related to, an acquisition or disposal of all or part of our business or assets
·other public authorities such as law enforcement agencies, emergency services, governmental authorities, courts and tribunals

Preferred dealers (e.g., your preferred dealer and/or dealer from which you purchased your vehicle)

We may share your personal data with the relevant dealership from which you purchased the vehicle, to the extent necessary in order to resolve any issues or complaints relating to your purchase and use of the vehicle, or a dealer that you have otherwise listed as your preferred dealer.

The vehicle owner and other App users

If a non-owner operates the vehicle, we will collect the personal data described in this privacy notice, and some of such personal data may be shared with the owner of the vehicle as described in Annex A. In addition, if the owner allows another user (e.g., in their family or household) to use their App, each person who uses the App will have access to certain data about the vehicle and its use. For example, the owner may have access to information through the App regarding the secondary user’s use of the vehicle, and the secondary user with App access may be able to view certain information through the App about the owner’s and others’ use of the vehicle.

How long do we keep your personal data?

Your personal data is retained for only as long as the specific purposes we set out in this privacy notice, including in the table in Annex A.

In some cases we may however anonymize data so that it is no longer personal data, for example where data is used for statistical purposes. In such cases the anonymized data may be retained for a longer period, but the underlying personal data will be automatically deleted.

Security measures

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy notice.

Your personal data is protected by technical security systems and additional authorization procedures, both during data transfer and when your data is filed and stored on our secure servers.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

However, please note that no data transmission over the internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. As a result, we cannot fully guarantee the security or integrity of any personal data.

Your rights

Under data privacy laws, depending on your country, or state or territory, of which you are a resident or data subject (as applicable) you may be able to exercise the following rights regarding your personal data:]

Access: you may have the right to obtain from us confirmation if your personal data is being processed by us in addition to certain related information, as well as the right to obtain a copy of your personal data undergoing the processing.
Rectification: you may have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
Objection: where we process your personal data on the basis of our legitimate interests, you may have the right to object to this processing for reasons relating to your particular situation. If this is the case, we will stop this processing of your personal data unless we can demonstrate compelling reasons why we need to process it which override your rights and freedoms, or where we need to process it for the purposes of legal claims. Where we process your personal data for direct marketing purposes, you may have the right to object to our processing of your personal data for this at any time.
Portability: you may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit it to other data controllers. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
Restriction: you may request that we restrict the processing of your personal data in certain cases, (so that we must suspend the processing, except for storage, with your consent or for legal claims) including for example where you object to us processing your personal data on the basis of our legitimate interests or where you want to establish the accuracy or the reason we are processing your personal data.
Erasure: you may request to erase your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, or (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.
Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. For example, this is the Information Commissioner’s Office in the UK ("“ICO"”). While we would ask that you please get in touch with us in the first instance so that we can try to resolve your issue, you can contact the ICO through the live chat feature on their website (Contact us -– public | ICO) or by telephone on 0303 123 1113.
Right to refuse or withdraw consent: in cases where we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent either in full or in part, at any time and we will cease such processing; however, such a withdrawal of consent may mean that we are no longer able to provide you with services that require such processing. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

Please be aware that not all of these rights are absolute and that there may be situations in which you cannot exercise them or where they are not relevant in the circumstances or applicable in your jurisdiction.

Automated decision-making

We do not conduct any automated decision-making using your personal data that has a legal or significantly similar effect.

International transfers

Some of the third parties with whom we share personal data are located outside [SINGAPORE: Singapore / GLOBAL: the UK and EEA], in third countries which may not be considered by the originating jurisdiction to provide an adequate level of protection for your personal data.

However, transfers made to third parties located in countries that have not been deemed to provide an adequate level of protection only take place [GLOBAL: using a lawful data transfer mechanism or where appropriate, on the basis of permissible statutory derogations / JAPAN: in accordance with contracts and mechanisms that ensure an adequate level of protection for Japanese consumers in compliance with Japanese data privacy laws.]

Examples of the mechanisms that we may rely on in this context include: (i) the UK International Data Transfer Agreement and the UK Data Transfer Addendum to the EU Standard Contractual Clauses; (ii) the EU Commission’s Standard Contractual Clauses and (iii) other enforceable overseas data transfer agreements and/or mechanisms permitted under applicable data privacy laws. We may however adjust the type of mechanism used in order to address changing legal requirements and/or lawful transfer instruments.

Please contact us using the contact details in the Contact Us section below if you'd like to receive further information in relation to how we approach international transfers of your personal data.

Contact Us

If you have any questions about this privacy notice, including any requests to exercise your data protection rights, please contact us by letter or email using the details below:

The Data Protection Officer
Aston Martin Lagonda, Banbury Road,
Gaydon, CV35 0DB,
United Kingdom

E-Mail: data.officer@astonmartin.com

ANNEX A

DETAILS OF OUR DATA PROCESSING

Purpose	Categories of Personal Data	Lawful Basis for Processing (under UK/EU GDPR or other international privacy data laws to the extent applicable)
Core enablers
Enrollment/user onboarding	AML ID Country of vehicle use User email address / phone number Title, first name and last name Address Preferred language Identity check of user Proof of ownership check of user Acceptance of terms and conditions (including date and time of acceptance)	Performance of contract
Subscription management	AML ID Vehicle identification number ("VIN") Payment status for service packages	Performance of contract
Unit preferences	Tyre pressure units Vehicle electrical unit data Distance and range	Legitimate interests
Change of country	AML ID VIN Country where vehicle is being used	Performance of contract
Infotainment
Online navigation	Planned destination Vehicle GPS position Various vehicle related information for route calculation, including traffic proximity and updates.	Performance of contract (for vehicle owners) Consent (for other vehicle operators)
HERE online	Vehicle speed Vehicle GPS position	Legal obligations
Connected vehicle
Geo-fence and Speed-fence	Vehicle speed Vehicle GPS position and location timestamp	Performance of contract (for vehicle owners) Consent (for other vehicle operators)
Over the air software update (OTASW)	VIN Current software versions installed on relevant electronic control units Current status of download/update of new software	Legitimate interests
Remote vehicle status including Car Finder & Feel Good	Vehicle GPS position	Performance of contract (for vehicle owners) Consent (for other vehicle operators)
Remote vehicle status including Car Finder & Feel Good	Various vehicle-related information (such as odometer, oil level, tyre pressure, window status and next service date)	Performance of contract (for vehicle owners) Legitimate interests (for other vehicle operators)
Remote trip statistics and journey log	Vehicle GPS position Fuel consumption rates Distances driven Journey start and end positions Start and stop times Time spent driving Odometer data	Performance of contract (for vehicle owners) Consent (for other vehicle operators)
Remote diagnostics	Vehicle fault codes	Legitimate interests
Protect mode	Vehicle status Drive mode	Performance of contract (for vehicle owners) Legitimate interests (for other vehicle operators)
Private eCall	Vehicle GPS position Emergency notification signal Voice communication	Performance of contract and/or vital interests
Public EU eCall	Vehicle GPS position Emergency notification signal Voice communication	Legal obligation and/or vital interests
Breakdown call	AML ID Telephone number Vehicle GPS position Vehicle fault codes Remote vehicle status Telephone number Vehicle license plate number	Legitimate interests and/or vital interests
Stolen vehicle tracking	Telephone number VIN Vehicle license plate number Residence address Vehicle theft status Vehicle GPS position	Performance of contract (for vehicle owners) Legitimate interests (for other vehicle operators)
Anti-theft push notification	Vehicle theft status	Performance of contract (for vehicle owners) Legitimate interests (for other vehicle operators)
Remote lock / unlock	Vehicle GPS position Various vehicle-related information (such as door/window/vent status/open/close)	Performance of contract (for vehicle owners)
Connected customer
Account management (profile)	AML ID Country of vehicle use User email address / phone number Residence address Contact preferences	Performance of contract
Account management (profile)	Data usage / privacy preferences Profile image	Legitimate interests
Order updates	AML ID Photographs of your vehicle taken during the production process	Legitimate interests
Pro-active communication on vehicle status	Vehicle GPS position	Performance of contract (for vehicle owners) Consent (for other vehicle operators)
Pro-active communication on vehicle status	Various vehicle-related information (such as odometer, oil level, tyre pressure, window status and next service date)	Performance of contract (for vehicle owners) Legitimate interests (for other vehicle operators)
Recalls campaigns	AML ID User email address / phone number Title, first name and last name Address Vehicle make and model VIN Vehicle fault codes	Legal obligation and/or legitimate interests
Contact dealer	AML ID User email service provider selected	Legitimate interests
Preferred dealer	AML ID Selected dealer of choice or dealer of last interaction (by default) Address	Legitimate interests
App analytics	Google Analytics: Unique user identifier City / country of vehicle use Gender Age range App and customer events	Legitimate interests
App analytics	FullStory Unique user identifier App events, customer events and session recordings	Legitimate interests
Caching	AML ID Contact information Vehicle enabled services Vehicle status Protect Mode status Vehicle GPS location Details of vehicles owned (including registration numbers and nicknames) Preferred dealer information Consent to App analytics (including date and time of consent)	Legitimate interests
Compliance
Accountability and record-keeping	AML ID Acceptance of terms and conditions (including date and time of acceptance) Acknowledgement of privacy notice (including date and time of acknowledgment) Version of document accepted/acknowledged Consent to App analytics (including date and time of consent)	Legitimate interests and/or legal obligation