Go to content
CHANGE COUNTRY

it

CHANGE COUNTRY

MyKia Privacy Notice

  • 1. Introduction


    This privacy notice (the “Privacy Notice”) is issued by [FULL LEGAL NAME OF KIA NSC] ("Kia", "we", "us", “our”) and is addressed to visitors and users (each a “User”, “you”, “your”) of the MyKia Web-based application available at [INSERT LINK] (“MyKia WebApp”). When you visit and/or use the MyKia WebApp, we will process personal data relating to you as further set out in this Privacy Notice. Kia takes the protection of your personal data and your privacy very seriously and will process your personal data only in accordance with the GDPR and other applicable data protection and privacy laws. Please note that in addition to this Privacy Notice, where appropriate, we may inform you about the processing of your personal data separately, for example in consent forms or separate privacy notices.

  • 2. Controller, Contact Information


    2.1 [FULL LEGAL NAME OF KIA NSC] is the controller of the personal data collected and processed in connection with your visit and use of the MyKia WebApp.

    2.2 If you have any questions about this Privacy Notice or our processing of your personal data, or if you wish to exercise any of your rights, you may contact us at:

    [FULL LEGAL NAME OF KIA NSC]
    [ADDRESS – STREET / NO.]
    [ADDRESS – CITY, POSTCODE, COUNTRY]
    Email: [INSERT]

    Alternatively, you may also contact our data protection officer at the contact details provided in Section 3 below.

  • 3. Data Protection Officer


    We have appointed a[n] [external] data protection officer (“DPO”). You may contact our DPO at:
    [INSERT CONTACT DETAILS]

  • 4. Collection of Personal Data


    We collect or obtain personal data about you from the following sources:

    • Data provided to us – We obtain personal data when those data are provided to us (e.g. when you register with the MyKia WebApp, or where you contact us via email, telephone, our contact form, or by any other means).
    • Third party information – When you register with the MyKia WebApp, we obtain personal data from Kia Connect GmbH (“KCE”) in relation to your Kia Account. In addition, if you are a user of the Kia Connect services provided by KCE, we may receive certain Vehicle Details from KCE, subject to your prior consent. If you use the Online Booking Service, we receive information about the status of the requested service appointment from the relevant workshop or dealer.
    • Relationship data – We collect or obtain personal data in the ordinary course of our relationship with you (e.g. we provide a service to you).
    • Website data – We collect or obtain personal data when you visit the MyKia WebApp or use any features or resources available on or through the MyKia WebApp.

  • 5. Types of Personal Data That We Process


    We process the following types of personal data about you:

    • Personal Details: given name(s) + surname(s).
    • Contact Details: correspondence address; telephone number; email address.
    • Vehicle Details: vehicle identification number (“VIN”); model information; registration date; registration number; warranty start date and end date; mileage; estimated annual mileage; service dates; MOT test dates.
    • Preferred Workshop/Dealer Information: information about your preferred workshop and/or dealer.
    • Online Service Bookings Data: information provided by you in relation to a request for an Online Service Booking (as defined below), including drop off time/preferred time slot; chosen services; additional repairs; selection of offers and promotions; transportation options.
    • Ownership Information: information and documentation relating to the ownership of a vehicle or the right to use a vehicle.
    • Consent Records: records of any consents you have given, together with the date and time, means of consent, and any related information (e.g. the subject matter of the consent).
    • Contract Data: information about acceptance and termination of the MyKia WebApp Terms of Use; date and time of acceptance and termination.
    • Technical Data: device type; operating system; browser type; IP address; dates and times of connection to the MyKia WebApp; time zone; URL of the referring website; data volume transmitted; UUID.
    • Kia Account Data: email address; UUID; first name; last name. country.
    • Communication Data: information provided to us by you in connection with customer support-related requests.

  • 6. Purposes of Processing and Legal Basis for Processing


    The purposes for which we process the categories of personal data identified in Section 5 above and the legal bases on which we perform such processing are as follows:

    6.1 Visiting the MyKia WebApp
    When you visit the MyKia WebApp, your web browser will automatically transmit Technical Data to our web server. Details about the purposes of processing Technical Data and the legal basis for such processing are provided in our website privacy notice, which is available here: [INSERT LINK TO THE NSC WEBSITE PRIVACY NOTICE].

    6.2 Registration on the MyKia WebApp
    For the registration on the MyKia WebApp, you first need to have or create a Kia Account with KCE. Details about KCE’s processing of your personal data in connection with the Kia Account are provided here: https://connect.kia.com/eu/kia-account-docs/ .
    When you register with the MyKia WebApp, your Kia Account Data will be shared with us by KCE for the purpose of the registration process. Furthermore, as part of the registration process, we will ask you: (i) to provide the VIN of your vehicle and other information relating to your vehicle, which will also help us to retrieve further information about your vehicle from our systems and display this to you in the MyKia WebApp; (ii) to provide your contact details; (iii) to confirm your preferred workshop and dealer; and (iv) to accept the MyKia WebApp Terms of Use. We may also ask you to confirm that you are the owner or rightful user of the relevant vehicle to ensure that your registration with the MyKia WebApp is legitimate. For this purpose, we may require you to self-validate the ownership of or right to use the vehicle and/or to provide proof of ownership or the right to use the vehicle (as applicable).
    For this purpose, the following types of personal data are processed: Personal Details; Contact Details; Vehicle Details; Preferred Workshop/Dealer Information; Ownership Information; Kia Account Data; Contract Data.
    Legal basis: The processing of the Ownership Information is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: to ensure that you are the owner or rightful user of the relevant vehicle, which will help to prevent misuse and the display of information to unauthorised persons. The processing of the other types of personal data referenced above are necessary for the performance of the contract that you have entered into with us, or for the conclusion of the contract with us (Art. 6 (1) b) GDPR).

    6.3 Features of MyKia WebApp
    In this clause 6.3, we provide you with information regarding our processing of your personal data in connection with certain features of the MyKia WebApp.
    a) Garage
    In the “Garage” section of the MyKia WebApp, we will display to you certain details about your vehicle and provide you with a timeline regarding upcoming services and MOT tests. This section also allows you to add vehicles or to remove vehicles to your MyKia WebApp account. Based on the Vehicle Details available to us, we will calculate the estimated annual mileage of the relevant vehicle and provide you with (recommended) timelines for future services and MOT tests.
    For this purpose, the following types of personal data are processed: Vehicle Details. Legal basis: The processing is necessary for the performance of the contract that you have entered into with is (Art. 6 (1) b) GDPR).
    b) Schedule
    When you are logged into the MyKia WebApp, you can use certain features for the purpose of scheduling services and appointments in the “Schedule” section. The feature “service appointments” allows you to request a service for your vehicle with a workshop or dealer and to provide additional information (e.g. drop off time/preferred time slot; services; additional repairs; selection of offers and promotions; transportation options) (“Online Service Bookings”). Once we have received your request and subject to your prior consent , your request, your Contact Details and the Vehicle Details will be forwarded to the relevant workshop or dealer that will be in touch to arrange the service appointment. Please refer to the privacy notice of the relevant workshop or dealer for information about their processing of your personal data in connection with service bookings and appointments.
    In the “Schedule” section, we also provide you with the status of your Online Service Bookings (i.e. confirmed, pending, cancelled). Furthermore, you can edit and cancel upcoming Online Service Bookings and we will display to you information about past service appointments. For this purpose, we will receive information about the status of your Online Service Bookings from the relevant workshop or dealer.
    If you visit the MyKia WebApp as a guest and wish to make an Online Service Booking without signing-up to or logging into the MyKia WebApp, the above applies accordingly, except that you will not be able to see the status of your Online Service Booking, edit and cancel upcoming service appointments via the MyKia WebApp or see an overview of your past service appointments.
    For this purpose, the following types of personal data are processed: Personal Details; Contact Details; Vehicle Details; Preferred Workshop/Dealer Information; Online Service Bookings Data; Consent Records.
    Legal basis: The sharing of the relevant personal data with the relevant workshop or dealer is based on your prior consent (Art. 6 (1) a) GDPR). In relation to users that are logged into the MyKia WebApp, the processing is necessary for the performance of the contract that such user has entered into with us (Art. 6 (1) b) GDPR). In relation to guest bookings, the processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: enabling Kia customers to book services efficiently.
    c) MyProfile
    In the “MyProfile” section of the MyKia WebApp, you can access and edit your Personal Details and Contact Details (except for your email address) and you can manage your marketing related consents. Furthermore, you can also end your MyKia WebApp membership / contract, by clicking on “End MyKia Membership” in the “MyProfile” section.
    For this purpose, the following types of personal data are processed: Personal Details; Contact Details; Consent Records; Contract Data.
    Legal basis: The processing of the Consent Records is necessary for the purpose of our legitimate interests (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring our compliance with applicable legal obligations and providing our customer with efficient means to manage their consents. The processing of the other types of personal data is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
    d) MyDealer & MyWorkshop
    In the “MyDealer” and the “MyWorkshop” sections of the MyKia WebApp, you can view details about and change the selection of your preferred workshop and dealer. For this purpose, the following types of personal data are processed: Preferred Worksop/Dealer Information.
    Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR).
    e) Recalls Campaign Notifications
    We may send notifications about open recall campaign(s) on your vehicle to a separate inbox within MyKia WebApp (“MyKia Inbox”).
    For this purpose, the following types of personal data are processed: Vehicle Details; Technical Data.
    Legal basis: The processing is necessary for the performance of the contract that you have entered into with is (Art. 6 (1) b) GDPR).
    f) News & Offers
    In the “News & Offers” section of the MyKia WebApp, we provide an interactive way of displaying the latest news, trends and campaigns to you. You can select and edit your preferences regarding the relevant topics, and you can download vouchers (if available).
    For this purpose, the following types of personal data are processed: Technical Data . Legal basis: The processing is necessary for the purpose of our legitimate interests (Art. 6 (1) f) GDPR). Our legitimate interests are: providing a customised approach to our customers and enabling our customers to benefit from vouchers.

  • 7. Other Processing Activities


    In addition to the processing activities set out in Section 6 above, we may also process your personal data for the following purposes:

    7.1 Communication
    We may process your personal data to communicate with you in relation to your use of the MyKia WebApp or the contract that you have entered into with us (e.g. to provide customer support, to inform you about technical issues with the MyKia WebApp, to perform our contractual obligations, to inform you about changes to this Privacy Notice) via several communication channels, including email and the MyKia Inbox. When you contact us, we will process your personal data to handle your request and communicate with you accordingly in relation to your request.
    For this purpose, the following types of personal data are processed: Personal Details; Contact Details; Communication Data.
    Legal basis: The processing is necessary for the performance of the contract that you have entered into with us (Art. 6 (1) b) GDPR), or for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: providing the best possible service for our customers and appropriately answering and processing our customers’ requests.

    7.2 Direct Marketing
    We process personal data to contact you via email, SMS, telephone, or other communication formats to provide you with information regarding the MyKia WebApp, other services or products provided by us that may be of interest to you or to remind you of completing the registration process for MyKia WebApp if you started but have not completed the registration process, subject always to obtaining your prior opt-in consent to the extent required under applicable law. Your consent is voluntary and can be withdrawn at any time (e.g. for promotional messages by deactivating the respective consent button in the “MyProfile” section of the MyKia WebApp, and for the reminder message to complete the registration process by contacting us at [INSERT APPLICABLE CONTACT DETAILS]). You may also unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in each promotional email that we send . The withdrawal of your consent will not affect the lawfulness of processing based on such consent before its withdrawal. You also have the right to object to the processing of your personal data for direct marketing purposes.
    For this purpose, the following types of personal data are processed: Personal Details; Contact Details; Consent Records; Technical Data.
    Legal basis: The processing is based on your prior consent (Art. 6 (1) a) GDPR).

    7.3 Operation of Business
    We may process personal data for internal management and administration purposes, including record management or maintaining other internal protocols.
    For this purpose, the following types of personal data are processed: Personal Details; Vehicle Details; Consent Records; Technical Data.
    Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring the appropriate and efficient operation of our business.

    7.4 Legal Compliance
    We may process any of the types of personal data referenced in Section 5 to comply with applicable laws, directives, recommendations, or requests from regulatory bodies (e.g., requests to disclose personal data to courts or regulatory bodies, including the police).
    Legal basis: Such processing may be necessary: (i) for compliance with a legal obligation to which we are subject (Art. 6 (1) c) GDPR); or (ii) for the purpose of our legitimate interests (Art. 6 (1) f) GDPR). Our legitimate interests are: ensuring our compliance with applicable legal obligations.

    7.5 Legal Proceedings and Investigations
    We may process any of the types of personal data referenced in Section 5 to assess, enforce and defend our rights and interests.
    Legal basis: The processing is necessary for the purpose of the legitimate interests pursued by us (Art. 6 (1) f) GDPR). Our legitimate interests are: protecting our interests and enforcing our rights.

  • 8. Website Tools and Third-part Services


    On MyKia WebApp, we use the tools Adobe Analytics and Google Maps. For more information about the processing of your personal data in connection with these tools, please refer to our website privacy notice, which is available here: [INSERT LINK TO THE NSC WEBSITE PRIVACY NOTICE].

  • 9. Cookies and Similar Technologies


    When you visit the MyKia WebApp we will typically place cookies and/or similar technologies onto your device, or read cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. For more details, please refer to our website privacy notice, which is available here: [INSERT LINK TO THE NSC WEBSITE PRIVACY NOTICE] and our cookies notice , which is available here: [INSERT LINK TO THE NSC COOKIES NOTICE].

  • 10. Recipients and Categories of Recipients


    Any access to your personal data at Kia is restricted to those individuals that have a need to know to fulfil their job responsibilities.
    Kia may disclose your personal data for the respective purposes and in compliance with applicable data protection laws to the recipients and categories of recipients listed below:
    • Workshops and Dealers: We may disclose some of your personal data to relevant workshops and dealers. Please refer to clause 6.3 b) for more details. These recipients will process the relevant personal data as separate controllers.
    • Service Providers – We may disclose your personal data to certain third parties, whether affiliated or unaffiliated, that process such data as our service providers on our behalf under appropriate instructions as processors and as necessary for the respective processing purposes (Art. 28 (3) GDPR). These processors are subject to contractual obligations , which require them to implement appropriate technical and organisational security measures, to safeguard the personal data and to process the personal data only in accordance with our instructions. Our service providers include:
    ◦ The service provider for the technical infrastructure relevant to MyKia, which is Hyundai Autoever Europe GmbH, Kaiserleistraße 8a, 63067 Offenbach am Main, Germany.
    • Governmental Authorities, Courts and similar Third Parties that are Public Bodies – We may disclose your personal data to governmental authorities, courts and similar third parties that are public bodies where we have a legal obligation to do so (Art. 6 (1) c) GDPR) or for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as separate controllers.
    • Outside Professional Advisors – We may disclose your personal data to our tax consultants, auditors, accountants, legal advisors, and other outside professional advisors for the purpose of operating our business (Art. 6 (1) f) GDPR). In some cases, we may also disclose the data for the purpose of protecting our interests or enforcing our rights (Art. 6 (1) f) GDPR). These recipients will usually process the relevant personal data as separate controllers.
    • Third-Party Acquirers – In the event that we sell or transfer all or any relevant portion of our assets or business (including reorganisation or liquidation), we may disclose your personal data to third-party acquirers (Art. 6 (1) f) GDPR). These recipients will process the relevant personal data as separate controllers.

  • 11. Cross-border Data Transfer


    We are a member of an international group of companies. Therefore, we may transfer personal data within the Kia group and to other third parties as noted in Section 10 above.
    Some of these recipients may be located or have relevant operations outside of your country and the EU/EEA (e.g., in the Republic of Korea, the United Kingdom or the USA) (“Third Country”). For some Third Countries, the European Commission has determined that they provide an adequate level of protection for personal data (e.g., the Republic of Korea, the United Kingdom), which also includes the USA to the extent that the receiving company in the USA participates in the EU-U.S. Data Privacy Framework see https://www.dataprivacyframework.gov (“Adequate Jurisdictions”).
    Where we transfer personal data to a recipient that is located in a Third Country which has not been determined an Adequate Jurisdiction, we (or our processors in the EU/EEA that transfer personal data to sub-processors in such Third Countries, as applicable) provide appropriate safeguards by way of entering into data transfer agreements adopted by the European Commission ("standard contractual clauses") with the recipients or taking other effective measures to provide an adequate level of data protection.
    A copy of the respective safeguards may be requested from us or our data protection officer (see Section 2 and Section 3 above).

  • 12. Data Retention


    We take every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice.

    The criteria for determining the duration for which we will retain your personal data are as follows:
    (i) We will retain personal data in a form that permits identification only for as long as:
    • we maintain an ongoing relationship with you (e.g. where you are a user of the MyKia WebApp); or
    • your personal data are necessary in connection with the lawful purposes set out in this Privacy Notice, for which we have a valid legal basis (e.g. where we have a legal obligation to retain your personal data),
    plus
    (ii) the duration of:
    • any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data are relevant); and
    • an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any personal data that are relevant to that claim),
    and
    (iii) in addition, if any relevant legal claims are brought, we continue to process personal data for such additional periods as are necessary in connection with that claim.
    During the periods noted in paragraph (ii) above, we will restrict our processing of your personal data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
    Once the periods in paragraphs (i), (ii) and (iii) above, each to the extent applicable, have concluded, we will either:
    • permanently delete or destroy the relevant personal data; or
    • anonymize the relevant personal data.

  • 13. Your Legal Rights


    Subject to applicable law, you may have the following rights regarding the processing of your personal data:
    • the right not to provide your personal data to us (however, please note that we will be unable to provide you with the full benefit of the MyKia WebApp and the related services, if you do not provide us with your personal data – e.g., we might not be able to process your requests without the necessary details);
    • the right to request access to, or copies of, your personal data (Art. 15 GDPR), together with information regarding the nature, processing and disclosure of those personal data (Art. 15 GDPR);
    • the right to request rectification of any inaccuracies in your personal data (Art. 16 GDPR);
    • the right to request, on legitimate grounds: (i) erasure of your personal data (Art. 17 GDPR); or (ii) restriction of processing of your personal data (Art. 18 GDPR);
    • the right to have certain personal data transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable (Art. 20 GDPR);
    • where we process your personal data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal data in reliance upon any other available legal bases) (Art. 7(3) GDPR); and
    • the right to lodge complaints regarding the processing of your personal data with a data protection authority (Art. 77 GDPR). The following data protection authority is responsible for Kia: [INSERT DETAILS AND CONTACT DETAILS].

    Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data :
    • the right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Articles 6 (1) e) (public interest) or 6 (1) f) (legitimate interests) of the GDPR; and
    • the right to object to the processing of your personal data by us or on our behalf for direct marketing purposes.

    To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about our processing of your personal data, please use the contact details provided in Sections 2 and 3 above. Please note that in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.

  • 14. Updates


    This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Privacy Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Notice.

  • 15. Definitions


    “controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
    “GDPR” means: (i) Regulation (EU) 2016/679 (General Data Protection Regulation); or (ii) regarding the United Kingdom, Regulation (EU) 2016/679 as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended from time to time (also known as the UK GDPR).
    “personal data” means any information relating to an identified or identifiable natural person.
    “process” / “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    “processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.