Volvo Financial Services (“VFS”, “we” or “us”) takes data protection & security very seriously. As part of the AB Volvo Group, it is our policy to comply with all applicable laws in each country in which we operate and this includes data privacy laws.
This Statement acknowledges our commitment to the following fundamental principles of data protection.
We shall use all reasonable endeavors to ensure that Personal Data processed by VFS shall be:
- Processed lawfully, fairly and in a transparent manner in relation to you, the data subject. This is the principle of lawfulness, fairness and transparency.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This is the principle of purpose limitation.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This is the principle of data minimization.
- Accurate and, where necessary, kept up to date and we shall take every reasonable step to ensure that any personal data we hold that is inaccurate, having regard to the purposes for which it is processed, shall be erased or rectified without delay after we have been notified or otherwise become aware of same. This is the principle of accuracy.
- Kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which it is processed unless otherwise permitted or required by law. This is the principle of storage limitation.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. This is the principle of integrity and confidentiality.
We also confirm our commitment to complying with applicable laws as they relate to the processing of sensitive (or special categories of) personal data and to the transfer of personal data to a country other than the country in which it was first collected.
Our commitment to the above fundamental principles is implemented through a variety of internal processes and systems including a general observation of the following:
Notice & Consent
You will be informed of the type of data to be collected and the purposes for which such data is collected and, where your consent is required to process same, we shall seek that from you in clear and unambiguous language. Once given, you have the right to withdraw your consent at any time but this will not affect the lawfulness of processing based on consent before its withdrawal.
You will be granted access to your personal data held by us on written request and you will have the opportunity to request the correction, amendment or deletion of your personal data if what we hold is incorrect, out of date or no longer relevant or required for the original or consented business purposes. We may charge a fee for access, amendment, etc. but it will not be excessive. Generally we shall respond to written access requests within 30 days but we may restrict access in exceptional circumstances where the legitimate rights of persons other than you would be violated or where the burden or expense of providing access would be disproportionate to the risks of your privacy.
Recourse & Remedy
If you have a complaint regarding the processing of your personal data by VFS, you should send your complaint in writing to our Data Protection Officer (DPO) as identified below. We shall treat your complaint seriously and use all reasonable efforts to respond to you timeously and to address the concerns you raise. You may also have the right to make an independent complaint to the relevant external dispute resolution body if provided under local law. We shall use all reasonable efforts to cooperate with any such dispute resolution body to address the concerns you raise in a timely manner.
VFS has designated Adrian Samareanu, its Vice President and Chief Information Officer as the Data Protection Officer (“DPO”) responsible for its compliance with and enforcement of this Statement and applicable data protection laws.
You may reach him by post or email at:
Volvo Financial Services
B - 1082 Brussels
Please include your name, address, phone number and/or email in all communications and clearly state the nature of your request.
Effective Date and Changes to this Statement
The commitments and practices described in this Statement are current as of June 30, 2016. We reserve the right to modify, amend or withdraw this Statement at any time consistent with the requirements of the fundamental principles and applicable law.
Limitation on Application of Fundamental Principles
Adherence by VFS to the fundamental principles may be limited (a) to the extent required to respond to a legal or ethical obligation, and (b) to the extent permitted by applicable law.
As still applicable under US law, VFS adheres to the Safe Harbor Principles as administered by the U.S. Department of Commerce and remains a registered participant in this program (for more information, visit http://www.export.gov/safeharbor). In addition, we reaffirm our commitment to the fundamental principles outlined above and have put appropriate processes in place, including the use of data transfer agreements based on the internationally approved “Standard Contractual Clauses” (or “Model Clauses” as they are sometimes referred to), with regard to the lawful transfer of personal data from one country to another as may be needed from time to time in the conduct of our legitimate business purposes.