Volvo Buses

Australia

DATA MANAGEMENT AGREEMENT

 

This Data Management Agreement is between Volvo Bus Corporation, Registration Number: 556197-3826 (Volvo) and you (Customer), as the owner or lessee of a vehicle for which the Information Services (as defined in clause 1 below) are made available by Volvo.  The Customer agrees to be bound by this Data Management Agreement on the earlier of activating, accessing or using any Information Service, or otherwise indicating its acceptance to these terms (including by electronic acceptance or hardcopy signature).  To avoid doubt, the most current online version of this Data Management Agreement takes priority over any former versions of these terms entered by the Customer and Volvo in whatever form in respect of the Information Services.

The Customer warrants that it has all necessary authorisations to enable it to enter into the Agreement, including where it is entering into the Agreement on behalf of any organisation, company entity, or corporate group. 

IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT (OR ANY AMENDMENT OF THIS AGREEMENT), YOU MUST NOT ACTIVATE, ACCESS, OR OTHERWISE USE ANY OF THE INFORMATION SERVICES. 

In consideration for Volvo providing the Customer with any Information Services, Volvo and the Customer (together, the “Parties”) agree as follows:

1. PURPOSES OF THIS AGREEMENT

The purposes of this Data Management Agreement (the "Agreement") are to:

a.     set out the terms and conditions on which Volvo, AB Volvo (publ.) and all subsidiaries of AB Volvo (publ.), including Volvo Group Australia Pty Ltd (ABN 27 000 761 259) (Volvo Group) collects, stores, uses, shares and otherwise processes data from Information Systems (as defined in clause 2 below);

b.     put in place appropriate contractual provisions to govern Volvo Group's processing of “Personal Information” (being ‘personal information’ as defined in the Privacy Act 1988 (Cth) or ‘personal data’ as defined in Article 28 of the EU General Data Protection Regulation 2016/679 (the "GDPR"), or equivalent terms used in similar laws in other jurisdictions) in connection with the Information Systems on behalf of the Customer; and

c.     set out the terms and conditions applicable to the provision, and termination, of “Information Services” to the Customer  in respect of any Volvo Group vehicle, which involve the processing of information from Information Systems, including, but not limited to, services such as Fleet Management, Zone Management and Service & Repair, as well as the use of Volvo Connect and other similar platforms, portals and services (“Digital Channels”), and any other services provided through the Digital Channels, other than third party services that are provided directly to the Customer under third party terms, and whether or not sold by any member of the Volvo Group (“Third Party Services”).

2. INFORMATION SYSTEMS

The Customer is aware that Volvo vehicles manufactured, supplied or marketed by a company within the Volvo Group are equipped with one or more information systems which may gather and store information about the vehicle (the "Information Systems"), including but not limited to information relating to vehicle condition and performance and information relating to the operation of the vehicle (together, the "Vehicle Data"). The Customer agrees not to interfere with the operation of the Information Systems in any way.  

Notwithstanding any termination or expiry of this Agreement, the Customer acknowledges and agrees that Volvo Group may: (i) access the Information Systems at any time (including remote access); (ii) gather the Vehicle Data; (iii) store the Vehicle Data on Volvo Group systems, including those located in Sweden and the Netherlands; (iv) use the 

Vehicle Data in order to provide services to the Customer, as well as for its own internal and other reasonable business purposes; (v) use the Information Systems and Vehicle Data to record, observe, and track the location of Volvo Group vehicles; and (vi) share the Vehicle Data within the Volvo Group and with selected third parties. 

The Customer shall ensure that any driver or any other individual authorised by the Customer to operate the vehicle is referred to or provided with a copy of the applicable Volvo Group privacy notice (available at https://www.volvobuses.com/au/tools/privacy/operators-and-drivers.html .[PJ1] ) (“Privacy Notice”) and acknowledges and agrees that: (i) Personal Information relating to them may be gathered, stored, used, shared or otherwise processed by Volvo Group in accordance with this Agreement and the Privacy Notice; (ii) the Customer and/or Volvo Group may use the Information Systems and Vehicle Data to record, observe, and track the location of such driver or other individual.

The Customer agrees to notify Volvo in writing if it sells or otherwise transfers ownership of the vehicle to a third party. 

3. DATA PROTECTION AND PROCESSING

During the course of providing the Information Services, either directly or through its authorised dealers, as well as during the course of Volvo Group, any of its authorised business partners or any third party providing services, such as repair, maintenance or other services (whether or not under warranty), Volvo Group may process Personal Information, on behalf of the Customer, its affiliates or agents. With respect to any such processing, the Parties agree that: (a) the Customer will determine the purposes and means of the processing of that Personal Information under its privacy policy as a "controller"; and (b) Volvo Group will process Personal Information relating to those data subjects on behalf of the Customer as a "processor".  Appendix 1 of this Agreement (Provisions Regarding the Processing of Personal Information ) sets out the terms and conditions applicable to such processing of Personal Information and shall apply whenever Volvo is processing Personal Information on behalf of the Customer.

The Customer undertakes to comply with applicable data protection laws, including the Privacy Act 1988 (Cth), GDPR and similar laws in other jurisdictions. Without limiting the foregoing, the Customer warrants that is has obtained all consents from data subjects necessary to enable Volvo Group to process Personal Information (including location data) on behalf of Customer as contemplated by this Agreement.  To the extent permitted by law, the Customer shall hold Volvo Group, its representatives and agents, and any third parties acting on behalf of Volvo Group, indemnified against any loss arising directly or indirectly from the Customer’s failure to comply with applicable data protection laws.

4. SERVICE TERMS AND CONDITIONS

Volvo shall provide the Customer with the Information Services which the Customer has requested, or which Volvo has offered to the Customer and the Customer has agreed to receive, or for which the Customer has registered or otherwise subscribed via the Digital Channels, in each case whether or not for payment.

Provision of the Information Services may be subject to specific terms and conditions in addition to those set out in this Agreement, relating to, for example, price and payment, subscription terms and duration (“Service Terms”). In the event of a conflict between the provisions of this Agreement and such Service Terms, the Service Terms shall take precedence and shall apply in place of the conflicting provisions of this Agreement, but the remaining provisions of this Agreement shall continue to apply. To avoid doubt, any Service Terms entered into by the Customer will form part of this Agreement.

The Customer shall not distribute, retransfer, copy, publish, modify, enhance, reverse engineer, decompile or otherwise alter the Information Systems.

Volvo Group may modify, upgrade, exchange or substitute any of the Information Services or part thereof without notice as part of the continuous improvement process related to the Information System or as required to comply with any applicable safety, statutory or regulatory requirement or for added functionality which does not materially affect the quality or performance of the Information Services or of the vehicle.

The right of the Customer to use the Information Systems is subject to the technical and regulatory availability of the Information Systems. The technical availability of the Information Systems depends on availability of network and satellite coverage and may be disrupted due to local barriers (including but not limited to bridges, buildings and other physical barriers), atmospheric or topographic conditions and technical limitations (including but not limited to inbuilt errors of any GPS system).

Volvo Group disclaims any guarantee or liability for the security of the mobile telecommunications, wireless or other network used for the transmission of Vehicle Data and other information.

The Information Systems may not be available due to maintenance work. Details of planned maintenance work will, if possible, be posted on the Digital Channels or otherwise communicated to the Customer. Volvo will seek to minimise disruption of the Information Systems' availability.

The Customer shall at all times comply with Volvo Group's user guidelines and manuals in respect of each vehicle.

The Customer acknowledges that the Information Systems may not be available in all countries.

Volvo Group may suspend the Customer's access to the Information Services or may use the Information Systems to locate a registered vehicle, if any Volvo Group entity reasonably believes that the vehicle is not operated by Customer as lawful owner or otherwise in compliance with applicable law or the terms and conditions of this Agreement or any other agreement between the Customer and any Volvo Group entity.

5. DEACTIVATION OF THE INFORMATION SYSTEMS

Upon the written request of the Customer, Volvo shall deactivate its remote access to the Information Systems with respect to any nominated vehicle, by reference to the vehicle identification number (“VIN”), at the Customer’s expense and without undue delay ("Vehicle Deactivation"). To the extent that Vehicle Deactivation must be carried out by a Volvo-authorized workshop, the Customer shall be responsible for delivering the nominated vehicle(s) to any such workshop for deactivation.

For the avoidance of doubt, Vehicle Deactivation shall not prevent (i) remote access to the Information Systems if required by applicable law; or (ii) access to the Information Systems through a plug-in device, including but not limited to TechTool, for the purposes of repair and maintenance or warranty work; or (iii) if required by applicable law.

The Customer acknowledges that Vehicle Deactivation shall mean that Volvo Group is unable to provide any Information Services with respect to the vehicle that has been deactivated.  The Customer consequently acknowledges and agrees that Vehicle Deactivation: (i) shall automatically terminate Service Terms entered into by the Customer and any Volvo Group entity, with respect to Information Services relating to the vehicle being deactivated; (ii) may prevent the Customer from receiving any Third Party Service that are reliant on the Information Systems; and (iii) Volvo Group excludes liability to the Customer for any loss or damage the Customer may incur as a result of Vehicle Deactivation.

Upon the written request of the Customer, Volvo shall reactivate its remote access to the Information Systems with respect to any nominated vehicle, by reference to the VIN at the Customer's expense ("Vehicle Reactivation"). Unless Volvo is able to carry out Vehicle Reactivation remotely, any Vehicle Reactivation must be carried out by a Volvo-authorized workshop and the Customer shall be responsible for delivering the nominated vehicle(s) to any such workshop for reactivation. In the event of a Vehicle Reactivation, the terms and conditions of this Agreement and any other Service Terms shall apply to the provision of any Information Services with respect to such vehicle.

6. LIMITATIONS OF LIABILITY

Unless otherwise provided for in Service Terms relating to the provision of Information Services, Volvo Group's total maximum liability under this Agreement for all claims arising in a calendar quarter (whether in contract, tort, negligence, statute, restitution, or otherwise) shall not exceed one hundred per cent (100%) of the fees paid to Volvo Group for the Information Services by the Customer in that calendar quarter. 

Volvo Group shall not be liable (whether in contract, tort, negligence, statute or otherwise) for any loss of profit, loss of business, wasted management time, loss of or corruption of data, or costs of data reconstruction or recovery, whether such loss arises directly or indirectly and whether any Volvo Group entity was aware of its possibility or not, or for any loss or damage that does not arise naturally and according to the usual course of things as a result of a breach of this Agreement or other event giving rise to the loss or damage.

Volvo Group shall not be liable for any loss or damage of any kind whatsoever caused or contributed to by acts or omissions of the Customer, including, but not limited to, the Customer’s failure to comply with any data protection laws.

Volvo Group shall not be liable for any loss or damage of any kind whatsoever caused or contributed to by an event or circumstance outside of Volvo’s reasonable control, including any act or omission of third parties, any failure or downtime of the public communications systems on which the provision of the Information Services may be dependent, or any Third Party Services.

The Customer understands and agrees that: (i) it has no contractual relationship with the underlying carrier of mobile and wireless services used for the transmission of data and information, (ii) it is not a third party beneficiary of any agreement between Volvo or any Volvo Group entity and the underlying carrier, (iii) the underlying carrier has no liability of any kind to Customer whether for breach of contract, warranty, negligence, strict liability in tort or otherwise, (iv) messages and any other information or data may be delayed, deleted or not delivered, and (v) the underlying carrier cannot guarantee the security of wireless transmissions and will not be liable for any lack of security relating to the use of the Information Services.

7. WARRANTIES

The Customer warrants to Volvo that it has, and will have at all times during the term of this Agreement, all necessary consents, permissions, licences and authorisations to ensure that the Customer uses the Information Services, Information Systems and Digital Channels in full compliance with all applicable laws and regulations.

Statutory or manufacturer’s warranty rights are limited to those provided in relation to the specific Information Services separately purchased by the Customer. Such warranty rights do not cover any other Information Services and/or the operability of the Information Systems.

Volvo Group hereby excludes, to the fullest extent permissible in law, all conditions, warranties guarantees and stipulations, express (other than those set out in this Agreement) or implied, statutory, customary or otherwise which, but for such exclusion, would or might subsist in favour of Customer.  If any such condition, warranty, guarantee or stipulation cannot be excluded at law then, to the fullest extent permissible in law, Volvo’s liability for breach of such condition, warranty, guarantee or stipulation if limited (at Volvo’s option) in the case of: (a) goods, to the repair or replacement of the goods, the supply of equivalent goods, or payment of the cost of the same; and (b) services (including the Information Services), to the resupply of the service or payment of the cost of the same

8. GENERAL

Volvo may vary or amend the terms and conditions of this Agreement by publishing a new version at: https://www.volvobuses.com/au/tools/privacy/data-management-agreement.html[PJ1] . The Customer shall be deemed to have accepted the new terms if it has continued to use the Information Services for three (3) months after such new terms have been published.

The formation, existence, construction, performance, validity and all aspects whatsoever of this Agreement or of any term of this Agreement will be governed by and construed in accordance with the laws of Queensland to the exclusion of the UNCISG-rules.

The courts of Queensland, Australia and courts with jurisdiction to hear appeals from such courts, will have exclusive jurisdiction to settle any dispute which may arise out of, or in connection with this Agreement. The parties agree to submit to that jurisdiction and waive any right to object to proceedings being brought in an inconvenient forum.

If any condition or part of this Agreement is found by any court, tribunal, administrative body or authority of competent jurisdiction to be illegal, invalid or unenforceable then that provision will, to the extent required, be severed from this Agreement and will be ineffective, without, as far as is possible, modifying any other provision or part of this Agreement and this will not affect any other provisions of this Agreement which will remain in full force and effect.

Volvo enters into each provision of this Agreement that is expressed for the benefit of Volvo and other Volvo Group entities on Volvo’s own account and on trust for such other Volvo Group entities.

Volvo shall have the right to transfer this Agreement at any time to any Volvo Group entity. The Customer shall approve such assumption of contract and shall release Volvo from this Agreement without any further claims.

 

Appendix 1

Provisions Regarding the Processing of Personal INFORMATION

 

Part A

General Provisions Relating to Volvo's Processing of Personal INFORMATION

 

 

1.              VOLVO AS A PROCESSOR

1.1           For the purposes of this Appendix 1 (Provisions Regarding the Processing of Personal

"Controller" means the entity which determines the purposes and means of the processing of Personal Information;

"Data Subject" an individual to whom Personal Information relates.

"Personal Information" means ‘personal information’ as defined in the Privacy Act 1988 (Cth) and ‘personal data’ as defined in the GDPR;

"Personal Information Breach" means the loss, unauthorized access, modification or disclosure, of Personal Information in connection with this Agreement that may be notifiable under the Privacy Act 1988 (Cth) or GDPR;

"Processor" means the entity which processes Personal Information on behalf of the Controller; and

"Supervisory Authority" means the Office of the Australian Information Commissioner and equivalent supervisory authorities of other jurisdictions.

1.2           Part B of this Appendix 1 (Provisions Regarding the Processing of Personal Information ) sets out a description of the Personal Information processed by Volvo under this Agreement, including as required by Article 28(3) of the GDPR. For the avoidance of doubt, Part B does not create any obligation or rights for any party to this Agreement.

1.3           The Parties agree that, when Volvo is processing Personal Information on behalf of the Customer in the course of providing Information Services to the Customer, the Customer shall be the Controller and Volvo shall be the Processor of such Personal Information and that the following provisions shall apply in such circumstances.

(a)               Volvo shall only process Personal Information in accordance with the Customer's documented instructions in this Agreement, unless otherwise required by applicable law to which Volvo Group is subject, in which case Volvo will inform the Customer of that legal requirement before such processing, unless the relevant applicable law prohibits such information.  Volvo shall immediately inform the Customer if it believes that compliance with any instruction received would breach applicable data protection legislation.

(b)               Beyond the automated service provision, individual documented instructions of the Customer are permitted only in exceptional cases and only in accordance with the terms of this Agreement.

(c)                The Digital Channels provide Customers with the means to make corrections, deletions or blocking of Personal Information. The Customer shall therefore use all reasonable endeavours to utilize such Digital Channels prior to contacting Volvo with any request to correct, delete or block Personal Information. The Customer further acknowledges and agrees that Volvo may also act as Controller with respect to the Personal Information (including when collected under Volvo’s privacy policy: https://www.volvogroup.com/en-en/privacy.html[PJ1] ) and in such circumstances may therefore retain any such Personal Information in its capacity as Controller notwithstanding any request from the Customer to delete Personal Information held by Volvo in its capacity as a Processor.

(d)               The Customer authorizes Volvo to engage other Processors, including any member of the Volvo Group, for carrying out specific processing activities on behalf of the Customer (each a "Subprocessor"), provided that Volvo shall ensure that it has appropriate data protection provisions in place with each Subprocessor, including to satisfy the requirements of Article 28(3) GDPR. Volvo shall promptly notify the Customer in a reasonable manner, including but not limited to publishing an updated list of Subprocessors on a Web site, in the event of intended changes to its Subprocessors and allow the Customer the opportunity to object to such change. The Customer acknowledges that in some cases, should the Customer object to such change, this may mean that Volvo is unable to provide some or all Information Services.  The Customer consequently acknowledges and agrees that should the Customer object to such change, Volvo may automatically terminate any services agreement entered into by the Customer and any Volvo Group entity, without any liability on the part of any Volvo Group entity, with respect to Information Services.

(e)               The Customer hereby appoints Volvo as its attorney solely for the purpose of, if applicable and determined as required by Volvo, entering into the Standard Contractual Clauses (processors) set out in Decision 2010/87/EC (“Standard Contractual Clauses”), or any other agreement with any sub-processor required by law for the processing of Personal Information, on behalf of the Customer and with any sub-processors located outside of the European Economic Area in order to facilitate the transfer of Personal Data in compliance with the GDPR or other applicable data protection law and further the Customer acknowledges that any such sub-processor may enter into a sub-processor agreement with subsequent sub-processors.

(f)                The Customer agrees that Volvo may transfer Personal Information to any country, including any country located outside of Australia, including Sweden, Belgium, Ireland, France and the USA. In such circumstances, the Parties shall take such further measures as are required to ensure that such transfers are in accordance with applicable data protection law, which may include entering into Standard Contractual Clauses.

(g)               Nothing in the Agreement shall prevent or limit Volvo Group’s ability to process Personal Information as Controller, even in respect of Personal Information which Volvo Group may be processing on behalf of the Customer as Processor.

2.              FURTHER DUTIES OF CUSTOMER

2.1           The Customer remains legally responsible for the assessment of the lawfulness of the collection, processing and use of Personal Information, as well as for the safeguarding of the rights of affected third parties and with regard to claims asserted by such third parties and the Customer shall ensure that any Personal Information stored in the Information Systems is lawfully processed.

2.2           The Customer shall immediately inform Volvo and provide Volvo with appropriate instructions if it has determined that there are errors or irregularities in Volvo's processing of Personal Information under this Agreement.

3.              FURTHER DUTIES OF VOLVO

3.1           Volvo shall inform the Customer without undue delay, and, where feasible, not later than 72 hours after having become aware of it, if there has been a Personal Information Breach affecting the Personal Information processed by Volvo on behalf of the Customer in accordance with this Agreement.

3.2           Volvo shall ensure that all personnel (including personnel of Volvo's Subprocessors involved in processing Personal Information in connection with this Agreement) are subject to an appropriate obligation of confidentiality.

3.3           Taking into account the nature of the processing, Volvo shall assist the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligations as a Controller to respond to requests for exercising data subject rights under applicable data protection laws.

3.4           Volvo shall co-operate with the Customer and take such reasonable commercial steps as are directed by the Customer (at the Customer’s expense) to assist in the investigation, mitigation and remediation of each Personal Information Breach, including with respect to any notifications to a relevant Supervisory Authority or Data Subjects.  Where any Personal Information Breach is notifiable under applicable data protection laws, the Customer must not mention any Volvo Group entity in any subsequent notification or other public statement (including to any Supervisory Authority) without Volvo’s prior written consent as to the form and content of the notification or public statement.

3.5           Volvo shall, at the expense of the Customer, provide such reasonable assistance as maybe reasonably requested by the Customer with respect to any data protection impact assessments, and prior consultations with Supervisory Authorities which the Customer reasonably considers to be required (including by Article 35 or 36 of the GDPR), in each case solely in relation to processing of Personal Information in connection with this Agreement and taking into account the nature of the processing and information available to Volvo.

3.6           Customer may, no more than once per calendar year upon at least thirty (30) day’s prior written notice, conduct an audit or appoint an independent third party auditor (provided that the Customer or such independent third party auditor is bound by a confidentiality undertaking agreed by Volvo) to conduct, during Volvo's normal working hours, an audit to assess Volvo's compliance with this Appendix 1 (Provisions Regarding the Processing of Personal Information). The costs of any audit performed under this Paragraph 3.6 shall be borne by the Customer. The audit shall be restricted in scope, manner and duration to that which is reasonably necessary to achieve its purpose and may not unnecessarily disrupt Volvo operations.

3.7           Volvo will not disclose any Personal Information which it is processing as a Processor on behalf of the Customer following information requests by third parties without prior consent from the Customer, unless Volvo is required to do so by law or order by a court or competent authority.

3.8           Volvo shall promptly upon termination or expiry of this Agreement or otherwise on request by Customer, return to Customer or delete all Personal Information, including any copies thereof, on any media in its power, possession or control, except to the extent that Volvo is required by applicable law to retain such Personal Information or Volvo Group otherwise holds such Personal Information in its capacity as a Controller.

4. DATA SECURITY

Volvo shall ensure sufficient data security by means of appropriate technical and organizational measures to protect the Personal Information that is processed on behalf of the Customer, and Volvo agrees that such measures shall comply with the requirements of the applicable law. The technical and organizational measures to ensure data security may be modified by Volvo according to technical progress and development, provided that this does not result in a lower security level.

 

Part B
Details of Processing of Personal INFORMATION

 

This Part B to Appendix 1 includes certain details relating to the Processing of Personal Information, including as required by Article 28(3) of the GDPR.

Subject matter and duration of the Processing of the Personal Information

The subject matter and duration of the Processing of Personal Information are as set out in the Agreement.

The nature and purpose of the Processing of the Personal Information

The nature and purpose of the Processing of Personal Information are as set out in the Agreement.

The categories of Data Subject to whom the Personal Information relates

  •        Employees and contractors of the Customer
  •       Drivers and other individuals authorized by the Customer.

The types of Personal Information to be Processed

To the extent considered ‘personal information’ in accordance with the Privacy Act 1988 (Cth) or ‘personal data’ in accordance with the GDPR, the following types of personal information and personal data may be processed under this Agreement (as amended or updated from time to time by the Volvo Group Privacy Notices available at https://www.volvobuses.com/au/tools/privacy.html[PJ1] ):

  •        Driver behaviour and performance data, such as driving pattern; instantaneous geo-positioning data and location data, language settings of the dashboard;

·       Vehicle identification codes, such as the vehicle-ID (including Vehicle Identification Number (VIN) and chassis ID), IP number, MAC address;

  •        Vehicle Performance data, such as technical vehicle data, information from vehicle components, battery usage, engine data, fuel consumption, power/torque data, fault codes;
  •        Vehicle Usage data, such as brake usage, gear shifting, acceleration/deceleration, dashboard settings, power/torque utilization, technical data generated from the engine; the detection of road and ambient conditions data with time stamps and operating hours; and
  •        Environmental data, such as road conditions, ambient conditions.

The obligations and rights of the Customer

The obligations and rights of the Customer are as set out in the Agreement.