The purpose of this privacy notice (“Privacy Notice”) is to inform you about the collection and processing of your personal data in connection with the provision of Genesis Connected Services MEA (“GCS” or “Services”) to you via the car’s infotainment system (this is the head unit of your vehicle) and the Genesis Connected Services MEA app (“App”). We take your privacy very seriously and will only process your personal data in accordance with applicable data protection laws. Any processing of your personal data regarding the registration of the underlying Account (including personal data about you such as your name, email address, date of birth or mobile phone number) is subject to a separate privacy notice.

Hyundai Connected Mobility Middle East and Africa Information Technology L.L.C. with its registered office in L01, L02, Podium Level, U-Bora Tower, Business Bay, P.O. Box 34406, Dubai, United Arab Emirates (“HCMMEA”) is the provider of the Services and responsible for the processing of your personal data as explained in this Privacy Notice. HCMMEA will be referred to as “we”, “our” or “us”. We may use your personal data for the purposes as described below. In regard to specific Services as listed in Section 6, we will act as a data controller.

3.1. If you have any questions about or in connection with this Privacy Notice or the exercising of any of your rights, you may contact the HCMMEA's customer call centre at the phone number +971 4 543 6999 You may also contact HCMMEA by sending an email to GCSMEA@HCMMEA.COM 3.2. Alternatively, you may also contact our data protection officer at the email address HCMMEA@hyundai.com, or by writing to: c/o Data Protection Officer Hyundai Connected Mobility Middle East and Africa Information Technology L.L.C. L01, L02, Podium Level, U-Bora Tower, Business Bay, P.O. Box 34406, Dubai, United Arab Emirates

4.1. OUR PROCESSING OF YOUR PERSONAL DATA

4.1.1. PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA
We collect and process your personal data in connection with the Services only insofar as the collection and processing is: – necessary for the conclusion or performance of contractual requirements. We need to use your personal data to fulfil a transaction that you have entered into or expressed interest in entering into (including the GCS contract). This includes accepting applicable terms and conditions or specific terms related to our Services. If you do not provide your personal data for these purposes, we may not be able to deliver our Services or enter into a contract with you, which could lead to the cancellation of a Service., – where required by law or regulatory. We may collect your personal data to comply with any applicable laws and/or regulations, or – where it is necessary for the purposes of legitimate interests of us or third parties. We may process your personal data based on our legitimate business interests when we improve and operate our Services, when we detect and prevent fraud and abuse in order to protect the security of our customers, ourselves, or others. For details on individual Services, please refer to the respective service description in the Genesis Connected Services MEA Terms of Use. All (personal) data described in Sections 4.2, 4.3, 4.4, 4.5 and their subsections below is collected directly from your vehicle (e.g. its sensors and related applications as made accessible through the infotainment system), or was made available by you through the App (e.g. by entering certain personal data via the App) and is processed in connection with the Services. The data described in Sections 4.2, 4.3, and 4.4 and their subsections below is required to provide the Services pursuant to the conclusion or performance of contractual requirements, unless stated otherwise below. Without this information, the Services cannot be performed. Furthermore, we will additionally process your Vehicle Identification number (VIN), the categories of Services that you have activated and the initial activation date. The legal basis is entering into a contract and performing our Services.

4.1.2. PROCESSING FOR OTHER PURPOSES Apart from the provision of the Services, we will also process your personal data for other purposes as described below. – Product improvement / development: We will analyse and further improve the Services in order to develop new mobility-related products and/or services, to make our products more secure and/or to improve our Services. – For these purposes, we automatically analyse the data collected when providing Services based on statistical and mathematical models to identify potential for improvements if you have either activated all Services or selected the “Product/Service Improvement” service category in the privacy settings of your App. More details are provided in Section 4.5. – The legal basis for any such processing is for legitimate interests of HCMMEA to process your personal data in order to develop and improve our Services. – Monitoring of products / product liability: In this context, we process your personal data in order to monitor our products, ensure sufficient IT security standards or to defend ourselves or third parties against product liability and other legal claims made with regard to our products and Services. – Insofar as such processing is not required by law, the legal basis for any such processing is for the legitimate interests of HCMMEA to process your personal data for the purposes as indicated above. – Fulfilling legal obligations: We process your personal data in order to fulfil various legal obligations, in particular laws applicable to car manufacturers. Examples of such obligations include: – provision of certain functionalities in the car such as the “eCall”, to the extent available, – reporting of certain information (i.e. related to the functioning of the intelligent speed assistance – ISA, Driver Control Assistance Systems – DCAS, etc.) to the relevant national authorities; – provision of information to courts or criminal prosecution authorities based on applicable criminal or administrative laws. – Other purposes: We process your personal data for other purposes only if we are obliged to do so on the basis of legal requirements, if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. – If processing for another purpose takes place, HCMMEA will provide you with additional information where appropriate.

4.1.3. NO AUTOMATED DECISION-MAKING HCMMEA does not engage in automated decision-making including profiling in connection with the Services unless you

4.2. GENESIS ACCOUNT

To use our Genesis Connected Services it is necessary to create a Genesis Account or to log in with an existing Genesis Account. Genesis Account will require your first and last name, phone number, email address, your country and date of birth. For more information, please refer to the separate Privacy Notice for the Genesis Account which can be accessed here: [web page link to Genesis Account Privacy Notice]

4.3. PROVISION OF GENESIS CONNECTED SERVICES – VEHICLE INFOTAINMENT SYSTEM

4.3.1. Stolen Vehicle Recovery In the event your Vehicle is reported stolen, we may assist in locating it under the following conditions: You must file a stolen vehicle report with your local law enforcement authorities. A copy of the filed police or other relevant authorities’ report must be submitted to us for identity verification and confirmation that the Vehicle is officially recognized as stolen by the authorities. For safety and legal compliance and, in each case, subject to the mandatory provisions of applicable laws, location data related to stolen vehicles will only be shared with the relevant authorities, where required presenting valid court orders or other official documentation required under applicable law, yourself or an authorized user listed on your account (provided that he/she is of legal age) as well as the entities with whom we have contractual relationships for customer and technical support. Our stolen vehicle tracking services are available for an initial period of seven (7) days. An extension of up to seven (7) additional days may be requested. After this period, we reserve the right to cease further tracking efforts, unless applicable laws prohibit us from doing so. Stolen Vehicle Recovery services are only available if the Vehicle was subscribed to the Services at the time of the theft and are subject to the conditions outlined in Section 8 regarding Network Availability.

4.3.2. Live traffic: Live traffic information for calculating routes, including precise arrival times and displaying the traffic situation based on your current location (Service may not be available in certain countries)

4.3.3. Live POI: Information on nearby POIs based on your current location

4.3.4. Camera / danger zone alerts (if legally permissible in your country): The system provides alerts in areas where accidents are particularly common and warns you about accident black spots or speed cameras. The provision of the above Services requires the collection and processing of your Vehicle Identification number (VIN), geolocation data (e.g. GPS coordinates for live traffic information), the Integrated Circuit Card Identifier of your vehicle’s SIM card (ICCID) and a unique request ID for any transaction.

4.3.5. VOICE RECOGNITION Voice recognition enables you to use spoken commands to access and control the infotainment system and to draft and send text messages via a connected mobile device. For this function, the following categories of personal data are processed and sent to our GCS cloud environment: voice recording, geolocation data (GPS coordinates), point of interest (POI) and the Cerence user ID. The latter is a unique ID for registration on the server of Cerence GmbH, Aachen, Germany, our data processor for these specific services. There is no link between the Cerence user ID and the Vehicle Identification number (VIN) or any other identifiers, which means that Cerence GmbH cannot identify a natural person from the data transmitted to it. Once you start your vehicle, voice recognition is activated as a presetting in its online mode. We process your personal data for the purpose of performing our Services. When using online voice recognition, we process your personal data in our GCS cloud environment. In addition, we collect voice samples and GPS coordinates and store them for up to 90 days in order to perform and improve the voice recognition service. We process your personal data for the purpose of performing our Services and where related to the improvement of the Services, based on our respective legitimate interests. When you use the online voice recognition function, your voice samples and GPS coordinates are processed by our service provider Cerence GmbH, Aachen, Germany (data processor) and its sub-processors, which may be located in countries outside the jurisdiction in which you reside and may not provide for an adequate level of data protection. You can deactivate online voice recognition and use the voice recognition services in an offline mode where no data is transmitted outside of your vehicle. If you do not want us to process your voice samples and GPS coordinates, you can use offline voice recognition, which does not use your voice samples and GPS coordinates to improve the voice recognition service.

4.3.6. VEHICLE DIAGNOSTICS Vehicle diagnostics gathers active trouble codes (i.e. the vehicle’s error messages) from all control units integrated in your vehicle together with the Vehicle Identification number (VIN). The active trouble codes and VIN will be sent to our server for further analysis. In the Vehicle diagnostics section of the infotainment system, you can view all active trouble codes for your vehicle. We use this data to provide you with information concerning whether there is an issue with your vehicle. We process your personal data for Vehicle diagnostics for the purpose of performing our Services. To the extent that we are required to do so by law, we process your aforementioned personal data for monitoring the products and to comply with product security requirements For information on the processing of the above data for the improvement and development of the products, see also Section 4.5 below.

4.3.7. CONNECTED ROUTING Connected Routing allows more accurate traffic forecasting, more precise times of arrival and more reliable route recalculations by processing the relevant data on our GCS cloud environment instead of only on your infotainment system. For this function, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), geolocation data (GPS coordinates) and navigation data (e.g. real-time traffic; pattern of traffic information). We process your personal data for the purpose of performing our Services.

4.3.8. OTA (OVER-THE-AIR) UPDATE OTA updates allow you to receive wireless (“over-the-air”) software updates (“OTA updates”) for the vehicle system as well as the map and infotainment system. Your infotainment system will regularly check whether new software versions are available and automatically download any available software updates to your vehicle and prepare the respective installation. You can choose whether you want to complete the OTA Update now or later. However, if you turn off OTA updates, your vehicle or the services provided (such as security-related systems, infotainment system, GCS) may not function properly.

4.3.8.1. VEHICLE SYSTEM OTA UPDATE We may provide you with OTA updates concerning the vehicle system for various reasons and purposes, in particular to remedy a defect within the warranty period, within the scope of the manufacturer’s guarantee or for other security-related reasons. In this we will also ensure an efficient deployment and monitoring of OTA updates concerning the vehicle system. For this purpose, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), usage history (OTA Update), diagnostic information (error codes, OTA result, software recovery result) and software version information (electronic control unit). We process your personal data for the purpose of complying with the legal obligations of the vehicle manufacturer (e.g. in the area of product safety requirements)) as well as for performing our Services, and based on our legitimate interest to effectively steer our OTA update processes.

4.3.8.2. INFOTAINMENT OTA UPDATE Infotainment OTA update enables you to receive the latest maps and infotainment software updates for your vehicle. For this function, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), head unit manufacturer, head unit model, head unit firmware version, head unit system version, mobile network operator, vehicle model name, vehicle model year, vehicle region and your selected language. We process your personal data for the purpose of performing our Services.

4.3.9. NOTIFICATION CENTRE The Notification Centre allows us to send you important information about your vehicle. We will use this service only for important information. The information will appear as a pop-up in the infotainment system of your car. For this function, the following categories of personal data are processed: read status; reading time. We process your personal data for the purpose of performing our Services.

4.3.10. LIKE FEATURE The like feature for USB music allows you to select and create a playlist with your favourite songs. You can like or unlike songs via the “thumbs-up” or “thumbs-down” button integrated in the music function of the infotainment system. For this function, the following categories of personal data are processed: the name of the song, artist and album, the like/unlike information, VIN, location information (GPS), ambient air temperature, vehicle speed, weather (based on your current location) and time information. We process the personal data to perform our Services. We process the personal data for product improvement and development.

4.4. PROVISION OF GENESIS CONNECTED SERVICES – APP 4.4.1. REMOTE SERVICES Through the App we will provide you with the following remote Services. They will be activated as a presetting if not deactivated separately or entirely: – Remote lock and unlock (you can lock and unlock the vehicle doors) – Remote window ventilation (you can remotely open and close the windows of your vehicle for ventilation purposes) – Remote horn and light (you can remotely activate both the headlights and the sound of the horn of your vehicle) – Remote light (you can remotely flash the headlight of your vehicle) – Remote charging (you can remotely activate the electric battery charging function; EVs only) – Scheduled charging (you can remotely set the electric battery charging schedule including the target temperature; EVs only) – Remote start & climate control (you can start the engine and set the temperature and activate the air conditioning remotely) – Remotely open and close the charging door (you can open and close the charging door of your vehicle remotely; EVs only) – Remote control of hazard lights / sidelights (you can turn off the lights remotely from the App when your vehicle is left with its hazard lights and/or sidelights on – Remote battery conditioning (you can optimise the battery temperature in order to improve the charging performance of the vehicle; EVs only) – Departure time (you can activate scheduled climate by setting the departure schedule; EVs only) – Charging current (you can adjust the current supplied from the slow charger; EVs only) – Find my car (you can localise the parking position of your Genesis vehicle on the integrated map) – Send to car (you can search online for points of interest (POI) and address data in order to send search results from your smartphone application to the infotainment system of your car) – My car POI (synchronises your stored POI between the infotainment system and your App) – Last mile navigation (sends the current location of your car and information about your destination (e.g. name, address, geolocation data) to your smartphone to guide you from your parking spot to your destination via Google Maps) – First mile navigation (sends the current location of your car to your smartphone to guide you from your location (e.g. name, address, geolocation data) to your car via Google Maps) – Valet parking mode (protects your private infotainment information by showing only the valet mode screen on your infotainment system unless you enter the password you have previously selected; sends information about the current status of valet parking mode (on/off), current vehicle location (GPS coordinates), the start/end date of valet mode, the run/mileage/engine time of valet mode, maximum vehicle speed, vehicle run distance and engine idle time to your smartphone) – Battery charging status (shows you the battery charging status of the electric motor; EVs only) – Push notifications for certain use cases (the application sends push notifications to your smartphone in certain cases, for example: your Genesis vehicle is unlocked and the burglar alarm is activated in your Genesis vehicle, the windows of your vehicle are open, rear seat alert, engine idling alert, high-voltage battery discharge alarm, climate control status, charging status, software update status, valet parking mode activated/deactivated, etc.) You can deactivate remote services separately by category in the App. (“More” → “Service List” → “Remote”). In order to provide you with the remote Services once connected through the App, a connection is established between your vehicle and our GCS cloud environment which requires the processing of certain vehicle-related data including your vehicle SIM card’s IP address, the Vehicle Identification number (VIN) and further user-related data in the App (your device’s IP address, PIN and other user account information such as your user name) The provision of the remote Services requires the collection and processing of certain data relating to your vehicle including a password, your vehicle’s Vehicle Identification number (VIN) and geolocation data (e.g. GPS coordinates for “Find my car”), the Integrated Circuit Card Identifier of your vehicle’s SIM card (ICCID), address data and vehicle-related technical data (e.g. vehicle status information such as ignition on/off, vehicle speed, light status, lock status). We process your personal data for the purpose of performing our Services. 4.4.2. VEHICLE STATUS INFORMATION VIA GCS Through the App, we will provide you with the following vehicle status information: – Monthly vehicle report (provides you with information about the usage of your Genesis car and diagnostics information covering the airbag, brakes, tyre pressure, etc. (see Section 4.4.3) – Status update (provides you with information about the vehicle status of your Genesis car regarding the distance to empty, fuel level, engine on/off, door lock status, climate control status, tailgate open/closed, bonnet open/closed, windows open/closed, sunroof open/closed 12V battery status, steering wheel heating on/off, side mirror heating on/off, defrost windscreen on/off, rear window heating on/off(all Genesis vehicles); high-voltage battery charging status, scheduled charging on/off, charging door open/closed, (scheduled climate control on/off (EVs only)) – My trips (provides you with information about the Genesis vehicle usage per month/day, including driven time, mileage, average vehicle speed, maximum vehicle speed) – Energy consumption (provides you with information about your Genesis vehicle’s energy consumption per day and per month, including the total and average energy consumption, driving distance and recuperation; EVs only) In order to provide you with the vehicle status information once connected through the App, a connection is established between your vehicle and our GCS cloud environment which requires the processing of certain vehicle-related data including your vehicle SIM card’s IP address, the Vehicle Identification number (VIN) and further user-related data in the App (your device’s IP address, PIN and other user account information such as your user name). The provision of the vehicle status information requires the collection and processing of certain data related to your vehicle (e.g. the driven time, mileage, average vehicle speed, maximum vehicle speed) and vehicle-related technical data (e.g. vehicle status data such as engine on/off, door lock status, etc., as listed above). We process your personal data for the purpose of performing our Services. 4.4.3. CAR SHARING You can share the remote Services with other users through the “Request to Share Car” function in the application. When you do so, we process certain vehicle- and user account-related data such as your PIN, Vehicle Identification number (VIN), your username and the other user’s phone number to initiate and process your sharing request. Share request information such as your name and PIN will be transmitted to and processed in the other user’s App. The other user can use the App in the same way as you. He/she can also use the “Find my car” function. We process the personal data for sharing the remote Services for the purpose of performing our Services. Please note that when you use this service, you will share all of your personal data, excluding your login details, that is stored in the App with the other users. You can deactivate this function at any time. Deactivation stops the sharing of data and we will delete all shared data on the other user’s App.

4.4.4. ALERT SERVICES When activated in the App, alert services enable you to receive notifications relating to your chosen settings. We provide you with the following alert services through the App: Geofence Alert (enables you to receive notifications in the App if your vehicle exits an allowed area or enters a restricted area. You can set the boundaries for allowed areas and restricted areas in the App) Speed Alert (enables you to receive notifications in the App if your vehicle exceeds the speed limit you have preset in the App) Valet Alert (enable you to receive notifications in the App if your vehicle travels beyond the selected distance limit you have preset in your App. The permitted travel distance is from the location where the alert was activated) For this purpose, we collect and process the following categories of personal data: Vehicle identification number (VIN), date and time stamp, GPS data, alert status information (e.g. activation status, alert status start and end time, run time, mileage time, engine idle time, maximum speed, run distance), vehicle indicators (e.g. location, speed, time, accuracy, direction), selected allowed areas, selected restricted areas, selected speed limit, selected time windows, selected distance limit and selected idle time limit. We process your personal data for the purpose of performing our Services. 4.4.5. OTHER LOCATION-BASED SERVICES – View previous trips – Send a destination to the car for a trip and add tour points to a planned trip – Find your favourite and recent points of interest (POI) – Share your POI The provision of these remote Services requires the collection and processing of certain vehicle-related data such as the vehicle’s geolocation data (GPS coordinates). We process your personal data to provide you with these other location-based services, and thus for the purpose of performing our Services. 4.4.6. GCS USER PROFILE The GCS user profile allows you to create backups of your profile including vehicle settings and apply them to different vehicles. If two or more drivers use the same vehicle but prefer different settings (e.g. for seat position, audio or map view, etc.), these individual settings can be stored in up to two user profiles plus one guest profile per vehicle. For each user profile, the following categories of personal data are processed and sent to our GCS cloud environment: Vehicle Identification number (VIN) of your vehicle and the target vehicle (if appropriate), driver number, account number, phone number, user picture, profile data as well as phone connection, date/time settings, general settings, sound settings, display settings, voice recognition settings, radio settings, vehicle settings, navigation settings and points of interest (POI). We process your personal data for the purpose of performing our Services. 4.4.7. USE OF TOUCH ID AND FACE ID (IOS) OR FINGERPRINT AND FACE RECOGNITION (ANDROID) You can use certain functions of our App with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) instead of your PIN. Your biometric data is only stored locally on your smartphone device; it is not transmitted to us and we cannot access this data. Only the information as to whether the verification of the biometric data was successful is transmitted to our App by a system function of your smartphone. You can turn off the use of Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) at any time in our App. 4.4.8. FIREBASE CRASHLYTICS To improve the security and stability of our app and Services, we rely on the analysis of anonymised crash reports. For this purpose we use “Firebase Crashlytics”, a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland. In order to provide us with anonymised crash reports, Firebase Crashlytics collects the following information in the event of a crash or malfunction of our app and may transmit it to Google servers in the USA: state of the app at the time of the crash, installation UUID, crash traces, manufacturer and operating system of the mobile device and last log messages. The crash reports provided to us do not contain any personal data on the basis of which we could trace the identity of a user. Firebase Crashlytics retains collected information for 90 days. We process your personal data for these purposes based on our legitimate interest to ensure and optimise the security and stability of our app and Services. For more information about Firebase Crashlytics and how Google is processing your personal data, please refer to the following links: https://firebase.google.com/ https://firebase.google.com/terms/crashlytics/ https://firebase.google.com/support/privacy/ 4.4.9. GENESIS DIGITAL KEY The Genesis Digital Key function allows you to unlock, lock, start and drive your vehicle with your smartphone or other smart devices without the need to carry a physical key fob on you. It also allows you to share and manage your Genesis Digital Keys with family and friends. For this purpose, the following categories of personal data are processed in order to properly authenticate and allocate the Genesis Digital Keys to the smart devices and to ensure the security of the service and systems involved: User information (such as user ID, profile name, email address, phone number), smart device information (such as device ID, device name, device type, OS version, app version), Genesis Digital Key information (such as Genesis Digital Key ID, Genesis Digital Key status, Genesis Digital Key type, access authorization/profile, vehicle ID, ID of the physical key fobs, number of shared keys); for shared Genesis Digital Keys: additional information such as start and end date (or fixed term) of Genesis Digital Key use, name of shared Genesis Digital Key user, user authentication policy/authorization profile as specified by you, diagnostic information (error codes) and vehicle status information. When using the Genesis Digital Key, i.e. to lock, unlock and start the vehicle, data is exchanged between the mobile smart device and the vehicle using near-field communication (NFC) or ultra-wideband (UWB). This data is not transmitted to HCMMEA or the Distributor. We process your personal data for the purpose of performing our Services.

4.5. DATA ANALYSIS FOR PRODUCT IMPROVEMENT AND DEVELOPMENT HCMMEA collects and processes telematics data regarding the performance, usage, operation and condition of the vehicle from your vehicle and/or your App in order to improve and develop its products and transfers this data to authorized affiliated companies so that it can also process the data for these purposes. The data used for these purposes is in general limited to technical data. Such data is used to improve and develop the powertrain, hybrid/EV vehicles and other car functions comprises ABS, the ABS status, steering wheel information, handbrake, traction control system, cluster information, seatbelt, acceleration, battery condition, door key lock, head lamp, indicator signal, light system, hands-free boot system, seat height, sunroof, wiper, navigation (on/off) and similar technical data and trouble codes as mentioned in Section 4.3.4. To assure greater efficiency of the data analysis, we may also collect additionally information which allows for identification of a natural person (such as VIN, account and subscription data, where relevant and if enabled GPS information). We will process these data for the above mentioned purposes and to provide you with personalised information about your use of our Services. The legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in improving the Services and developing new products and services; e.g. to identify technical malfunctions, analyse the performance of the vehicles or provide enhanced products or customer services. 4.7. PROCESSING OF DATA FOR PURPOSES RELATING TO VEHICLE CYBERSECURITY Once you activate the Services, depending on the technical equipment of your vehicle, we collect and process data from your vehicle relating to security events in order to ensure that our vehicles and products meet the appropriate cybersecurity standards. For this function, the following categories of personal data are processed: the Vehicle Identification number (VIN) and security-event-related data (such as the timestamp of the generated security event and information from and about the component / control unit that captured and detected the security event). The data will be collected and stored in your vehicle. If an abnormal signal is detected, the data will be sent to our systems for further analysis. There is no continuous transfer of such data out of the vehicle. Once data has been transmitted to our systems, we process and analyse the data for the purpose of preventing cybersecurity threats and vulnerabilities, responding to and eliminating detected threats and vulnerabilities arising from potential cybersecurity attacks, as well as ensuring that our vehicles and products have an appropriate level of security. Insofar as such processing is not necessary for compliance with our legal obligations in the area of cybersecurity, the legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in monitoring our vehicles in order to ensure and improve the security of our products. Your vehicle will periodically store the last 100 generated security events. If a new security event occurs, the oldest security event and the related data will be deleted. Further information about data retention can be found in section 8 of this Privacy Notice.

When lending the car to another person or in cases where the data of other data subjects (such as another driver) might be collected when using the Services, you have to ensure that the data subjects are properly informed on the data processing as described herein. When selling or permanently transferring the vehicle to a third party, please ensure that you deactivate the service so that none of your personal data can be accessed through the infotainment system (“More” → “Select vehicle” → “Your Vehicle”→ click recycle bin icon). If you do not deactivate GCS, the data might still be accessible to 3rdparties through the infotainment system. Your account data in the App will not be deleted until you terminate your Genesis Account (“More” → “Account” → “Terminate account”).

Any access to your personal data at HCMMEA is restricted to those individuals that need to know it in order to fulfil their job responsibilities. Your personal data may be transferred to the recipients and categories of recipients listed below for the respective purposes; these recipients can then process it for the specified purposes: – Other private third parties – We transmit your personal data to certain private entities that help us offer the Services. For instance, we rely on telecommunication services from telecommunication providers. – Data processors – We transmit your personal data to certain third parties, whether affiliated or unaffiliated, that process your data on behalf of HCMMEA under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process your personal data only as instructed. – The data processor for the Services are Hyundai AutoEver Middle East and Africa L.L.C [ 1301, The Onyx Tower1, The Greens. Dubai, UAE], Hyundai AutoEver [ 510, Teheran-ro, Gangnam-gu, Seoul, Republic of Korea], Hyundai Motor Company [ 12, Heolleung-ro, Seocho-gu, Seoul, Republic of Korea]. – For customer support, the data processors are: Hyundai Autoever Middle East and Africa L.L.C, Hyundai Middle East & Africa L.L.C., Cupola Teleservices Limited, [ P.O. Box 500220, Ground Floor, Building 8, Dubai Outsource City, Dubai, United Arab Emirates]. (e.g. For providing support, resolving issues, handling inquiries). – For voice recognition, the data processors are: Cerence GmbH, Jülicher Straße 376, 52070 Aachen, Germany; Hyundai Autoever Middle East and Africa L.L.C (e.g. for support and operating relevant applications). – For the technical distribution of vehicle system OTA updates, analysis of security events and for assuring the technical processes related to data analysis for the purpose of Product improvement and development, the data processor is Hyundai Motor Company. – We engage data processors for call centre services. – All above data processors may also use sub-processors for the provision of the corresponding services. – Governmental authorities, courts, external advisors and similar third parties that are public bodies as required or permitted by applicable law.

Our primary data storage location is in the Dubai, United Arab Emirates. We also share your personal data with other HCMMEA entities and service providers, who are located outside the jurisdiction in which you reside. Such transfers are necessary for reasons including, but not limited to, providing the Services, IT infrastructure, data storage and Services administration. Whenever we transfer personal data outside of the jurisdiction you reside, we ensure that the personal data is transferred in accordance with this Privacy Notice and as prescribed by the applicable laws. For example, where required, we enter into data transfer agreements which include standard contractual clauses adopted by the relevant competent authority, or take other measures to provide an adequate level of data protection.

8.1. Your personal data is stored by HCMMEA and/or our service providers solely to the extent that is necessary to meet our obligations, and only for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When HCMMEA no longer needs to process your personal data, we will erase it from our systems and/or records, and/or take steps to properly anonymise it so that you can no longer be identified from the data (unless we need to keep your information in order to comply with legal or regulatory obligations to which HCMMEA is subject; e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements, which may require retention of up to 10 years). 8.2. There are specific storage periods for the following items: – Voice recognition: voice samples and GPS coordinates (see Section 4.3.3 above) are anonymized and stored for up to 90 days. – Live Traffic: Trajectory data (GPS coordinates) (see Section 4.3.1 above) are encrypted and anonymized and stored up to 1 year. – My trips: the information about your vehicle usage provided in “My trips” is available for up to 90 days. 8.3. Termination of account: If you choose to terminate your account (e.g. by setting the respective preference in the car’s infotainment system or in the App’s menu under “My Account”), all personal data related to your account will be deleted, unless retention periods apply (see Section 8.1 above).

If you have given your consent to the processing of your personal data, you can withdraw your consent at any time with effect for future processing. Such a withdrawal will not affect the lawfulness of the processing that took place prior to your withdrawal of consent. The Distributor shall be the contact point for any request by data subjects concerning the processing of personal data in connection with this Privacy Notice and its appendix. However, you shall remain entitled to exercise your rights under the applicable data protection law with respect to and against each controller. Pursuant to applicable data protection law, you have the following rights with respect to the processing of your personal data. Please note that these rights might be limited under the applicable national data protection law. 9.1. Right to be informed: You are entitled to information regarding how we process your personal data, which we provide to you in this Privacy Notice. 9.2. Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to your personal data. This information includes – inter alia – the purposes of the processing, the categories of your personal data, and the recipients or categories of recipients to whom your personal data has been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You also have the right to obtain a copy of the personal data about you that is being processed. 9.3. Right to rectification: You have the right to the rectification of any inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data updated, including by means of providing a supplementary statement. 9.4. Right to erasure (“right to be forgotten”): Under certain circumstances, you have the right to the erasure of your personal data and we may be obliged to erase your personal data. 9.5. Right to withdraw consent: If your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time. In this case, your personal data will no longer be processed for such purposes by us. 9.6. Right to complain: If you have any concerns or complaints regarding how we process your personal data, please contact us using the details at the start of this Privacy Notice so we can help resolve these. If you are not satisfied with how we have processed your complaint, you may also have the right to make a complaint with the competent data protection supervisory authority in your country of origin. For the Kingdom of Saudi Arabia, this is the Saudi Data and AI Authority (their website with contact details is accessible at: sdaia.gov.sa). Unless otherwise stipulated by law, you will not be required to pay any fees in return for exercising these rights.

You are under no statutory or contractual obligation to provide us with your personal data. In addition, you do not need to provide your personal data for the conclusion of a contract. However, if you do not provide your personal data, it is possible that the usability of our Services will be limited for you.

You may choose to deactivate online mode by setting the respective preference. If online mode is turned off (offline mode), all GCS functions are disabled and no personal data, in particular no geolocation data (GPS coordinates), is collected for GCS and an offline mode icon is displayed at the top of the infotainment system screen in the vehicle.

We may change and/or supplement this Privacy Notice from time to time in the future. Such changes and/or supplements may be necessary due to the implementation of new technologies or the introduction of new services in particular. We will publish the changes on our websites and/or in your car’s infotainment system and in the App.

13.1 United Arab Emirates Specific Terms If you are a user of our Services in the United Arab Emirates (”UAE”), the below additional/clarified terms: (a) are incorporated into this Privacy Notice; (b) apply to your use of the Services, and (c) supersede and control over any conflicts in the rest of this Privacy Notice to the extent of any inconsistency. All definitions used herein have their meanings assigned to them in this Privacy Notice. 13.1.1 Section 4.1.1 (PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA): Where we refer to processing being necessary for the purposes of our legitimate interests or those of third parties, to the extent legitimate interests is not recognized as a valid legal basis under UAE data protection laws, our legal basis for processing is based on an alternative legal basis. For example we may rely on contractual necessity or we may seek your consent for the processing. 13.1.2 Section 7 (IS MY DATA TRANSFERRED ABROAD? Is updated to read as follows: Whenever we transfer personal data outside of the UAE, we ensure that the personal data is transferred in accordance with this Privacy Notice and as prescribed by the applicable laws in the UAE.