-
SupportWe provide optimized customer service that can satisfy customers' high standards.
Contact us with your enquiry.
Models
Support
Change Your Region
-
true
Hyundai Connected Mobility Middle East and Africa L.L.C. PRIVACY NOTICE - GENESIS CONNECTED SERVICES
In this privacy notice ("Privacy Notice") we will inform you about the collection and processing of your personal data in connection with the provision of the Genesis Account and your rights as a data subject.
We take your privacy very seriously and will process your personal data only in accordance with the applicable data protection and privacy laws.
Any processing of your personal data in connection with the provision of any linked services to your Genesis Account is subject to a separate privacy notice.
The purpose of this privacy notice (“Privacy Notice”) is to inform you about the collection and processing of your personal data in connection with the provision of Genesis Connected Services MEA (“GCS” or “Services”) to you via the car’s infotainment system (this is the head unit of your vehicle) and the Genesis Connected Services MEA app (“App”).
We take your privacy very seriously and will only process your personal data in accordance with applicable data protection laws.
Any processing of your personal data regarding the registration of the underlying Account (including personal data about you such as your name, email address, date of birth or mobile phone number) is subject to a separate privacy notice.
We take your privacy very seriously and will only process your personal data in accordance with applicable data protection laws.
Any processing of your personal data regarding the registration of the underlying Account (including personal data about you such as your name, email address, date of birth or mobile phone number) is subject to a separate privacy notice.
Hyundai Connected Mobility Middle East and Africa L.L.C. with its registered office in L01, L02, Podium Level, U-Bora Tower, Business Bay, Dubai, United Arab Emirates (“HCMMEA”) is the provider of the Services and responsible for the processing of your personal data as explained in this Privacy Notice.
HCMMEA will be referred to as “we”, “our” or “us”.
We may use your personal data for the purposes as described below.
In regard to specific Services as listed in Section 6, we will act as a data controller.
HCMMEA will be referred to as “we”, “our” or “us”.
We may use your personal data for the purposes as described below.
In regard to specific Services as listed in Section 6, we will act as a data controller.
3.1. If you have any questions about or in connection with this Privacy Notice or the exercising of any of your rights, you may contact the Genesis Connected Services Call Centre at the phone number +971-4-543-6999
You may also contact HCMMEA by sending an email to GCSsupport@genesis-mea.com.
3.2. Alternatively, you may also contact our data protection officer at the email address HCMMEA@HYUNDAI.COM, or by writing to:
c/o Data Protection Officer
Hyundai Connected Mobility Middle East and Africa L.L.C.
L01, L02, Podium Level, U-Bora Tower, Business Bay, Dubai, United Arab Emirates
You may also contact HCMMEA by sending an email to GCSsupport@genesis-mea.com.
3.2. Alternatively, you may also contact our data protection officer at the email address HCMMEA@HYUNDAI.COM, or by writing to:
c/o Data Protection Officer
Hyundai Connected Mobility Middle East and Africa L.L.C.
L01, L02, Podium Level, U-Bora Tower, Business Bay, Dubai, United Arab Emirates
4.1. OUR PROCESSING OF YOUR PERSONAL DATA
4.1.1. PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA
We collect and process your personal data in connection with the Services only insofar as the collection and processing is:
– necessary for the conclusion or performance of contractual requirements. We need to use your personal data to fulfil a transaction that you have entered into or expressed interest in entering into (including the GCS contract). This includes accepting applicable terms and conditions or specific terms related to our Services. If you do not provide your personal data for these purposes, we may not be able to deliver our Services or enter into a contract with you, which could lead to the cancellation of a Service.,
– where required by law or regulatory. We may collect your personal data to comply with any applicable laws and/or regulations,
– where based on consent. Where we use your personal data obtained directly from you and your registration to our Services for marketing of our own similar products and/or services (e.g. to notify you about new Services or other similar Genesis services), we rely on consent, or
– where it is necessary for the purposes of legitimate interests of us or third parties. We may process your personal data based on our legitimate business interests when we improve and operate our Services, when we detect and prevent fraud and abuse in order to protect the security of our customers, ourselves, or others.
For details on individual Services, please refer to the respective service description in the Genesis Connected Services MEA Terms of Use.
All (personal) data described in Sections 4.2, 4.3, 4.4, 4.5 and their subsections below is collected directly from your vehicle (e.g. its sensors and related applications as made accessible through the infotainment system), or was made available by you through the App (e.g. by entering certain personal data via the App) and is processed in connection with the Services.
The data described in Sections 4.2, 4.3, and 4.4 and their subsections below is required to provide the Services pursuant to the conclusion or performance of contractual requirements, unless stated otherwise below. Without this information, the Services cannot be performed.
Furthermore, we will additionally process your Vehicle Identification number (VIN), the categories of Services that you have activated and the initial activation date. The legal basis is entering into a contract and performing our Services.
4.1.2. PROCESSING FOR OTHER PURPOSES
Apart from the provision of the Services, we will also process your personal data for other purposes as described below.
– Product improvement / development: We will analyse and further improve the Services in order to develop new mobility-related products and/or services, to make our products more secure and/or to improve our Services.
• For these purposes, we automatically analyse the data collected when providing Services based on statistical and mathematical models to identify potential for improvements if you have either activated all Services or selected the “Product/Service Improvement” service category in the privacy settings of your App. More details are provided in Section 4.5.
• The legal basis for any such processing is for legitimate interests of HCMMEA to process your personal data in order to develop and improve our Services.
– Monitoring of products / product liability: In this context, we process your personal data in order to monitor our products, ensure sufficient IT security standards or to defend ourselves or third parties against product liability and other legal claims made with regard to our products and Services.
• Insofar as such processing is not required by law, the legal basis for any such processing is for the legitimate interests of HCMMEA to process your personal data for the purposes as indicated above.
– Fulfilling legal obligations: We process your personal data in order to fulfil various legal obligations, in particular laws applicable to car manufacturers. Examples of such obligations include:
• provision of certain functionalities in the car such as the “eCall”, to the extent available ,
• reporting of certain information (i.e. VIN – ICCID matching information) to the relevant national authorities to fulfil various legal obligation;
• provision of information to courts or criminal prosecution authorities based on applicable criminal or administrative laws.
– Other purposes: We process your personal data for other purposes only if we are obliged to do so on the basis of legal requirements, if you have consented to the respective processing or if the processing is otherwise lawful under applicable law.
– If processing for another purpose takes place, HCMMEA will provide you with additional information where appropriate.
4.1.3. NO AUTOMATED DECISION-MAKING
HCMMEA does not engage in automated decision-making including profiling in connection with the Services unless you have been expressly notified otherwise by other means.
4.2. GENESIS ACCOUNT
To use our Genesis Connected Services it is necessary to create a Genesis Account or to log in with an existing Genesis Account. Genesis Account will require your first and last name, phone number, email address, your country and date of birth.
For more information, please refer to the separate Privacy Notice for the Genesis Account which can be accessed here: [web page link to Genesis Account Privacy Notice]
4.3. PROVISION OF GENESIS CONNECTED SERVICES – VEHICLE INFOTAINMENT SYSTEM
4.3.1. Live traffic: Live traffic information for calculating routes, including precise arrival times and displaying the traffic situation based on your current location (Service may not be available in certain countries)
4.3.2. Weather: Local weather information based on your current location
4.3.3. Live POI: Information on nearby POIs based on your current location
4.3.4. Camera / danger zone alerts (if legally permissible in your country): The system provides alerts in areas where accidents are particularly common and warns you about accident black spots or speed cameras.
The provision of the above Services requires the collection and processing of your Vehicle Identification number (VIN), geolocation data (e.g. GPS coordinates for live traffic information), the Integrated Circuit Card Identifier of your vehicle’s SIM card (ICCID) and a unique request ID for any transaction.
4.3.5. VOICE RECOGNITION
Voice recognition enables you to use spoken commands to access and control the infotainment system and to draft and send text messages via a connected mobile device.
For this function, the following categories of personal data are processed and sent to our GCS cloud environment: voice recording, geolocation data (GPS coordinates), point of interest (POI) and the Cerence user ID.
The latter is a unique ID for registration on the server of Cerence GmbH, Aachen, Germany, our data processor for these specific services.
There is no link between the Cerence user ID and the Vehicle Identification number (VIN) or any other identifiers, which means that Cerence GmbH cannot identify a natural person from the data transmitted to it.
Once you start your vehicle, voice recognition is activated as a presetting in its online mode. We process your personal data for the purpose of performing our Services.
When using online voice recognition, we process your personal data in our GCS cloud environment.
In addition, we collect voice samples and GPS coordinates and store them for up to 90 days in order to perform and improve the voice recognition service.
We process your personal data for the purpose of performing our Services and where related to the improvement of the Services, based on our respective legitimate interests.
When you use the online voice recognition function, your voice samples and GPS coordinates are processed by our service provider Cerence GmbH, Aachen, Germany (data processor) and its sub-processors, which may be located in countries outside the jurisdiction in which you reside.
You can deactivate online voice recognition and use the voice recognition services in an offline mode where no data is transmitted outside of your vehicle.
If you do not want us to process your voice samples and GPS coordinates, you can use offline voice recognition, which does not use your voice samples and GPS coordinates to improve the voice recognition service.
4.3.6. VEHICLE DIAGNOSTICS
Vehicle diagnostics gathers active trouble codes (i.e. the vehicle’s error messages) from all control units integrated in your vehicle together with the Vehicle Identification number (VIN).
The active trouble codes and VIN will be sent to our server for further analysis.
In the Vehicle diagnostics section of the infotainment system, you can view all active trouble codes for your vehicle.
We use this data to provide you with information concerning whether there is an issue with your vehicle.
We process your personal data for Vehicle diagnostics for the purpose of performing our Services.
To the extent that we are required to do so by law, we process your aforementioned personal data for monitoring the products and to comply with product security requirements
For information on the processing of the above data for the improvement and development of the products, see also Section 4.5 below.
4.3.7. CONNECTED ROUTING
Connected Routing allows more accurate traffic forecasting, more precise times of arrival and more reliable route recalculations by processing the relevant data on our GCS cloud environment instead of only on your infotainment system.
For this function, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), geolocation data (GPS coordinates) and navigation data (e.g. real-time traffic; pattern of traffic information).
We process your personal data for the purpose of performing our Services.
4.3.8. OTA (OVER-THE-AIR) UPDATE
OTA updates allow you to receive wireless (“over-the-air”) software updates (“OTA updates”) for the vehicle system as well as the map and infotainment system.
Your infotainment system will regularly check whether new software versions are available and automatically download any available software updates to your vehicle and prepare the respective installation.
You can choose whether you want to complete the OTA Update now or later.
However, if you turn off OTA updates, your vehicle or the services provided (such as security-related systems, infotainment system, GCS) may not function properly.
4.3.8.1. VEHICLE SYSTEM OTA UPDATE
We may provide you with OTA updates concerning the vehicle system for various reasons and purposes, in particular to remedy a defect within the warranty period, within the scope of the manufacturer’s guarantee or for other security-related reasons.
In this we will also ensure an efficient deployment and monitoring of OTA updates concerning the vehicle system.
For this purpose, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), usage history (OTA Update), diagnostic information (error codes, OTA result, software recovery result) and software version information (electronic control unit).
We process your personal data for the purpose of complying with the legal obligations of the vehicle manufacturer (e.g. in the area of product safety requirements)) as well as for performing our Services, and based on our legitimate interest to effectively steer our OTA update processes.
4.3.8.2. INFOTAINMENT OTA UPDATE
OTA update enables you to receive the latest maps and infotainment software updates for your vehicle.
For this function, the following categories of personal data are processed and sent to our GCS cloud environment: your Vehicle Identification number (VIN), head unit manufacturer, head unit model, head unit firmware version, head unit system version, mobile network operator, vehicle model name, vehicle model year, vehicle region and your selected language.
We process your personal data for the purpose of performing our Services.
4.3.9. NOTIFICATION CENTRE
The Notification Centre allows us to send you important information about your vehicle.
We will use this service only for important information. The information will appear as a pop-up in the infotainment system of your car.
For this function, the following categories of data are processed: read status; reading time.
We process your personal data for the purpose of performing our Services.
4.3.10. LIKE FEATURE
The like feature for USB music allows you to select and create a playlist with your favourite songs.
You can like or unlike songs via the “thumbs-up” or “thumbs-down” button integrated in the music function of the infotainment system.
For this function, the following categories of personal data are processed: the name of the song, artist and album, the like/unlike information, VIN, location information (GPS), ambient air temperature, vehicle speed, weather (based on your current location) and time information.
We process all of the above personal data to perform our Services and for the purpose of pursuing our legitimate interest in improving and developing our products, including the Services.
4.4. PROVISION OF GENESIS CONNECTED SERVICES – APP
4.4.1. REMOTE SERVICES
Some feature under this Services may differ depending on each vehicle's model/trim, and/or each country's regulation
Through the App we will provide you with the following remote Services. They will be activated as a presetting if not deactivated separately or entirely:
– Remote lock and unlock (you can lock and unlock the vehicle doors)
– Remote window ventilation (you can remotely open and close the windows of your vehicle for ventilation purposes)
– Remote horn and light (you can remotely activate both the headlights and the sound of the horn of your vehicle)
– Remote light (you can remotely flash the headlight of your vehicle)
– Remote charging (you can remotely activate the electric battery charging function; EVs only)
– Scheduled charging (you can remotely set the electric battery charging schedule including the target temperature; EVs only)
– Remote start & climate control (you can start the engine and set the temperature and activate the air conditioning remotely)
– Remotely open and close the charging door (you can open and close the charging door of your vehicle remotely; EVs only)
– Remote control of hazard lights / sidelights (you can turn off the lights remotely from the App when your vehicle is left with its hazard lights and/or sidelights on
– Remote battery conditioning (you can optimise the battery temperature in order to improve the charging performance of the vehicle; EVs only)
– Departure time (you can activate scheduled climate by setting the departure schedule; EVs only)
– Charging current (you can adjust the current supplied from the slow charger; EVs only)
– Find my car (you can localise the parking position of your Genesis vehicle on the integrated map)
– Send to car (you can search online for points of interest (POI) and address data in order to send search results from your smartphone application to the infotainment system of your car)
– My car POI (synchronises your stored POI between the infotainment system and your App)
– Last mile navigation (sends the current location of your car and information about your destination (e.g. name, address, geolocation data) to your smartphone to guide you from your parking spot to your destination via Google Maps)
– First mile navigation (sends the current location of your car to your smartphone to guide you from your location (e.g. name, address, geolocation data) to your car via Google Maps)
– Valet parking mode (protects your private infotainment information by showing only the valet mode screen on your infotainment system unless you enter the password you have previously selected; sends information about the current status of valet parking mode (on/off), current vehicle location (GPS coordinates), the start/end date of valet mode, the run/mileage/engine time of valet mode, maximum vehicle speed, vehicle run distance and engine idle time to your smartphone)
– Battery charging status (shows you the battery charging status of the electric motor; EVs only)
– Push notifications for certain use cases (the application sends push notifications to your smartphone in certain cases, for example: your Genesis vehicle is unlocked and the burglar alarm is activated in your Genesis vehicle, the windows of your vehicle are open, rear seat alert, engine idling alert, high-voltage battery discharge alarm, climate control status, charging status, software update status, valet parking mode activated/deactivated, etc.)
You can deactivate remote services separately by category in the App. (“More” → “Service List” → “Remote”).
In order to provide you with the remote Services once connected through the App, a connection is established between your vehicle and our GCS cloud environment which requires the processing of certain vehicle-related data including your vehicle SIM card’s IP address, the Vehicle Identification number (VIN) and further user-related data in the App (your device’s IP address, PIN and other user account information such as your user name)
The provision of the remote Services requires the collection and processing of certain data relating to your vehicle including a password, your vehicle’s Vehicle Identification number (VIN) and geolocation data (e.g. GPS coordinates for “Find my car”), the Integrated Circuit Card Identifier of your vehicle’s SIM card (ICCID), address data and vehicle-related technical data (e.g. vehicle status information such as ignition on/off, vehicle speed, light status, lock status).
We process your personal data for the purpose of performing our Services.
4.4.2. VEHICLE STATUS INFORMATION VIA GENESIS CONNECTED SERVICES
Some feature under this Services may differ depending on each vehicle's model/trim, and/or each country's regulation.
Through the App, we will provide you with the following vehicle status information:
– Monthly vehicle report (provides you with information about the usage of your Genesis car and diagnostics information covering the airbag, brakes, tyre pressure, etc.)
– Status update (provides you with information about the vehicle status of your Genesis car regarding the distance to empty, fuel level, engine on/off, door lock status, climate control status, tailgate open/closed, bonnet open/closed, windows open/closed, sunroof open/closed 12V battery status, steering wheel heating on/off, side mirror heating on/off, defrost windscreen on/off, rear window heating on/off(all Genesis vehicles); high-voltage battery charging status, scheduled charging on/off, charging door open/closed, (scheduled climate control on/off (EVs only))
– My trips (provides you with information about the Genesis vehicle usage per month/day, including driven time, mileage, average vehicle speed, maximum vehicle speed)
– Energy consumption (provides you with information about your Genesis vehicle’s energy consumption per day and per month, including the total and average energy consumption, driving distance and recuperation; EVs only)
In order to provide you with the vehicle status information once connected through the App, a connection is established between your vehicle and our GCS cloud environment which requires the processing of certain vehicle-related data including your vehicle SIM card’s IP address, the Vehicle Identification number (VIN) and further user-related data in the App (your device’s IP address, PIN and other user account information such as your user name).
The provision of the vehicle status information requires the collection and processing of certain data related to your vehicle (e.g. vehicle location, the driven time, mileage, average vehicle speed, maximum vehicle speed) and vehicle-related technical data (e.g. vehicle status data such as engine on/off, door lock status, etc., as listed above).
We process your personal data for the purpose of performing our Services.
4.4.3. CAR SHARING
You can share the remote Services with other users through the “Request to Share Car” function in the application.
When you do so, we process certain vehicle-related and user account-related data such as your PIN, Vehicle Identification number (VIN), your username and the other user’s phone number to initiate and process your sharing request.
Share request information such as your name and PIN will be transmitted to and processed in the other user’s App.
The other user can use the App in the same way as you. He/she can also use the “Find my car” function.
We process all of the above personal data for sharing the remote Services for the purpose of performing our Services and for the purpose of pursuing our legitimate interest in improving and developing our products, including the Services.
Please note that when you use this service, your vehicle data will be shared with your shared users, except your login details.
You can stop sharing the Services at any time by removing any other user under the “Shared car settings”. Then the vehicle will be unlinked from the shared user’s GCS app [and we will delete all shared data on the other user’s App/ the other user will no longer be able to access your data on their App].
4.4.4. ALERT SERVICES
When activated in the App, alert services enable you to receive notifications relating to your chosen settings.
We provide you with the following alert services through the App:
– Geofence alert (enables you to receive notifications in the App if your vehicle exits an allowed area or enters a restricted area. You can set the boundaries for allowed areas and restricted areas in the App)
– Speed alert (enables you to receive notifications in the App if your vehicle exceeds the speed limit you have preset in the App)
– Time fencing alert (enables you to receive notifications in the App if your vehicle is driven outside of the time windows you have preset in the App)
– Valet alert (enables you to receive notifications in the App if your vehicle travels beyond the selected distance limit, speed limit and idle time limit you have preset in the App. The permitted travel distance is from the location where the alert was activated)
For this purpose, we collect and process the following categories of personal data: Vehicle identification number (VIN), date and time stamp, GPS data, alert status information (e.g. activation status, alert status start and end time, run time, mileage time, engine idle time, maximum speed, run distance), vehicle indicators (e.g. location, speed, time, accuracy, direction), selected allowed areas, selected restricted areas, selected speed limit, selected time windows, selected distance limit and selected idle time limit.
We process your personal data for the purpose of performing our Services.
4.4.5. OTHER LOCATION-BASED SERVICES
– View previous trips
– Send a destination to the car for a trip and add tour points to a planned trip
– Find your favourite and recent points of interest (POI)
– Share your POI
The provision of these remote Services requires the collection and processing of certain vehicle-related data such as the vehicle’s geolocation data (GPS coordinates).
We process your personal data to provide you with these other location-based services, and thus for the purpose of performing our Services.
4.4.6. GENESIS CONNECTED SERVICES USER PROFILE
The GCS user profile allows you to create backups of your profile including vehicle settings and apply them to different vehicles.
If two or more drivers use the same vehicle but prefer different settings (e.g. for seat position, audio or map view, etc.), these individual settings can be stored in up to two user profiles plus one guest profile per vehicle.
For each user profile, the following categories of personal data are processed and sent to our GCS cloud environment: Vehicle Identification number (VIN) of your vehicle and the target vehicle (if appropriate), driver number, account number, phone number, user picture, profile data as well as phone connection, date/time settings, general settings, sound settings, display settings, voice recognition settings, radio settings, vehicle settings, navigation settings and points of interest (POI).
We process your personal data for the purpose of performing our Services.
4.4.7. USE OF TOUCH ID AND FACE ID (IOS) OR FINGERPRINT AND FACE RECOGNITION (ANDROID)
You can use certain functions of our App with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) instead of your PIN.
Your biometric data is only stored locally on your smartphone device; it is not transmitted to us and we cannot access this data.
Only the information as to whether the verification of the biometric data was successful is transmitted to our App by a system function of your smartphone.
You can turn off the use of Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) at any time in our App.
4.4.8. FIREBASE CRASHLYTICS
To improve the security and stability of our app and Services, we rely on the analysis of anonymised crash reports.
For this purpose we use “Firebase Crashlytics”, a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.
In order to provide us with anonymised crash reports, Firebase Crashlytics collects the following information in the event of a crash or malfunction of our app and may transmit it to Google servers in the USA: state of the app at the time of the crash, installation UUID, crash traces, manufacturer and operating system of the mobile device and last log messages.
The crash reports provided to us do not contain any personal data on the basis of which we could trace the identity of a user.
Firebase Crashlytics retains collected information for 90 days.
We process your personal data for these purposes based on our legitimate interest to ensure and optimise the security and stability of our app and Services.
For more information about Firebase Crashlytics and how Google is processing your personal data, please refer to the following links:
https://firebase.google.com/
https://firebase.google.com/terms/crashlytics/
https://firebase.google.com/support/privacy/
4.4.9. GOOGLE MAPS
Our application uses Google Maps services, which may automatically collect certain data as described in Google's Privacy Policy. For more details, please refer to the following links:
https://developers.google.com/maps/documentation/android-sdk/play-data-disclosure?hl=en
4.4.10. GENESIS DIGITAL KEY
The Genesis Digital Key function allows you to unlock, lock, start and drive your vehicle with your smartphone or other smart devices without the need to carry a physical key fob on you. It also allows you to share and manage your Genesis Digital Keys with family and friends.
For this purpose, the following categories of personal data are processed in order to properly authenticate and allocate the Genesis Digital Keys to the smart devices and to ensure the security of the service and systems involved:
User information (such as user ID, profile name, email address, phone number), smart device information (such as device ID, device name, device type, OS version, app version), Genesis Digital Key information (such as Genesis Digital Key ID, Genesis Digital Key status, Genesis Digital Key type, access authorization/profile, vehicle ID, ID of the physical key fobs, number of shared keys); for shared Genesis Digital Keys: additional information such as start and end date (or fixed term) of Genesis Digital Key use, name of shared Genesis Digital Key user, user authentication policy/authorization profile as specified by you, diagnostic information (error codes) and vehicle status information.
When using the Genesis Digital Key, i.e. to lock, unlock and start the vehicle, data is exchanged between the mobile smart device and the vehicle using near-field communication (NFC) or ultra-wideband (UWB). This data is not transmitted to HCMMEA or the distributor from which you have acquired your vehicle.
We process your personal data for the purpose of performing our Services.
4.5. DATA ANALYSIS FOR PRODUCT IMPROVEMENT AND DEVELOPMENT
HCMMEA collects and processes telematics data regarding the performance, usage, operation and condition of the vehicle from your vehicle and/or your App in order to improve and develop its products and transfers this data to authorized affiliated companies so that it can also process the data for these purposes.
The data used for these purposes is in general limited to technical data.
Such data is used to improve and develop the powertrain, hybrid/EV vehicles and other car functions comprises ABS, the ABS status, steering wheel information, handbrake, traction control system, cluster information, seatbelt, acceleration, battery condition, door key lock, head lamp, indicator signal, light system, hands-free boot system, seat height, sunroof, wiper, navigation (on/off) and similar technical data and trouble codes as mentioned in Section 4.3.6.
To assure greater efficiency of the data analysis, we may also collect additionally information which allows for identification of a natural person (such as VIN, account and subscription data, where relevant and if enabled GPS information). We will process these data for the above mentioned purposes and to provide you with personalised information about your use of our Services.
The legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in improving the Services and developing new products and services; e.g. to identify technical malfunctions, analyse the performance of the vehicles or provide enhanced products or customer services.
4.6. PROCESSING OF DATA FOR PURPOSES RELATING TO VEHICLE CYBERSECURITY
Once you activate the Services, depending on the technical equipment of your vehicle, we collect and process data from your vehicle relating to security events in order to ensure that our vehicles and products meet the appropriate cybersecurity standards.
For this function, the following categories of personal data are processed: the Vehicle Identification number (VIN) and security-event-related data (such as the timestamp of the generated security event and information from and about the component / control unit that captured and detected the security event).
The data will be collected and stored in your vehicle.
If an abnormal signal is detected, the data will be sent to our systems for further analysis.
There is no continuous transfer of such data out of the vehicle.
Once data has been transmitted to our systems, we process and analyse the data for the purpose of preventing cybersecurity threats and vulnerabilities, responding to and eliminating detected threats and vulnerabilities arising from potential cybersecurity attacks, as well as ensuring that our vehicles and products have an appropriate level of security.
Insofar as such processing is not necessary for compliance with our legal obligations in the area of cybersecurity, the legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in monitoring our vehicles in order to ensure and improve the security of our products.
Your vehicle will periodically store the last 100 generated security events. If a new security event occurs, the oldest security event and the related data will be deleted. Further information about data retention can be found in Section 8 of this Privacy Notice.
When lending the car to another person or in cases where the data of other data subjects (such as another driver) might be collected when using the Services, you have to ensure that the data subjects are properly informed on the data processing as described herein.
When selling or permanently transferring the vehicle to a third party, please ensure that you deactivate the service so that none of your personal data can be accessed through the infotainment system (“More” → “Select vehicle” → “Your Vehicle” → click ”delete icon”).
If you do not deactivate GCS, the data might still be accessible to 3rdparties through the infotainment system.
Your account data in the App will not be deleted until you terminate your Genesis Account (“More” → “Account” → “Terminate account”).
Any access to your personal data at HCMMEA is restricted to those individuals that need to know it in order to fulfil their job responsibilities.
Your personal data may be transferred to the recipients and categories of recipients listed below for the respective purposes; these recipients can then process it for the specified purposes:
– Data processors – We transmit your personal data to certain third parties, whether affiliated or unaffiliated, that process your data on behalf of HCMMEA under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process your personal data only as instructed.
– The current data processor for the Genesis Account is as below:
| Company Name | Address |
|---|---|
| Hyundai AutoEver | 510, Teheran-ro, Gangnam-gu, Seoul, Republic of Korea |
| Hyundai AutoEver Middle East and Africa | 1301, The Onyx Tower1, The Greens. Dubai, UAE |
| Hyundai Motor Company | 12, Heolleung-ro, Seocho-gu, Seoul, Republic of Korea |
| Hyundai Middle East and Africa | 2501, U-Bora Tower, Business Bay, Dubai, United Arab Emirates (P.O. Box 34406) |
| Cupola Teleservices | Ground Floor, Building 8, Dubai Outsource City, Dubai, United Arab Emirates (P.O. Box 500220) |
Our data storage will be located within European Union primarily in Germany, and/or the United Arab Emirates, depending on our service hosting arrangements and operational requirements.
We also share your personal data with other Hyundai entities and service providers, who are located outside the jurisdiction in which you reside.
Such transfers are necessary for reasons including, but not limited to, providing the Services, IT infrastructure, data storage and Services administration.
Whenever we transfer personal data outside of the jurisdiction you reside, we ensure that the personal data is transferred in accordance with this Privacy Notice and as prescribed by the applicable laws. For example, where required, we enter into data transfer agreements which include standard contractual clauses adopted by the relevant competent authority, or take other measures to provide an adequate level of data protection.
-
8.1. Your personal data is stored by HCMMEA and/or our service providers solely to the extent that is necessary to meet our obligations, and only for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws.
When HCMMEA no longer needs to process your personal data, we will erase it from our systems and/or records, and/or take steps to properly anonymise it so that you can no longer be identified from the data, unless we need to keep your information in order to comply with legal or regulatory obligations to which HCMMEA is subject, e.g. personal data contained in contracts, communications and business letters may be subject to statutory retention requirements. -
8.2. There are specific storage periods for the following items:
- Voice recognition: voice samples and GPS coordinates, see Section 4.3.5 above, are anonymized and stored for up to 90 days.
- My trips: the information about your vehicle usage provided in “My trips” is available for up to 90 days.
- 8.3. Termination of account: If you choose to terminate your account, e.g. by setting the respective preference in the car’s infotainment system or in the App’s menu under “My Account”, all personal data related to your account will be deleted, unless retention periods apply, see Section 8.1 above.
If you have given your consent to the processing of your personal data, you can withdraw your consent at any time with effect for future processing.
Such a withdrawal will not affect the lawfulness of the processing that took place prior to your withdrawal of consent.
The distributor from which you have acquired your vehicle shall be the contact point for any request by data subjects concerning the processing of personal data in connection with this Privacy Notice and its appendix.
However, you shall remain entitled to exercise your rights under the applicable data protection law with respect to and against each controller.
Pursuant to applicable data protection law, you have the following rights with respect to the processing of your personal data.
Please note that these rights might be limited under the applicable national data protection law.
9.1. Right to be informed: You are entitled to information regarding how we process your personal data, which we provide to you in this Privacy Notice.
9.2. Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to your personal data.
This information includes – inter alia – the purposes of the processing, the categories of your personal data, and the recipients or categories of recipients to whom your personal data has been or will be disclosed.
However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You also have the right to obtain a copy of the personal data about you that is being processed.
9.3. Right to rectification: You have the right to the rectification of any inaccurate personal data concerning you.
Depending on the purposes of the processing, you have the right to have incomplete personal data updated, including by means of providing a supplementary statement.
9.4. Right to erasure (“right to be forgotten”): Under certain circumstances, you have the right to the erasure of your personal data and we may be obliged to erase your personal data.
9.5. Right to withdraw consent: If your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time by withdrawing from the services contract. In this case, your personal data will no longer be processed for such purposes by us. In such cases, please note that the provision of the relevant services requiring the processing of your personal data will also cease.
9.6. Right to complain: If you have any concerns or complaints regarding how we process your personal data, please contact us using the details at the start of this Privacy Notice so we can help resolve these. If you are not satisfied with how we have processed your complaint, you may also have the right to make a complaint with the competent data protection supervisory authority in your country of origin. For the Kingdom of Saudi Arabia, this is the Saudi Data and AI Authority (their website with contact details is accessible at: sdaia.gov.sa).
Unless otherwise stipulated by law, you will not be required to pay any fees in return for exercising these rights.
You are under no statutory or contractual obligation to provide us with your personal data.
In addition, you do not need to provide your personal data for the conclusion of a contract. However, if you do not provide your personal data, it is possible that the usability of our Services will be limited for you.
You may choose to deactivate online mode by setting the respective preference.
If online mode is turned off (offline mode), all GCS functions are disabled and no personal data, in particular no geolocation data (GPS coordinates), is collected for GCS and an offline mode icon is displayed at the top of the infotainment system screen in the vehicle.
We may change and/or supplement this Privacy Notice from time to time in the future.
Such changes and/or supplements may be necessary due to the implementation of new technologies or the introduction of new services in particular.
We will publish the changes on our websites and/or in your car’s infotainment system and in the App.
Such changes and/or supplements may be necessary due to the implementation of new technologies or the introduction of new services in particular.
We will publish the changes on our websites and/or in your car’s infotainment system and in the App.
13.1. United Arab Emirates Specific Terms
If you are a user of our Services in the United Arab Emirates (”UAE”), the below additional/clarified terms: (a) are incorporated into this Privacy Notice; (b) apply to your use of the Services, and (c) supersede and control over any conflicts in the rest of this Privacy Notice to the extent of any inconsistency. All definitions used herein have their meanings assigned to them in this Privacy Notice.
13.1.1. Section 4.1.1 (PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA):
Where we refer to processing being necessary for the purposes of our legitimate interests or those of third parties, to the extent legitimate interests is not recognized as a valid legal basis under UAE data protection laws, our legal basis for processing is based on an alternative legal basis. For example we may rely on contractual necessity or we may seek your consent for the processing.
13.1.2. Section 7 (IS MY DATA TRANSFERRED ABROAD?) Is updated to read as follows:
Whenever we transfer personal data outside of the UAE, we ensure that the personal data is transferred in accordance with this Privacy Notice and as prescribed by the applicable laws in the UAE.
13.2. State of Kuwait Specific Terms
If you are a user of our Services in Kuwait, the below additional/clarified terms: (a) are incorporated into this Privacy Notice; (b) apply to your use of the Services, and (c) supersede and control over any conflicts in the rest of this Privacy Notice to the extent of any inconsistency. All definitions used herein have their meanings assigned to them in this Privacy Notice.
13.2.1. Section 4.1.1 (PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA).
The following should be added as the last paragraph of Section 4.1.1:
“The above notwithstanding, it is understood that we can also collect and process your personal data in connection with our Services only in so far as
• you have provided your consent to the collection and processing of the data.
• the collection and processing is required by Kuwait laws or regulations and we are complying with any applicable laws and/or regulations”.
13.2.2. Section 4.1.2 (PROCESSING FOR OTHER PURPOSES)
This Section should be read so that the legal basis for collecting data in addition to the legitimate interest of HCMMEA is the reliance on the consent given by the user and/or that there is a legal obligation on the part of HCMMEA to collect/process the data.
13.2.3. Section 4.3.8.1 (VEHICLE SYSTEM OTA UPDATE)
The last paragraph should be replaced with the following:
“We process your personal data for the purpose of complying with the legal obligations of the vehicle manufacturer (e.g. in the area of product safety requirements) as well as for performing our Services and based on your consent, in order to effectively steer our OTA update processes”.
13.2.4. Section 4.3.10 (LIKE FEATURE)
The last sentence should be replaced with the following:
“We process the personal data to perform our Service after having obtained your consent for the processing of said data.”
13.2.5. Section 4.4.3 (CAR SHARING)
Paragraph 5 should be revised to read:
“We process the personal data for sharing the remote Services for the purpose of performing our Services, in connection with our legitimate interests in delivering our Services and subject to your providing the consent to the processing of such data.
13.2.6. Section 4.4.8 (FIREBASE CRASHLYTICS)
Paragraph 6 should be replaced with the following:
“We process your personal data for these purposes based on our legitimate interest to ensure and optimise the security and stability of our app and Services – and subject to your providing consent to the collection of the relevant data.”
13.2.7. Section 4.5 (DATA ANALYSIS FOR PRODUCT IMPROVEMENT AND DEVELOPMENT)
The legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in improving the Services and developing new products and services; e.g. to identify technical malfunctions, analyse the performance of the vehicles or provide enhanced products or customer services as well as the provision of your consent in processing the relevant data.
13.2.8. Section 4.6 (PROCESSING OF DATA FOR PURPOSES RELATING TO VEHICLE CYBERSECURITY)
The second to the last paragraph should be replaced with the following:
“Insofar as such processing is not necessary for compliance with our legal obligations in the area of cybersecurity, the legal basis for the processing of your data for these purposes is the legitimate interest of HCMMEA in monitoring our vehicles in order to ensure and improve the security of our products and the provision of your consent in processing the relevant data.”
13.2.9. Section 12 (HOW CAN THIS PRIVACY NOTICE BE CHANGED?)
The first paragraph should be replaced with the following: We may change and/or supplement this Privacy Notice from time to time in the future and would require your consent to the amendment of the Privacy Notice.
13.3. State of Qatar Specific Terms
If you are a user of our Services in Qatar the below additional/clarified terms: (a) are incorporated into this Privacy Notice; (b) apply to your use of the Services, and (c) supersede and control over any conflicts in the rest of this Privacy Notice to the extent of any inconsistency. All definitions used herein have their meanings assigned to them in this Privacy Notice.
13.3.1. Section 4.1.1 (PROVISION OF THE GENESIS CONNECTED SERVICES AND LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA) is updated to read as follows:
Where we refer to processing being necessary for the purpose of performing a service or for contractual necessity, to the extent that such purpose is not recognised as a valid legal basis under Qatar data protection laws, our legal basis for processing is based on an alternative legal basis. For example, we may rely on the basis of legitimate interest, or we may seek your consent for the processing.
Furthermore, where we rely on our legitimate interest or of a third party to whom such data is sent, we confirm that prior to relying on such legal basis a prior assessment is made to ensure that your interests outweigh these legitimate interests under the particular circumstances.
13.3.2. Section 9 (WHAT RIGHTS DO I HAVE AND HOW CAN I EXERCISE THEM?) is updated to read as follows:
Under Qatar’s data protection laws, you have the following rights:
1) the right to protection and lawful processing;
You have the right to have your personal data protected and lawfully processed.
2) the right to withdraw consent;
You have the right to withdraw your consent at any time by contacting us at: GCSsupport@genesis-mea.com or +971-4-543-6999
3) the right to object to processing in certain circumstances;
You have the right to object in the following situations:
i. when the processing of the personal data is not necessary to achieve the purposes for which it was originally collected;
ii. when decisions are made about a data subject based solely on the automated processing of their personal data, and this processing leads to discriminatory outcomes;
iii. where a controller is processing personal data:
o beyond the extent required;
o in a way that is discriminatory;
o unfair; and/or
o illegal.
4) the right to erasure;
You can at any time ask us to delete some or all of your personal data in certain circumstances.
5) the right to request correction;
You have a right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.
6) the right to be notified of processing;
You have with the right to be informed about the collection and use of your personal data upon request.
7) the right to be notified of inaccurate disclosure;
You have the right to be notified when a third party has been given inaccurate information concerning your personal data.
8) the right to access their personal data; and
You have the right to obtain a copy of the personal data we hold on you.
9) the right to make a compliant to the regulator
You have the right to make a complaint to the regulator by contacting them at:
National Cyber Governance and Assurance Affairs,
National Cyber Security Agency (NCSA),
P.O. Box 24100,
Wadi Al Sail Street,
Doha, Qatar
E-mail: privacy@ncsa.gov.qa
13.4. Kingdom of Bahrain Specific Terms
If you are a user of our Services in the Kingdom of Bahrain, the below additional/clarified terms: (a) are incorporated into this Privacy Notice; (b) apply to your use of the Services; and (c) supersede and control over any conflicts in the rest of this Privacy Notice to the extent of any inconsistency. All definitions used herein have their meanings assigned to them in this Privacy Notice.
13.4.1. Legal Basis for Processing: Where we refer to processing being necessary for the purposes of our legitimate interests or those of third parties, to the extent that this is not recognized under Bahraini law, we will instead rely on contractual necessity or obtain explicit consent where required.
13.4.2. Cross-Border Data Transfers: Personal data may only be transferred outside Bahrain where the receiving country provides an adequate level of data protection, as determined by Bahraini authorities. If the transfer is to a country not recognized as adequate, HCMMEA will ensure appropriate safeguards are in place, such as contractual mechanisms, explicit consent, or prior regulatory approval.
13.4.3. Data Subject Rights: In addition to the rights set out in this Privacy Notice, Bahrain-based users have the right to object to processing, restrict processing, withdraw consent, and be notified in the event of a data breach where required by law.
13.4.4. Data Retention: HCMMEA will only retain personal data for as long as necessary to fulfill the purpose for which it was collected. Once that purpose is achieved, or if retention is no longer legally required, the data will be immediately and securely deleted or anonymized.