skip to the main content

Privacy Policy

Kia Corporation or its subsidiaries (“we”, “us”, or “our”) respect your privacy and will strive to protect the confidentiality of your Personal Data. This Privacy Policy explains our policies and practices including why we collect your Personal Data, how we use it and how we safeguard it. Please read this Privacy Policy carefully to protect your rights.

Who We Are

This Privacy Policy is issued by Kia Corporation and is addressed to individuals outside of our organization with whom we interact, including customers making, or enquiring about, a reservation for a vehicle, visitors to our Site, and personnel of corporate customers, distributors and dealers (together, “you”). Defined terms used in this Privacy Policy are explained in the Definitions section below.

This Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Privacy Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Privacy Policy.

Why We Collect Personal Data And Our Legal Bases For Processing

The purposes for which we Process your Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:

Why We Collect Personal Data And Our Legal Bases For Processing
Processing activity Legal basis for Processing
  • Responding to enquiries: responding to your enquiries and enquiries from third parties.
  • he Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us, ; or
  • We have a legitimate interest in carrying out the Processing for the purpose of providing our Site or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Provision of the Site and services: providing our Site and services, providing promotional items upon request; and communicating with you in relation to our Site and services.
  • The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us,; or
  • We have a legitimate interest in carrying out the Processing for the purpose of providing our Site or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Operating our business: providing content to you; displaying advertising and other information to you; communicating and interacting with you via our Site, or our services; and notifying you of changes to our Site or our services.
  • The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or
  • We have a legitimate interest in carrying out the Processing for the purpose of providing our Site, or our services to you (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Communications and marketing: to promote our products and services and those of our selected partners through marketing, advertising, and sponsorships; communicating with you via any means (including via email, telephone, text message, social media, post or in person) to provide news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
  • The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us inlcuding the Reservation Agreement and Payment Terms; or
  • We have a legitimate interest in carrying out the Processing for the purpose of contacting you, subject always to compliance with applicable law (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Product safety communications: communications in relation to product safety, including product recalls and product safety advisory notices.
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing for the purpose of ensuring the safety, and proper use, of our products (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
  • Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing for the purpose of managing and maintaining our communications and IT systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
  • Financial management: sales; finance; corporate audit; and vendor management.
  • We have a legitimate interest in carrying out the Processing for the purpose of managing and operating the financial affairs of our business (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Surveys: engaging with you for the purposes of obtaining your views on our Site or our services
  • We have a legitimate interest in carrying out the Processing for the purpose of conducting surveys, satisfaction reports and market research (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Legal compliance: compliance with our legal and regulatory obligations under applicable law.
  • The Processing is necessary for compliance with a legal obligation.
  • Improving our Site, products and services: identifying issues with our Site or our associated services; planning improvements to our Site, products, or our services; and creating new Sites, products, or services.
  • We have a legitimate interest in carrying out the Processing for the purpose of improving our Sites, products, or our services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
  • Establishment, exercise and defence of legal claims: management of legal claims; establishment of facts and claims, including collection, review and production of documents, facts, evidence and witness statements; exercise and defence of legal rights and claims, including formal legal proceedings.
  • The Processing is necessary for compliance with a legal obligation;
  • We have a legitimate interest in carrying out the Processing for the purpose of establishing, exercising or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
  • The Processing is necessary for the establishment, exercise or defence of legal claims.

We will not Process your Personal Data other than for the purposes described above.

When we wish to change or make additions to the purposes described above, we will take all necessary measures to comply with the relevant laws and regulations.

Personal Data that We Collect

We Process Personal Data that is reasonably necessary for the purposes described above including:

  • Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent);
  • Data relating to our Site: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to our Site; username; password; security login details; usage data; aggregate statistical information.
  • Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
  • Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.

We do not seek to collect or otherwise Process Sensitive Personal Data. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.

Third Parties that May Receive Your Personal Data

We may share your Personal Data with third parties (e.g., Personal Data Processors). In particular, we may share your Personal Data with the following recipients for the purposes set out in this Privacy Policy.

Third Parties that May Receive Your Personal Data
Recipients Roles (Purpose of access)
Regional Kia Subsidiaries, Kia Uvo Connect GmbH, Kia Dealers, and Kia distributors to contact you and notify you of product information

We may disclose your Personal Data to third parties listed in the table above so that they can perform their roles as described above. Third parties shall be subject to contractual obligations to implement appropriate technical and organizational measures to safeguard and process your Personal Data as instructed.

In addition, we may disclose Personal Data to:

  • you and, where appropriate, your appointed representatives;
  • legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • our accountants, auditors, consultants, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
  • third party Processors (such as payment services providers; etc.), located anywhere in the world;
  • any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
  • any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
  • any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
  • any relevant third party provider, where our Site uses third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.

Whether Your Personal Data is Transferred Cross-Border

Your Personal Data may be transferred to countries other than your country of residence, which may have different data protection standards compared to those of your country of residence.

Please note that your Personal Data processed in a foreign country may be subject to foreign laws and accessible by foreign governments, courts, law enforcements, and regulatory agencies. However, we will take reasonable measures to maintain an adequate level of data protection when transferring your Personal Data to foreign countries.

We may transfer your Personal Data to recipients located outside of the EEA, Kia Corporation, Adobe, or Google located in Republic of Korea, Singapore or United States. If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate for such transfers. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the details provided in the Contact Us section below.

Please note that when you transfer any Personal Data directly to a Kia Corporation entity established outside the EEA, we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive such information, in accordance with the provisions of this Privacy Policy.

Your Personal Data Storage Period

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy and, if applicable, for as long as required by relevant laws and regulations.

Please note that we have the right to store your Personal Data to the extent necessary for defending against legal claims.

The criteria for determining the duration for which we will retain your Personal Data are as follows:

  1. we will retain Personal Data in a form that permits identification only for as long as:
    1. we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
    2. your Personal Data are necessary in connection with the lawful purposes set out in this Privacy Policy, for which we have a valid legal basis (e.g., where we have a legal obligation to retain your Personal Data);
  2. in addition to (1), above, we will retain your Personal Data for the duration of:
    1. any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
    2. an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),
  3. in addition to (1) and (2), above, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, such Personal Data, except to the extent that such Personal Data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:

  • permanently delete or destroy the relevant Personal Data; or
  • anonymize the relevant Personal Data.

Cookies And Similar Technologies

When you visit our Site we will typically place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We Process Personal Data through Cookies and similar technologies, in accordance with our Cookie Policy.

Direct Marketing

We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding our Site, products, or services that may be of interest to you. We also Process Personal Data for the purposes of displaying content tailored to your use of our Site or services. If we provide the Site, products, or services to you, we may send or display information to you regarding our Site, products, or services, upcoming promotions and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent to the extent required under applicable law.

unsubscribe link included in every promotional electronic communication we send or by unsubscribing online at info@kia.com. Please note that it may take up to 2 weeks to process your unsubscribe request during which time you may continue to receive communications from us. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Site, products, or associated services you have requested.

We Safeguard Your Personal Data

We have in place reasonable state-of-the-art security measures to protect against the loss, misuse, and alteration of Personal Data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary, and only authorized personnel have access to Personal Data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of Personal Data will never occur, we will use all reasonable efforts to prevent such loss, misuse, or alteration.

Your Rights

Under applicable laws and regulations, you may exercise the following rights regarding the Processing of your Relevant Personal Data:

  1. the right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Site or services, if you do not provide us with your Personal Data – e.g., we might not be able to process your reservation request without the necessary details;
  2. to request (i) information regarding whether your Personal Data is being Processed by us; and (ii) access your Personal Data, including details of the purposes of the Processing, the categories of Personal Data concerned, the data recipients and the potential retention period;
  3. to request rectification, removal or restriction of your Personal Data, e.g., because (i) it is incomplete or inaccurate; (ii) it is no longer needed for the purposes for which it was collected; or (iii) the consent on which the Processing was based has been withdrawn;
  4. to refuse to provide and – without impacting the data Processing activities that have taken place before such withdrawal – withdraw your consent to the Processing of your Personal Data at any time;
  5. to take legal actions in relation to any potential breach of your rights regarding the Processing of your Personal Data, as well as lodge complaints before the competent Data Protection Regulators; and/or
  6. to request the Personal Data concerning you which you have provided to us in a structured, commonly-used and machine-readable format be transmitted to another controller without hindrance from our side (where technically feasible).

Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:

  • the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf, where such processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR; and
  • the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Policy, or about our Processing of your Personal Data, please use the contact details provided below. Please note that:

  • in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
  • where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.

Contact Us

If you have any questions, complaints, or requests regarding the processing of your Personal Data, this Privacy Policy, or your rights, please contact us at info@kia.com.

(If you wish to contact our EU representative’s data protection officer, please send an e-mail to dpo@kia-europe.com)

Definitions

  • “Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
  • “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Notice, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
  • “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
  • “Data Protection Regulator” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
  • “EEA” means the European Economic Area.
  • “GDPR” means the General Data Protection Regulation (EU) 2016/679.
  • “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
  • “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
  • “Relevant Personal Data” means Personal Data in respect of which we are the Controller.
  • “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
  • “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
  • “Site” means any website operated, or maintained, by us or on our behalf.