XPENG – Official Website | XPENG Motors – XPENG (Global)
  1. Xpeng Privacy Policy
  1. Home
  2. Privacy Policy
PRIVACY POLICY

XPENG takes privacy issues very seriously and we are fully committed to protecting your privacy. In this Privacy Notice we describe who we are, how and for which purposes and on what legal basis we process your personal data through XPENG website and App, as well as your experience at stores, or contact us via phone or email, etc., how you can exercise your privacy rights and all other information that may be relevant to you. A reference to “XPENG,” “we,” “us” is a reference to XPENG European Holding B.V. and its relevant affiliates involved in the collection, use, sharing, or other processing of Personal Data.

We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Notice, you can of course always contact us through the contact details provided at the end of this Privacy Notice.  

This Privacy Notice may be changed over time. The last modifications to this Privacy Notice have been made on 14/03/2024.

1. WHEN DOES THIS PRIVACY NOTICE APPLY?

This Privacy Notice is applicable to the processing of personal data in relation to the use of XPENG App, website, or the experience in XPENG stores. This Privacy Policy does not address the processing of personal data of applicants or employees in the context of their employment relationship with XPENG.

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

This Privacy Notice applies to the processing of personal data where XPENG acts as a controller in the sense of applicable data protection laws. . This Privacy Notice indicates what personal data are collected and used (processed) by XPENG and for what purpose, and to which persons or entities the data may be provided.

3. WHAT PERSONAL DATA DO WE COLLECT?

When we provide our services, we have a need to process personal data. We typically process the following personal data when you use our APP or website, visit our stores, or contact us via phone or email, etc.:

· Your basic information: your first name, last name, ID number, preferred salutation, and contact information such as your address, zip code, city, region, country, phone number, email address.

· Your XPENG account information: your user ID, username, Google/Facebook account (if you use Google/Facebook account to sign in), phone number and email address associated with the account, password.  Your phone’s camera permission is required to enable you to scan the QR code on your vehicle display screen to log in XPeng vehicle account.

· Device information: device name, device type, OS version, screen resolutions, system language, device ID, MAC address, IP address, cookie ID, Bluetooth ID, device motion status (if you use XPENG APP Polling through an Android device, the device motion status is verified in real-time in your device to ensure the effectiveness of the function), and other information related to your device. 

· Vehicle information: Vehicle Identification Number (VIN), vehicle model, registration number, vehicle conditions, Bluetooth ID, ICCID, other unique device identifiers.

· Vehicle telematics data: telematics data regarding the performance, usage, operation, and condition of your XPENG vehicle, including A/C and temperature, speed, status of doors, windows, and ports, charging and battery status, mileage, Bluetooth connectivity status.

· Location information, such as the location of your XPENG vehicle, and your location for finding the nearest stores or charging station, as well as locations you have saved on the app. We may use third party map applications (such as Google Maps) to help you verify your location.

· Appointment or service history: including reservations, test drive appointments, vehicle repair history, warranty claims, service records, and any other information related to your service appointments or requests.

· Order information: your purchase information, order agreement, and other documents related to your delivery, such as government-issued ID.

· Communication and interactions information, such as customer service records, satisfaction surveys, customer feedback, your request details, and images you uploaded (if you choose to)

· Financial information, including payment method, bank card information payment status, amount, VAT number, invoice, information about financing, leasing or credit application.

· Insurance information: If you want us or our authorized dealers to provide insurance brokerage, we or our dealers will need to collect your name, your government-issued ID, contract information, vehicle identification number (VIN), and any other information related to your insurance to fulfill your request.

· Job application data: including employment and education information, date of birth, nationality, background check information, resume details, cover letters or work samples.

· Analytics data: aggregated data regarding app and website users’ UI behaviour, usage and performance. We may use third party applications (such as Google Analytics) to realize this function.

4. HOW DO WE USE YOUR PERSONAL DATA?

We use personal data to manage our service and meet your information requests, to understand the use of our XPENG APP and website use, and to make our products and services as effective as possible.

To realize our product functions and services:

Data Processing Purposes

Type of Personal Data

Legal Basis for Processing

To create and activate your XPENG account

· Your username, password, email, phone number, or Google/Facebook account relate to your XPENG account

· Vehicle information

· Performance of a contract with you

To fulfill and complete your orders, including reservations, orders and pre-orders, leasing, fleet sales, and other transactions entered with us

· Your basic information, including contact information

· Order information

· Financial information

· Performance of a contract with you

To provide connected-vehicle service through XPENG APP 

· VIN and User ID

· Vehicle telematics data (such as mileage, battery, speed)

· Bluetooth information (such as MAC address, Bluetooth ID, connectivity status)

· Location data

· Device motion status (if applicable)

· Performance of a contract with you

Vehicle authorization (authorize others to remote control your XPENG vehicle via XPENG App)

· User ID

· VIN

· Contact information of your authorized person

· Virtual identification and authentication

· Authorization status

· Performance of a contract with you

To provide you with charging service

· Location data

· Vehicle telematics data (such as battery and charging status)

· Order information

· Performance of a contract with you

To handle bills, invoices, and taxation

· Your basic information, including contact information

· Order information

· Financial information

· Performance of a contract with you

· Necessary to comply with a legal obligation

To provide you with XPENG Trade-in service

· Your vehicle information, including VIN, vehicle model, registration number, vehicle conditions

· Your contact information

· Performance of a contract with you

To provide insurance or finance solutions for you (upon your request)

· Your basic information, including contact information

· Insurance contract information

· Financial information

· Vehicle and device information

· Necessary in order to take steps at your request prior to entering into a contract

Note: If you choose a direct payment gateway to complete your purchase, then our authorized payment provider collects and stores your bank card data.  Adyen’s Privacy Policy.


To communicate with you:

Data Processing Purposes

Type of Personal Data

Legal Basis for Processing

To fulfill requests or service appointments you make to us, including test drives, service and event appointments, partnership requests.

· Your basic information, including contact information (note: we may contact you to confirm your booking or request)

· Order information

· Appointment or service history (such as appointment details, customer service history)

· Performance of a contract with you or necessary in order to take steps at your request prior to entering into a contract

· Necessary for our legitimate interests: to administer customers inquiries and requests

To respond to any feedback, requests, questions, or complaints you may have regarding our products and services (in person, online, telephone, email, etc.)

· Your basic information, including contact information

· Order information

· Communication and interactions information, including your request details, and images/files you uploaded (if you choose to).

· Performance of a contract with you or necessary in order to take steps at your request prior to entering into a contract

· Necessary for our legitimate interests: to administer customers inquiries and requests

Sign up for XPENG marketing communications

· Account information

· Order information

· Where you have provided your consent

Advertising and marketing purposes, including displaying online ads based on your online profile and analysing the effect of such online marketing campaigns. We may use cookies and similar technologies (“cookies”) for this. Some cookies create unique identifiers and may collect data while you are using our websites or applications or other content, which help us to personalise content or advertisements. Read our Cookie Policy for more information about cookies.

· Online identifiers

· Device-related information

· Cookies

· Where you have provided your consent, to the extent that the processing is not permitted on a legitimate interest basis

To participate in surveys about your experience with our products and services

· Account information

· Contact information

· Survey or feedback details

Necessary for our legitimate interests: to understand, analyze and improve customer experience

Process job candidates’ personal data to evaluate applications for employment 

Job application data (including name, contact details, employment and education information, CV)

Necessary to take steps at your request prior to entering into a contract


To understand and improve our products and services, or to ensure information security.

Data Processing Purposes

Type of Personal Data

Legal Basis for Processing

To detect and defend against unauthorized access to data, and to enhance information security

· Device information

· Network activity information

Necessary for our legitimate interests: to protect the confidentiality, integrity, and availability of IT systems

To upload crash logs for troubleshooting

· Account information

· Relevant crash logs

Where you have provided your consent

To understand and analyze app and website UI behaviour and usage, so as to improve our services. We also use cookies like Google Analytics to collect usage data of our app and website; we only use this kind of analytics tools to understand usage and effectiveness of our online services. To know more about how Google Analytics process data, please see: https://policies.google.com/privacy?hl=en-US 

· Analytics data (aggregated data on UI behaviour, usage and analytics of app and website. Some of this data is shared with Google Analytics)

Necessary for our legitimate interests: to understand, analyze and improve customer experience

Where you have provided your consent (website cookies)

Other circumstances

Data Processing Purposes

Type of Personal Data

Legal Basis for Processing

To demonstrate compliance with regulatory requirements

· Contact information

· Order information

· Vehicle information

Necessary to comply with a legal obligation

To prevent thefts, and to ensure safety in Stores

· Video images captured through CCTV

Necessary for our legitimate interests: to monitor the security of store assets and ensure Data Subjects’ safety


5. HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?

We retain the information we collect from or about you for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you. When determining this retention period, we take into account various criteria, including the type of services requested by or provided to you, the nature of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, and retention periods required by law.

We will take reasonable and appropriate measures to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction. However, please note that no security measures can be 100% secure and perfect, and in the unfortunate event that a Personal Data security incident occurs, we will report it promptly and take remedial measures in accordance with the requirements of the law and regulatory authorities.

If you sell or transfer your vehicle to another person, please inform us promptly so that we can determine whether additional steps are needed to be taken to avoid disclosing Personal Data from or about you to the purchaser or transferee of the vehicle.

6. DATA CROSS-BORDER TRANSFER

XPENG is a global company. Your personal data is stored within the European Economic Area (EEA), but your personal data might be accessed from XPENG’s affiliates outside of the EEA for the provision of services, such as IT system operations and maintenance. With respect to personal data transferred outside the EEA, we comply with applicable data protection laws providing adequate safeguards for the transfer of personal data to countries outside of the EEA. Before each transmission, we analyze the transmission scenarios and the risks they may pose before deciding whether to transmit. We use Standard Contractual Clauses as transfer tool to implement the cross-border transfer of your personal data; we also implement technical, organizational, and contractual measures to ensure lawful data international transfer.

If you want to know more information about the international transfers of personal data, you may contact us according to the instructions in “How to Contact us” section below.

7. HOW DO WE SHARE YOUR INFORMATION?

We will not sell your Personal Data to anyone at any time for any purpose. We will only share your Personal Data in the following ways:

a) Share with XPENG’ s affiliates. We may share information with XPENG’s relevant affiliates. Your information may be shared within XPENG’s affiliates only for explicit, and legitimate purposes, and the sharing is limited only to information required by services.

b) Share with our service providers or business partners: We may share your personal data with our service providers and business partners when it is required to perform services on our behalf, for instance, our authorized dealers, customer service providers, roadside assistance providers, payment processors, leasing service partner, recruitment service provider, event/campaign organiser, analytics service provider, third parties you authorized, and other professional service providers. We will sign strict data processing agreements based on applicable data protection laws with third-party entities receiving your personal data, requiring them to take necessary security measures and properly handle your personal data.

c) Share with persons you’ve authorized: If you authorize someone else to use your vehicle or authorize someone else’s account to be bound to your vehicle, your personal data may be accessed by third parties that you authorize, and you should exercise caution when making such authorizations.

d) Share with other third parties as required by law or otherwise: We may, in our sole discretion, transfer or disclose information, including information that does or does not identify you, to a third party when:

· It is required by European law;

· It is required by government departments and the judiciary authorities for European law enforcement purposes;

· It is required to handle emergencies;

· It is required to prevent or stop possible illegal, unethical practices.

· It is required to protect our products and services, and the personal and property safety of third parties or the public.

8. WHAT ARE YOUR RIGHTS IN RELATION TO THE DATA PROCESSING WE PERFORM?

As a data subject, you have specific legal rights granted by the General Data Protection Regulation (GDPR) relating to the personal data we process about you. We enable you to access and control the data that we collect, use and share from or about you, or your use of services.

a) Electronic or text communications: If you no longer want to receive marketing-related communications, you may opt out of receiving them by clicking the unsubscribe button in the emails, or to adjust your preference on XPENG APP. Please note that we may still send you important safety messages/calls or product service issues even if you opt out of receiving marketing messages. 

e) Data subject rights: You have the right to request access to and receive information about your certain data we maintain, to update and correct inaccuracies in that information, to restrict or delete the information, to object to or withdraw your authorization to use the information in a certain way. You may also have data portability right with respect to the data you voluntarily provide to us. If you want to exercise the aforementioned rights, you may contact us according to the instructions in “How to Contact us ” section below.

(f) You can also lodge a complaint to your local data protection authority in the EEA. However, we will appreciate if you first contact us to try and solve your problem – you can find our contact details below.


9. PRIVACY OF CHILDREN

We do not knowingly collect or use any Personal Data from children (we define ‘children’ as minors younger than 16) without prior, verifiable consent which is given or authorized by the holder of parental responsibility over the child. We do not knowingly allow children to order our vehicles, communicate with us, or use any of our online services.

If you become aware that a child has provided us with Personal Data, please contact us as indicated in the “How to contact us” section below. We will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required by law.

10. HOW TO CONTACT US?

You can exercise your data subject rights in relation to us by filling out this form, which will help us to deal with your request properly.

For questions or comments, please contact us.

Contact our EU Legal department by email: data-privacy@xiaopeng.com; 

Or contact XPENG European Holding B.V. at Hoogoorddreef 11, 1101BA, Amsterdam, the Netherlands.

11. HOW WILL WE UPDATE THIS NOTICE?

We may update this Privacy Notice according to changes in our business functions and measures concerning the protection of personal data. If we make changes to this Privacy Notice, we will update it through our website or App. Where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice to ensure you have the opportunity to exercise any data subject rights.