Veoneer’s Privacy Notice for Customers, Suppliers and Others
Last updated on 7.4.25
In this Veoneer Safety Systems Privacy Notice for Customers, Suppliers and Others (“Notice”), references to “Veoneer”, “we”, “us” and “our” will mean the member within the Veoneer group of companies (for contact details please read “Questions and queries” below) that has formally engaged with you or your employer as a supplier or partner, or that you are a customer of or is otherwise in contact with (collectively referred to as “you/r” unless the context provides for a different interpretation).
Veoneer US Safety Systems, LLC and its group companies will collectively be referred to as the “Group”.
Why do we inform you?
We know that your privacy and how your personal data is used is important to you. This Notice outlines in detail how we collect, process, use and transfer (collectively “process”) your personal data.
Personal data is information that relates to an individual who can be identified from that information, whether or not in conjunction with any other information. Common examples of personal data processed by Veoneer in its day to day business include name, address, telephone number and other contact details.
Who is the data controller?
The data controller is Veoneer, meaning that we determine how and the reason why your personal data is processed. For contact details, please read “Questions and queries” below. Where we have appointed a data protection officer (DPO), you may contact the DPO via the contact details provided in “Questions and queries” below.
Processing of your personal data
How and why do we process your personal data?
The personal data we collect from you, your employer or via our systems help us manage the contractual relationship with you or your employer, e.g. for payment of invoices for deliveries or work that has been performed, for our contact with you and your employer but also to comply with our legal obligations or to conduct our business. The personal data we collect, the legal basis for our processing and the purpose of the processing are detailed below. Please note that the personal data processed may vary depending on your relationship with us. Please note also that personal data in the below table may be processed by different companies within the Group. Sometimes, these activities are carried out by third parties, including other members of the Group (see “Does Veoneer share personal data with others?” below).
|
Personal data |
Legal basis |
Purpose of processing |
|
Data to administer supplier and customer registers or relationships
Name of contact persons, company, phone number, email and company address, title, department and function |
It is necessary for the performance of, or to take steps for entering into, our contract with you or your employer or necessary for our legitimate interest to develop our business and to communicate with our contacts. |
This is required to enable us to administer the contractual relationship with you or your employer to, for example communicate with you, provide our products and services, receive your products or services, manage accounting and invoicing. The data can also be used for business development and statistics, based on our legitimate interest to develop our business and to communicate with our contacts. |
|
Communication data, for example email correspondence |
It is necessary in order for us to communicate within our cooperation or assignment. |
This is required in order for us to fulfill our obligations under the contract between us and you, or your employer, or it is necessary for our legitimate interest to communicate with you within our cooperation or assignment. |
|
Marketing preferences and areas of interest |
Based on your consent. |
If you have provided your consent we may send you newsletters, campaigns or other information that we believe that you will be interested in. |
Where does Veoneer obtain my personal data from?
Most of the personal data we process is obtained from you or your employer when we enter into an agreement with you or your employer, when we perform or receive an assignment, or when we otherwise communicate as part of a cooperation or potential cooperation. We may also obtain data during the time of the work or assignment. For other data types of personal data, we may obtain it as a result of you being on our premises or using our systems (for example using MS Teams).
In some circumstances, we may request your explicit consent to process (specific types of) personal data. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave your consent or via the contact details below (see “Questions and queries”).
Does Veoneer share personal data with others?
Our Group Companies
Personal data will only be shared across the Group in certain circumstances and where it is lawful to do so. It may be necessary to share your personal data with other members of the Group, which includes a potential holding company and its subsidiaries for the purposes of our business management. Access rights between members of the Group are limited and granted only on a need to know basis, depending on job functions and roles.
Service Providers
We use third party service providers who provide services including IT services, audit and security services. In providing the services, your personal data will, where applicable, be processed by the service provider on our behalf.
We will control any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We will have written contracts with them which provide warranties regarding the security of your personal data as well as warranties that they comply with our data security standards, data protection policy and international transfer restrictions.
Disclosure to third parties
In certain circumstances, we share and/or are obliged to share your personal data with third parties outside the Group, for the purposes described above and in accordance with the applicable laws. These third parties include:
- administrative authorities (tax authorities and enforcement authorities)
- financial institutions
- insurance providers
- police, public prosecutors
- external advisors
Does Veoneer transfer personal data to countries outside the EEA?
We may also transfer your personal data we process to a country outside the European Economic Area (”EEA”), for example, when one of our service providers use staff or equipment based outside the EEA or when a company within our Group is located outside the EEA. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights. We ensure that your privacy is protected by an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses. If you would like to see a copy of any relevant provisions, please contact us (see “Questions and queries” below).
How is my personal data secured?
Veoneer operate state of the art IT security systems to protect the confidentiality, integrity and availability of your personal data. We have in particular taken appropriate security measures against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data. Access is only granted on a need-to-know basis to those people whose roles require that they process your personal data.
How long does Veoneer store my personal data?
We will store your personal data for as long as we need it to fulfil the purposes for which it was collected (see above) and in order to comply with legal and regulatory requirements. This may mean that some information is held for longer than other information. If you would like further information about our data retention practices, please refer to our Data Retention Notice.
What are my rights under applicable data protection laws?
You have various rights which you can enforce, including the right to be informed in accordance with this Notice. The below table provides a summary of the rights that the law entitles you to. The table also includes information on possible conditions and limitations on how the right can be exercised and how your right can be executed.
|
Your right |
What does it mean? |
How do I execute this right? |
Conditions to exercise? |
|
Right of access |
You have the right to access to the personal data that we have on you. |
Requests for such information should be made in writing to
If possible, you should specify the type of information you would like to see to ensure that our disclosure meet your expectations. |
We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other staff. |
|
Right of data portability |
You may be entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format. |
Requests for such information should be made in writing to
If possible, you should specify the type of information you would like to see to ensure that our disclosure meet your expectations. |
The GDPR does not establish a general right to data portability but if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not paper records) you can exercise this right. The right includes only personal data that you have provided to us. Hence, the right does not apply to personal data generated by us. |
|
Rights in relation to inaccurate personal or incomplete data. |
You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate. |
We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number. A request to use this right is made in writing to |
This right only applies to your own personal data. When exercising this right, please be as specific as possible. |
|
Right to object to or restrict our data processing of your personal data. |
You have the right to object to or ask us to restrict the processing of your personal data. |
Requests should be made in writing to [email protected] |
This right applies only if the processing of your personal data is explicitly based on our so-called legitimate interests (see “How and why do we process your personal data?” above). Objections or request for restrictions must be based on grounds relating to your particular situation. This means that your request for the objection or restriction cannot be generic or too general. |
|
Right to have personal data erased |
You may be entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful. |
Requests should be made in writing to [email protected] |
There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation,
(ii) in case of exercising or defending legal claims,
(iii) where we have to comply with legal archiving obligations, or
(iv) where the personal data is necessary for the performance of our contract with you. |
|
Right to withdrawal |
You have the right to withdraw your consent to any processing for which you have previously given consent to. |
Requests should be made in writing to [email protected] or as instructed when you gave your consent. |
If you withdraw your consent it will only take effect for the future. |
Questions and queries
If you would like further information about our processing of your personal data, your rights, including rights about access to data and correction of inaccurate data, please contact your contact person with us or send an email to [email protected] .
You can also contact our Data Protection Officer via email to [email protected] .
If you find that our processing is in breach of this Notice or applicable laws, please feel free to contact us but also know that you can always lodge an official complaint with the competent authorities.
The Lead Supervisor Authority for Veoneer Group is in Sweden (Datainspektionen [email protected] )
Changes to this Notice
We may decide to change this Notice. If the change is indicative of a fundamental change to the nature of the processing (e.g. enlargement of the categories of recipients or introduction of transfers to a third country) or a change which may not be fundamental in terms of the processing, but which may be of great importance to you, then the updated Notice will be provided to you well in advance of the change actually taking effect. We send them to you via e-mail or publish them on our website so that you will be aware of the changes. When notifying you of such changes, we will also explain what the likely impact of those changes on you will be, if any.
