Last Updated: 2024/09/01

We take privacy issues very seriously at NIO and we are fully committed to protecting your privacy. Please read this Privacy Notice carefully as it contains important information regarding how we process your personal information when you use NIO connected vehicles (“NIO Connected Vehicles”).

Since the processing of personal data depends on the functions and services you choose to activate, this Privacy Notice presents the widest extent of processing possible. Please be aware that this Privacy Notice is limited to the processing when you use NIO Connected Vehicles, it does not cover or reflect the processing of personal data in connection with your use of NIO APP or other NIO Digital Services provided on NIO websites.

Please note that any changes to the Privacy Notice will become effective as of the date of posting the revised notice.

1. Who is responsible for the processing of your personal data?

The NIO Group provides products and services related to NIO connected vehicles to different markets worldwide building a global community of users.

Blue Horizon Limited, Desk D21, Floor 14, Al Sarab Tower, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates, ("NIO", "we", "us", or "our") is responsible for the collection, processing and use of personal data in connection with your NIO Account, NIO APP and related NIO APP functions (“NIO Connected Vehicle Services”).

In some cases, we may collect and process data for certain purposes jointly with other NIO Group companies, such as NIO AUTO GENERAL TRADING LLC, NEXT USERS LIMITED, NEXTEV ELECTRICAL VEHICLE CHARGING LLC, NIO SMART MOBILITY TECHNOLOGIES LLC, NIO NEXTEV EUROPE HOLDING BV, NIO DEUTSCHLAND GMBH, NIO NETHERLANDS BV, NIO NEXTEV SWEDEN AB, NIO NORWAY AS or NIO DENMARK APS. In these cases, the respective NIO Group company will provide services to you on request such as order and delivery of goods or provision of support for your NIO connected vehicle.

2. How to Contact the controller and the Data Protection Officer?

If you have any questions about or in connection with handling of your personal data when you use your NIO Connected Vehicle or would like to complain about our handling of your personal data, please do not hesitate and contact us by using the below contact details:

3. What personal data do we process and on what legal basis?

3.1. Depending on how you interact with and use NIO Connected Vehicle Services the amount of personal data we collect, process and use will differ. Most personal data will be processed within your NIO Connected Vehicle, but some NIO Connected Vehicles services require an active internet connection and share information with NIO cloud. Within NIO Connected Vehicles Services we will collect, process and use personal data about you especially in the following cases:

• If you activate your NIO Connected Vehicle or login to your NIO Connected Vehicle
• If you switch user profile in your NIO Connected Vehicle
• If you authorize other users to use your NIO Connected Vehicle
• If you want to remotely control functions of your NIO Connected Vehicle
• If you create a Bluetooth/NFC key, to use your NIO Connected Vehicle without a key fob
• If you talk to NOMI, our in-car voice assistant or ask NOMI to take images of you
• If you connect your mobile phone to our in-car entertainment system
• If you start a navigation using live traffic information
• If you request us to perform remote diagnosis of your car in the event of malfunctions of systems
• If you use our Charging Map function to find the nearest power charger or NIO Battery Swap Station nearby
• If you order a power battery swap
• If you request a software-over-the-air (SOTA) update to enable additional NIO Connected Vehicle Services
• If you request support from us, our after sales or customer care team
• If you allow us to use system and application logs for improvement of our systems
• In the event of an accident and if you need immediate care
• In the event of system malfunctions or overheating of battery which could cause serious damage to you, your passengers or any relevant third parties involved
• In the event of anti-theft protection and embezzlement
• If you authorize us to use your data for the purpose of analysis and improvement of our services
• If you authorize us and our third-party partners to provide home charging services
• Analysis of driver conditions in case abnormality to guarantee safe driving

3.2. Among other things, the following personal data will be processed:

• User contact information, such as user’s first name, last name, address, telephone number, email address name.
• NIO account information, such as email, password, account id, username, user ID.
• User profile information, such as username, avatar, biography, country, city, language, NIO Points, NIO Growth Value Points.
• Identification details, such as first name. last name, place of residence, mobile telephone number, Bluetooth identifier of mobile phone, date of birth, driving license, user ID, request ID, session ID, Cerence user ID, facial recognition ID, account number.
• Vehicle identifier, such as vehicle identification number (VIN), vehicle-ID (VID), license plate information, other unique hardware identifier.
• Device, system and software platform information, such device unique identifier code (IMEI), MAC address, SIM card IMSI information, System update progress information, phone contacts, favorites, time of call.
• Location information, such as precise positioning, latitude and longitude of vehicle.
• Driving service information, such as vehicle model, vehicle status (driving/charging/parking), number of passengers, vehicle speed, acceleration, driving duration, charging duration, total mileage, mirror, steering wheel and seat position, entertainment system diagnostic trouble shooting code, door, trunk and window status, climate or temperature, vehicle fault description, vehicle fault photos, vehicle fault mile, vehicle fault time, telemetric data, sensor status.
• Battery service information, such as battery status, charging status, AD/DC voltage, status of range and battery power, charging information, battery swap information, battery temperature and battery ID.
• Driving assistance system data, such as intermedia calculation data, vehicle control commands, driving assistant settings and interaction with the driver.
• Video recording information, such as for fatigue detection, to realize the functions of automatic assisted driving, assisted parking, for the assessment of vehicle accidents or when actively trigger the camera’s photographing or video function.
• System and application logs, such as records and logs stored or cached by different systems and functions for analysis of malfunctions, improvement and development, application runtime logs and application crash logs.
• Vehicle Service information, such as vehicle preferences, vehicle software version, service or warranty requests and workshop and repair information.
• Facial Information and identifiers, such as information related to facial appearances and proportions of your face to provide face recognition functions. Your visual information provided will be used for generation of a facial identifier.
• Voice Request, such as audio of spoken words, location information, points of interest, names and phone numbers as well as transcript of spoken words.
• User Request, such as location information, points of interest, names and phone numbers typed in.
• User feedback information, such as evaluation, comments, suggestions for improvement, criticism.
• Digital Identifiers, such as IP address, account ID, device ID, login token and app logs, digital certificate and related verification code.
• Smart Actions, such as customized personalized actions and scenarios that run one or more operations on your NIO Connected Vehicle using smart action’s function.

3.3. We may use the information we collect for the following purposes:

3.3.1. Performance of the contract in the context of provision of NIO Connected Vehicle Services

• Activation of NIO Connected Vehicle. Binding your NIO Connected Vehicle to your NIO Account to ensure you have the sole owner rights to setup your NIO Connected Vehicle.
• User Authorization. Providing a function to authorize others to use your NIO Connected Vehicle including the limitation of access to functions depending on the rights granted.
• User Profile. Authorized users can set up a user profile which will be set automatically after the user logs into the NIO Connected Vehicle.
• Remote Vehicle Controls. Providing functions to control your NIO Connected Vehicle such as, door lock/unlock, window open/close, lights on/off, heating, battery monitoring.
• Navigation. Providing functions and services such as map browsing, location query, business listing, route planning, route guidance, traffic information, travel navigation, voice navigation direction broadcast, traffic conditions, car owner services, other travel services, and location-based lifestyle services.
• Charging Map. Providing a map of power battery charging and swapping stations provided by NIO or other third parties including information about the current charge status of the power battery and the distance to the next charging station.
• Power Battery Swap. Providing you with the opportunity to place orders for a power battery swap at the nearest power swap station.
• Vehicle and Battery Status Monitoring. Monitoring of important functions of the NIO Connected Vehicle and the power battery to predict or identify issues that are likely to cause damage to you, vehicle passengers, other users or other third parties.
• Battery Management. Monitoring of battery related data battery-related data to configure the battery and to remotely improve its performance, lifetime and degrading.
• FOTA (firmware-over-the-air) upgrade. Providing online system upgrade services to upgrade and update related firmware of your NIO Connected Vehicle to the latest version through network connection.
• SOTA (software-over-the-air) upgrade service. Providing online system upgrade services to upgrade and update NIO operating systems on your NIO Connected Vehicle to the latest version through network connection.
• NOMI. Providing you with an in-car assistant to handle your requests within the car and during driving.
• Provision of after sales services. When you reach out to us with a request for after sales services, we will ensure proper handling of your request and give immediate support.
• Provision of on-road services. When you reach out to us in the event of an accident, flat tire or failure of your NIO Connected Vehicle and need road assistance, we will ensure proper handling of your request and give immediate support.
• Provision of Weather forecasts. Using your current location with reduced accuracy and destination if entered in the navigation system to provide you with respective weather forecasts of your current location and destination.
• Emergency Recording. In the event of an accident your NIO connected vehicle automatically stores a video (30 seconds before and 60 seconds after the accident).
• Provision of Home Charge services. When you reach out to us with a request for Home Charge services.

3.3.2. Fulfillment of legal obligations to which NIO is subject to

• eCall. The Emergency Call (eCall) is a mandatory service that all NIO Connected Vehicles sold in the European Economic Area are equipped with. In the event of a severe accident detected by activation of one or more sensors within the vehicle an emergency call is made automatically.
• Defend Legal Claims. We will process personal data to the extent necessary if there is a legal obligation to do so or to defend legal claims.

3.3.3. Completion of service requests and improvement of your NIO Connected Vehicles experience based on your freely given consent

• Remote Diagnosis. NIO experts can access the onboard telemetric device (“OTD”) and retrieve information regarding errors and malfunctions of your NIO Connected Vehicle.
• Gallery. On your demand NOMI will take pictures or moving images of you and other passengers in the car.
• Diagnosis and analytics for improvement. With your freely given consent we use generated systems log data created on your NIO Connected Vehicle to analyze malfunctions and system errors to improve our firmware, software and relevant services.
• Improvement of our existing products and services. With your freely given consent, we will use your device, system and software platform information as well as systems logs to improve NIO Connected Vehicle Services and develop new functions and services. We will use your data collected during the Driving Assist service to improve user experience and enhance algorithm performance.
• Dash Cam Recording. With your freely given consent, your NIO connected vehicle can record up to 8 hours of video using the front camera placed behind the mirror.
• Face Recognition. With your freely given consent, we can use your facial information or relevant identifiers for authentication or to automatically switch accounts.

3.3.4. Based on our legitimate interest

• Enhancement of NIO Connected Vehicle Services and Security of IT-Systems
• Security operations of IT systems. Collected data will be processed in the context of ensuring the operation of IT systems. This includes but is not limited to backup and restoration of data processed in IT systems, logging and monitoring to check the correct functioning of the IT systems, detection and defense against unauthorized access to personal data, incident and problem management to remedy disruptions in IT systems.
• Disclosure of information to authorities, courts or other third parties. Even in cases where we are not legally obliged to do so, we may disclose your personal data to third parties, such as law enforcement authorities in particular, if we reasonably believe that it is necessary or appropriate to do so. In particular, the disclosure may be made (a) to assist in governmental or legal investigations and proceedings, (b) to prevent potential harm or damage to NIO Companies or third parties, (c) to assert and defend legal claims of NIO Companies, and/or (d) to protect and ensure (i) the safety or integrity of the service or (ii) the rights, property or personal safety of users of the service or others.

3.4. If you would like to know more about which categories of personal data we collect about you, how we use this information and what’s the legal basis for its processing, please find our detailed description of the NIO Connected Vehicles Services below in Annex 1.

3.5. If you do not provide such information, you may be unable to enjoy certain services, or the intended benefits of relevant services provided by us.

4. DISCLOSURES OF YOUR PERSONAL DATA

4.1. We may share your personal information with the following parties:

4.1.1. NIO Group and/or NIO Affiliate Companies. Depending on which NIO Connected Vehicle Service you are using we may share your personal data with other NIO Group and/or NIO Affiliate Companies to provide the service to you. For example, when you request support from a national NIO entity (such as NIO NORWAY AS), it will provide you with the service (e.g., schedule an after-sales service appointment) you have requested though on-car communications systems.

4.1.2. NIO Authorized Service Centers. Personal data may be disclosed to other NIO Authorized Service Centers to perform regular system checks, body repair or other after sales services on your request.

4.1.3. Service providers and advisors. Personal data may be disclosed to third party service providers that perform services for us, on our behalf or on your request, providing voice recognition, music streaming navigation and/or diagnostics service providers. Especially if the service provider is engaged as data processor to process your personal data on behalf of us, the service provider or advisor is obliged to take appropriate technical and organizational security measures to protect the personal data at any time and to process your personal data only as instructed.

4.1.4. Purchasers and third parties in connection with a business transaction. Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.

4.1.5. Law enforcement agencies, other authorities, courts and other parties. Personal data may be disclosed to third parties as required by law or if we have reasonable cause to believe that such action is necessary respectively reasonable to (a) comply with the law and the reasonable requests of authorities or courts ; (b) to protect the security or integrity of the service; (c) exercise or protect the rights, property, or personal safety of users of the Service or others (d) to assert or defend legal claims by NIO Companies and/or (e) to prevent potential harm or damage to NIO Companies or third parties.

5. Access to on-car functions

5.1. We ask for permission to gain access to on-car functions to provide our NIO Connected Vehicle Services without limitation to you. In particular

• to activate connectivity for in-vehicle applications to allow NIO OS applications to access the internet on limited scope. The internet connection cannot be used to connect the vehicle to the open internet or to surf the web.
• to monitor the power battery to predict and identify power battery related issues and to ensure their durability and safety throughout their whole lifecycle.
• to use the vehicle location to provide any kind of navigation services including but not limited to location query, business listing, route planning, route guidance, traffic information, travel navigation and charging map as well as to use the vehicle location to display it in NIO APP.
• to enable remote connectivity services to allow you to use remote vehicle controls provided in NIO APP and to monitor and collect vehicle status data.
• to activate NOMI our in-car assistant to handle your requests. NOMI listens out for your requests and only responds if voice activated depending on your demands.
• to enable system updates to receive the latest updates for your NIO Connected Vehicle.
• to upload on-car system and service log information including information about system malfunctions and errors for analysis and improvement purposes.
• to activate vehicle condition monitoring to allow NIO to analyze vehicle´s telemetric data and autonomous driving information to forecast potential malfunction. When malfunction is detected, NIO may contact you and provide customized service solution.

5.2. During the activation of your NIO Connected Vehicle we request permission to access individual functions and information. We will only access these functions with your approval. You can revoke access rights manually in the settings. However, please note that you can only use NIO Connected Vehicle Services to a limited extent, or you cannot use it at all without the relevant approval. Please also be aware that if you have subscribed to Battery as a Service, you cannot disable battery monitoring.

6. RETENTION PERIODS

6.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying legal, accounting, or reporting requirements.

6.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

6.3. Driving service information and/or telemetric data are stored basically for three (3) months. Critical driving service information or telemetric data such as battery related information or vehicle alerts are stored for up to one (1) year.

6.4. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. STORING AND TRANSFERRING YOUR PERSONAL DATA

7.1. Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored on secure servers.

7.2. Data Storage. Your personal data is stored within the European Union.

7.3. International Transfers of your Personal Data. Your personal data may be transferred to, and processed and stored in, countries outside of the jurisdiction you are in where we and our third-party service providers or other NIO Group Entities have operations. If you are located in the EEA, your personal data may be processed outside of the EEA, including but not limited to USA or China (an "International Transfer"). Any International Transfers of your personal data are made either: (a) to a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission; (b) to a third party that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of data subjects as determined by the European Commission; or (c) pursuant to appropriate safeguards, such as the Standard Contractual Clauses approved by European Commission Decision.

7.4. If you wish to enquire further about the safeguards used, please contact: .

8. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

8.1. This section applies to you if you are in the EEA:

8.2. In the event your personal data is processed jointly with other NIO Group companies, your first point of contact to exercise your rights is the NIO Group company, which has collected your personal data directly, is in direct communication with you or is in other ways your first point of contact. You may also exercise your rights towards every other NIO Group Company which is involved in the joint processing of your personal data.

8.3. In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

8.3.1. Right of access. You have the right to obtain:

8.3.1.1. confirmation of whether, and where, we are processing your personal information;

8.3.1.2. information about the categories of personal information that we are processing, the purposes for which we process your personal information, and information as to how we determine applicable retention periods;

8.3.1.3. information about the categories of recipients with whom we may share your personal information; and

8.3.1.4. a copy of the personal information we hold about you.

8.3.2. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.

8.3.3. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information that we hold about you without undue delay.

8.3.4. Right to erasure. You have the right, in some circumstances, to require use to erase your personal information without undue delay, if the continued processing of that personal information is not justified.

8.3.5. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.

8.3.6. RIGHT OF OBJECTION. YOU HAVE A RIGHT TO OBJECT TO PROCESSING OF YOUR PERSONAL INFORMATION, BASED ON LEGITIMATE INTERESTS AND DIRECT MARKETING.

8.4. If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Notice.

8.5. Right to file a complaint. You also have the right to file a complaint with the responsible Data Protection Authority if you believe that our processing practices are not in compliance with data protection laws. You can find your competent data protection authority on the website of the European Data Protection Board following the link below:

9. CHANGES TO THIS PRIVACY NOTICE

We evaluate our privacy policies and procedures to implement improvements and refinements from time to time. Accordingly, we may update this Privacy Notice from time to time, and so you should review this page periodically. If we make material changes to this Privacy Notice, we will update the "last updated" data at the start of this Privacy Policy. Changes to this Privacy Notice are effective when they are posted on this page.

10. NOTICES TO YOU

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the service. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Notice.

11. PRIVACY CONTACT

If you have any questions about this Privacy Notice, please feel free to contact us contact.uae@niomena.com.

ANNEX 1: Description of data processing per NIO Connected Vehicle function