My Honda+ Connected Car Privacy Policy

**This privacy policy addresses the processing of personal data under applicable Data Protection Laws. For information on how Honda processes your Product Data and Related Services Data under the EU Data Act, please refer to the Annex below.**

Honda Motor Europe Limited ("Honda") is committed to ensuring that your privacy is protected and we comply with the General Data Protection Regulation and other applicable data protection rules (including the Data Protection Act 2018 and marketing and cookies laws, together with associated guidance) (the "Data Protection Laws").

This policy is about how we handle the personal information of our Connected Car ("Honda Car" or "Car") owners, users of our Connected Car Services ("CCS") and users of the My Honda+ mobile app ("App"), whether you are the primary account holder ("Primary User") or have been permitted by a Primary User to share their account ("Invited User").

If you are the owner or prospective owner of a Honda Car, a visitor to our website, a visitor to a dealership or have downloaded or used one of our other apps, please see our general Privacy Notice.  If you are an applicant, applying to be a Honda employee, please see our Applicant privacy policy.

This policy explains how we use, store and share the information we collect about you, how you can exercise your rights in respect of that information and the procedures that we have in place to safeguard your privacy. This policy supplements any other fair processing or privacy notice that may be provided to you from time to time (including our general Privacy Notice). Please contact us by email at DPM-UK@honda-eu.com if you have any questions, comments or concerns about this policy or how we handle your personal information, or if such information changes at any time.

Our CCS and App (for the purposes of this policy, together the "Services") is provided by Honda Motor Europe Limited (company number 857969, Cain Road, Bracknell, Berkshire, England, RG12 1HL) ("we" and "us"). For the purpose of the Data Protection Laws, we are the controller of the personal information processed for the purposes set out below and we are responsible for looking after it.

We collect data about how you use CCS and the App for analytics purposes (as we describe in more detail below) using Google Analytics and Application Insights.

1        Changes to this policy

Any changes to this policy in the future will be posted on this page and, where appropriate, notified to you by email and/or by way of in-car or in-app pop-up. Please check back frequently to see any updates or changes to this policy.

2        Processing of your data by third parties

Please note: this policy does not cover third party websites, apps or portals that we may link to from our Services and does not cover any services of other providers. We are not responsible for the privacy policies and practices (including use of cookies) of such third parties even if you accessed the third party website, app, portal or service using links from our Services.

We recommend that you check the policy of each provider and contact such third party if you have concerns or questions. Any provider of other services such as insurers, breakdown recovery services, emergency services (who receive eCalls in emergency cases, as described in the Car's manual), providers of data packages, wi-fi hotspot services, online news or in-car social media, maps, travel or music will also separately be a “controller”. You can access the privacy policies of those providers from them directly.

3        Transfer of data to Worldline

In the course of providing you the CCS, we will share data with Worldline (who process payments on our behalf). Worldline processes data on our behalf, as our processor, but they may also process data relating to you for their own purposes as an independent controller. Please take your time to review their privacy policy to understand how they may process your personal data independently of us. The policy can be found here:

Worldline – https://be.worldline.com/content/dam/worldline-be/terms-and-conditions/en/Privacy-Notice-Worldline-EN-2018-5.pdf

4        Providing us with information about your guests

If you’re introducing an Invited User to us, we will provide a copy of this policy to them during the registration process.

On the other hand, if you are providing or facilitating the provision of information about guests who are not Invited Users (e.g. passengers or alternative driver), it is your responsibility to make sure that such individuals are aware of this policy. They must also be happy for you to give their personal data to us. Otherwise, Honda does not actively collect nor intend to collect the personal data of other guests (e.g. passengers or alternative drivers) and operates on the assumption that the personal data held and processed relates only to Honda Car owners, users of CCS and users of the App.

5        Information available to other persons

5.1       Information available in the App

Be aware that information available through CCS will be available to other users making use of the same account. As an example, Primary Users can view the trip history of the Honda Car which informs them about trips which the Invited  User has made and the Invited User can view the current car location.

You may switch off data sharing at any time. You will not be able to use CCS whilst data sharing is switched off but by switching off data sharing you will stop the collection of all data.

5.2       Information available in the Honda Car

Information available through CCS will also be visible to anyone who has access to the Car. When you sell / transfer your Honda Car to a third party you should make sure to remove the Car from the garage on the App so as to initiate the de-enrolment process. This results in the removal of the CCS data from the Car's Telematics Control Unit therefore the data will no longer be visible in the Car.

For this process to be effective, the Honda Car needs to have sufficient battery charge and be connected to the mobile network.

Please also note that the de-enrolment process may take up to 24 hours to be completed under standard network conditions. The conditions required for de-enrolment to take place can be found in clause 13.1 of the App Terms and conditions.

6        The information we collect and how we use it

Under the Data Protection Laws, we are required to explain what personal data we collect from you, how and why we use this data (the "processing activity"), and for how long we keep it. We are also required to have a "lawful basis" on which to process your personal information. This is summarised in the table below.

With respect to our retention of your personal data, unless indicated otherwise in the table below, we retain and subsequently delete or anonymise your personal data as set out in the section "Retention of your personal data".

We have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal information in certain circumstances (we have stated this above and set out our legitimate interests). We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual. If you require further information regarding this balancing test, please contact us.

7        Marketing and promotional materials

We may use your personal information to provide you with marketing and promotional materials (as stated above).

We never pass your personal information to third parties allowing them to send you marketing of their own, unless you have expressly agreed to this. However, we may use third party processors to send marketing to you on our behalf.

You may opt-out of receiving marketing and promotional materials by changing your marketing preferences in the App.

8        Security

We have in place appropriate policies, rules and technical and organisational measures to protect your personal information from unauthorised or unlawful processing, and against accidental loss, destruction or damage.

We also have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.

However the Internet (including social media channels) and email are not secure. Your communications may route through a number of countries before being delivered, may be intercepted by third parties and may not always reach the intended recipient – this is the nature of the World Wide Web/Internet. We cannot accept responsibility for any such unauthorised access or loss of personal information that is beyond our control.

You are responsible for protecting your username and password for your App and must not share it with, or disclose it, to anyone.

If you want you to learn more about how to protect your data and your devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Our CCS were developed in such a way that the personal data which is collected is necessary to deliver the best service possible. Appropriate technical measures have been built in to keep your data secure in line with our legal duties.

9        Sharing your personal information

9.1       We will only disclose your personal information to:  

(a)   companies within our group;

(b)   If you are a Primary User, your Invited Users;

(c)    If you are an Invited User, your Primary User;

(d)   The app is provided by e3 Media (trading as Great State);

(e)   our third party hosting services providers; 

(f)     our professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to us, corporate or insolvency practitioners or prospective buyers or sellers of business(es) or asset(s));

(g)   other third party suppliers, business partners and sub-contractors for business administration, support, processing services, or IT or telecommunications purposes (in particular IBM and AT&T Inc.);

(h)   third party suppliers which provide us with payment services. This is currently Worldline;

(i)      

(j)     third party suppliers of call centre support (in particular Bosch Service Solutions GmbH);

(k)    third party suppliers of diagnostics services, namely Snap-On who provide the Electronic Vehicle Health Check service;

(l)     third party providers of the Digital Roadside Assistance service, namely Bosch Service Solutions GmbH, who will further share data with roadside assistance providers such as Axa for Europe and Falck for the Nordics;

(m)  other carefully selected third party suppliers who support us with marketing activity, client relationship management, product optimisation and data analytics, including in particular:

·         e3 Media (trading as Great State) and IBM – We work with these service providers to understand our data as a company. This helps us to find the facts that matter most to our business and understand our customers. By doing this we can provide a better experience and more personalised service to you;

·         e3 Media Limited (trading as Great State) – We also use Great State to develop and provide you with the App, carry out analytics to improve the App, and monitor and improve our marketing communications

·         IBM provide the system infrastructure to enable customer vehicles to communicate with the mobile application, identity management services and security consulting services.

·         ICUC – We use ICUC to carry out analytics of how many videos are watched etc in Discovery Feed so that we can improve the content of the Discovery Feed

(n)   third parties that you approve (including without limitation, social media sites and third party payment providers);

(o)   emergency services in the event of an emergency;

(p)   our regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters;

(q)   government bodies, or other authorities in the UK and abroad, such as those responsible for immigration, border control, security and anti-terrorism; and

(r)    HMRC or other tax bodies or agencies to comply with our legal and regulatory obligations.

9.2       We will disclose your personal information to third parties:

(a)   in the event that we consider selling any business or assets, in which case we will disclose your personal information to any prospective buyers of such business or assets;

(b)   if we, or substantially all of our assets, are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets;

(c)    in the event we are the subject of any insolvency situation (e.g. the administration or liquidation);

(d)   in order to enforce or apply our terms and conditions, policies or any contract we have with you or have facilitated between you and a third party;

(e)   to protect our rights, property, or safety, or that of our people, or others. This includes exchanging information with other companies and organisations (including without limitation HMRC, the local police or other local law enforcement agencies) for the purposes of safety, crime prevention, fraud protection and credit risk reduction; and

(f)     if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.

10     International transfers of your personal information

We may transfer personal information to countries other than the country in which the data was originally collected, including countries outside the EU and the UK, such as India, in order to provide you with our services. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection.

If we transfer personal information to countries outside of the EEA, we may rely on a decision from the European Commission (or, in the case of the UK, the Secretary of State) determining that the country provides an adequate level of protection to the Data Protection Laws (for example, an adequacy determination to transfer your data to our parent company located in Japan).

We may rely on appropriate safeguards set out by law in respect of transfers of personal information to a country outside of the EEA, for example, by agreeing standard contractual clauses adopted by the European Commission or the UK Government. We have entered into such standard contractual clauses with IBM in India as some of the processing carried out by IBM will be carried out there and finally Bosch may subcontract some of their processing to processors in the Phillipines and the US, and standard contractual clauses will also be entered into with those parties.

A copy of the standard contractual clauses are available on the European Commission's website here.

11     Retention of your personal data

We will only process your personal data for as long as necessary to achieve the purposes for which we process it. Once it is no longer needed for these purposes, we will delete or anonymise it so that it can no longer be linked to you.

Since each item of data may be used for a number of different purposes, the determination of the relevant retention period depends on the nature of the data, why we process it and the legal and operational needs for keeping it.

We have indicated certain specific retention periods in the table above. Where these specific periods do not apply:

(a)   We will keep your account and profile information (eg email address, mobile number, country, language, subscription information, and marketing information) for as long as you have an account with us. Once you delete your account, your account and profile information is deleted within 24 hours and will no longer be recoverable.

(b)   We will delete or anonymise other data, on a rolling basis, up to 90 days after it is collected. This means that on day 91, we will delete or anonymise the data collected on day 1 in such manner that it can no longer be linked to you, and on day 92, we will delete or anonymise the data collected on day 2.

If before the expiry of such 90 day period (i) you cancel your account; (ii) you de-enrol the Car; or (iii) we terminate your account for breaching the terms and conditions, we will delete or anonymise this data shortly thereafter.

This data is comprised of:

·         Vehicle data, for example, floating car data (ie information about your vehicle's location and speed at specific times), Car sensor data, and DTC (Diagnostic Trouble Code) history

·         Customer journey data, for example, the Car's driving log;

·         Customer status data, for example,  what remote services are available to you, and the status of the Car's Malfunction Indication Lamp Status; and

·         Customer event data, for example, CCS requests you make and errors relating to such requests, and notifications from the Car such as security alerts.

We do not delete VIN numbers because these are used to identify each Car which we have manufactured and are needed for various purposes which are outside the scope of this policy.

For more detailed information about these retention periods, please email our data protection officer at DPM-UK@honda-eu.com.

12     Your rights

As a data subject, you have the following rights under the Data Protection Laws.

We welcome your views about our Services and this policy. If you would like to contact us with any queries or comments, request further information or exercise any of your available rights set out above, please email us at DPM-UK@honda-eu.com.

If you would like this notice in another format (for example audio, large print, braille) please contact us using the details above.

We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your personal information. However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to our supervisory authority, which is the UK's Information Commissioner's Office. Their address is: First Contact Team, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Last updated: 3 September 2025

Annex: Processing of Personal Data under the EU Data Act

This Annex outlines how Honda processes Product Data and Related Services Data generated by your use of Honda connected car (“Car”) and/or the myHonda+ mobile app (“App”). For a detailed overview on which data we have currently identified as Product Data and Related Services Data please see the information provided on the data types collected and processed, as outlined in the EU Data Act Information Sheet for the Car and myHonda+ mobile app available via the App or [here].

Honda treats all Product Data and Related Services Data as personal data, as they are inextricably linked to you through your user account and/or vehicle identification number. Accordingly, their processing must generally comply with applicable data protection laws, including the GDPR.

1.             Scope and Definitions

1.1             This Annex governs the processing of personal data that qualifies as Product Data and Related Services Data which can be lawfully requested under

(a)              Chapter II of the EU Data Act (by you either directly or via third parties), or

(b)              Chapter V of the EU Data Act (by Public Sector Bodies).

1.2             For the purposes of this Annex, the following definitions apply:

(a)              Primary User: A natural or legal person who is registered with Honda as the owner of a Car and/or is the primary account holder of the App.

(b)              Other User: A natural or legal person who is contractually authorised to temporarily use the Car and/or is contractually authorised to temporarily use the App.

(c)              User: A Primary User and/or Other User.

(d)              Product Data: Data generated through the use of the Car, designed by the manufacturer to be retrievable via electronic communication, physical connection, or on-device access.

(e)              Related Services Data: Data representing the digitisation of user actions or events related to the Car, either recorded intentionally by you or generated as a by-product during the provision of a related service through the App.

2.                Lawful processing

Honda processes Product Data and Related Services Data generally in accordance with the legal bases identified in the Privacy Policy above. Where Honda is required to make available Product Data and Related Services Data that qualifies as personal data we need to differentiate between three main scenarios:

2.1             Data subject is the requesting User: We may have to make Product Data and Related Services Data that qualifies as personal data available to a user which is also the data subject (under Art. 4 (1) or to a third party under Art. 5 (1) EU Data Act). In such circumstance the legal basis for making the data available is Art. 6 (1) (c) GDPR as this is necessary for compliance with a legal obligation (Art. 4 (1) and Art. 5 (1)) to which we are subject to. At the same time we are effectively complying with data subjects’ instructions when he/she exercises its right under Art. 4(1) or has chosen a third party as the recipient of data as per Art. 5 (1) EU Data Act.

2.2             Data subject is not the requesting User: where a User makes a request under Art. 4 (1) EU Data Act or Art. 5 (1) EU Data Act, or where a third party makes a request on behalf of the User under Art. 5 (1) EU Data Act without the requesting User being the data subject with respect to the data that is subject to such request, the following applies:

2.2.1          Where we know that the requesting User is not the data subject, we will require the requesting User or third party requesting according to Art. 5 (1) EU Data Act to provide evidence that the data subject has declared consent (Art. 6 (1) (a) GDPR. Where the User cannot provide evidence for consent from data subjects, Honda might make the data available based on legitimate interest pursuant to Art. 6 (1) (f) GDPR as a legal basis. In such event we will, however, need to be assess in each individual case of a request whether making the data available is necessary for the purposes of the legitimate interests pursued by the requesting user, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2.2.2          Where we have no indication or reason to believe that the requesting User is not the data subject, we have to rely on the requesting User or the requesting third party in Art. 5 (1) EU Data Act scenarios to have assessed that their access to the requested data available is in compliance with the GDPR. Before making Product Data and Related Services Data that qualifies as personal data available, we generally require requestors to confirm their commitment to comply with the GDPR by accepting EU Data Act terms of use as provided by Honda.

2.3             Requests by governmental institutions, bodies, offices and agencies: Providing access to public sector bodies, the Commission, the European Central Bank, or a Union body that demonstrates an exceptional need for specific data, as outlined in Article 15 Data Act, the Article 14 (1) Data Act scenario: in such cases the legal basis is Art. 6 1 (e) GDPR because making available Product Data and Related Services Data that qualifies as personal data is necessary as a means of last resort to respond to a public emergency, where emergency response and resolution lie in the public interest. 

Clarification: The legal bases for processing outlined in Honda’s privacy policy remain fully applicable. The same holds true for provisions regarding the form of consent and the possibility of its withdrawal.

3.                Request Procedure

3.1             Requests under the EU Data Act must clearly indicate whether they are made under:

(a)              GDPR (e.g. access, rectification), or

(b)              Data Act (e.g. access to Product Data or Related Service Data).

3.2             The Primary User is responsible for ensuring that Other Users (e.g. alternate users, other users of shared accounts) are aware of this policy and consent to the sharing of data generated during their use of the connected product / provision of related services. Honda assumes that any data processed relates to the Primary User unless otherwise indicated.

3.3.            Requests under the Data Act submitted by any Other User require verification whether that natural or legal person qualifies as a user. To the extent necessary verification may include the following:

(a)              Valid personal identification (e.g. passport, national ID card etc.);

(b)              Documentation evidencing a contractual right to temporarily use the Car and/or App, linked to the Primary User;

(c)              Indication of the specific usage periods of the Car and/or App by the Other User;

(d)              Written declaration (text form being sufficient) that the request pertains exclusively to data generated during the Other User’s own use of the Car or App or in multiple user scenarios a written declaration (text form being sufficient) of consent of other data subjects affected in the request period, potentially also including the Primary User.

***