GIVEAWAY: WIN A BYD SEAL GTDRAWS IN 4 DAYSBYDDY $78.42 ▲ +2.14%Q1 DELIVERIES 986,420FREE SHIPPING TO 82 COUNTRIES
Home/Legal/Privacy Policy

Privacy policy.

How BYD Automotive Group collects, uses, shares and protects your personal information — across our website, retail network, connected vehicles and financial services.

Summary

This is the short version. The long version lives in the rest of this document — if something there contradicts this summary, the long version controls.

  • We collect what we need to operate. Your name, contact info, order and payment details, vehicle telematics while you drive, and standard website analytics.
  • We do not sell personal information. We do share it with processors, dealers, financiers and regulators where required — listed in §6.
  • Your car talks to us. Connected features transmit diagnostic, location and usage data. You can disable most of it from the in-car privacy panel. §4 explains the exceptions (safety, recall, regulatory).
  • You control your data. Access, delete, export, object, portability — all available through the customer portal or by emailing privacy@bydautomotivegroup.com.
  • We store data in several regions. Data may move across borders. Our transfer mechanisms are in §7.

Scope & definitions

This policy applies to BYD Automotive Group Limited, its subsidiaries, affiliates and authorized dealers (collectively "BYD", "we", "us"). It covers personal data processed through:

  • our public websites, including byd.com and regional variants;
  • the BYD customer portal, mobile application and in-vehicle DiLink system;
  • interactions at BYD-operated stores, service centers and authorized dealers;
  • BYD financial services — credit applications, installment plans, pooled-fund investments and the BYD Giveaway program.

Where you interact with a BYD product or service governed by a separate, product-specific notice (for example the Pooled Fund Prospectus or the Giveaway Terms), that notice supplements — but does not replace — this policy.

Key terms used in this document

TermWhat it means here
Personal informationAny data that identifies, relates to, or could reasonably be linked with you.
ProcessingAny operation performed on personal information — collection, storage, use, sharing, deletion.
ProcessorA third party that handles personal information on our documented instructions.
Connected vehicle dataInformation generated by sensors, software and connectivity modules in a BYD vehicle.

Information we collect

We collect information in three ways: you give it to us, we observe it, or we derive it from other information.

3.1 Information you provide

  • Identity & contact: name, preferred name, date of birth, email, phone, postal and delivery addresses;
  • Government identifiers: driver's license number, passport/national ID, tax identifier where required to complete a sale or issue financing;
  • Financial: bank account or card details, income documentation for credit checks, investment-suitability questionnaires;
  • Account credentials: email, password hash, biometric face or fingerprint template (on-device only), multi-factor authenticators;
  • Communications: messages sent via the concierge, test-drive bookings, service complaints, survey responses.

3.2 Information collected automatically

  • Device and browser data — user-agent, screen resolution, IP address, language;
  • Website telemetry — pages viewed, referrer, interactions, errors. Aggregated and retained 26 months;
  • Vehicle telemetry — see §4 for the full itemized list;
  • Store visits — timestamp, store ID and a non-persistent visitor ID captured on check-in tablets.

3.3 Information we receive from third parties

Credit bureaus (for financing decisions), identity-verification partners (Alloy, Onfido), fraud-screening networks, dealers in jurisdictions where sales are intermediated, and the Department of Motor Vehicles or local equivalent for title and registration.

Connected vehicle data

Modern BYD vehicles are connected products. They generate, transmit and process operational data. We are explicit about what, why and for how long.

CategoryExamplesPurposeRetention
Diagnosticbattery state-of-health, motor temperature, fault codesWarranty, predictive serviceVehicle life + 2y
Safetyairbag deployment, ABS events, severe-collision triggerEmergency response, recall7y (legal minimum)
LocationGPS position when requested feature is activeNavigation, find-my-car30 days (trip history)
Drivingspeed, pedal input, steering angle, ADAS interventionProduct improvement, autonomy R&D12 months
Chargingsession start/end, kWh, charger IDBilling, grid optimization36 months
Cabinaudio only when voice assistant wake-word is activeAssistant response90 days unless saved
!
Your in-car controlsVisit Settings › Privacy on your DiLink display to pause location sharing, disable analytics uploads, clear trip history or factory-reset the vehicle's data before resale. Required safety and regulatory data cannot be disabled.

How we use information

We process personal information for the following purposes, with the legal bases indicated (EU/UK terminology; equivalent rationales apply elsewhere).

  1. Provide our products and services — contract necessity; e.g. fulfilling an order, enabling connected features, delivering installment-plan servicing.
  2. Handle payments and prevent fraud — contract necessity and legal obligation.
  3. Comply with legal, tax and regulatory obligations — legal obligation; e.g. AML/KYC, safety recall, export controls.
  4. Improve our products — legitimate interests, balanced against your rights. Includes software quality, autonomy R&D and ergonomic studies on aggregated data.
  5. Communicate with you about your account — contract necessity.
  6. Marketing — consent. You can withdraw at any time without affecting other processing.
  7. Security — legitimate interests; e.g. detecting intrusion, protecting the connected-vehicle fleet.

We do not use personal information for automated decision-making with legal effects without meaningful human review, except for fraud-scoring of transactions, where you have a right to request review (§9).

Sharing & disclosure

We do not sell personal information under the definitions of CCPA/CPRA, Colorado CPA, Virginia CDPA or comparable statutes elsewhere.

We do disclose information to:

  • Processors acting on our documented instructions — hosting (AWS ap-east-1, eu-central-1, us-west-2), analytics (Plausible), CRM (Salesforce), support (Zendesk), payments (Adyen, Stripe, Alipay), KYC (Alloy), e-signature (HelloSign).
  • Authorized dealers and service partners where you transact through them, or where a vehicle needs service en route.
  • Financial counterparties — banks, regulated investment managers, credit bureaus — to originate and service BYD Installments, Pooled Funds, and credit arrangements.
  • Regulators, courts and law-enforcement agencies where compelled by valid legal process or where disclosure is necessary to protect life or prevent serious harm.
  • Acquirers in the event of merger, reorganization or sale, subject to equivalent privacy commitments.

A current list of sub-processors is maintained at bydautomotivegroup.com/legal/subprocessors. We give 30 days' notice before adding a new one.

International transfers

We operate globally. Personal information may be transferred to and processed in countries other than the one in which you reside. When we transfer data out of the European Economic Area, the United Kingdom or Switzerland, we rely on:

  • European Commission adequacy decisions where available;
  • Standard Contractual Clauses (2021 modules) with supplementary measures — encryption in transit and at rest, pseudonymization of direct identifiers, and published transparency reports;
  • UK International Data Transfer Addendum;
  • Standard Contractual Clauses (SCCs) between BYD Automotive Group and applicable affiliates.

For transfers out of the People's Republic of China, we comply with the Personal Information Protection Law (PIPL) and use the CAC Standard Contract or security assessment route as applicable.

Retention periods

We retain personal information only as long as necessary for the purpose for which it was collected, unless a longer period is required by law. Typical maximums:

CategoryRetentionBasis
Website analytics (aggregated)26 monthsLegitimate interests
Prospect / test-drive requests (unconverted)24 monthsLegitimate interests
Vehicle ownership & service recordsVehicle life + 10 yearsLegal, warranty
Financial transactions & installment plans7–10 yearsTax, AML law
KYC records5 years after relationship endsAML law
Support tickets3 years after closureLegitimate interests
Marketing opt-insUntil withdrawn + 3 yearsConsent, evidence of consent

Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access — get a copy of what we hold;
  • Rectification — correct inaccurate or incomplete information;
  • Erasure — ask us to delete, subject to legal retention obligations;
  • Portability — receive certain categories in a machine-readable format;
  • Restriction — pause processing while we investigate a dispute;
  • Objection — object to processing based on legitimate interests;
  • Consent withdrawal — for processing based on consent, without effect on prior lawfulness;
  • Non-discrimination — we will not retaliate against you for exercising any right;
  • Appeal — where a right is denied, you may appeal internally and lodge a complaint with your supervisory authority.

Submit requests through the privacy center at bydautomotivegroup.com/privacy/requests or by emailing privacy@bydautomotivegroup.com. We verify identity before acting and respond within 30 days (extendable once by 60 days for complex requests, with notice).

Children & minors

Our services are not directed at children under 16. We do not knowingly collect personal information from children under 16 except as strictly necessary to complete a parent's or guardian's transaction (for example, adding a minor child as an authorized driver). Where parental consent is required by law, we obtain it.

If you believe a child has provided us personal information without appropriate consent, contact privacy@bydautomotivegroup.com and we will delete the information.

Security practices

We implement technical and organizational measures proportionate to the risk, including:

  • AES-256 encryption at rest; TLS 1.3 in transit;
  • hardware-backed key management (HSM / cloud KMS);
  • role-based access control with quarterly entitlement review;
  • MFA for all staff, with WebAuthn required for Tier-3 production actions;
  • regular security review;
  • aligned with ISO 27001 and ISO 27701 control frameworks information-security management systems;
  • a formal incident response plan with 72-hour breach notification commitments.

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by law.

Contact & complaints

Global Data Protection Officer
BYD Automotive Group Data Protection team · privacy@bydautomotivegroup.com
BYD Automotive Group Limited · No. 3009, BYD Road, Pingshan, Shenzhen 518118, PRC

EU representative (GDPR Art. 27)
BYD Europe B.V. · Stationsplein 45, 3013 AK Rotterdam, Netherlands · eu-privacy@bydautomotivegroup.com

UK representative
BYD UK Limited · 20 Fenchurch Street, London EC3M 3BY · uk-privacy@bydautomotivegroup.com

You have the right to lodge a complaint with your national data protection authority. For EU residents, a list is available at edpb.europa.eu. In the UK: the Information Commissioner's Office (ico.org.uk). In California: the California Privacy Protection Agency.