Data Act Notice
Automobili Lamborghini S.p.A. (“Lamborghini”)
Last update: September 12, 2025
Introduction
Lamborghini is fully committed to complying with the EU Data Act (Regulation EU 2023/2854), applicable by September 12, 2025, alongside the GDPR (Regulation EU 2016/679), EUDPR (Regulation EU 2018/1725), and e-Privacy Directive.
This Notice outlines how we manage data generated by our connected vehicles and related services (e.g., Unica app, diagnostics, navigation systems), ensuring transparency, secure user access, and robust data protection.
Following our comprehensive data mapping process, this Notice details specific data types, their purposes, and access methods, reflecting our commitment to compliance and user trust.
1. Scope of data
Our connected vehicles and services generate a variety of data, as specified in the table below, which may vary depending on vehicle model, MY, country, and available services.
PurposeAccessibility
| Data type | Purpose | Accessibility |
|---|---|---|
| VIN Number | Vehicle identification and diagnostics | Accessible to the user through the Unica app |
| Vehicle location | Navigation and location-based services | Accessible to the user through the Unica app (e.g. last trips made) |
| Telemetry Data (e.g., speed) | Performance analysis | Accessible to the user through the Unica app |
| Unica App Account (e.g. email, login information) | Personalized services | Accessible to the user through the Unica app |
| Navigation Licenses (e.g., Here) | Navigation system functionality | Not accessible |
| Diagnostic Data (e.g., fault codes, software versions) | Maintenance | Accessible to the user (e.g. in car) and dealer via specific tools |
| Maintenance Data (e.g., service schedules, indicator resets) | Support for user and workshops | Accessible to the user through the Unica app |
| EDR Crash Data | Incident analysis | Encrypted, accessible only in specific cases with specific tools |
| Usage Data (aggregated statistics) (temperature, pressure, flow rate, audio, pH value, liquid level, position, acceleration, speed, voice of driver/passengers, vehicle status) | Internal analysis | Not accessible as they are anonymized |
| Usage Data (temperature, pressure, flow rate, audio, pH value, liquid level, position, acceleration, speed, location data, voice of driver/passengers, vehicle status) | Internal analysis | Accessible by request and collected upon consent |
| Connection Credentials (IP, tokens) | Vehicle connectivity | Not accessible due to technical limitations |
| Security services data (VTS/SVL) (location, timestamp of thefts, impacts, or unauthorized movements, logs and alerts, vehicle status) | Theft prevention | Accessible to the user through the relevant mobile app |
These data, whether personal or non-personal, are subject to the Data Act as they are generated by connected products or related services, and each data type’s purpose (e.g., diagnostics, performance enhancement, user experience) and storage location (e.g., vehicle, backend, Unica app) have been documented to ensure transparency, in line with Art. 3(2) Data Act.
2. User access rights
As a vehicle owner or authorized user, you have the right to access the data generated by your vehicle or related services, free of charge, in a secure, structured, and machine-readable format, in accordance with Art. 3(1), 4 of Data Act.
Access is provided as follows:
- Direct Access via Unica App: user-friendly data generated by or accessible through the Unica app, such as route information, and telemetry Data, are available through the Unica app, where technically feasible. The app employs secure interfaces and technical measures to protect personal data, in compliance with the GDPR. For replicated data, access via the app is sufficient, as identical data in the backend does not require separate access.
- Access on request: for complex data not easily accessible via the app, you can currently submit direct requests to Lamborghini as specified in Section 8.
Where technical limitations apply (e.g., data that is encrypted and accessible only via specialized tools; Usage Data that is available only in aggregated form; Connection Credentials, non-decipherable due to technical constraints), access may be restricted, and we will transparently inform you of these constraints, in line with Art. 18 Data Act.
3. Data sharing with third parties
You may choose to share your vehicle data with third parties (e.g., insurers, fleet managers), subject to your explicit consent. For integrated third-party systems, Lamborghini facilitates access to data stored or processed in the vehicle. For data exclusively managed by third parties, Lamborghini will coordinate with providers to ensure seamless access, pending formalized agreements.
Lamborghini plans to develop contractual clauses in future agreements with third parties to clarify responsibilities, potentially redirecting users to providers for exclusive data upon request. We will inform you about the process for accessing such data, ensuring transparency.
4. Public authority access
Lamborghini may provide data to public authorities for public interest purposes, such as emergencies, public safety, or scientific research, in line with Art. 14 and 15 Data Act.
Responses are provided promptly, within 5 working days for emergencies or 30 working days for other exceptional needs, accounting for technical, organizational, and legal constraints in accordance with Art. 18 Data Act.
Personal data is anonymized unless disclosure is necessary, with pseudonymization applied where feasible. Lamborghini may refuse requests if it lacks control over the data (e.g., third-party exclusive data), if a similar request was already fulfilled, or if conditions are not met notifying the requesting authority and identifying prior requesters.
Disputes are resolved by the competent authority.
5. Data protection and retention
Personal data is processed in strict compliance with GDPR principles (e.g., lawfulness, data minimization, accuracy, in line with Art. 5 GDPR), with retention periods determined by necessity or legal requirements (e.g., contract duration, statutory obligations), while non-personal data (e.g., navigation licenses, software versions) is retained based on business needs, offering flexibility unless specific regulations apply.
All data is secured through encrypted connections and access controls to prevent unauthorized access. Trade secrets, such as proprietary diagnostic algorithms, are protected under Art. 8 of the Data Act, with safeguards like encryption and restricted access protocols.
6. Interaction with other regulations
When processing personal data, mixed data, or electronic communications, Lamborghini complies with the GDPR, EUDPR, and e-Privacy Directive. In case of normative conflicts, these regulations and their national implementations take precedence over the Data Act. However, the Data Act’s access and portability rights complement GDPR rights (e.g., access under Art. 15, portability under Art. 20 GDPR). Data processing is lawful only if based on GDPR legal grounds (Art. 6, and Art. 9 for special categories), applicable to both Lamborghini and any third-party data users.
7. Transparency and Data Purposes
Our data mapping process has identified the data types collected and their purposes, including diagnostics, maintenance, performance tracking, user experience, and incident analysis.
This data mapping will be updated with any additional data types or purposes as our compliance efforts progress, ensuring transparency.
8. Your Rights and Contact
You can access your data at any time via the Unica app or submit a request to Lamborghini through the contact form on the lamborghini.com website.
To exercise your GDPR rights (e.g., access, portability, erasure, restriction) or for inquiries, complaints, or further information, you can submit your request through the dedicated contact form on the lamborghini.com website.
Lamborghini is committed to transparency and will update this Notice as new data types, access methods, or third-party agreements are implemented. Visit lamborghini.com for the latest version.
