- Global
- China
- Austria
- Australia
- Belgium
- Colombia
- Denmark
- Deutschland
- España
- مصر
- France
- Greece
- Guatemala
- Hong Kong
- Ireland
- Ísland
- מדינת ישראל
- Luxembourg
- México
- Netherlands
- New Zealand
- Norge
- Österreich
- Portugal
- Singapore
- Sverige
- ไทย
- UAE
- United Kingdom
- Poland
- Qatar
- Switzerland
- Uruguay
XPENG takes privacy issues very seriously, and we are fully committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs), the Privacy Act 1988 (Privacy Act) and any other applicable laws.
In this Privacy Policy, we describe who we are, how and for which purposes and on what legal basis we process your personal data through the XPENG website and APP, how you can exercise your privacy rights and all other information that may be relevant to you. A reference to "XPENG", "we", or "us" is a reference to XPENG AUSTRALIA and its affiliates involved in the collection, use, sharing, or other processing of personal data.
We did our best to provide you with all the information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Policy, you can of course always contact us through the contact details provided at the end of this Privacy Policy.
This Privacy Policy may be changed over time. The last modifications to this Privacy Policy were made on 28/05/2026.
1. WHEN DOES THIS PRIVACY POLICY APPLY?
This Privacy Policy is applicable to the processing of personal data in relation to the use of the XPENG APP and/or website, and your experiences at our direct-sale or authorised stores.This Privacy Policy does not apply to your activities or interactions at our local retail partners. For information on their data practices, we kindly recommend that you consult the privacy policies of the respective dealer or importer.
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
This Privacy Policy applies to the processing of personal data where XPENG acts as a controller in the sense of applicable data protection laws. This Privacy Policy indicates what personal data is collected and used (processed) by XPENG and for what purpose, and to which persons or entities the data may be provided.For scenarios where this Privacy Policy does not apply, such as your interaction with our authorised retail partners, the respective third party can act as an independent controller, and we recommend you review their privacy policies to understand how they handle your data.
3. WHAT PERSONAL DATA DO WE COLLECT?
When we provide our services, we need to process personal data. We typically process the following personal data:a) Your basic information: your first name, last name, ID number, preferred salutation, and contact information such as your address, ZIP code, city, region, country, phone number, and email address.
b) Your XPENG account information: your user ID, username, Google/Facebook account (if you use a Google/Facebook account to sign in), phone number and email address associated with the account, and password. Your phone's camera permission is required to enable you to scan the QR code on your vehicle display screen to log in to the XPENG vehicle account.
c) Device information: device name, device type, OS version, screen resolutions, system language, device ID, MAC address, IP address, cookie ID, Bluetooth ID, device motion status (if you use XPENG APP polling through an Android device, the device motion status is verified in real-time in your device to ensure the effectiveness of the function), browser information and other information related to your device.
d) Vehicle information: Vehicle Identification Number (VIN), vehicle model, registration number, vehicle condition, Bluetooth ID, ICCID, and other unique device identifiers.
e) Vehicle telematics data: telematics data regarding the performance, usage, operation, and condition of your XPENG vehicle, including A/C and temperature, speed, status of doors, windows, and ports, charging and battery status, mileage, and Bluetooth connectivity status.
f) Location information: such as the location of your XPENG vehicle, and your location for finding the nearest stores or charging stations, as well as locations you have saved on the APP. We may use third-party map applications (such as Google Maps) to help you verify your location.
g) Appointment or service history: including reservations, test drive appointments, vehicle repair history, warranty claims, service records, and any other information related to your service appointments or requests.
h) Order information: your purchase information, order agreement, and other documents related to your delivery, such as government-issued ID.
i) Communication and interaction information: such as customer service records, satisfaction surveys, customer feedback, your request details, and images you uploaded (if you choose to).
j) Financial information: including payment method, bank card information, payment status, amount, VAT number, invoice, information about financing, leasing or credit application.
k) Insurance information: If you want us or our authorised dealers to provide insurance brokerage, our dealers or we will need to collect your name, your government-issued ID, contract information, vehicle identification number (VIN), and any other information related to your insurance to fulfil your request.
l) Job application data: including employment and education information, date of birth, nationality, background check information, resume details, cover letters or work samples.
m) Usage information: When you use our service, we will automatically collect information about your interaction with it, including the pages and content you view, the time you spend on them, and other usage patterns. This may include data collected through Cookies and other similar technologies.
n) Analytics data: aggregated data regarding APP and website users' UI behaviour, usage and performance. We may use third-party applications (such as Google Analytics) to realise this function.
4. HOW DO WE USE YOUR PERSONAL DATA?
We use personal data to manage our service and meet your information requests, to understand how you use our XPENG APP and website, and to make our products and services as effective as possible.a) To realise our product functions and services:
Data Processing Purposes | Type of Personal Data | Legal Basis for Processing |
|---|---|---|
To create and activate your XPENG account | 1. Your username, password, email, phone number, or Google/Facebook account relates to your XPENG account 2. Vehicle information | Performance of a contract with you |
To fulfil and complete your orders, including reservations, orders, pre-orders, leasing, fleet sales, and other transactions entered with us | 1. Your basic information, including contact information 2. Order information 3. Financial information | Performance of a contract with you |
To provide connected-vehicle service through the XPENG APP | 1. VIN and User ID 2. Vehicle telematics data (such as mileage, battery, speed) 3. Bluetooth information (such as MAC address, Bluetooth ID, connectivity status) 4. Location data 5. Device motion status (if applicable) | Performance of a contract with you |
Vehicle authorisation (authorise others to remotely control your XPENG vehicle via the XPENG APP) | 1. User ID 2. VIN 3. Contact information of your authorised person 4. Virtual identification and authentication 5. Authorisation status | Performance of a contract with you |
To provide you with a charging service | 1. Location data 2. Vehicle telematics data (such as battery and charging status) 3. Order information | Performance of a contract with you |
To handle bills, invoices, and taxation | 1. Your basic information, including contact information 2. Order information 3. Financial information | 1. Performance of a contract with you 2. Necessary to comply with a legal obligation |
To provide you with the XPENG Trade-in service | 1. Your vehicle information, including VIN, vehicle model, registration number, and vehicle conditions 2. Your contact information | Performance of a contract with you |
To provide insurance or finance solutions for you (upon your request) | 1. Your basic information, including contact information 2. Insurance contract information 3. Financial information 4. Vehicle and device information | Necessary to take steps at your request before entering into a contract |
To provide home charging station services | 1. UID associated with your XPENG account 2. Email address (encrypted for security) 3. Bluetooth access (due to Android system requirements, enabling Bluetooth also requires granting location permission for device discovery.) | Performance of a contract with you |
To optimise the placement of our charging stations | 1. Name and location of charging station recommended to you, or you searched or viewed 2. Anonymised location information | Necessary for our legitimate interest: to analyse and improve our charging service |
b) To communicate with you:
| Data Processing Purposes | Type of Personal Data | Legal Basis for Processing |
|---|---|---|
To fulfil requests or service appointments you make to us, including test drives, service and event appointments, and partnership requests | 1. Your basic information, including contact information (note: we may contact you to confirm your booking or request) 2. Order information 3. Appointment or service history (such as appointment details, customer service history) | 1. Performance of a contract with you or necessary to take steps at your request before entering into a contract 2. Necessary for our legitimate interests: to administer customers' inquiries and requests |
To respond to any feedback, requests, questions, or complaints you may have regarding our products and services (in person, online, telephone, email, etc.) | 1. Your basic information, including contact information 2. Order information 3. Communication and interaction information, including your request details, and images/files you uploaded (if you choose to) | 1. Performance of a contract with you or necessary to take steps at your request before entering into a contract 2. Necessary for our legitimate interests: to administer customers' inquiries and requests |
Sign up for XPENG marketing communications | 1. Account information 2. Order information | Where you have provided your consent |
Advertising and marketing purposes, including displaying online ads based on your online profile and analysing the effect of such online marketing campaigns. *We may use cookies and similar technologies ("cookies") for this. Some cookies create unique identifiers and may collect data while you are using our websites, applications or other content, which helps us to personalise content or advertisements. Please read our Cookie Policy for more information about cookies. | 1. Online identifiers 2. Device-related information 3. Cookies | Where you have provided your consent, to the extent that the processing is not permitted on a legitimate interest basis |
To participate in surveys about your experience with our products and services | 1. Account information 2. Contact information 3. Survey or feedback details | Necessary for our legitimate interests: to understand, analyse, and improve customer experience |
Process job candidates' personal data to evaluate applications for employment | Job application data (including name, contact details, employment and education information, CV) | Necessary to take steps at your request before entering into a contract |
| Data Processing Purposes | Type of Personal Data | Legal Basis for Processing |
|---|---|---|
To detect and defend against unauthorised access to data, and to enhance information security | 1. Device information 2. Network activity information | Necessary for our legitimate interests: to protect the confidentiality, integrity, and availability of IT systems |
To upload crash logs for troubleshooting | 1. Account information 2. Relevant crash logs (may include user ID, device information, vehicle information and location information) | 1. Where you have provided your consent 2. Necessary for our legitimate interests: to ensure a smooth user experience and service safety |
| To understand and analyse app and website UI behaviour and usage, to improve our services. *We also use cookies like Google Analytics to collect usage data of our app and website; we only use this kind of analytics tool to understand the usage and effectiveness of our online services. *To know more about how Google Analytics processes data, please see: https://policies.google.com/privacy?hl=en-US | 1. User ID 2. Device information 3. Usage information 4. Analytics data (aggregated data on UI behaviour, usage and analytics of the app and website. Some of this data is shared with Google Analytics) | 1. Necessary for our legitimate interests: to understand, analyse, and improve customer experience 2. Where you have provided your consent (website cookies) |
| Data Processing Purposes | Type of Personal Data | Legal Basis for Processing |
|---|---|---|
To demonstrate compliance with regulatory requirements | 1. Contact information 2. Order information 3. Vehicle information | Necessary to comply with a legal obligation |
To prevent theft and to ensure safety in Stores | Video images captured through CCTV | Necessary for our legitimate interests: to monitor the security of store assets and ensure Data Subjects' safety |
5. HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
We retain the information we collect from or about you for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you. When determining this retention period, we take into account various criteria, including the type of services requested by or provided to you, the nature of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, and retention periods required by law.We will take reasonable and appropriate measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. However, please note that no security measures can be 100% secure and perfect, and in the unfortunate event that a personal data security incident occurs, we will report it promptly and take remedial measures in accordance with the requirements of the law and regulatory authorities.
If you sell or transfer your vehicle to another person, please inform us promptly so that we can determine whether additional steps are needed to be taken to avoid disclosing personal data from or about you to the purchaser or transferee of the vehicle.
6. DATA CROSS-BORDER TRANSFER
We primarily store and process your personal data in our service provider within the European Economic Area (EEA). As a globally operating company, we also share your personal data with third parties as described in the "HOW DO WE SHARE YOUR INFORMATION?" section. These third parties can be located outside your country of residence and the European Economic Area (EEA). We comply with the APPs and applicable data protection laws relating to the transfers of personal data from the EEA to third countries.
With respect to personal data transferred outside the EEA, we comply with applicable data protection laws, providing adequate safeguards for the transfer of personal data to countries outside of the EEA by relying on:
a) Adequacy decisions. These are decisions from the European Commission under Article 45 of the GDPR (or equivalent decisions under other laws) which recognise that a country offers an adequate level of data protection. We may transfer your personal data to some countries with adequacy decisions.
b) Standard contractual clauses. In the absence of an adequacy decision, we rely on approved EU standard contractual clauses under Article 46 of the GDPR to transfer your personal data to our affiliates, such as the Headquarter in China, and/or other third parties.
As part of our global operations, your personal data is also processed by XPENG's affiliates located in China (such as Guangzhou Xiaopeng Motors Technology Co., Ltd. and its affiliates) insofar as necessary for the provision of services, such as IT system operations and maintenance, research and development, analytics, and technical support. This access is granted on a need-to-know basis only and under strict security controls and authorisation. We rely on approved EU standard contractual clauses in relation to transfers of personal data to our affiliates in China, supplemented with additional technical and organisational measures in relation to these transfers, such as:
a) Encryption of data, in transit and at rest.
b) Other measures to – where legally possible – limit access to personal data by the government or governmental authorities.
We have conducted a data transfer impact assessment (DTIA) for China and will review it periodically to ensure that our safeguards remain effective.
If you want to request a copy of our standard contractual clauses, you may contact us according to the instructions in the "HOW TO CONTACT US?" section below.
7. HOW DO WE SHARE YOUR INFORMATION?
We will not sell your personal data to anyone at any time for any purpose. We will only share your personal data in the following ways:a) Share with XPENG' s affiliates: We may share information with XPENG's relevant affiliates. Your information may be shared within XPENG's affiliates only for explicit and legitimate purposes, and the sharing is limited only to information required by services.
b) Share with our local dealers or importers: We may share certain personal data with our local dealers or importers to enable them to provide you with sales and after-sales services. Such sharing is limited to the information necessary for them to perform these services and is governed by contractual agreements.
c) Share with our service providers or business partners: We may share your personal data with our service providers and business partners when it is required to provide services, for instance, customer service providers, roadside assistance providers, payment processors, leasing service partners, recruitment service providers, event/campaign organisers, analytics service providers, third parties you authorised, and other professional service providers. We will sign strict data processing agreements based on applicable data protection laws with third-party entities receiving your personal data, requiring them to take necessary security measures and properly handle your personal data.
d) Share with persons you've authorised: If you authorise someone else to use your vehicle or authorise someone else's account to be bound to your vehicle, your personal data may be accessed by third parties that you authorise, and you should exercise caution when making such authorisations.
e) Share with other third parties as required by law or otherwise: We may, in our sole discretion, transfer or disclose information, including information that does or does not identify you, to a third party when:
· It is required under a legal obligation to which XPENG is subject.
· It is required by government departments or the judiciary authorities for law enforcement purposes.
· It is required to handle emergencies.
· It is required to prevent or stop possible illegal or unethical practices.
· It is required to protect our products and services, and the personal and property safety of third parties or the public.
8. WHAT ARE YOUR RIGHTS IN RELATION TO THE DATA PROCESSING WE PERFORM?
As a data subject, you have specific legal rights granted by the APPs, Privacy Act and other applicable data protection laws relating to the personal data we process about you. We enable you to access and control the data that we collect, use and share from or about you, or your use of services.
a) Electronic or text communications: If you no longer want to receive marketing-related communications, you may opt out of receiving them by clicking the unsubscribe button in the emails or adjusting your preference on the XPENG APP. Please note that we may still send you important safety messages/calls or product service issues even if you opt out of receiving marketing messages.
b) Data subject rights: You have the right to request access to and receive information about certain data we maintain, to update and correct inaccuracies in that information, to restrict or delete the information, to object to or withdraw your authorisation to use the information in a certain way. If you want to exercise the aforementioned rights, you may contact us according to the instructions in the "HOW TO CONTACT US?" section below.
c) You can also lodge a complaint with your local data protection authority (such as the Office of the Australian Information Commissioner) in accordance with applicable data protection laws. However, we will appreciate it if you first contact us to try and solve your problem - you can find our contact details below.
9. PRIVACY OF CHILDREN
We do not knowingly collect or use any personal data from children (we define 'children' as minors younger than 18) without prior, verifiable consent which is given or authorised by the holder of parental responsibility over the child. We do not knowingly allow children to order our vehicles, communicate with us, or use any of our online services.
If you become aware that a child has provided us with personal data, please contact us as indicated in the "HOW TO CONTACT US?" section below. We will take all reasonable measures to delete the information as soon as possible and to not use such information for any purpose, except where necessary to protect the safety of the child or others as required by law.