GENERAL TOYOTA PRIVACY AND DATA PROTECTION POLICY
Toyota respects your privacy. Whether you deal with Toyota as a customer, a consumer, a member of the general public, etc., you are entitled to the protection of your Personal Data. This data may relate to your name, telephone number, email address but also to other data, such as your Vehicle Identification Number (VIN), (geo-)location, etc.
In this General Toyota Privacy and Data Protection Policy (“this Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, with whom we share it, how we protect it, and the choices you can make about your Personal Data.
This Policy applies to the processing of your Personal Data in the framework of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. that are provided or operated by us or on our behalf.
This Policy contains general rules and explanations. It is complemented with separate specific privacy notices relating to particular services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. provided or operated by or on behalf of Toyota. These privacy notices will be communicated to you whenever your Personal Data is needed in the framework of the activities mentioned above (for example, via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).
This Policy applies to all your Personal Data collected by (or on behalf of) Toyota Motor Europe NV/SA, together referred to in this Policy as “Toyota”, “we”, “us” and ”our”.
If you accept the provisions of this Policy, you are agreeing to us processing your Personal Data in the ways that are set out in this Policy.
At the end of this Policy, you will find some definitions of certain key concepts used in this Policy and which are capitalised (for example, Personal Data, Processing, Data Controller…).
The entity which is responsible for the processing of your Personal Data is:
Toyota Motor Europe NV/SA (“TME”)
Avenue du Bourget/Bourgetlaan 60
We have organised a Data Protection Contact Point which will handle your questions or requests relating to this Policy, any specific privacy notice, your Personal Data (and its Processing).
For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Contact Point:
We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles Toyota applies are as follows:
Whenever we require your Personal Data, we will always clearly inform you which of your Personal Data we collect. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.
Please note that in accordance with applicable data protection law, your Personal Data can be processed if:
We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.
Such purpose can be the execution of an order you have placed, the improvement of your visit on one of our websites or portals, the improvement of our products and services more generally, the offering of services or applications, marketing communications and actions, etc. The purpose of each Processing of your Personal Data will be clearly defined in the specific privacy notice relating to that particular Processing. This privacy notice will be accessible, for example, on a website or portal, on an application, in an electronic newsletter, etc.).
It is important for us to maintain accurate and up-to-date records of your Personal Data. Please inform us of any changes to or errors in your Personal Data as soon as possible by contacting us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”). We will take reasonable steps to make sure that any inaccurate or outdated Personal Data is deleted or adjusted accordingly.
You have the right to access your Personal Data which we are processing and, if your Personal Data is inaccurate or incomplete, to request the rectification or erasure of your Personal Data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”).
We will keep your Personal Data in a manner consistent with applicable data protection law. We will only keep your Personal Data for as long as necessary for the purposes for which we process your Personal Data or to comply with the law or. For information on how long certain Personal Data is likely to be kept before being removed from our systems and databases, please contact us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”).
We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to their integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and in accordance with current industry standards and practice.
Your Personal Data will only be processed by a third party Data Processor if that Data Processor agrees to comply with those technical and organisational data security measures.
Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:
Our data security procedures include: access security, backup systems, monitoring, review and maintenance, management of security incidents and continuity, etc.
Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:
a. Within our organisations and our brand environment:
b. Third party business partners:
c. Other third parties:
Please be aware that third party recipients listed under points b) and c) above –especially service providers who may offer products and services to you through Toyota services or applications or via their own channels– may separately collect Personal Data from you. In such case, these third parties are solely responsible for the control of such Personal Data and your dealings with them will fall under their terms and conditions.
If you purchase a car or another product or service from one of our Authorised Retailers or Authorised Repairers or if you give them your personal information, you will have a separate relationship with this Authorised Retailer or Authorised Repairer. In this case, they become the data controller of your Personal Data, possibly together with us. For all questions or requests about the collection and use of your Personal Data by one of the Authorised Retailers or Authorised Repairers, please contact them directly.
How is your preferred Authorised Retailer or Authorised Repairer identified? The preferred Authorised Retailer or Authorised Repairer is (1) the Authorised Retailer or Authorised Repairer that you have selected as your preferred one via the settings of your MyToyota account (which you can change at any time) or (2) in case you did not make such selection, we will identify an Authorised Retailer or Authorised Repairer based on location (the nearest to you based on your postcode, address) or based on the history of your contacts with our network.
If you use on a Toyota tool (website, portal…) a specific login from a social media (for example, your Facebook account), Toyota will record your Personal Data available on this social media and your use of such social media means that you have explicitly allowed the communication of your Personal Data recorded by Toyota through its tool.
Your Personal Data may be transferred to recipients which may be outside the EEA, and may be processed by us and these recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, Toyota will implement appropriate specific measures to ensure an adequate level of protection of your Personal Data. These measures can for instance consist in agreeing with recipients on binding contractual clauses guaranteeing such adequate level of protection.
We will always clearly inform you whenever your Personal Data would be transferred outside the EEA. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your Personal Data.
The requirements of this Policy supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this Policy and requirements in applicable data protection law, applicable data protection law will have priority.
Toyota may amend this Policy at any point in time. Where this happens we will alert you of any changes and we will then ask you to re-read the most recent version of our Policy and to confirm your acceptance thereof. You can also check this Policy periodically on www.toyota-europe.com to inform yourself of any changes.
In this Policy, the following terms have the following meanings: