1. Introduction
Toyota ("we", "our", or "us") is committed to protecting your privacy. Whether you deal with Toyota as a customer, consumer or as a member of the general public, you are entitled to the protection of your Personal Data. This Toyota Privacy Notice ("Notice") describes the categories of Personal Data we process in connection with your use of any of the websites available at global.toyota, www.toyota-global.com, www.toyota.co.jp, discoverlexus.com, toyotagazooracing.com, rent.toyota.co.jp, www.toyota-dreamcarart.com, startyourimpossible.com, toyota-tokyo.tech, toyotatimes.jp, toyota-automobile-museum.jp ("Websites") and the services, features or content we offer ("Services"), the purposes for which Personal Data is collected, the parties with whom we share it, the security measures we take to protect your data, in particular in the event of international data transfers. It also informs you about your rights and choices with respect to your Personal Data, and how you can contact us to inquire about our data protection practices. Please read this Notice carefully. In the event you disagree with any provision in this Notice, please do not use our Websites or provide any Personal Data. This notice may change from time to time, for more information about Notice amendments see Section 11 below.
US Consumers―you may have certain privacy rights in your state of residence related to your personal information which are in addition to any privacy rights set forth below. Please visit Toyota Motor North America's Privacy Hub https://privacy.toyota.com/ for additional information.
Web site privacy policy2. Data Controller and Data Protection Contact Point
- For the purpose of this Notice
- Toyota Motor Corporation ("Toyota")
1 Toyota-cho, Toyota city
Aichi, 471-8571, JAPAN
is responsible for the processing of your Personal Data as Data Controller.
We have set up a Data Protection Contact Point that will handle any questions or requests you may have concerning this Notice, your Personal Data, and its processing.
- For any questions, requests or complaints concerning the application of this Notice or for exercising your rights, as described in this Notice, you can contact us at the Data Protection Contact Point
- Data Protection Contact Point
in-data.protection@mail.toyota.co.jp
Information Security and Trust Management Division
Toyota Motor Corporation
1 Toyota-cho, Toyota city,
Aichi, 471-8571, JAPAN
3. Personal Data We Collect About You and How We Collect It
"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When visiting our Websites you have the option to provide us with Personal Data relating to you. Additionally, when you use our Services we automatically collect certain information about you and your internet usage. The specific categories of Personal Data concerned and the sources from which we obtain them are linked to the way you interact with our Websites and Services. More information about the categories of Personal Data and the ways in which we collect it are described below.
(1) Personal Data You Give to Us
Our Websites offer you the possibility to (i) participate in our offers and programs, including a request for filling out our valuation and forms, (ii) make and amend your booking for our services, including for Toyota Kaikan and Plant tour, Toyota Rent-a-Car, and others offered in Japan, (iii) contact us via phone call or email, or otherwise provide information directly to us, and/or (iv) interact with us in social media. The Personal Data thereby collected includes
- Identification data: name, title, address (private and/or professional), telephone number (residential, business);
- Personal characteristics: age, gender, date of birth, place of birth, occupation and nationality;
- Contact information consisting of the communication channel you have used to contact us or have chosen to provide us with, such as your email address or a social media account (e.g. Facebook, Twitter, LinkedIn and/or Instagram account), including the content of the communication (e.g. requests for information, complaints, comments, etc.).;
- IDs assigned by us, such as a Toyota user account ID, types of formal identification data such as passport, driving license and utilities bill (when we need to verify your ID or driver's licence for e.g. Toyota Rent-a-Car).
(2) Personal Data We Automatically Collect
As you navigate through our Websites, we use automatic data collection technologies to collect certain Personal Data about your device, browsing activity, and patterns, including:
- Log usage data of your visits to our Websites, including technical session and connection information, resources that you access, traffic data, location data, date and time of access and frequency;
- Personal Data about your computer and internet connection, hardware and software, including your IP address, operating system, host domain, browser type, language settings, web pages you viewed on our Websites, search terms and times of your visit; and
- Details of referring websites (URL) and web pages you visited prior to ours.
(3) Cookies Used On Our Websites
We use cookies, beacons and similar technologies on our Websites. Cookies are small data files that are stored on a user's computer for record keeping purposes. We use them in public areas of our Websites.
Our Websites use single-session (temporary) and multi-session (persistent) cookies. Temporary cookies last only as long as your web browser is open, and are used for technical purposes such as enabling better navigation on our Websites. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods and are used for purposes which include tracking the number of unique visitors to our Websites and Personal Data such as the number of views a page gets, how much time a user spends on a page, and other pertinent web statistics. This Personal Data identifies your browser to our servers when you visit the Websites.
Most web browsers are set to accept cookies by default. If users prefer, they can usually choose to set their browsers to remove and reject cookies. In some cases, removing or rejecting cookies may affect certain features or services on our Websites. If you want to disable the use of cookies or remove them from your computer, you can disable or delete them at any time using your browser (consult your browser's "Help" menu to learn how to delete cookies).
For further information about our use of cookies and on how to avoid them, please consult our cookie Notice available at Cookies policy.
(4) Personal Data from Social Media
- Facebook Insights Data
When you use our TMC Facebook fan page, Facebook may collect insights data, i.e., how often you visit the TMC Facebook fan page, whether you recommend it in a post or comment, etc. Subsequently, Facebook provides anonymous statistics and insights about the usage of the TMC Facebook fan page to TMC, (such as number of followers, number of interactions with a post, etc.) to help us understand how users are engaging with our Facebook fan page.
TMC's legal basis for processing insights data is our legitimate business interest to steadily improve our Facebook online content and to better respond to the interests of our users. TMC is a joint controller together with Facebook Ireland for the insights data. However, TMC and Facebook Ireland have agreed that Facebook Ireland takes primary responsibility under the GDPR for the processing of your insights data. This means that Facebook is primarily responsible for providing you with information about the joint processing of the insights data and for enabling you to exercise your rights under the GDPR regarding insights data.
For more information about Facebook Page Insights Data please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.
- Other social media
We may collect and/or receive Personal Data from Toyota's presence on social media platforms such as YouTube, Twitter, LinkedIn, and Instagram, consistent with your settings within the social media platform, regarding gender and age, occupation, location, check-ins, famous posts, escape rate, access date and time, use of messaging functions, followers and likes. We aggregate this Personal Data and divide large groups of users into sub-groups based on the same type of shared characteristics such as geography, behaviour, or demographics, in order to provide better, more personalized services for the users.
- Social Media Plugins
When using our Websites we allow you to share information with social media sites and to access our social media profiles through so-called plugins. Social networks are able to retrieve Personal Data through those plugins, even if you don't interact with them. Moreover, if you are logged onto a social network while visiting our Websites with social plugins imbedded in them, the network can collect and store information about such visit and link it to your social network user account. As we have no control over the data collected by social media networks through their plugins, we encourage you to read their applicable data privacy policies to learn more about them.
Once you choose to share information of our Websites on social media or when you connect with our social media profiles through the plugins, those social media sites allow us to automatically access Personal Data retained by them about you consisting of content viewed by you, content liked by you and information about the advertisements you have been shown or have clicked on. You can restrict our access to your Personal Data by changing your privacy setting on the respective social media site.
Lastly, you can access our Websites via a third-party service, e.g. from our profiles on social networks. In those cases, we collect Personal Data from your social media user account consisting of your first and last name, email address and phone number and any other information you have made public.
4. For Which Purposes We Process Your Personal Data and on What Legal Bases
We will only process your Personal Data for specific, explicit and legitimate purposes. We will not process your Personal Data for any further purposes than the ones the data was originally intended for, unless the new purpose is compatible with the original one. In the absence of compatibility, the processing of Personal Data for further purposes is subject to your prior explicit consent.
The following table lists the purposes for which we process your Personal Data and the legal bases we rely on
Purpose of Processing | Legal Basis |
---|---|
Managing your on-line reservation through websites, such as for Toyota Kaikan and a plant tour, Toyota Rent-a-Car, etc. | Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. |
Managing your complaints and/or requests, such as a request to receive marketing information regarding the latest news, events, offers, etc. | (i) Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; and (ii) our legitimate interests consisting of customer relationship management, including complaint management and carrying out marketing and promotional activities. |
When required to comply with any provisions in any applicable laws and regulations or follow any governmental notification and/or guidelines. | Processing is necessary for compliance with a legal obligation we are subject to. |
Commercial purposes involving the presentation of goods and services that we provide. | Processing is necessary for the purposes of our legitimate interests consisting of carrying out marketing and promotional activities. |
Promoting Toyota's Motorsports activities. | Processing is necessary for the purposes of our legitimate interests consisting of carrying out marketing and promotional activities. |
Conducting surveys through online questionnaires in order to enable us to manage planning, research and development, quality improvement and/or developing any measure to improve customer satisfaction. | Processing is necessary for the purposes of our legitimate interests consisting of customer relationship management and quality assurance. |
Ensuring the quality of our products and services and for developing new Toyota products and services. | Processing is necessary for the purposes of our legitimate interests consisting of quality assurance, product support and development. |
Social media content moderation and analytics. | Processing is necessary for the purposes of our legitimate interests consisting of personalized social media content and services. |
5. How Long Do We Keep Your Personal Data
We will not retain your Personal Data for longer than is allowed under the applicable data protection laws or for longer that is necessary in relation to the purposes for which it was originally collected or otherwise processed. As a general rule, we will delete your Personal Data after 3 years, unless statutory retention periods apply.
In the absence of statutory retention periods, alternatively after completion of those periods, we will erase your Personal Data. Further, we will erase your Personal Data where one of the following applies: (i) when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; (ii) when you object to the processing and there are no overriding legitimate grounds for the processing; (iii) when your Personal Data has been unlawfully processed; and (iv) when it is necessary to comply with legal obligations.
6. Protecting Your Personal Data
We have taken into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, and implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate
- the pseudonymisation and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and/or
- process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
7. Disclosure of Personal Data
For the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients
a) Within our organisations and our brand environment
- Our authorised staff members;
- Our affiliates and subsidiary companies; and/or
- Members of our Authorised Retailer and Repairer network which you have been in contact with.
b) Third party business partners
- Advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
- Business partners: trusted companies that may use your Personal Data to provide you with the services and/or the products you requested and/or that may provide you with marketing materials (provided that you have consented to receiving such marketing materials); and/or
- Service providers of Toyota: companies that provide services for or on behalf of Toyota, for the purposes of providing such services (for example, Toyota may share your Personal Data with external providers of IT-related services).
c) Other third parties
- when required by law or as lawfully necessary to protect Toyota
- to comply with the law, requests from authorities, court orders, legal procedures;
- to verify or enforce compliance with Toyota's policies and agreements; and/or
- to protect the rights, property or safety of Toyota and/or its customers.
- in connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Toyota's business.
8. Specific Contact with Our Authorised Retailers and Repairers
If you purchase a car or another product or service from one of our Authorised Retailers or Authorised Repairers or if you give them your Personal Data, you will have a separate relationship with this Authorised Retailer or Authorised Repairer. In this case, they are the data controller of your Personal Data. For all questions or requests about the collection and use of your Personal Data by one of the Authorised Retailers or Authorised Repairers, please contact them directly.
9. International Data Transfers
International data transfers refer to transfers of Personal Data outside of the European Economic Area ("EEA"). We are a company with operations around the world. Accordingly, our business requires the transfer of Personal Data to and from other group companies or third parties, which may be located outside the EEA, including Japan. We will only transfer Personal Data to countries that provide for an adequate data protection standard meeting the requirements as set out by the European Commission. Data transfers to countries not meeting that threshold will only occur in accordance with international data transfer agreements based on EU Standard Contractual Clauses.
10. Your Rights with Regard to Your Personal Data
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your Personal Data.
We remind you that you can at any time exercise certain data protection rights. These rights may vary depending on where you are located and which data protection laws will apply to the relationship between you and us, but would typically include
- The right to request access to your Personal Data, which includes the right to obtain confirmation from us as to whether or not Personal Data concerning you is being processed, and where that is the case, access to the Personal Data and information related to how it is processed. You may always contact us at the Data Protection Contact Point (see section 3 "Who can you contact in case you have questions or requests?") to find out what Personal Data we have concerning you and its origin.
- The right to be informed of certain things, which include public and private entities which we made shared use of your Personal Data, the possibility to refuse the provision of consent and the respective consequences.
- The right to rectification or erasure of your Personal Data, which includes the right to have incomplete Personal Data completed, including by means of providing a supplementary statement, and certain rights to request us to erase, block or anonymize your Personal Data without undue delay.
- The right to restrict or object to processing concerning your Personal Data, which includes restricting us from continuing to process your Personal Data under certain circumstances (e.g., where you contest the accuracy of your Personal Data, processing is unlawful, your Personal Data is no longer needed for the purposes of processing, or you have otherwise objected to processing related to automated individual decision-making).
- The right to data portability, which includes certain rights to have your Personal Data transmitted from us to another controller.
- Where data processing is based on your consent, the right to withdraw consent at any time and the right to request the exclusion of your Personal Data.
- The right to lodge a complaint with a data protection supervisory authority.
Any requests related to the above rights can be made by sending an email to the Data Protection Contact Point listed above.
Your choices on how you want to be contacted
In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, social media, phone, etc.), for which purpose and how frequently, by adjusting the privacy settings on the relevant device or updating your user or account profile or by following the "unsubscribe" instructions included in the communication.
11. Amendments to This Notice
We reserve the right to amend this Notice from time to time consistent with applicable data protection laws and regulations. Any changes to this Notice will be posted on this page. If we make material changes to how we treat your Personal Data, we will notify you through a new version of this Notice on the website home page. The date this Notice was last revised is identified at the top of the page.