Our Data Privacy Policy

The entities which are responsible for the processing of your Personal Data are:

Toyota Motor Europe NV/SA (“TME”)
Avenue du Bourget/Bourgetlaan 60
1140 Brussels
Belgium
*****and
[NMSC + address] *****

We have organised a Data Protection Contact Point which will handle your questions or requests relating to this Policy, any specific privacy notice, your Personal Data (and its Processing).

For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Contact Point:

•  *****[dedicated email address of the NMSC’s Data Protection Contact Point]*****, and
• *****[postal address of NMSC]*****.

We need to maintain accurate and up-to-date records of your Personal Data. Please inform us of any changes to or errors in your Personal Data as soon as possible by contacting us at the Data Protection Contact Point (see above for details). We will take reasonable steps to make sure that any inaccurate or outdated Personal Data is deleted or adjusted accordingly.

You have the right to access your Personal Data which we are processing and, if your Personal Data is inaccurate or incomplete, to request the rectification or erasure of your Personal Data. If you require further information about your privacy rights or would like to exercise any of these rights, please contact us at the Data Protection Contact Point (see above for details). 

We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to their integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and current industry standards and practice.
 Your Personal Data will only be processed by a third-party Data Processor if that Data Processor agrees to comply with those technical and organisational data security measures.

Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:

1.  Confidentiality: we will protect your Personal Data from unwanted   disclosure to third parties.
2.  Integrity: we will protect your Personal Data from being modified by   unauthorised third parties.
3.  Availability: we will ensure that authorized parties can access your   Personal Data when needed.

Our data security procedures include access security, backup systems, monitoring, review and maintenance, management of security incidents and continuity, etc.

We use cookies on our websites. This helps us to provide you with a better experience when you browse our website and also allows us to make improvements to our site.

For further information about our use of cookies and on how to avoid them, please consult our cookie policy, available at *****[INSERT LINK]*****.

Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:

Within our organisations and our brand environment:

• Our authorised staff members;
• Our affiliates and subsidiary companies;
• Members of our Authorised Retailers and Authorised Repairers network which you have indicated as preferred Authorised Retailers or Authorised Repairers or which are located near you (based on your postcode, address) or which you have been in contact with;
• *****[Toyota Financial Services];*****
• *****[Toyota Insurance Management];*****

• Advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
• Business partners: for example, trusted companies that may use your Personal Data to provide you with the services and/or the products you requested and/or that may provide you with marketing materials (provided that you have consented to receive such marketing materials). We ask such companies to always act in compliance with applicable laws and this Policy and to pay high attention to the confidentiality of your personal information;
• Service providers of Toyota/Lexus: companies that provide services for or on behalf of Toyota/Lexus, to provide such services (for example, Toyota/Lexus may share your Personal Data with external providers of IT related services);

• when required by law or as lawfully necessary to protect Toyota/Lexus:
• to comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;
• to verify or enforce compliance with Toyota/Lexus’s policies and agreements; and
• to protect the rights, property or safety of Toyota/Lexus and/or its customers;
• in connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Toyota/Lexus’s business.

If you purchase a car or another product or service from one of our Authorised Retailers or Authorised Repairers or if you give them your personal information, you will have a separate relationship with this Authorised Retailer or Authorised Repairer. In this case, they become the data controller of your Personal Data, possibly together with us. For all questions or requests about the collection and use of your Personal Data by one of the Authorised Retailers or Authorised Repairers, please contact them directly.

How is your preferred Authorised Retailer or Authorised Repairer identified? The preferred Authorised Retailer or Authorised Repairer is (1) the Authorised Retailer or Authorised Repairer that you have selected as your preferred one via the settings of your MyToyota/MyLexus account (which you can change at any time) or (2) in case you did not make such selection, we will identify an Authorised Retailer or Authorised Repairer based on location (the nearest to you based on your postcode, address) or based on the history of your contacts with our network.

If you purchase a car or another product or service from one of our Authorised Retailers or Authorised Repairers or if you give them your personal information, you will have a separate relationship with this Authorised Retailer or Authorised Repairer. In this case, they become the data controller of your Personal Data, possibly together with us. For all questions or requests about the collection and use of your Personal Data by one of the Authorised Retailers or Authorised Repairers, please contact them directly.

How is your preferred Authorised Retailer or Authorised Repairer identified? The preferred Authorised Retailer or Authorised Repairer is (1) the Authorised Retailer or Authorised Repairer that you have selected as your preferred one via the settings of your MyToyota/MyLexus account (which you can change at any time) or (2) in case you did not make such selection, we will identify an Authorised Retailer or Authorised Repairer based on location (the nearest to you based on your postcode, address) or based on the history of your contacts with our network.

Your Personal Data may be transferred to recipients which may be outside the EEA and may be processed by us and these recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, Toyota/Lexus will implement appropriate specific measures to ensure an adequate level of protection of your Personal Data. These measures can for instance consist in agreeing with recipients on binding contractual clauses guaranteeing such an adequate level of protection.

We will always clearly inform you whenever your Personal Data would be transferred outside the EEA. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.

We want to be as transparent as possible with you so that you can make meaningful choices about how you want us to use your Personal Data.

• Your choices on how you want to be contacted
  
  In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, social media, phone…), for which purpose and how frequently, by adjusting the privacy setting on the relevant device or updating your user or account profile or by following the unsubscribe instructions included in the communication.
  
  Please note that by default, if you don’t make a choice, you will receive our promotional communications at the normal frequency of the publication involved.
  
  
• Your Personal Data
  
  You may always contact us at the Data Protection Contact Point (see section 3 "Who can you contact in case you have questions or requests?") to find out what Personal Data we have concerning you and its origin. Under certain conditions, you have the right to receive your Personal Data, which you have provided to us, in a commonly used, structured machine-readable format and to transmit your Personal Data to any third party of your choice.
  
  
• Your corrections
  
  If you find any mistake in your Personal Data or if you find it incomplete or incorrect, you may also require from us that we correct or complete it.
  
  
• Your restrictions
  
  You have the right to request a restriction on the Processing of your Personal Data (for example, while the accuracy of your Personal Data is being checked).
  
  
• Your objections
  
  You may also object to the use of your Personal Data for direct marketing purpose (if you prefer, you can also indicate to us through which channel and how frequently you prefer to be contacted by us) or to the sharing of your Personal Data with third party for the same purpose.
  
  You may withdraw your consent at any time to the continued Processing of the Personal Data that you have provided to us by contacting us at the Data Protection Contact Point (see section 3 “Who can you contact in case you have questions or requests?”).

• Moreover, you may require us to erase any data concerning you (except in some cases, for example, to prove a transaction or when required by law).
  
  Finally, please note that you have the right to file a complaint against the Data Controller with the relevant data protection authority (“DPA”).
  With respect to TME (as Data Controller), the relevant DPA is the Belgian Data Protection Authority. With respect to *****[NMSC]***** (as Data Controller), the relevant DPA is *****[reference to the local DPA]*****.

The requirements of this Policy supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this Policy and requirements in applicable data protection law, applicable data protection law will have priority.

Toyota/Lexus may amend this Policy at any point in time. Where this happens we will alert you of any changes and we will then ask you to re-read the most recent version of our Policy and to confirm your acceptance thereof. You can also check this Policy periodically on *****[INSERT LINK]***** to inform yourself of any changes.

In this Policy, the following terms have the following meanings:

• Data Controller means the organisation which determines the purposes for which, and the manner in which, your Personal Data is processed.
  Unless we inform you otherwise, the Data Controller*****(s) is/are***** Toyota Motor Europe NV/SA (Avenue du Bourget 60, 1140 Brussels, Belgium) *****and/or [NMSC + address]*****. Further information may be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.

• Data Processor means the person or organisation which processes your Personal Data on behalf of the Data Controller

• Data Protection Contact Point means the contact point (i.e. a person appointed by Toyota/Lexus in the relevant jurisdiction) where you can address to the Data Controller your questions or requests regarding this Policy and/or (the Processing of) your Personal Data and which will handle such questions and requests. Unless we inform you otherwise, the Data Protection Contact Point can be reached as described in section 3 “Who can you contact in case you have questions or requests?”).

• EEA means the European Economic Area (= member states of the European Union + Iceland, Norway, and Liechtenstein).

• Personal Data is any data relating to you directly or which allows your identification, such as, for example, your name, telephone number, email address, Vehicle Identification Number (VIN), (geo-)location, etc.

• Processing means the collection, accessing and all forms of use of your Personal Data.