Last edition: 24 January 2022
Toyota respects your privacy. If you deal with Toyota as a customer, a consumer, a member of the general public, etc., you are entitled to protection of your personal data. This data may relate to your name, telephone number, e-mail address, but also to other data, such as your vehicle registration number, geolocation location, etc.
In this Toyota General Privacy and Data Protection Policy ("this Policy") we describe how we collect your personal data and why we collect it, what we do with your personal data, with whom we share it, how we protect it and the choices you can make about your personal data.
This Policy applies to the processing of your personal data in the context of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. provided or operated by us or on our behalf.
This policy contains general rules and explanations. It is supplemented by separate specific privacy notices related to services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. provided or operated by or on behalf of Toyota. These privacy notices will be communicated to you whenever your personal data is needed in connection with the above activities (e.g. via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).
This Policy applies to all of your personal data collected by (or on behalf of) TOYOTA ESPAÑA S.L.U. or Toyota Caetano Portugal, S.A. referred to in this Policy as "Toyota", "we", "us", "us" and "our".
If you accept the provisions of this Policy, you consent to our processing of your personal data in the manner set out in this Policy.
At the end of this Policy, you will find some definitions of certain key concepts used in this Policy which are in capital letters (e.g. Personal Data, Processing, Controller ...).
2. Who is responsible for the processing of your personal data?
Las entidades que son responsables del tratamiento de sus datos personales son:
Toyota Caetano Portugal, S.A. ,
AV. Vasco da Gama, nº14104431-956
Vila Nova de Gaia ( DATOS TCAP)
TOYOTA ESPAÑA, SLU
AV. de Bruselas, 22
28108 Alcobendas, Madrid
3. Who can I contact if I have questions or requests? The data protection contact point
We have organised a data protection point of contact who will deal with your questions or requests relating to this policy, any specific privacy notices, your personal data (and their processing).
For any questions, requests or complaints regarding the application of this Policy or to exercise your rights as described in this Policy, you may contact us at the Data Protection Contact Point:
4. KEY PRINCIPLES
We value the personal data you have entrusted to us and are committed to treating your Personal Data fairly, transparently and securely. The key principles that Toyota applies are as follows:
5. PROCESSING OF YOUR PERSONAL DATA: WHAT PERSONAL DATA DO WE COLLECT AND WHAT ARE THE LEGAL ASPECTS?
Whenever we request your Personal Data, we will clearly inform you of what Personal Data we collect. This information will be provided to you via a separate privacy notice which, for example, will be included in specific services (including communication services), e-newsletters, reminders, surveys, offers, invitations to events, etc.
Please note that, in accordance with the applicable data protection regulations, your personal data may be processed if:
6. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We only process your personal data for specified, explicit and legitimate purposes, and we will not process your personal data in a way that is incompatible with those purposes.
Such purpose may be the execution of an order you have placed, the improvement of your visit on one of our websites or portals, the improvement of our products and services in general, the offering of services or applications, communications and marketing actions, etc. The purpose of each processing of your personal data will be clearly defined in the specific privacy notice relating to that particular processing. This privacy notice will be accessible, for example, on a website or portal, in an application, in an e-newsletter, etc.).
Other processing of the Customer's personal data may also be carried out on the basis of Toyota's legitimate interest. Thus, provided that the Customer does not object through the channels described in paragraph 16, he/she will receive information about products or "Joint Offers", related to the service he/she is contracting or has already contracted. A "Joint Offer" is a set of products directly related to the products already contracted, marketed jointly by Toyota and the Toyota Group, or under the Toyota brand.
To this end, the Customer's personal data may be analysed beforehand in order to draw up a very basic profile with the same that will allow these commercial communications to be adjusted as closely as possible to their preferences in order to offer them products under the Toyota brand. This analysis may take into account certain Customer data (name and surname, telephone number, email address, address, ID card number, etc.), so it may be necessary to make occasional communications of data between Toyota and the Toyota Group to ensure that the campaigns and "Joint Offers" that may be made, if any, are not repetitive, unnecessary or annoying. In any event, full communication of Customer data between such companies will only take place with the consent of the Customer.
In any event, the Customer may object to the receipt of such commercial communications, as well as to the occasional communication of its data between Toyota and the Toyota Group, at any time by exercising its right to object through the channels set out in paragraph 16. The Customer will only receive such communications for as long as it remains a Toyota or Toyota Group Customer, unless it gives its consent to do so at a later date.
Without prejudice to the foregoing, any complex profiling, including the cases provided for in Article 22 of the GDPR, shall be subject to obtaining the prior explicit, informed, free and unambiguous consent of the Customer. This refers, in particular, to decisions, if any, based solely on automated processing, including profiling, which produce legal effects on the data subject or similarly significantly affect him or her in a similar way.
7. KEEP YOUR PERSONAL DATA ACCURATE AND UP TO DATE
It is important to us to keep our records of your personal data up to date. Please inform us of any changes or errors in your personal data as soon as possible by contacting us at the Data Protection Contact Point (see section 3 "Who can you contact if you have questions or requests?"). We will take reasonable steps to ensure that any inaccurate information about your data is deleted or amended accordingly.
8. ACCESS TO YOUR PERSONAL DATA
You have the right to access the personal data that we hold about you and, if such personal data is inaccurate or incomplete, to request the rectification or erasure of such personal data. If you would like more information in relation to your privacy rights or wish to exercise any of these rights, please contact us at the Data Protection Contact Point (see section 3 "Who can you contact if you have questions or requests").
9. DURATION OF DATA PROCESSING
We will keep your personal data in accordance with the provisions of data protection regulations. Your personal data will only be kept for as long as is necessary to comply with the provisions of applicable law or for the purposes for which your personal data is processed.
For information on how long certain personal data is likely to be kept before we delete it from our systems and databases, please contact us at the Data Protection Point of Contact (see section 3 "Who can you contact if you have questions or requests").
10. DATA SECURITY
We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to its integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and in accordance with current industry standards and practices.
Your personal data may only be processed by a third party if the Data Controller undertakes to take the necessary technical and organisational measures to comply with the data processing security commitment.
Maintaining data security means protecting the confidentiality, integrity and availability of your personal data:
(a) Confidentiality: we will protect your personal data from disclosure to third parties.
(b) Integrity: we will protect your personal data from modification by unauthorised third parties.
(c) Availability: we ensure that authorised persons can access your personal data when necessary.
Our data security procedures include: access security, back-up systems, monitoring, review and maintenance, security incident and continuity management, etc.
12. COMMUNICATION OF PERSONAL DATA
Depending on the purposes for which we collect your Personal Data, we may disclose your Personal Data to the following categories of recipients, who will then process your Personal Data only within the framework of these processing operations:
(b) Third-party trading partners:
Please note that the third party recipients listed in (b) and (c) above - especially service providers who may offer products and services to you through Toyota's services or applications or through their own channels - may collect your personal data separately. In such case, these third parties are solely responsible for the control of such personal data and your dealings with them will be governed by their terms and conditions.
13. CONTACTS WITH OUR NETWORK
If you purchase a car or other product or service from one of our Authorised Dealers or Authorised Repairers or if you authorise them to process your personal information, you will have a separate relationship with this network member. In this case, the network member will become the data controller for the processing of your personal data, possibly together with us. For all requests regarding the use of your personal information by your distributor, please contact them.
How is your preferred Authorised Retailer or Authorised Repairer identified? The preferred authorised retailer or authorised repairer is either (1) the authorised retailer or authorised repairer you have selected as your preferred retailer or authorised repairer through your MyToyota account settings (which you can change at any time) or (2) if you have not made such a selection, we will identify an Authorised Dealer or Authorised Repairer based on location (nearest by postcode, address) or based on your contact history with our network.
14. USE OF SOCIAL NETWORKS
If you use a specific username on a social network such as your Facebook username, Toyota will record the data available on this social network and for which you have expressly permitted communication through the selected application.
Posting on social media may have (unintended) consequences, including the impossibility of removal within a short time of sharing your privacy or that of the persons whose data is shared. You should be aware of these consequences, for which you are making the decision about posting on social media. Toyota accepts no liability in this regard.
15. TRANSFERS OUTSIDE EU/EEA
Your personal data may be transferred to recipients which may be outside the EU/EEA, and may be processed by us and these recipients outside the EU/EEA. In relation to any transfer of your personal data to countries outside the EEA which generally do not offer the same level of data protection as in the EU/EEA, Toyota will implement appropriate specific measures to ensure an adequate level of protection for your personal data.
These measures may include, for example, agreeing binding contractual clauses with recipients that ensure an adequate level of protection. We will always clearly inform you when your Personal Data is transferred outside the EU/EEA. This information will be provided to you via a separate privacy notice which will, for example, be included in specific services (including communication services), e-newsletters, reminders, surveys, offers, invitations to events, etc.
16. YOUR VIEWS AND YOUR RIGHTS
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your information.
You can always contact us at the Data Protection Contact Point (see section 3 "Who can you contact if you have questions or requests?") to find out what personal data we hold about you and its source. Under certain conditions, you have the right to receive your personal data, which you have provided to us, in a commonly used structured machine-readable format and to transmit your personal data to any third party of your choice.
If you find any errors in your personal information or if it is incomplete or incorrect, you may ask us to correct or complete it.
You have the right to request a restriction on the processing of your personal data (e.g. while the accuracy of your personal data is being verified).
You can also object to the use of your data for direct marketing purposes (if you prefer, you can also tell us through which channel and how often you prefer to be contacted by us) or to the sharing of your personal information with third parties for the same purpose.
You may withdraw your consent at any time to continue processing the personal data you have provided to us by contacting us at the data protection point of contact (see section 3 "Who can you contact with questions or requests").
In addition, you may be required to delete any data concerning you (except in certain cases, for example, for proof of a transaction or where required by law).
Finally, please note that you have the right to lodge a complaint against the controller with the relevant data protection authority ("DPA").
With regard to TME (as controller), the relevant DPA is the Belgian Data Protection Authority. With regard to TES (as controller), the relevant DPA is the Spanish Data Protection Agency.
17. LEGAL INFORMATION
The requirements of this Policy supplement, and do not replace, any other existing requirements under applicable data protection law. In the event of any inconsistency between what is written in this Policy and the requirements in the applicable data protection law, the applicable data protection law will take precedence.
Toyota may change this Policy at any time. When this happens, we will notify you of any changes and ask you to re-read the most recent version of our Policy and confirm your acceptance. You may also check this Policy periodically at www.toyota.es for any changes.
1.1 In this policy, the following terms have the following meanings:
(a) Controller means the organisation that determines the purposes for which and the manner in which personal data are processed. Unless we inform you otherwise, the data controllers are Toyota España S.L.U. (Av. de Bruselas, 22, Arroyo de la Vega, 28108, Alcobendas) and/or Toyota Caetano Portugal, S.A. (Av. Vasco da Gama, nº1410 4431-956 Vila Nova de Gaia)
Further information may be provided to you through a separate privacy notice which, for example, will be included in specific services (including communication services), e-newsletters, reminders, surveys, offers, invitations to events, etc.
(b) Processor means the person and/or organisation processing personal data on behalf of the Controller.
(c) Data Protection Point of Contact means the point of contact (i.e. a person designated by Toyota in the relevant jurisdiction) where you can direct your questions or requests regarding this Policy and/or the processing of your Data to the Data Controller and who will respond to such questions and requests. Unless we inform you otherwise, you may contact the Data Protection Point of Contact as described in section 3 "Who can you contact if you have questions or requests").
(d) EEA means European Economic Area (consisting of the EU Member States, Iceland, Norway and Liechtenstein).
(e) Personal Data is data relating to you directly or allowing your identification, such as, for example, your name, telephone number, e-mail address, vehicle identification number (VIN), (geographical) location, etc.
(f) Processing means the collection, access and all forms of use of your personal data.
(g) Toyota Group includes Toyota España, S.L.U. Toyota Motor Europe, S.L.U., Toyota Motor Corporation, Concesionario Oficial de la Red de Toyota, Toyota Kreditbank, GMBH, Sucursal en España, Aioi Nissai Dowa Insurance Company of Europe Limited, Sucursal en España and Toyota Insurance Management, Ltd, Sucursal en España.