Toyota respects your privacy. This Data Protection Policy (the Policy) describes how we process personal data, which personal data we collect and why we collect it, with whom we share this personal data, how we protect it, and the choices you can make about how we use your personal data.
This Policy applies to any personal data collected, held or processed by or on behalf of Toyota Motor Europe, its affiliated companies and subsidiaries (hereinafter together referred to as Toyota) relating to any individual in his/her dealings with Toyota as customer, consumer or general public.
The scope of this Policy also includes all the websites, applications, online sales promotions or games, mobile sites and apps, sponsored social media platforms and any other online initiatives that are owned by Toyota, where personal data is processed. Unless an express consent is required by the data privacy laws of your country, by using one of our media, you consent to the collection and use of your personal information by us as described in this Policy. If you chose not to provide us with your personal information, in most cases, we will not be able to provide you with our products and services or information about them.
The requirements of this Policy are in addition to, not in substitution for, any other requirements under the applicable data protection laws and regulations. In case of conflict between the applicable data protection laws and regulations and the provisions of this Policy, the applicable data protection laws and regulations shall prevail.
Toyota may amend this Policy at any point in time. Please check this Policy periodically on https://collection.toyota-europe.com/cy/privacy-policy/ to inform yourself of any changes.
In this Policy, the following terms shall have the following meanings:
- Data Controller means the organisation which determines the purposes for which, and the manner in which, any Personal Data is processed. For the purposes of this Policy, the Data Controller(s) are Toyota Motor Europe NV/SA (Avenue du Bourget 60, 1140 Bruxelles, Belgium) and each of the Toyota group companies listed in Appendix A.
- Data Processor means the individual and/or organisation which Processes Personal Data on behalf of the Data Controller.
- Data Protection Officer or DP Officer means the data protection officer appointed by Toyota in the relevant jurisdiction.
- Data Subjects means all individuals about whom Toyota holds Personal Data.
- EEA means the European Economic Area (which is composed of the EU Member States and Iceland, Norway, and Liechtenstein).
- Personal Data is any data relating to a living individual which allows the individual to be identified, whether from the data alone, or in combination with other information. A description of the Personal Data Processed by Toyota is set out under section  below.
- Processing means any operation or set of operations which is performed upon Personal Data, such as the collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of Personal Data.
- Sensitive Personal Data means, among others, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the Processing of data concerning health or sex life. Special provisions apply to the Processing of Sensitive Data.
2. Key Policy Principles
We value the Personal Data entrusted to us and we are committed to Processing Personal Data in a fair, transparent and secure way. The key principles of this Policy are as follows:
- Data Collection: we will only collect Personal Data by fair, lawful and transparent means.
- Data Minimisation: we will limit the collection of Personal Data to what is directly relevant and necessary for the purposes set out in this Policy.
- Purpose limitation: we will only Process your Personal Data for specified, explicit and legitimate purposes and not further Process your Personal Data in a way incompatible with those purposes.
- Accuracy: we will keep your Personal Data accurate and up to date.
- Data Security: we will implement appropriate technical and organisational measures to ensure an appropriate level of security in relation to the risks represented by the Processing and the nature of the Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of Processing.
- Access and Rectification: we will Process your Personal Data in line with your privacy rights.
- Retention: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations. In any event, we will not keep your Personal Data longer than is necessary for the purposes set out in this Policy.
- International transfers: we will ensure that any Personal Data transferred outside the EU/EEA is adequately protected.
- Third Parties: we will ensure that access to and transfers of Personal Data to third parties are carried out in accordance with the applicable laws and regulations and with suitable contractual safeguards.
- Direct Marketing and cookies: where we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with the applicable laws.
3. Data collection
Personal Data you provide us directly
We collect information directly from you when you:
- Choose to participate in our offers and programs;
- Create an account on our websites or in our mobile applications;
- Call or email us, or otherwise provide information directly to us;
- Interact with us in social media.
The Personal Data you provide to us directly can include:
1. Personal data that you provide at different points of contact with Toyota and might be shared between Toyota entities to provide you with the best possible products, services and offers and to align the engagement based on your needs and preferences:
- Identification data
- Personal identifying information: name, title, address (private and professional), previous addresses, telephone number (residential, business), e-mail address, nationality
- Personal characteristics: age, gender, date of birth, place of birth, marital status and nationality
- Vehicle information: current and previous brand and type of vehicle, Vehicle Identification Number, Number plate, selected optional equipment, purchase, rental or leasing, etc.
- Lifestyle: details on the consumption of goods or services, behaviour of the individual or his/her family, social contacts, complaints, incidents or accidents, use of media and means of communication, incl. Facebook account, Twitter account, Linked-in account, Instagram…
- Professional information: occupation
- Household Composition: Marriage or present form of cohabitation, name of the spouse or partner, details of other members of the family or household.
- Hobbies and interests: Leisure activities and interests: hobbies, sports and other interests.
- Affiliations: other than professional, political or union, affiliations to charitable or voluntary organizations, clubs, associations, unions, organizations, groups...
2. In case of need to verify your ID or driver’s licence (e.g. test drives, replacement car) data that will be collected from you can include:
- IDs assigned by us, identification data, issued by the public services, other than the national registration number: number of identity card, passport, driving license, Copy of ID, Passport, Driver’s licence
Such data will only be used for administration of the test drive.
3. When interacting with Toyota through online channels (e.g. website) the following information can be captured (in accordance with the cookies policy):
- Electronic identification data, IP addresses, cookies, moments of connection...
4. For connected car services the following data can be collected:
- Electronic data location: GSM, GPS.
5. When purchasing or applying for financial service offering or insurances, the following data can be collected and treated under the local banking legislation (i.e. it will not be shared with any other entities of Toyota):
- Financial features (only in relation with financial services offerings): Income/possessions of Data Subject and his/her partner, solvency, assessment of income, financial status, credit rating, details relating to insurance, professional activities of the data subject and their partner, conventions and agreements.
- Housing characteristics : Address of housing, housing type, own house or leased, length of stay at this address, rent, charges, classification of housing, valuation details, names of key holders.
6.When contacting you through our call centres (e.g. for satisfaction surveys) we might record the calls in order continuously improve the quality of our services:
- Sound recordings: Recording on tape, call recording.
7. For special events (e.g. reveal of new car) Toyota might take – with your permission –photos and videos of you:
- Image recordings: Films, photographs, video recordings, digital photos.
Personal Data we receive from third parties
We may obtain the same categories of Personal Data about you from third parties such as our network of authorized Toyota sales agents, other group companies, carefully selected business partners who provide products and services under one of our brands, and any other third party who may lawfully pass to us information about you.
Personal Data we collect automatically
We may collect certain information by automated means (e.g. cookies, log-file, Wi-Fi access points web beacons) when you visit websites and digital applications and services. For further information on these technologies, we refer to section  of this Policy.
4. Why Does Toyota Collect Your Personal Data?
Toyota may Process the Personal Data for the following purposes (the Purposes):
- Information Requests: to answer your questions or to respond to your requests;
- Technical Use and your Security: to allow us to remember your car’s maintenance and to inform you about any technical remarks relating to the safety of your car;
- Contests, Offers, Events and Surveys: to organise contests, programs, offers, open doors, test drives etc. in which you participate;
- Newsletter: to send you newsletters (provided that you have subscribed to the Toyota newsletter on one of the Toyota websites);
- Interest-based: to tailor our communication and information to your interests;
- Direct Marketing: to send you email and/or postal messages or contact you by phone or via the social media or any contact channel you have supplied to us with information about Toyota brands and other content we think may be of interest to you, including brand and service information from carefully selected business partners, subject to section 9 of this Policy; we only process your data for direct marketing purposes if you have consented to it;
- Customer administration: including management of orders, billing of services and products, monitoring of solvency, registration of customers and profiling of customers based on their purchases;
- Advertising, marketing and public relations: including advertising and marketing Toyota’s business and activities, studying of consumer preferences, and promoting public relations in connection with Toyota’s business and activities;
- Accounts: including keeping accounts relating to any business and activity carried out by Toyota and keeping records of purchases, sales and transactions;
- Safety and security: any method, system or process used by Toyota to protect its physical and intellectual property, to protect its economic and financial interests and to protect the integrity of its directors, employees and customers.
- IT support and development;
- Compliance and legal claims: including ensuring compliance with legal obligations or establishing, exercising or defending legal claims;
- Credit management: including the granting of a credit and activities relating to the follow up and reimbursement of credits;
- Brokerage services: including intermediation between final customer and finance entities granting insurance and credits;
- Scientific, historical and statistical research: including the collection and processing of personal data for statistical surveys (or necessary to reach statistical results), analysing earlier events, and establishing patterns and rules of conduct;
- To prepare for and carry out a merger, take-over, transfer of an undertaking, transfer of assets or any other type of corporate transaction; and
- Any other purpose described and communicated to you prior to using your Personal Data for such other purpose.
Toyota shall only Process Personal Data to the extent that it is required for the Purposes and for any other purpose specifically permitted by the applicable data protection laws and regulations.
To the extent required under the applicable data protection laws and regulations, Toyota shall notify the Processing of Personal Data to the relevant authorities.
5. Accurate Data
It is important for us to maintain accurate and up to date records of your Personal Data. Please inform us of any changes to or errors in your Personal Data as soon as possible by contacting Dickran Ouzounian & Co. Ltd at email@example.com. We will take reasonable steps to make sure that any inaccurate or out-of-date data is deleted, destroyed or amended accordingly.
6. Access and rectification
You have the right to access the Personal Data we hold about you and, if such Personal Data is inaccurate or incomplete, to request the rectification or erasure of such Personal Data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact Dickran Ouzounian & Co. Ltd at firstname.lastname@example.org.
7. Timely Processing
We shall retain your Personal Data in a manner consistent with the applicable data protection laws and regulations. We will only retain your Personal Data for as long as necessary to comply with the applicable laws and regulations or for the Purposes for which we Process your Personal Data. For guidance on how long certain Personal Data is likely to be kept before being destroyed, please contact Dickran Ouzounian & Co. Ltd at email@example.com.
8. Data Security
We shall ensure that appropriate technical and organisational security measures are taken against unlawful or unauthorised Processing of Personal Data, and against the misuse, destruction, disclosure, acquisition, accidental loss of, or damage to Personal Data. Personal Data shall only be processed by a third party Data Processor if that Data Processor agrees to comply with those technical and organisational measures.
Maintaining data security means guaranteeing the confidentiality, integrity and availability of the Personal Data:
- Confidentiality: we will protect your Personal Data from disclosure to third parties.
- Integrity: we will protect your Personal Data from being modified by unauthorised third parties.
- Availability: we will ensure that authorized parties are able to access your Personal Data when needed.
Security procedures include:
- Security Policy
- Security Policy
- Risk analysis and assessment
- Organization and human aspect of security
- Information classification
- Information and training of personnel
- Disciplinary measures in case of non-compliance
- Personnel commitment to confidentiality
- Impact in outsourcing contracts
- Physical and environmental safety
- Securing physical access
- Prevention, detection and processing of the physical dangers (fire, water damages, etc.)
- Backup System
- Network Security
- Logical access security
- List of the concerned personnel
- Authentication system
- Access logging, tracking and analysis
- Monitoring, review and maintenance
- Management of security incidents and continuity
- Management system of security incidents
- Recovery, disaster of rescue plan
- Continuity plan
- Complete and updated documentation.
9. Use of Personal data for direct marketing purposes
We will only use your Personal Data for the purpose of sending promotional material via electronic means (e.g. email, SMS or MMS) if we have obtained your prior consent. You can withdraw your consent at any point in time, by following the unsubscribe instructions included in the promotional material or by contacting Dickran Ouzounian & Co. Ltd at firstname.lastname@example.org
In addition, by adjusting your privacy settings on the relevant device or updating your user or account profile, you can make a variety of choices about how you want to be contacted by us, through which channel, for which purpose and how often.
11. Disclosure of Personal Data
For the above mentioned Purposes, we may disclose your Personal Data to the following categories of recipients:
- Authorised staff members of the Toyota Group
- Corporate affiliates and subsidiary companies of the Toyota group;
- Our advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
- Service providers: companies that provide services for or on behalf of Toyota, for the purposes of such services. For example, Toyota may share your Personal Data with:
- external providers of IT related services;
- Other parties when required by law or as necessary to protect Toyota: Toyota may share your Personal with other third parties:
- to comply with the law, regulatory requests, court orders, subpoena, or legal process;
- to verify or enforce compliance with Toyota’s policies and agreements; and
- to protect the rights, property or safety of Toyota and/or its customers;
- Other parties in connection with corporate transactions: Toyota may share your Personal Data with other third parties in the context of a divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Toyota’s business;
- Other parties with your consent or upon your instruction: Toyota may share your Personal Data with third parties when you consent to or request such sharing; and
- Any other third party communicated to you by Toyota prior to sharing tour Personal Data with that third party.
Be aware that recipients as referred to above –especially service providers who may offer products and services to you through Toyota applications or via their own channels – may separately collect data from you and are therefore solely responsible for the control thereof. Your dealings with such a service provider shall fall under the terms and conditions of such service provider.
12. Specific Contact with our Dealers
If you purchase a car or another product or service from one of our authorized dealers or if you give them your personal information, you will have a separate relationship with this dealer. In this case, they become the data controller of your personal information, possibly together with us. For all request about the use of your personal information by your dealer, please make contact with them.
13. Use of Social Networks
If you use a specific login from a social network like your Facebook username, Toyota records your data available on this social network and for which you explicitly allowed the communication through the selected App.
14. Disclosures outside the EU/EEA
Your Personal Data may be transferred to any of the recipients identified in this Policy, some of which may be outside the EU/EEA, and may be processed by us and any of these recipients in any country worldwide. The countries to which your Personal Data is transferred may not offer an adequate level of protection. In connection with any transfer of Personal Data to countries that do not offer the same level of protection as in the EU/EEA, Toyota shall implement appropriate measures to ensure an adequate level of protection of your Personal Data.
15. Your choices and your rights
We want to be as transparent possible with you, so that you can make meaningful choices about how you want that we use your information.
We can contact you by post and by phone, and if you give us your prior consent to do so, by email, SMS and other electronics means.
In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (e.g. email, mail, Social Media, …), for which purpose and how frequently, by adjusting the privacy setting on the relevant device or updating your user or account profile or by following the unsubscribe instructions included in the communication.
Please note that by default, if you don’t make a choice, you will receive our promotional communications at the following frequency: at date of publication.
Your personal information
You may always contact us by post or email to find out what personal information we have concerning you and the origin of these.
If you find any mistake in your personal information or if you find it incomplete or incorrect, you may also require from us that we correct it or complete it.
You may also object to the use of your data for direct marketing purpose (if you prefer, you can also precise us though which channel and how frequently you prefer to be contacted by us) or to the sharing of your personal information with third party for the same purpose.
Finally you may require us to erase any data concerning you (except in some cases, for example to proof a transaction or when required by law).
For any privacy issues, questions or complaints concerning the application of this Policy or to exercise your rights of access or rectification within the context of this Policy, you may contact Toyota at Dickran Ouzounian & Co. Ltd at email@example.com.
List of data Controllers
Dickran Ouzounian & Co. Ltd
Grivas Dighenis Avenue
P.O. Box 21567
1510, Nicosia, Cyprus
T +357 22400000
F +357 22350536
Mr. Kyriacos Nicolaou
Chief Information Officer