I want to...

Our Data Privacy Policy

Learn about how Toyota uses your personal data and how we respect and protect your privacy

Toyota respects your privacy. Whether you deal with Toyota as a customer, a consumer, a member of the general public, etc., you are entitled to the protection of your Personal Data. This data may relate to your name, telephone number, email address but also to other data, such as your Vehicle Identification Number (VIN), (geo-)location, etc. (“personal data”).

In this General Toyota Privacy and Data Protection Policy (“this Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, with whom we share it, how we protect it, and the choices you can make about your Personal Data.

This Policy applies to the processing of your Personal Data in the framework of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. that are provided or operated by us or on our behalf.

This Policy contains general rules and explanations. It is complemented with separate specific privacy notices relating to particular services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. provided or operated by or on behalf of Toyota. These privacy notices will be communicated to you whenever your Personal Data is needed in the framework of the activities mentioned above (for example, via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.). You can also access them by following the links below directly:

 

This Policy applies to all your Personal Data collected by (or on behalf of) Toyota Motor Europe NV/SA and/or Dickran Ouzounian & Co. Ltd, together referred to in this Policy as “Toyota”, “we”, “us” and ”our”.

At the end of this Policy, you will find some definitions of certain key concepts used in this Policy and which are capitalised (for example, Personal Data, Processing, Data Controller…).

What Personal Data do we process?

 Depending on the purpose, described in section 5 of this document, we process the following categories of data:

  • Identity data: Information that tells us who you are, for example, your name or surname and title.
  • Contact data: this includes mobile number, email address, postal address.
  • Account data: for example, preferred contact information, communication language preference, authorised retailer / dealer preference, usage related data (e.g. login statistics, error message tracking).
  • Transactional data: details about your dealings with us, such as when you bought your car and any maintenance or service work done, or a test drive that you have booked with us.
  • Contract data: for example, which contracts you entered, when and when they are expiring.
  • Unique codes or numbers used by our systems: for example, cookie IDs, that help us recognize your device or account without using your name.
  • Location data: geolocation information that can pinpoint a user's location.
  • Vehicle data: for example, VIN information, technical vehicle data such as mileage, fuel consumption, warnings and diagnostic data (e.g., system failures and warning lights)
  • Website behaviour: for example, which accessories you have configured on an online journey, which items you have pre-selected in the basket.
  • IP Address: Internet Protocol addresses that can be used to identify the user's device.
  • Browsing history: for example, data regarding the websites visited, including search queries and pages viewed.
  • Device data: details about the user's device, including operating system and browser type.
  • Survey data: your feedback and opinions about our products or services, collected through surveys.
  • Security-related data: information about the use of our digital systems and tools is collected to help ensure their safety and security—protecting your personal data and providing you with a secure digital experience.
  • Data relating to your privacy preferences: including, date you give your consent, what you consented to, date on which you withdrew your consent, how consent was given (e.g.  from which device).
  • Inquiries / Complaints: what you tell us when you contact us with a question or a complaint.

 

Whenever we require your Personal Data, we will always clearly inform you of the Personal Data we collect. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.

You don’t have to give us all the personal data we ask for—some details are completely up to you. However, if you choose to share more information with us, we can use it to make our services and offers more relevant and helpful for you.

 

Concerning the accuracy of your personal data:

It is important for us to maintain accurate and up-to-date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting us at the Data Protection Contact Point (see Point 10 “Who can you contact in case you have questions or requests?”). We will take reasonable steps to make sure that any inaccurate or outdated personal data is deleted or adjusted accordingly.

Which legal grounds do we rely upon for the processing of your personal data?

Your personal data can be processed only if based on the following legal grounds:

  • you have given us your consent for the purposes of the processing (as described in the privacy notice related to that processing). For the avoidance of doubt, you will always have the right to withdraw your consent at any time; or
  • it is necessary for the performance of a contract to which you are a party; or
  • we pursue a legitimate interest that is not outbalanced by your rights for the purposes of the processing (as described in the privacy notice related to that processing). For the avoidance of doubt, you will always have the right to object against legitimate interest-based marketing activities; or
  • we have a legal obligation to the processing.

What do we use your personal data for and for how long do we keep it?

We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.

 

We will keep your personal data in line with applicable data protection law. We will only keep your personal data for as long as necessary for the purposes for which we process your personal data or to comply with the law.

For information on how long certain personal data is likely to be kept before being removed from our systems and databases, please contact us at the Data Protection Contact Point (see Point 10 “Who can you contact in case you have questions or requests?”).

We collect and use your personal data for various purposes, including but not limited to, the following:

DATA MANAGEMENT

PURPOSE:

To ensure consistent, accurate, and efficient handling of your customer information, as joint data controllers we manage and process certain personal data. This includes exchanging relevant customer data and using shared IT platforms, databases, and support systems. Working with joint systems allows us to maintain uniform data quality, coordinate our services, streamline internal processes, and provide you with seamless support across all entities. If you have submitted your personal data to multiple data controllers, it will be consolidated, processed and stored. This serves the following purposes:

  • To manage your personal data effectively (for example, centralizing your personal data allows us to keep it more current and accurate).
  • To provide you with the best possible customer experience.
  • To support and facilitate certain activities described in this section " What do we use your personal data for and for how long do we keep it?"
  • To manage your consent(s) and objections (for example, to track whether you have agreed to receive marketing materials from us).

LAWFUL BASIS:

  • The performance of a contract.
  • Our legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes and to provide and receive updated information to/from our retailers and repairers

CATEGORIES OF DATA

  • Identity data
  • Contact data
  • Account data
  • Transactional data
  • Contract data
  • Unique codes or numbers used by our systems
  • Location data
  • Vehicle data
  • Website behaviour
  • IP Address
  • Browsing history
  • Device data
  • Survey data
  • Security-related data
  • Data relating to your privacy preferences
  • Inquiries / Complaints

 

RETENTION PERIOD                                                                                                                               We process your data for data management as long as any other purpose allows us to keep your data.

 

CREATION OF A JOINT CUSTOMER ID

PURPOSE:

To identify you uniquely and effectively we share data across Toyota entities - such as KINTO - in case you are a joint customer. To manage your personal data effectively (for example, centralizing your personal data allows us to keep it accurate and up-to-date).

 

LAWFUL BASIS:

  • The performance of a contract.
  • Our legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes and to provide and receive updated information to/from our retailers and repairers

CATEGORIES OF DATA

  • Identity data
  • Contact data

Retention Period:

We share your data for the time necessary to achieve the described purpose.

 

DATA SHARING WITH OTHER TOYOTA ENTITIES

PURPOSE:

We may share certain personal data with other Toyota group companies such as KINTO to offer you a smoother, more personalised experience. 

LAWFUL BASIS:

Your consent to share data

CATEGORIES OF DATA

  • Identity data
  • Contact data
  • Account data
  • Transactional data
  • Contract data
  • Unique codes or numbers used by our systems
  • Location data
  • Vehicle data
  • Website behaviour
  • IP Address
  • Browsing history
  • Device data
  • Survey data
  • Security-related data
  • Data relating to your privacy preferences
  • Inquiries / Complaints

RETENTION PERIOD                                                                                                                               We share your data for the time necessary to achieve the described purposes.

 

ORDER MANAGEMENT

PURPOSE

To process your order and ensure delivery and invoicing of the product or service you requested.

 

LAWFUL BASIS

  • The performance of a contract.
  • Our legitimate interest to address claims and exercise our rights.

Categories of Data:

  • Account data
  • Identity data
  • Transactional data
  • Contract data

Retention Period:

We store your data for up to 7 years after the termination of the contract

 

WEBSITE VISITS

PURPOSE

1. To improve your visit on our websites or portals (performance or analytical cookies)

2. To record your visit to and interactions with our website so that our website, marketing, and advertising are more relevant to your interests (targeting cookies).

3. To enable the website to provide enhanced functionality and personalisation (functional cookies).

4. To keep our websites and portals running and operating for you (strictly necessary cookies).

 

Please refer to the Cookie Policy for additional information on the specific cookies deployed and their purposes.

LAWFUL BASIS

1., 2., 3.: Your consent for opt-in-based cookies.

4. Legitimate interest

 

Categories of Data:

  • Unique codes or numbers used by our systems
  • Identity data
  • Contact data
  • Location data
  • IP address
  • Browsing history
  • Device data

Retention Period:

See our Cookie Policy for details on the retention periods for all the different kind of cookies.

 

COMMUNICATION

PURPOSE

To conduct marketing activities:

  • Reminders: We use your personal data to send important service and maintenance alerts—like annual Ministry of Transport (MOT) tests, or to remind you that a commercial product or service associated with your vehicle, such as a warranty, is due to expire, to help keep your vehicle safe and reliable.
  • Offers: You may receive personalised mobility and vehicle-related offers on behalf of Toyota and the Toyota Group companies (i.e. companies that belong to Toyota Motor Europe, KINTO) tailored to you and your vehicle. These product and service promotions can relate to new and used vehicles, servicing, parts and accessories, finance and insurance, connected services and other mobility-related services. on behalf of Toyota Group companies (i.e. companies that belong to Toyota Motor Europe, KINTO) tailored to you and your vehicle. These product and service promotions can relate to new and used vehicles, servicing, parts and accessories, finance and insurance, connected services and other mobility-related services.
  • Events: We’ll keep you informed about relevant events, such as model launches or birthday-related invitations, always meaningful, never spam.
  • Marketing Surveys: We may contact you to ask for voluntary feedback through surveys to better understand your preferences and improve our products and services.

 

 

 

LAWFUL BASIS

  • Our legitimate interest
  • Your consent

PURPOSE

Contract-related reminders: To keep you informed by sending you important reminders about your existing contract with us. For example, we aim to notify you about:

  • the status of the delivery of your new car
  • a maintenance reminder included in your contract
  • a payment due
  • a contract coming to an end

 

LAWFUL BASIS

  • The performance of a contract.

 

Categories of Data:

  • Identity data
  • Contact data
  • Account data
  • Transactional data
  • Contract data
  • Unique codes or numbers used by our systems
  • Location data
  • Vehicle data

Retention Period:

We keep your data as long as you agree to be subject to marketing activities. If you have a contract with us and you have not withdrawn your consent, we keep your data until 10 years after the contract is terminated

 

(ENHANCED) CUSTOMER PROFILE

PURPOSE

To conduct basic profiling activities: We evaluate and analyse certain elements of the information we collect about you to build a basic customer profile that informs our sales activities. This allows us to tailor our communications—such as reminders, offers, events, and surveys—to be more relevant to you. While we may group you into broader customer segments, we do not create a comprehensive customer profile using detailed personal information.

 

LAWFUL BASIS
Our legitimate interest

PURPOSE

To conduct advanced profiling activities which make use of sophisticated techniques for deep analysis of your customer profile, e.g. cross-device identification and/or AI. These activities involve evaluating the information you provide, along with data collected through your interactions with Toyota (e.g. dealership visits, use of our websites, the MyToyota or LexusLink+ app, Connected Services), and data received from other Toyota entities or trusted third parties.

 

The applied techniques allow us to develop a more comprehensive understanding of your preferences and behaviours across channels and devices. For example, we may use predictive analytics to anticipate your future needs—such as when you might be interested in a new vehicle or service—based on your past interactions with us. This enables us to deliver highly personalised and timely communications, offers, and experiences that are tailored to your individual interests, enhancing your overall customer journey with Toyota.

LAWFUL BASIS

Your consent

Categories of Data:

  • Identity data
  • Contact data
  • Account data
  • Transactional data
  • Unique codes or numbers used by our systems
  • Location data
  • IP address
  • Browsing history
  • Website behaviour
  • Device data
  • Vehicle data

Retention Period:

  • We keep your data as long as you agree to be subject to profiling.
  • If you have a contract with us and you have not withdrawn your consent, we keep your data until 10 years after the contract is terminated.

 

CUSTOMER SATISFACTION

PURPOSE:

To collect your opinion and satisfaction as a customer / prospect with regards to Toyota products and services you have purchased or inquired on (customer satisfaction surveys).

LAWFUL BASIS:

  • Consent
  • Legitimate interest

Categories of Data:

  • Identity data
  • Contact data
  • Transactional data
  • Survey data

Retention Period:

  • A period of up to 3 years after the completion of the survey

 

ENQUIRIES & COMPLAINTS

PURPOSE:

To answer to your enquiries or complaints.

LAWFUL BASIS:

  • The performance of a contract.
  • Our legitimate interest to handle enquiries and complaints and to address claims and exercise our rights

Categories of Data:

  • Identity data
  • Contact data
  • Contract data
  • Vehicle data
  • Inquiries / Complaints

Retention Period:

  • If you are a customer: A period of up to 10 years starting as of when we have received the inquiries or complaints.
  • If you are a prospect: A period of 5 years starting as of when we have received the inquiries or complaints.

IT SECURITY

PURPOSE:

To ensure the confidentiality, integrity and availability of our systems and services.

LAWFUL BASIS:

  • When necessary for us to comply with a legal obligation
  • Our legitimate interest to protect the confidentiality, integrity and availability of our systems and services

Categories of Data:

  • Security-related data

Retention Period:

  • A period up to 24 months, that may vary by country. We may keep the data longer if:
  • Necessary as part of an ongoing investigation into a cyber security incident;
  • Necessary for us to conduct audits of the security of our systems, applications or networks.

 

PRODUCT IMPROVEMENT

PURPOSE:

To monitor, analyse, innovate, and improve the quality and performance of our products and services, as well as the products and services of our Partners.

LAWFUL BASIS:

  • Your consent*
  • Our legitimate interest*

* To achieve the purpose of product improvement, Toyota relies on different legal bases depending on the context in which your personal data is collected:

  • Legitimate interest: when data is collected at the dealership and is not collected from a connected vehicle.
  • Consent: when data is collected from a connected vehicle. Consent is provided, and can be withdrawn, in the app.

Specific documentation is provided at the moment of data collection. The distinction in legal basis is due to the specific and more stringent legal requirements that apply to connected vehicle data.

Categories of Data:

  • Location data
  • Vehicle data
  • Transactional data

Retention Period:

  • We keep the data for a period of up to 10 years from the date we collected the data.
  • If the data is kept longer, then you will be informed of these retention periods via specific privacy notices.

 

PRIVACY PREFERENCES

PURPOSE:

Keeping record of your privacy preferences.

LAWFUL BASIS:

  • Where necessary to comply with our legal obligations under applicable data protection laws.
  • Our legitimate interest and the legitimate interest of the Toyota entity of your country of reference / your retailer to adequately manage your privacy preferences.

Categories of Data:

  • Data relating to your privacy preferences

Retention Period:

DISPUTE OR INVESTIGATION

PURPOSE:

If reasonably necessary in connection with a dispute or an investigation in which we are or may become involved either directly with you or with a third party.

LAWFUL BASIS:

  • Legitimate interest.
  • When necessary for us to comply with a legal obligation.

 

Categories of Data:

  • Identity data
  • Contact data
  • Location data
  • Account data
  • Vehicle data
  • Security-related data
  • Contract data
  • Inquiries / Complaints

Retention Period:

We will only retain data for this purpose on a case-by-case basis when the need arises and keep it for the time necessary to address the dispute.

AUTHORITY REQUEST

PURPOSE:

When requested by law enforcement authorities, regulators, or courts, we may be compelled to share your personal data with them.

LAWFUL BASIS:

  • When necessary for us to comply with a legal obligation.
  • The legitimate interest for us and society in general to honour data disclosure requests from law enforcement authorities, regulators, or courts

Categories of Data:

  • Identity data
  • Contact data
  • Location data
  • Account data
  • Vehicle data
  • Security-related data

Retention Period:

 

LEGAL OBLIGATION

PURPOSE:

To meet legal obligations. This includes retaining billing information for tax and accounting purposes, conducting vehicle safety assessments, and complying with EU regulations such as the On-Board Fuel and Energy Consumption Monitoring (OBFCM) Regulation.

Please note that, with respect to OBFCM-related processing, you have the right to object to the processing via the channels indicated in par. 11 below.

LAWFUL BASIS:

  • When necessary for us to comply with a legal obligation.

 

Categories of Data:

  • Identity data
  • Contact data
  • Account data
  • Vehicle data
  • Transactional data

 

Retention Period:

  • For as long as we are legally obliged to keep the data.  The retention requirements vary from one country to the other.  For example, in Belgium we are required to keep certain accounting records for 7 years following the end of the relevant fiscal year. For vehicle safety risk assessments linked with recall campaigns, certain data is kept for up to 40 years.

 

CAMPAIGN PERFORMANCE

PURPOSE:

To evaluate the effectiveness of our marketing campaigns and improve them, thus delivering greater value and relevance to the customer.

LAWFUL BASIS:

  • Our Legitimate Interest to improve our campaigns and business proposals

Categories of Data:

  • Identity data
  • Contact data
  • Unique codes or numbers used by our systems
  • Type/Brand of vehicle

 

Retention Period:

  • For the duration of the campaigns

 

The entities which are responsible for the processing of your Personal Data are:

Toyota Motor Europe NV/SA (“TME”)
Avenue du Bourget/Bourgetlaan 60
1140 Brussels
Belgium
and
Dickran Ouzounian & Co. Ltd
Marcou Drakou 6 (Grivas Dighenis Avenue)
P.O. Box 21567
1510, Nicosia, Cyprus

When processing your data, and depending on the purpose, described in this document, Dickran Ouzounian & Co Ltd, may act individually or collaborate with TME as joint controllers (art. 26 GDPR).

With regard to the processing of your data, this means: 

  • Your contractual partner (normally, the Retailer) is generally responsible for the proper (initial) collection of your personal data, the proper entry and maintenance in our systems, and ensuring that there is an appropriate legal basis for the processing of your data. In addition, the contractual partner will generally inform you in accordance with Articles 13 and 14 GDPR about the specific processing operations and your rights as a data subject. This is ensured in particular by this data protection information.
  • Dickran Ouzounian & Co Ltd and TME are responsible for storing and managing personal data in Toyota systems. This includes ensuring comprehensive state-of-the-art IT security measures and quality standards. Dickran Ouzounian & Co Ltd  also the preferred point of contact for all your questions as a data subject regarding data protection at Toyota. However, data protection rights can be asserted both with Dickran Ouzounian & Co Ltd and TME.
  • The parties shall immediately inform each other of any legal positions asserted by data subjects. They shall provide each other with all information necessary to respond to requests for information.

We process the personal data of the following categories of data subjects:

  • persons visiting our website(s) or tools;
  • persons who visit or contact us for test drives, offers, etc;
  • persons who place an order with us;
  • persons who purchase a product or service with us;
  • persons who contact us for an inquiry;
  • persons whose personal data we have obtained through third parties (such as Social Media Channels) to use for Sales and Marketing purposes;
  • persons whose personal data we have obtained through third parties (such as universities and their researchers) to use for research & development purposes.

We have organised a Data Protection Contact Point which will handle your questions or requests relating to this Policy, any specific privacy notice, your Personal Data (and its Processing).

For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Contact Point or by mail at our mailing address:

  • personal.data@toyota-cyprus.com

Marcou Drakou 6 (Grivas Dighenis Avenue) P.O Box 21567, Nicosia, 2409.When you contact the Data Protection Contact Point, we may ask you to provide certain personal data (such as your name, contact details, or customer reference number) to verify your identity and ensure that we are addressing your request appropriately and securely. If applicable it is recommended to specify the relevant 17-digit Vehicle Identification Number (VIN), to enable us to act on any collected vehicle data. This information will only be used for the purpose of handling your inquiry or request and will be processed in accordance with this General Privacy Notice

We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to their integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and current industry standards and practice.

Your Personal Data will only be processed by a third-party Data Processor if that Data Processor agrees to comply with those technical and organisational data security measures.

Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:

  1.  Confidentiality: we will protect your Personal Data from unwanted   disclosure to third parties.
  2.  Integrity: we will protect your Personal Data from being modified by   unauthorised third parties.
  3.  Availability: we will ensure that authorized parties can access your   Personal Data when needed.


Our data security procedures include access security, backup systems, monitoring, review and maintenance, management of security incidents and continuity, etc.

Whom do we share your personal data with?Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:

Within our organisations and our brand environment (non exhaustive list):

  • Our authorised staff members;
  • Our affiliates and subsidiary companies;
  • Toyota Financial Services;
  • Toyota Insurance Management;
  • KINTO, our mobility company;
  • Toyota Connected Europe Limited, 10th Floot, 14-18 Handyside Street, London N1C 4DC, United Kingdom;
  • Toyota Manufacturing Companies. 

Business partners which process data on our behalf (data processors)::

 

  • Advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
  • Business partners: for example, trusted companies that may use your Personal Data to provide you with the services and/or the products you requested and/or that may provide you with marketing materials (provided that you have consented to receive such marketing materials). We ask such companies to always act in compliance with applicable laws and this Policy and to pay high attention to the confidentiality of your personal information;
  • Service providers of Toyota/Lexus: companies that provide services for or on behalf of Toyota/Lexus, to provide such services (for example, Toyota/Lexus may share your Personal Data with external providers of IT related services);

 

Other third parties:

 

  • when required by law or as lawfully necessary to protect Toyota/Lexus:
  • to comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;
  • to verify or enforce compliance with Toyota/Lexus’s policies and agreements; and
  • to protect the rights, property or safety of Toyota/Lexus and/or its customers;
  • in connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Toyota/Lexus’s business.

Please be aware that third-party recipients listed under points b) and c) above –especially service providers who may offer products and services to you through Toyota/Lexus services or applications or via their own channels– may separately collect Personal Data from you. In such a case, these third parties are solely responsible for the control of such Personal Data and your dealings with them will fall under their terms and conditions.

If you login into a Toyota tool (like a website or portal) using a social media platform (such as Facebook), Toyota will collect the personal data from that social media platform. By using your social media account to log in, you are giving permission for Toyota to access and use this information.

You may engage with Toyota-owned pages on social media platforms like X (formerly Twitter) and Facebook to share content that may constitute personal data (for example, comments, reviews, opinions).  Be aware that these platforms have their own rules. Posting on social media can impact your privacy and that of others. Once content is posted, it may be difficult to remove it. You are responsible for your posts, and Toyota is not liable for any issues arising from your social media activity.

Your Personal Data may be transferred to recipients which may be outside the EEA and may be processed by us and these recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, Toyota/Lexus will implement appropriate specific measures to ensure an adequate level of protection of your Personal Data. These measures can for instance consist in agreeing with recipients on binding contractual clauses guaranteeing such an adequate level of protection.

We will always clearly inform you whenever your Personal Data would be transferred outside the EEA. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.

We want to be as transparent as possible with you so that you can make meaningful choices about how you want us to use your Personal Data.

 

Right to be informed (Art. 12 – 14 GDPR)

You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data, and your rights related thereto. This is in part why we are providing you with the information in this General Privacy Notice.

 

Right of access by the data subject (Art. 15 GDPR)

You have the right to obtain access to your personal data. You may wish to access your personal data to confirm our use in accordance with applicable data protection laws.

 

Right to rectification (Art. 16 GDPR)

You are entitled to have your personal data rectified if they are inaccurate or incomplete. 

 

Right to erasure (Art. 17 GDPR)

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. Please note that this is not an absolute right and exceptions apply. 

 

Right to restriction of processing (Art. 18 GDPR)

You have rights to block or prevent further use of your personal data. When processing is restricted, we can still store your personal data, but our use of your personal data will be restricted.

 

Right to data portability (Art. 20 GDPR)

You have the right to obtain and reuse your personal data for your own purposes across different services. For example, if your relationship with Toyota ends, this right enables you to move, copy or transfer your personal data easily between our IT systems and those of another service provider, without affecting its usability. Please note that this is not an absolute right and exceptions apply. Also, this right can be applied only in certain circumstances and provided it does not adversely affect others’ rights (for example, it can be applied regarding the personal data you provided to us, which we processed to fulfil our contract with you).

 

Right to object (Art. 21 GDPR)

Where the processing is based on our legitimate interest, you have the right to object to such processing (unless we have a compelling and legitimate reason to continue processing your personal data).

You also have the right to object at any time to the processing of your personal data for direct marketing purposes including profiling to the extent that it is related to such direct marketing purposes.

If our processing of your personal data is based specifically on your consent, you have the right to withdraw that consent at any time.

 

Right not to be subject to automated decision making (Art. 22 GDPR)

You have the right not to be subject to a decision that is based solely on automated processing (including profiling) and that produces legal effects for you or similarly significantly affects you. Such processing is only permitted if it is necessary for entering into or performing a contract, authorized by Union or Member State law, or based on your explicit consent.
In these cases, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention, to express your point of view, and to contest the decision.


Right to file a complaint with a data protection authority

  • Finally, please note that you have the right to file a complaint against the Data Controller with the relevant data protection authority (“DPA”). With respect to TME (as Data Controller), the relevant DPA is the Belgian Data Protection Authority. With respect to Dickran Ouzounian & Co. Ltd (as Data Controller), the relevant DPA is the local Information Commissioner’s Office (Office address: Kypranoros 15, Nicosia 1061, Cyprus Postal address P.O.Box 23378, 1682 Nicosia, Cyprus Tel: +357 22818456)

Legal Information

The requirements of this Policy supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this Policy and requirements in applicable data protection law, applicable data protection law will have priority.

Toyota/Lexus may amend this Policy at any point in time. Where this happens we will alert you of any changes and we will then ask you to re-read the most recent version of our Policy and to confirm your acceptance thereof. You can also check this Policy periodically to inform yourself of any changes.

 

Changes to this General Privacy Notice

Toyota may amend this General Privacy Notice at any point in time. Where this happens, we will alert you of any changes and we will then ask you to re-read the most recent version of our General Privacy Notice and to confirm your acceptance thereof. You can also check this General Privacy Notice periodically on www.toyota-europe.com to inform yourself of any changes.

This General Privacy Notice dates from September 2025.

 

14. Conflicts or inconsistencies

If there is any conflict or inconsistency between a provision of this General Privacy Notice and a provision of a specific Privacy Notice, the specific Privacy Notice will prevail.

The requirements of this General Privacy Notice supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this General Privacy Notice and requirements in applicable data protection law, then requirements in Data Protection Laws will have priority.

 

Definitions used

In this Policy, the following terms have the following meanings:

  • Data Controller means the organisation which determines the purposes for which, and the manner in which, your Personal Data is processed.
    Unless we inform you otherwise, the Data Controllers are Toyota Motor Europe NV/SA (Avenue du Bourget 60, 1140 Brussels, Belgium) and [Dickran Ouzounian & Co Ltd. (Marcou Drakou 6, Nicosia, 2409 )]. Further information may be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.
  • Data Processor means the person or organisation which processes your Personal Data on behalf of the Data Controller
  • Data Protection Contact Point means the contact point (i.e. a person appointed by Toyota/Lexus in the relevant jurisdiction) where you can address to the Data Controller your questions or requests regarding this Policy and/or (the Processing of) your Personal Data and which will handle such questions and requests. Unless we inform you otherwise, the Data Protection Contact Point can be reached as described in section 3 “Who can you contact in case you have questions or requests?”).
  •  Data protection laws means any EU data protection and privacy law, including UK data protection law and, to the extent applicable, the data protection or privacy laws of any other country equivalent to EU privacy and data protection standards.
  • Data subject means an identified or identifiable living individual to whom personal data relates.
  • EEA means the European Economic Area (= member states of the European Union + Iceland, Norway, and Liechtenstein).
  • Personal Data is any data relating to you directly or which allows your identification, such as, for example, your name, telephone number, email address, Vehicle Identification Number (VIN), (geo-)location, etc.
  • Processing means the collection, accessing and all forms of use of your Personal Data.

I want to

Book a test drive Find my dealer Contact my dealer