PRIVACY POLICY

Effective Date [June 8, 2021]

KINTO respects your privacy and wants you to know how your information will be handled and used.

We have developed this Privacy Policy to describe the types of Personal Information that KINTO Technologies Corp (referred to herein collectively as “KINTO”, “we”, “our” or “us”) may collect, how we may use and share that information, our lawful basis for processing it, what rights you have in relation to your Personal Information and how we protect it.

Please read this Privacy Policy carefully to understand how we will treat the Personal Information collected through our websites. As part of our effort to transition Toyota from an automotive company to a mobility one, we intend to add additional functions and features to our website, so be sure to check back for any updates to this Policy. We will indicate at the top of the Policy when it was most recently updated.

Identity of the Controller

For purposes of certain data protection laws, including the European Union and United Kingdom’s General Data Protection Regulation (GDPR), the controller is KINTO Technologies Corp, and we are located at: Nagoya Mitsui Building North Wing 14F, 4-8-18 Meieki Nakamura-ku Nagoya, 450-0002.

As the controller, this Privacy Policy applies to processing undertaken where we are the organization that determines why and how your Personal Information is processed and is otherwise required under applicable law to provide notice of any processing undertaken.

Our representative in the European Economic Area is

Toyota Motor Europe NV/SA (“TME”)

Avenue du Bourget/Bourgetlaan 60

1140 Brussels

Belgium

We have organised a Data Protection Contact Point which will handle your questions or requests relating to this Policy, any specific privacy notice, your Personal Data (and its Processing).

For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Contact Point:

Data.Protection@toyota-europe.com, and

Toyota Motor Europe NV/SA

Attention : TME Data Protection Contact Point

Avenue du Bourget/Bourgetlaan 60

1140 Brussels

Belgium

Definition of Personal Information

“Personal Information” (sometimes referred to as “personal data”) is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

Collection of Personal Information

As you interact with KINTO via our website, we may collect certain information from or about you from the following sources:

• Cookies and online technologies. When you access or use our website, we may collect data through cookies and other tracking technologies (we have indicated these scenarios below).

The types of Personal Information we collect, the purposes of processing and, to the extent the GDPR applies, the lawful basis for collection, are detailed below.

Who do we collect it fromWhat do we collectWhy do we collect this dataWhich lawful basis do we rely on
Through automated meansElectronic activity, such as data gathered by technology when you visit our website (such as IP address, browser information, device type, operating services, app versions, what functions or pages you use or click on, the frequency of use, the links you clink on).We use this information to operate, evaluate and improve our business, including developing new products and services; enhancing and improving our services; analyzing your interaction with our services; and to perform data analytics.It is in our legitimate interest to improve our relationship with you by customizing our service to make your experience smooth and efficient through the use of necessary cookies and similar technologies. We also have a legitimate interest in having a functioning website and improving the functionality and maintaining the security of our website through the use of necessary cookies and similar technologies, all of which is not outweighed by the privacy impacts on you.Where the information is collected through the use of cookies and other tracking technologies, and where those are not strictly necessary for the operation of our website, we rely on your consent to collect this information (please see our cookie policy below for further information).
All dataAll categories of dataWe may need to use this information to:establish and enforce our legal rights and obligations;to comply with binding requests made by you when exercising your legal rights (such as those set out in this policy)to comply with binding requests or instructions from applicable regulators, law enforcement agencies, any court or otherwise as required by law;resolve complaints or disputes with you;manage any proposed sale, restructure, or merger of any or all part(s) of our business, including in response to enquiries from prospective buyers or merging organizations; for our own general record keeping and customer relationship management (e.g. to comply with laws relating to consumer, tax, accounting, data protection and/or money laundering.Where the information is required in relation to a lawsuit, complaint, legal requirement or regulatory action we are under a legal obligation to comply with such requirements where it is a mandatory obligation. We may also opt to comply in certain scenarios where it is not mandatory, we would carefully consider such scenarios and we would then rely on our legitimate interest where it would be good governance to do so.We have a legitimate interest in being able to sell any part of our business and we also have a legitimate interest in being able to resolve any dispute directly with you.

For California Residents

The personal information about you that we collect includes information within the below categories of data. These categories also represent the categories of personal information that we have collected over the past 12 months. California state law defines the categories listed below. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers.

We do not sell your Personal Information, as the term “sell” or “sale” is defined by California law.

Category of Personal InformationSourcePurpose of processingShared for Business Purpose in the Last 12 Months If shared, with Whom
Personal identifiers: your name, alias, postal address, email address, unique personal identifier, online identifier, account name, Internet Protocol address, social security number, driver’s license number, passport number, or other similar identifiers..When you provide, or provided, it to us in correspondence and conversations.Through the use of cookies and similar technologies.To respond to your questions and handle and resolve complaints.It is also necessary to comply with our legal and regulatory obligations, including in order to comply with our obligations in connection with record-keeping requirements.To tailor and improve our services by offering products, services and features that may be relevant to you.YesAffiliated companies; third party service providers; others for legal, security or safety reasons; governmental authorities and/or law enforcement agencies.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Through the use of cookies and similar technologies.To tailor and improve our services by offering products, services and features that may be relevant to you.For testing, research, analysis, and product development, including to develop and improve our services.YesAffiliated companies; third party service providers; others for legal, security or safety reasons; governmental authorities and/or law enforcement agencies.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.When you visit our website.This data is processed in order to optimize performance of our websites by performing research with respect to the usage of the Site and to personalize and enhance your website experience.It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.YesAffiliated companies; third party service providers; others for legal, security or safety reasons; governmental authorities and/or law enforcement agencies.

Sharing of Personal Information

Sometimes we need to disclose your personal data to other organizations.

Inside the Toyota group of companies

We are part of a group of companies, with headquarters in Japan. The KINTO group is part of the wider Toyota group of companies. Therefore, we may need to share your personal data with other companies in the KINTO group, or in the wider Toyota group, for our general business management purposes and, in some cases, to meet our customer needs where providing services across different group entities/locations and/or for authorizations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.

Access rights between members of the group are limited and granted only on a need to know basis, depending on job functions and roles. Where any group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.

Outside the Toyota group of companies

From time to time we may ask third parties to carry out certain business functions for us, such as for IT support, data hosting and customer relationship management (CRM) tool providers. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data.

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:

• services provided to you or us by a third party acting independently to us but which has a relationship with us, for example legal advisors, accountants and auditors;

• the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors;

• the disclosure of your personal data in order to comply with a regulator or law enforcement request, legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others; and

• a disclosure you have asked us to make, or given us permission to make.

We have set out below a list of the categories of recipients with whom we are likely to share your personal data:

• IT support, website/app and data hosting providers and administrators;

• consultants and professional advisors including legal advisors and accountants;

• courts, court-appointed persons/entities, receivers and liquidators;

• business partners and joint ventures;

• insurers; and

• governmental departments, statutory and regulatory bodies.

Our website may provide links or access to services or information offered by other members of our group, or by third parties. These parties will have their own privacy notices and any personal data collected by group members or third parties for such purposes will be subject to their separate privacy notices unless otherwise stated.

Transfers of Personal Information Abroad

As part of an international organization, KINTO may transfer your Personal Information to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your Personal Information as is provided to it under the laws in your jurisdiction.

We take appropriate steps to protect your Personal Information regardless of where it is stored, taking into consideration the requirements of the data protection laws which we consider are applicable to how we process your Personal Information.

If any disclosures of Personal Information referred to above require your Personal Information to be transferred from within the United kingdom or the European Economic Area to any country outside these respective jurisdictions, we will seek to ensure that it is adequately protected by way of safeguards, including the use of EU Standard Contractual Clauses, reliance on an adequacy decision of the Information Commissioner’s Office or European Commission (where relevant) in relation to the relevant recipient jurisdiction.

For more information about what appropriate safeguards we use and how to obtain a copy of them or to find out where they have been made available, please contact us using the details below.

There may also be some instances in which we rely upon one or more permitted exceptions under the relevant data protection law from taking this step for particular situations. For example, where we have asked for your explicit consent to do, or to perform a contract with you, or take steps prior to doing so, to conclude or perform a contract with another party concluded in your interest, for important reasons of public interest, or where it is done in the context of legal claims.

Retention of Personal Information

We also ensure that, in compliance with applicable law, we do not retain Personal Information longer than necessary. We will keep Personal Information about you for as long as we have a relationship with you, for example as long as you are a customer, or you wish to keep receiving marketing messages from us (and for a reasonable period thereafter). When determining how long to retain Personal Information after we no longer have a relationship with you, we take into account how long our customers usually want to continue hearing from us, our legal obligations and the expectations of regulators, as well as the length of time information is needed for internal audit purposes and to exercise or defend our legal rights.

We also consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

This includes the following:

• Retention in case of queries - We may retain your Personal Information for a reasonable period in case of follow up queries from you.

• Retention in case of claims - We may retain your Personal Information for the period in which you might legally bring claims against us (this means we will retain it in line with relevant limitation periods, which are applicable to your jurisdiction, for example 7 years from the end of the contract, for information relating to contracts with us if based in the UK) if and to the extent this is relevant.

• Retention in accordance with legal and regulatory requirements - We will consider whether we need to retain your Personal Information after the period of retention in the case of queries or claims because of a legal or regulatory requirement.

• Retention permitted under applicable law - We will continue to retain Personal Information where necessary to provide our services to you and the retention of such Personal Information is necessary for the purposes of pursuing our legitimate interests or where it is necessary for public interest purposes.

We review our retention periods for Personal Information on a regular basis, and all data is retained in compliance with applicable data protection law. We will only permanently retain certain basic Personal Information, for limited purposes. This is in relation to retaining basic contact details, to keep a record that you were a customer, in case you return in the future, or where you have asked us not to contact you again.

Your Rights

Depending on your jurisdiction, you may be entitled to the following rights:

• Where our use of your Personal Information requires consent, you may withdraw this consent at any time;

• You may request access to your Personal Information that we hold about you (together with other supplementary information such as the purpose for which it is processed, the person to whom it is disclosed and the period for which it is stored). Depending on the applicable privacy laws (e.g. California law), you may be entitled to request the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which the Personal Information was collected, the purposes of collecting the Personal Information, the categories of third parties we have shared the Personal Information with, and the categories of Personal Information that have been shared with third parties for a business purpose;

• You may require us to correct any inaccuracies without undue delay by updating, correcting or amending the Personal Information we hold about you if it is wrong;

• Depending on the basis on which we process your Personal Information, you may ask us to change, restrict or stop the way in which we communicate with you or process Personal Information about you;

• You may ask us to delete your Personal Information;

• You may ask us to move, copy or transfer your Personal Information and to receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated;

• You have rights in relation to automated decision making, including profiling which has a legal effect, or which causes a significant effect, and you can object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making);

• Under California Law, you may opt out of the sale of Personal Information—however, as stated above, we do not sell your Personal Information, nor do we intend to. We also have not done so for the last 12 months. In addition, we have contracts with our service providers to prohibit any sale of the personal information we provide them; but if you have any concerns that our third parties might be selling your information, please contact us.

We will not discriminate against you in any way for exercising your rights. You have the right to make a complaint at any time to your local data protection regulator. If you are based in the European Economic Area, you can access a list of these here. If you are based in the UK you can access contact details for the ICO here. We would, however, appreciate the chance to deal with your concerns before you approach your regulator or ICO so please contact us in the first instance.

How to Contact Us

If you would like to exercise any of your rights or if you have any questions about this notice or would like to make a complaint please send an email to Data.Protection@toyota-europe.com that details your request and includes your exact name, physical address and email address.

Please note that we may need to verify your identity when you request to exercise your privacy rights. To do so, we may ask you to confirm information we already have on file or provide such other proof as we need in order to determine and confirm your identity before responding to your request. Also, under California law (and as may be expected in other jurisdictions as well), if you would like to authorize someone to make a request on your behalf, you must provide the agent with written, signed permission to submit privacy right requests on your behalf, or provide a letter from your attorney. The agent or attorney must provide this authorization at the time of request. Note that we may require you to verify your identity with us directly before we provide any requested information to your approved agent.

Cookies

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Cookies are widely used in order to make websites work, or to work more efficiently, as well as to provide reporting information. Some cookies are strictly necessary for the functioning of our website.

Why do we use cookies?

We use cookies to learn how you interact with our content and to improve your experience when visiting our website. For example, some cookies remember your preferences and where you left off so that you do not have to repeatedly make these choices when you visit one of our websites.

What types of cookies do we use?

Type of CookieWhat do they do?Do these cookies collect my personal data / identify me?
NecessaryCookies that are essential to making the Websites work correctly. They enable visitors to move around our website and use our features. Examples include remembering previous actions when navigating back to a page in the same session.These cookies do not identify you as an individual.
Performance / AnalyticalCookies that help us understand how visitors interact with our web properties by providing information about the areas visited, the time spent on the Websites and any issues encountered, such as error messages. They help us improve the performance of our Websites, alert of any concerns and more.These cookies do not identify you as an individual. All data is collected and aggregated anonymously.
FunctionalityCookies that allow our web properties to remember the choices you make (such as your user name, language or the region you are in) to provide a more personalized online experience.The information these cookies collect may include personally identifiable information that you have disclosed, such as a username, for example. We shall always be transparent with you about what information we collect, what we do with it and with whom we share it.If you do not accept these cookies, it may affect Website performance and functionality and may restrict access to web content.

How do I reject and delete cookies?

You can choose to reject or block all or specific types of cookies by changing your preferences on the cookie door to this website or by changing your browser settings. Please note that most browsers automatically accept cookies. Therefore, if you do not wish cookies to be used, you may need to actively delete or block the cookies. If you reject the use of cookies, you will still be able to visit our websites but some of the functions may not work correctly. You may also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further information on cookies generally. By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.

See also:

https://tools.google.com/dlpage/gaoptout

https://support.google.com/ads/answer/2662922?hl=en

Third-party cookies used on our websites:

CookieTypeDescriptionDuration
_gaPerformance / AnalyticalThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors2 years
_gidPerformance / AnalyticalThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form1 day

Safeguarding of Personal Information

We implement and maintain reasonable and appropriate security measures against unauthorized or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal data. This includes limiting access to your personal information to those employees, agents and other authorized parties who need to know the information to enable KINTO to provide products or services.

Do Not Track

Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party website or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.

Children

The Website is not targeted at children under the age of 18, and we do not knowingly collect any personal data from children. We will delete any personal information we determine to have been collected from a child or user under the applicable age of consent. If you are a parent or guardian of a child under the relevant digital age of consent and believe he or she has disclosed personal data to us, please contact us at Data.Protection@toyota-europe.com.

Changes to this Notice

We reserve the right to modify this Notice at any time and without prior notice. Any such changes are effective upon posting and we will indicate in the Privacy Policy when it was most recently updated.

Questions

If you have any questions in relation to this Privacy Notice, please contact us at Data.Protection@toyota-europe.com.