Effective Date [June 8, 2021]
KINTO respects your privacy and wants you to know how your information will be handled and used.
Identity of the Controller
For purposes of certain data protection laws, including the European Union and United Kingdom’s General Data Protection Regulation (GDPR), the controller is KINTO Technologies Corp, and we are located at: Nagoya Mitsui Building North Wing 14F, 4-8-18 Meieki Nakamura-ku Nagoya, 450-0002.
Our representative in the European Economic Area is
Toyota Motor Europe NV/SA (“TME”)
Avenue du Bourget/Bourgetlaan 60
We have organised a Data Protection Contact Point which will handle your questions or requests relating to this Policy, any specific privacy notice, your Personal Data (and its Processing).
For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us at the Data Protection Contact Point:
Toyota Motor Europe NV/SA
Attention : TME Data Protection Contact Point
Avenue du Bourget/Bourgetlaan 60
Definition of Personal Information
“Personal Information” (sometimes referred to as “personal data”) is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
Collection of Personal Information
As you interact with KINTO via our website, we may collect certain information from or about you from the following sources:
• Cookies and online technologies. When you access or use our website, we may collect data through cookies and other tracking technologies (we have indicated these scenarios below).
The types of Personal Information we collect, the purposes of processing and, to the extent the GDPR applies, the lawful basis for collection, are detailed below.
|Who do we collect it from||What do we collect||Why do we collect this data||Which lawful basis do we rely on|
|All data||All categories of data||We may need to use this information to:establish and enforce our legal rights and obligations;to comply with binding requests made by you when exercising your legal rights (such as those set out in this policy)to comply with binding requests or instructions from applicable regulators, law enforcement agencies, any court or otherwise as required by law;resolve complaints or disputes with you;manage any proposed sale, restructure, or merger of any or all part(s) of our business, including in response to enquiries from prospective buyers or merging organizations; for our own general record keeping and customer relationship management (e.g. to comply with laws relating to consumer, tax, accounting, data protection and/or money laundering.||Where the information is required in relation to a lawsuit, complaint, legal requirement or regulatory action we are under a legal obligation to comply with such requirements where it is a mandatory obligation. We may also opt to comply in certain scenarios where it is not mandatory, we would carefully consider such scenarios and we would then rely on our legitimate interest where it would be good governance to do so.We have a legitimate interest in being able to sell any part of our business and we also have a legitimate interest in being able to resolve any dispute directly with you.|
For California Residents
The personal information about you that we collect includes information within the below categories of data. These categories also represent the categories of personal information that we have collected over the past 12 months. California state law defines the categories listed below. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers.
We do not sell your Personal Information, as the term “sell” or “sale” is defined by California law.
|Category of Personal Information||Source||Purpose of processing||Shared for Business Purpose in the Last 12 Months||If shared, with Whom|
|Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.||When you visit our website.||This data is processed in order to optimize performance of our websites by performing research with respect to the usage of the Site and to personalize and enhance your website experience.It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.||Yes||Affiliated companies; third party service providers; others for legal, security or safety reasons; governmental authorities and/or law enforcement agencies.|
Sharing of Personal Information
Sometimes we need to disclose your personal data to other organizations.
Inside the Toyota group of companies
We are part of a group of companies, with headquarters in Japan. The KINTO group is part of the wider Toyota group of companies. Therefore, we may need to share your personal data with other companies in the KINTO group, or in the wider Toyota group, for our general business management purposes and, in some cases, to meet our customer needs where providing services across different group entities/locations and/or for authorizations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.
Access rights between members of the group are limited and granted only on a need to know basis, depending on job functions and roles. Where any group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.
Outside the Toyota group of companies
From time to time we may ask third parties to carry out certain business functions for us, such as for IT support, data hosting and customer relationship management (CRM) tool providers. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:
• services provided to you or us by a third party acting independently to us but which has a relationship with us, for example legal advisors, accountants and auditors;
• the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors;
• the disclosure of your personal data in order to comply with a regulator or law enforcement request, legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others; and
• a disclosure you have asked us to make, or given us permission to make.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
• IT support, website/app and data hosting providers and administrators;
• consultants and professional advisors including legal advisors and accountants;
• courts, court-appointed persons/entities, receivers and liquidators;
• business partners and joint ventures;
• insurers; and
• governmental departments, statutory and regulatory bodies.
Our website may provide links or access to services or information offered by other members of our group, or by third parties. These parties will have their own privacy notices and any personal data collected by group members or third parties for such purposes will be subject to their separate privacy notices unless otherwise stated.
Transfers of Personal Information Abroad
As part of an international organization, KINTO may transfer your Personal Information to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your Personal Information as is provided to it under the laws in your jurisdiction.
We take appropriate steps to protect your Personal Information regardless of where it is stored, taking into consideration the requirements of the data protection laws which we consider are applicable to how we process your Personal Information.
If any disclosures of Personal Information referred to above require your Personal Information to be transferred from within the United kingdom or the European Economic Area to any country outside these respective jurisdictions, we will seek to ensure that it is adequately protected by way of safeguards, including the use of EU Standard Contractual Clauses, reliance on an adequacy decision of the Information Commissioner’s Office or European Commission (where relevant) in relation to the relevant recipient jurisdiction.
For more information about what appropriate safeguards we use and how to obtain a copy of them or to find out where they have been made available, please contact us using the details below.
There may also be some instances in which we rely upon one or more permitted exceptions under the relevant data protection law from taking this step for particular situations. For example, where we have asked for your explicit consent to do, or to perform a contract with you, or take steps prior to doing so, to conclude or perform a contract with another party concluded in your interest, for important reasons of public interest, or where it is done in the context of legal claims.
Retention of Personal Information
We also ensure that, in compliance with applicable law, we do not retain Personal Information longer than necessary. We will keep Personal Information about you for as long as we have a relationship with you, for example as long as you are a customer, or you wish to keep receiving marketing messages from us (and for a reasonable period thereafter). When determining how long to retain Personal Information after we no longer have a relationship with you, we take into account how long our customers usually want to continue hearing from us, our legal obligations and the expectations of regulators, as well as the length of time information is needed for internal audit purposes and to exercise or defend our legal rights.
We also consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
This includes the following:
• Retention in case of queries - We may retain your Personal Information for a reasonable period in case of follow up queries from you.
• Retention in case of claims - We may retain your Personal Information for the period in which you might legally bring claims against us (this means we will retain it in line with relevant limitation periods, which are applicable to your jurisdiction, for example 7 years from the end of the contract, for information relating to contracts with us if based in the UK) if and to the extent this is relevant.
• Retention in accordance with legal and regulatory requirements - We will consider whether we need to retain your Personal Information after the period of retention in the case of queries or claims because of a legal or regulatory requirement.
• Retention permitted under applicable law - We will continue to retain Personal Information where necessary to provide our services to you and the retention of such Personal Information is necessary for the purposes of pursuing our legitimate interests or where it is necessary for public interest purposes.
We review our retention periods for Personal Information on a regular basis, and all data is retained in compliance with applicable data protection law. We will only permanently retain certain basic Personal Information, for limited purposes. This is in relation to retaining basic contact details, to keep a record that you were a customer, in case you return in the future, or where you have asked us not to contact you again.
Depending on your jurisdiction, you may be entitled to the following rights:
• Where our use of your Personal Information requires consent, you may withdraw this consent at any time;
• You may request access to your Personal Information that we hold about you (together with other supplementary information such as the purpose for which it is processed, the person to whom it is disclosed and the period for which it is stored). Depending on the applicable privacy laws (e.g. California law), you may be entitled to request the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which the Personal Information was collected, the purposes of collecting the Personal Information, the categories of third parties we have shared the Personal Information with, and the categories of Personal Information that have been shared with third parties for a business purpose;
• You may require us to correct any inaccuracies without undue delay by updating, correcting or amending the Personal Information we hold about you if it is wrong;
• Depending on the basis on which we process your Personal Information, you may ask us to change, restrict or stop the way in which we communicate with you or process Personal Information about you;
• You may ask us to delete your Personal Information;
• You may ask us to move, copy or transfer your Personal Information and to receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated;
• You have rights in relation to automated decision making, including profiling which has a legal effect, or which causes a significant effect, and you can object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making);
• Under California Law, you may opt out of the sale of Personal Information—however, as stated above, we do not sell your Personal Information, nor do we intend to. We also have not done so for the last 12 months. In addition, we have contracts with our service providers to prohibit any sale of the personal information we provide them; but if you have any concerns that our third parties might be selling your information, please contact us.
We will not discriminate against you in any way for exercising your rights. You have the right to make a complaint at any time to your local data protection regulator. If you are based in the European Economic Area, you can access a list of these here. If you are based in the UK you can access contact details for the ICO here. We would, however, appreciate the chance to deal with your concerns before you approach your regulator or ICO so please contact us in the first instance.
How to Contact Us
If you would like to exercise any of your rights or if you have any questions about this notice or would like to make a complaint please send an email to Data.Protection@toyota-europe.com that details your request and includes your exact name, physical address and email address.
Please note that we may need to verify your identity when you request to exercise your privacy rights. To do so, we may ask you to confirm information we already have on file or provide such other proof as we need in order to determine and confirm your identity before responding to your request. Also, under California law (and as may be expected in other jurisdictions as well), if you would like to authorize someone to make a request on your behalf, you must provide the agent with written, signed permission to submit privacy right requests on your behalf, or provide a letter from your attorney. The agent or attorney must provide this authorization at the time of request. Note that we may require you to verify your identity with us directly before we provide any requested information to your approved agent.
What types of cookies do we use?
|Type of Cookie||What do they do?||Do these cookies collect my personal data / identify me?|
|Necessary||Cookies that are essential to making the Websites work correctly. They enable visitors to move around our website and use our features. Examples include remembering previous actions when navigating back to a page in the same session.||These cookies do not identify you as an individual.|
|Performance / Analytical||Cookies that help us understand how visitors interact with our web properties by providing information about the areas visited, the time spent on the Websites and any issues encountered, such as error messages. They help us improve the performance of our Websites, alert of any concerns and more.||These cookies do not identify you as an individual. All data is collected and aggregated anonymously.|
|Functionality||Cookies that allow our web properties to remember the choices you make (such as your user name, language or the region you are in) to provide a more personalized online experience.||The information these cookies collect may include personally identifiable information that you have disclosed, such as a username, for example. We shall always be transparent with you about what information we collect, what we do with it and with whom we share it.If you do not accept these cookies, it may affect Website performance and functionality and may restrict access to web content.|
How do I reject and delete cookies?
Third-party cookies used on our websites:
|_ga||Performance / Analytical||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors||2 years|
|_gid||Performance / Analytical||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form||1 day|
Safeguarding of Personal Information
We implement and maintain reasonable and appropriate security measures against unauthorized or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal data. This includes limiting access to your personal information to those employees, agents and other authorized parties who need to know the information to enable KINTO to provide products or services.
Do Not Track
Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party website or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.
The Website is not targeted at children under the age of 18, and we do not knowingly collect any personal data from children. We will delete any personal information we determine to have been collected from a child or user under the applicable age of consent. If you are a parent or guardian of a child under the relevant digital age of consent and believe he or she has disclosed personal data to us, please contact us at Data.Protection@toyota-europe.com.
Changes to this Notice
If you have any questions in relation to this Privacy Notice, please contact us at Data.Protection@toyota-europe.com.