1. Customer Data
  2. Privacy Policy

Lexus's Privacy Notice

Lexus UK (“we”), a trading division of Toyota (GB) PLC, is committed to protecting and respecting your privacy. On this page we describe how we may make use of any personal data that you may supply to us when you visit this website. Please read the following to carefully understand our views and practices regarding your personal data and how we will treat it.


Lexus UK respects your privacy. Whether you deal with Lexus UK as a customer, a consumer, a member of the general public, a partner, supplier or staff member, you are entitled to the protection of your personal data.

In this Privacy Notice (“Notice”) we describe how we collect, process, share and protect your data. We also describe why we process your personal data and the associated choices and rights you have with regards to your personal data.

This Notice applies to all the processing of your personal data across the services we deliver at Lexus UK and all of the different platforms we use to deliver those services such as online applications, websites, portals, sales and marketing activity and social media platforms. Data captured and processed at a Lexus Dealership is managed separately, which is further described below.

We’ve taken a layered approach to inform you how we deal with your data, as we recognise it can all be a little confusing at times. Therefore, this Notice is split into sections, providing you with more specific and concise information on that particular area.

These sections will be communicated to you whenever we need to process your personal data, which could also be via a link to our Notice.

Capitalised terms refer to standard terms set out in within the General Data Protection Regulation (GDPR).

Lexus UK of Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX is the Data Controller and responsible for the processing of your data.

However, please note that we also process your data, dependent on your relationship with us and different data controllers which form part of the Lexus UK Group but are separate legal entities and will have their own processes and procedures for handling your data. Please see the ‘Disclosure of personal data’ section below.

Lexus UK has appointed a Data Protection Officer (DPO) who is available to handle any questions or queries you may have relating to the processing of your data, this Policy and associated Privacy Notices.

The DPO can be contacted at privacy@ld.lexus.co.uk or alternatively by writing to the Data Protection Officer, Lexus UK, Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX.

You request a test drive, brochure, vehicle valuation or complete a form on our websites.

This data is often shared between Lexus entities and your local dealership, to provide you with the best possible products, services and offers based on your requirements and preferences. This includes:

  • Personal identifying information: full name, title, address (private and/or professional), previous addresses, telephone number (residential, business), e-mail address, nationality.
  • Personal characteristics: age, gender, date of birth, place of birth, occupation, and marital status.
  • Vehicle information: current and previous brand and type of vehicle, Vehicle Identification Number, number plate, selected optional equipment, purchase, rental or leasing.
  • Lifestyle: details on the consumption of goods or services, behaviour of the individual or his/her family, social contacts, complaints, incidents or accidents, use of media and means of communication, including Facebook account, Twitter account, LinkedIn account, Instagram.
  • Household composition: marriage or present form of cohabitation, name of the spouse or partner, details of other members of the family or household.
  • Hobbies and interests: leisure activities and interests: hobbies, sports and other interests.
  • Affiliations: to charitable or voluntary organisations, motability, clubs, associations and groups.
  • Marketing preferences: we will often ask whether you would be interested in the latest news, offers and events via email, post, SMS and telephone communications.


You request a test drive, brochure or complete a form on our partners’ websites.

This data is provided by you and collected by our third-party partners. It includes:
  • Personal identifying information: full name, title, address (private and/or professional), telephone number (residential, business), e-mail address.
  • Marketing preferences: we will often ask whether you would be interested in the latest news, offers and events via email, post, SMS and telephone communications.


We need to verify your ID or driver’s licence (e.g. test drives, replacement car).

Personal data that will be collected from you can include:

  • IDs assigned by us, types of formal identification data such as passport, driving license and utility bills.

Such data will only be used for the specified purpose at the point of collection.


You use our connected and autonomous car services.

The following data can be collected:

  • If you have a Lexus vehicle with an on-board Internet connectivity functionality, identification information requested by the mobile network operator which provides the Internet connectivity service (e.g. copy of ID documents, debit/credit card details);Geolocation information linked to your Lexus vehicle and/or your smartphone (e.g. GPS location, planned destination);
  • Driving behaviour (e.g. driving logs, journey logs, driving speed, acceleration and brake speed).

If you do not want your Lexus vehicle’s geolocation data to be used, you can activate the ‘Privacy Mode’ through your MyLexus account at any time. If the ‘Privacy Mode’ is active, we will cease to use such geolocation data. However, please note, once activated this will apply to all services relying on geolocation, which could mean they are unavailable, or their quality and accuracy may be affected. You can check the current status of the ‘Privacy Mode’ through your MyLexus account.


You make a deposit on a vehicle using our online deposit system.

This data is provided by you and collected by us and our third-party processors. It includes:

  • Personal identifying information: full name, title, address (private and/or professional), telephone number (residential, business), e-mail address.
  • Payment details for the payment of the deposit. This information is processed by a third party payment processor: card number, expiry date, CVS number, issue number (If applicable).


You correspond with us through our call centres (e.g. for customer queries).

We might record the calls in order continuously improve the quality of our services:

  • Sound recordings: recording on tape, call recording.


You interact with Lexus through online channels (e.g. website).

The following information can be captured (in accordance with the cookies policy):

  • Electronic identification data, IP addresses, cookies, session cookies, your behaviours and usage of our website.


You attend an event and your picture is taken/used on social media.

We occasionally run internal events, promoting the company, our employees and new products and services. These events are often attended by our employees, partner organisations and general visitors to our event locations. We often take pictures and videos at these events and post them on our social media pages on platforms such as Facebook and LinkedIn.

When it comes to using pictures or videos that contain individuals from our partner organisations, suppliers and general visitors to our events, we do so using our legitimate interests but in order to respect your privacy and wishes, you are able to object to this processing at the time or at any point in the future by emailing privacy@tgb.toyota.co.uk.


You use a specific login from your own social media on a Lexus UK tool (website, portal, blog).

Your use of such social media means that you have allowed the communication and collection of this information.

Lexus UK sometimes facilitates the publication of (personal) data via social media such as Twitter and Facebook. All forms of social media have their own terms of use, which you need to take into account when active on social media.

We remind you that publication on social media may have certain consequences, including for your privacy or for the privacy of persons whose personal data you share. You are fully responsible for your publications and Lexus UK will not have any responsibility and liability in this regard.

We process your data based on the lawful grounds listed below:

Your consent

Where you have provided your consent, we may use and process your information to:

  • Provide marketing communications - contact you from time to time about Lexus’s products, offers and events that we think might be of interest to you. We will send these communications by email, phone, SMS or post, or where you give consent to do so by digital channels such as Facebook, Instagram or via online advertising platforms.
  • Provide personalised communications - use your personal data to create an individual profile of you to help us ensure that our communications are as relevant as possible. To do this, we use your profile to understand how you interact as a customer across the Lexus group (Including our Authorised Lexus Retailers, Lexus Motor Insurance and Lexus Financial Services). This profile may include data which you have provided to Lexus or which is generated by your use of Lexus products, our website and app and your interaction with our marketing and online campaigns. Where available we may make use of additional information about you when it is available from third parties such as social media platforms, advertising platforms, data cleansing and enrichment organisations and publicly available sources. This helps us reduce the amount of information you receive that is not relevant.


To further ensure we accurately understand your interest and preferences, we will share your profile with specific third parties, such as social media platforms, advertising platforms, data cleansing and enrichment organisations and publicly available sources. These third parties help us analyse your likes, as well as identifying others who may share your interests in our products. This data is only used for this purpose.

For the avoidance of doubt, you will always have the right to withdraw your consent at any time by contacting us at privacy@tgb.toyota.co.uk or, in relation to any marketing messages you receive, by using the unsubscribe option included in each electronic communication. Alternatively, if you have one, you can log into your My Toyota account and update your preferences directly.


Contractual performance

We may use and process your personal data where it is necessary to perform a contract to which you are a party or in order to take steps at your request prior to entering a contract and to fulfil and complete your orders, purchases, service subscriptions and other transactions entered into with us (or our authorised dealer network and affiliates).

Legitimate interests

We may use and process your personal data, as set out below, where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. We will always ensure this legitimate interest is not outweighed by your privacy rights and that the use of your personal data is duly communicated to you in the privacy notice related to that processing.

Processing necessary for us to support customers with sales and other enquiries
  • To respond to correspondence you send to us and fulfil the requests you make to us via our web forms, email addresses, telephone contact centres and Live Chat functionality (for example: test drives, service requests, brochure requests or information about specific vehicles);
  • To provide service, maintenance and warranty information and reminders, unless you object.
  • Processing necessary for us to respond to understanding customers’ and drivers’ needs to analyse, evaluate and improve our products and services so that your visit and use of our website, applications, customer service centre and authorised affiliates and subsidiary companies are more useful and enjoyable (we will generally use data amalgamated from many people so that it doesn’t identify you personally).
  • To undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer and provide tailored offers, products and services. We will only send marketing communications to you if you have provided your consent for us to do so.
  • We may analyse your personal data to create a profile of your interests and preferences so that we can tailor our products and services and target our communications in a way that is timely and relevant to our customers. We may make use of additional information about you when it is available from external sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and reduces the risk of someone receiving information they may find inappropriate or irrelevant. We are committed to putting you in control of your data so you are free to opt out of your information being used in this way at any time.
  • For product development purposes (for example to improve vehicle quality, performance and safety).
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness or our campaigns.
  • To send you information on our extended warranty and roadside assistance products where you are benefiting from a current Lexus service and it is about to expire. You have the right to object to us sending this information at any time.
  • To contact you from time to time with marketing information (unless you object) if you have expressly indicated to us that you are acting on behalf of a business or where we have obtained business contact details from our authorised dealer network and affiliates.
  • To contact you with targeted advertising delivered online through social media and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us.
  • To provide you with tailored advertising, based on your location, through your television subscription service. For example, delivering an advert ahead of an event at your local dealership. As part of these adverts, we also carry out quality and frequency checks, such as whether adverts were displayed correctly and how often particular adverts have been shown. You can choose not to receive this kind of tailored advertising by contacting us to opt-out or managing your preferences through your television service provider.
  • To identify and record when you have received, opened or engaged with our website or electronic communications (please see our Cookie Policy for more information).
  • To contact you when your local Lexus Centre opens, closes or moves premises.
Processing is necessary for us to operate the administrative and technical aspects of our business efficiently and effectively.
  • To verify the accuracy of information that we hold about you and create a better understanding of you as a customer.
  • To comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request).
  • For network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access.
  • To inform you of updates to our terms and conditions and policies.

Our legal obligations

  • To comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.
  • To verify or enforce compliance with Lexus UK’s policies and agreements.
  • To protect the rights, property or safety of Lexus UK and/or its customers.
  • In connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Lexus UK’s business.

To protect the vital interests of you or another person

Sometimes we will need to process your personal data to contact you if there is an urgent safety or product recall notice and we need to tell you about it.

We only retain your data for as long as required by law or where we have an appropriate business justification.

For further information on how long personal data is likely to be kept before being removed from our systems and databases, please contact us using the details provided.

We have implemented a set of technical and organisational security measures to protect your personal data against unlawful or unauthorised access, use of modification, in addition to protection against accidental loss or damage.

Your personal data will only be processed by a third-party Processor if that Processor agrees to comply with a set of agreed contractual clauses, in addition to appropriate technical and organisational security measures.

Appropriate security means ensuring controls are in place to protect the confidentiality, integrity and availability of your personal data:

  • Confidentiality: we will protect your personal data from unlawful disclosure to third parties.
  • Integrity: we will protect your personal data from being modified by unauthorised third parties.
  • Availability: we will ensure that authorized parties are able to access your personal data when needed.

We use cookies on our websites. This helps us to provide you with a better experience when you browse our website and also allows us to make improvements to our site.

We have put together specific information on how we process cookies in a policy document for you, which is available here .

Depending on the purposes for which we collect your personal data, we may disclose it to the following categories of recipients, who will then process your personal data only within the framework of the purposes detailed below

Within our organisations and our brand environment:

Our affiliates and subsidiary companies:

  • Members of our Authorised Dealerships and Authorised Repairers network which you have indicated as preferred Authorised Dealerships or Authorised Repairers, or which are located near you (based on your postcode, address) or which you have been in contact with.
  • Toyota Insurance Services (TIS) – your data will be passed to TIS if you decide to have insurance with them. They operate as a separate Data Controller and you should view their Privacy Notice to understand how your data is processed by them.
  • Toyota Financial Services (TFS) – if you complete a financial agreement or request a quotation with Lexus, this is delivered by TFS, not by Lexus. This includes all financial services on the Lexus UK website. They operate as a separate Data Controller and you should view their Privacy Notice to understand how your data is processed by them.
  • Toyota Motor Europe (TME) – for personalised marketing communications we share your information with TME, as they provide system support to us and allow us to manage your preferences. TME also manages certain systems on our behalf, requests certain business-related information from us to undertake European wide analysis of our customers’ experience and satisfaction.
  • KINTO UK Limited (KINTO) – a Toyota brand delivering full-service leasing products to our customers. KINTO operate as a separate Data Controller, and you should view their Privacy Notice to understand how your data is processed by them.
  • To centralise, combine, update and rectify your personal data via systems operated by us or by any other Toyota recipient of your personal data, including your personal data which would originate from several sources or which would already be available to us via other systems operated by us or any other Toyota recipient.

Third party business partners:

From time to time, we may disclose your personal data to trusted organisations who handle services on our behalf.

When we disclose your personal data, we take steps to ensure that any third-party partners who handle your personal data comply with data protection legislation and protect your personal data just as we do.

We only disclose the information that is necessary for them to provide the following services:

  • Research, advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns, promotions and products.
  • Roadside assistance service providers.
  • Customer contact centres: to help us administer your vehicle protection.
  • Providers of IT related services.

Specific contact with our authorised dealerships and repairers

If you purchase a car or another product or service from one of our Authorised Dealerships or Authorised Repairers or if you give them your personal data, you will have a separate relationship with this Authorised Retailer or Authorised Repairer.

In this case, they become the Data Controller of your personal data, possibly together with us. For all questions or requests about the collection and use of your personal data by one of the Authorised Dealerships or Authorised Repairers, please contact them directly.

How is your preferred Authorised Retailer or Authorised Repairer identified?

The preferred Authorised Retailer or Authorised Repairer is chosen either by options you’ve chosen via the settings of your MyLexus account (which you can change at any time), automatically based on location (the nearest to you based on your postcode, address), or your historical contact with our network.

Your personal data will be transferred to recipients which may be outside the EEA and will be processed by us and these recipients outside the EEA.

When your personal data is transferred to countries outside the EEA (European Economic Area) that do not generally offer the same level of data protection as in the EEA, Lexus UK will implement appropriate specific measures to ensure an adequate level of protection of your personal data.

We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your personal data. To exercise your Rights under Data Protection Law, please use the DPO Contact Details.

Your choices on how you want to be contacted and withdrawing consent

You can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, SMS, phone), for which purpose and how frequently. This can be done by adjusting the privacy setting on the relevant device, updating your user or account profile, updating your preferences in your MyLexus account, or by following the unsubscribe instructions included in the communication.

Your right to access

You have the right to know whether or not we are processing your personal data, to access that information and additionally specified information regarding how we process your information.

Your right to rectification

If you find any mistakes in your personal data, you find it incomplete or incorrect, you may also ask us to correct or amend it. This can be done by providing details of your request to us, using the contact details provided.

Restriction of processing

You have the right to ask us to restrict the Processing of your personal data. This may be whilst we check the accuracy of the information we hold on you. This can be done by providing details of your request to us, using the contact details provided.

Right to object to processing

You may also object to the use of your personal data for direct marketing purposes or, if you prefer, you can tell us through which channel and how frequently you prefer us to contact you. You may also object to us sharing your personal data with a third party for the same purpose.

Your right to erasure

You may want us to delete your personal data. If you do, please provide details of your request to us, using the contact details provided. We will assess your request and if we are able to erase your data we will inform you of the outcome.

Your right to data portability

You have the right to request that data you have provided is sent to you in a structured, commonly used and machine-readable format and have the right to transmit that data to another organisation. This can be done by providing details of your request to us, using the contact details provided.

Making a complaint

If you wish to make a complaint, please contact our Data Protection Officer. If you are unhappy with the response from the Data Protection Officer then you have the right to lodge a complaint with the Information Commissioners Officer (ICO) whose contact details are:

Postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Email: casework@ico.org.uk

Live chat: https://ico.org.uk/global/contact-us/live-chat

Online form: https://ico.org.uk/global/contact-us/email/

Telephone: 0303 123 1113

We may occasionally make alterations to this Notice, which will reflect how we process and look after your data. This is to ensure our commitment to being transparent with you, protecting your information and upholding your rights. If significant changes are made to this policy or the way in which we process your personal data, we will draw your attention to this either through updates to this Notice on our website, through our service lines or by another means of communication such as email.

If you would like to stop receiving our latest offers and marketing communications then you will need to unsubscribe by completing this form.