PRIVACY POLICY

Lexus UK, a trading division of Toyota (GB) PLC are committed to protecting and respecting your privacy. On this page we describe how we may make use of any personal data that you may supply to us when you visit this website. Please read the following to carefully understand our views and practices regarding your personal data and how we will treat it.

  • Introduction

    Lexus UK respects your privacy. Whether you deal with Lexus UK as a customer, a consumer, a member of the general public, a partner, supplier or staff member, you are entitled to the protection of your Personal Data.

    In this Privacy Policy (“Policy”) we describe how we collect, process, share and protect your data. We also describe why we process your personal data and the associated choices and rights you have with regards to your personal data.

    This Policy applies to all the processing of your Personal Data across the services we deliver at Lexus UK and all of the different platforms we use to deliver those services such as online applications, websites, portals, sales and marketing activity and social media platforms. Data captured and processed at a Lexus Dealership is managed separately, which is further described below.

    We’ve taken a layered approach to inform you how we deal with your data, as we recognise it can all be a little confusing at times. Therefore, this Policy is accompanied with privacy notices, which provide you with more specific and concise information on that particular area.

    These privacy notices will be communicated to you whenever we need to process your personal data, which could also be via a link to a privacy notice or privacy policy.

    Capitalised terms refer to standard terms set out in within the General Data Protection Regulation (GDPR).

  • Who is responsible for the processing of your personal data?

    Lexus UK of Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX is the Data Controller and responsible for the processing of your data.

    However, please note that we also process your data, dependant on your relationship with us, to different data controllers, which form part of the Lexus UK Group but are separate legal entities and will have their own processes and procedures for handling your data. See Data Controllers Section - "The Data Protection Contact Point"

  • Processing of your personal data: which personal data do we collect and on which legal grounds?

    At Lexus UK we process your data based on the lawful grounds listed below;

    • You have given us your consent for the purposes of the Processing (as described in the privacy notice related to that particular Processing). For the avoidance of doubt, you will always have the right to withdraw your consent at any time; or

    • It is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract; or

    • With such Processing, we pursue a legitimate interest that is not outweighed by your privacy rights. Such legitimate interest will be duly communicated to you in the privacy notice related to that particular Processing; or

    • It is required by law.

  • The data we collect and for which purposes

    We collect information directly from you when you:

    • choose to participate in our offers and programs;

    • create an account on our websites or in our mobile applications;

    • call or email us, or otherwise provide information directly to us;

    • interact with us in social media.

    The processes we have in place and data we process can include;

    Requesting a Test Drive, Brochure Request, Valuation and forms completed on our websites means that data is often shared between Lexus entities such as your local dealership, to provide you with the best possible products, services and offers, based on your requirements and preferences, this includes

    Identification data

    Personal identifying information: name, title, address (private and/or professional), previous addresses, telephone number (residential, business), e-mail address, nationality

    Personal characteristics: age, gender, date of birth, place of birth, occupation, marital status and nationality

    Vehicle information: current and previous brand and type of vehicle, Vehicle Identification Number, Number plate, selected optional equipment, purchase, rental or leasing, etc.

    Lifestyle: details on the consumption of goods or services, behaviour of the individual or his/her family, social contacts, complaints, incidents or accidents, use of media and means of communication, incl. Facebook account, Twitter account, Linked-in account, Instagram…

    Household Composition: Marriage or present form of cohabitation, name of the spouse or partner, details of other members of the family or household.

    Hobbies and interests: Leisure activities and interests: hobbies, sports and other interests.

    Affiliations: Affiliations to charitable or voluntary organisations, motability, clubs, associations and groups.

    Marketing Preferences: We will often ask whether you would be interested in the latest news, offers, reminders, events and surveys via email, postal, SMS and telephone communications.

    When we need to verify your ID or driver’s licence (e.g. test drives, replacement car) data that will be collected from you can include:

    • IDs assigned by us, types of formal identification data such as passport, driving license and utilities bill

    • Such data will only be used for the specified purpose at the point of collection

    When interacting with Lexus through online channels (e.g. website) the following information can be captured (in accordance with the cookies policy):

    • Electronic identification data, IP addresses, cookies, session cookies, your behaviours and usage of our website.

    For connected and autonomous car services the following data can be collected:

    • Electronic data location: GSM, GPS.

    When purchasing or applying for financial service offering or insurance (including online), the following data can be collected;

    • Financial features (only in relation with financial services offerings): Income/possessions of Data Subject and his/her partner, solvency, assessment of income, financial status, credit rating, details relating to insurance, professional activities of the data subject and their partner, conventions and agreements.

    • Housing characteristics: Address of housing, housing type, own house or leased, length of stay at this address, rent, charges, classification of housing, valuation details, names of key holders.

    When corresponding with you through our call centres o (e.g. for customer queries) we might record the calls in order continuously improve the quality of our services:

    • Sound recordings: Recording on tape, call recording.

  • How long do we keep your personal data?

    At Lexus UK we only retain your data for as long as required by law or where we have an appropriate business justification.

    For further information on how long Personal Data is likely to be kept before being removed from our systems and databases, please contact us via email at privacy@ld.lexus.co.uk or alternatively by writing to the Data Protection Officer, Lexus UK, Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX.

  • Protecting your personal data

    We have implemented a set of technical and organisational security measures to protect your Personal Data against unlawful or unauthorised access, use of modification, in addition to protection against accidental loss or damage

    Your Personal Data will only be processed by a third-party Data Processor if that Data Processor agrees to comply with a set of agreed contractual clauses, in addition to appropriate technical and organisational security measures.

    Have appropriate security means ensuring controls are in place to protect the confidentiality, integrity and availability of your Personal Data:

    Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.

    Integrity: we will protect your Personal Data from being modified by unauthorised third parties.

    Availability: we will ensure that authorized parties are able to access your Personal Data when needed.

  • Use of cookies or similar devices

    We use cookies on our websites. This helps us to provide you with a better experience when you browse our website and also allows us to make improvements to our site.

    We’ve put together specific information on how we process cookies in a policy document for you, which is available here .

  • Disclosure of personal data

    Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:

    Within our organisations and our brand environment:

    • Our authorised staff members;

    • Our affiliates and subsidiary companies;

    • Members of our Authorised Dealerships and Authorised Repairers network which you have indicated as preferred Authorised Dealerships or Authorised Repairers or which are located near you (based on your postcode, address) or which you have been in contact with;

    Toyota Motor Insurance (TMI) – Your data will be passed to TMI if you decide to have insurance with them. They operate as a separate Data Controller and you should view their privacy policy to understand how your data is processed by them

    Toyota Financial Services (TFS) – If you complete a financial agreement or request a quotation with Lexus, this is delivered by Toyota Financial Services. This includes all Financial services on the Lexus UK website. They operate as a separate Data Controller and you should view their privacy policy to understand how your data is processed by them.

    Toyota Motor Europe (TME) – When you provide your permission to personalised marketing communications we share your information with TME, as they provide system support to us and allow us to manage your preferences. TME also manage certain systems on our behalf, request certain business-related information from us to undertake European wide analysis of our customers experience and satisfaction.

    Third Party System Providers – We also use approved third-party system providers who help us deliver our services, such as manage your preferences, help us communicate to our customers and understand our demographics and customer preferences better. We ensure that there are contracts in place with these Data Processors that include appropriate security and privacy contractual clauses and controls to protect your personal data.

    Third party business partners:

    Advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;

    Business partners: for example, trusted companies that may use your Personal Data to provide you with the services and/or the products you requested and/or that may provide you with marketing materials (provided that you have consented to receiving such marketing materials). We ask such companies to always act in compliance with applicable laws and this Policy and to pay high attention to the confidentiality of your personal information;

    Service providers of Lexus UK: companies that provide services for or on behalf of Lexus UK, for the purposes of providing such services (for example, Lexus UK may share your Personal Data with external providers of IT related services);

    Other third parties:

    When required by law or as lawfully necessary to protect Lexus UK:

    • To comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;

    • To verify or enforce compliance with Lexus UK’s policies and agreements; and

    • To protect the rights, property or safety of Lexus UK and/or its customers;

    • In connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Lexus UK's business.

    Please be aware that third party recipients listed under points b) and c) above –especially service providers who may offer products and services to you through Lexus UK services or applications or via their own channels– may separately collect Personal Data from you. In such case, these third parties are solely responsible for the control of such Personal Data and your dealings with them will fall under their terms and conditions.

  • Specific contact with our authorised dealerships and repairers

    If you purchase a car or another product or service from one of our Authorised Dealerships or Authorised Repairers or if you give them your personal information, you will have a separate relationship with this Authorised Retailer or Authorised Repairer. In this case, they become the Data controller of your Personal Data, possibly together with us. For all questions or requests about the collection and use of your Personal Data by one of the Authorised Dealerships or Authorised Repairers, please contact them directly.

    How is your preferred Authorised Retailer or Authorised Repairer identified?

    The preferred Authorised Retailer or Authorised Repairer is chosen either by option you’ve chosen via the settings of your MyLexus account (which you can change at any time) or if you did not make a selection, we will identify an Authorised Retailer or Authorised Repairer based on location (the nearest to you based on your postcode, address) or based on the history of your contacts with our network.

  • Use of social media

    If you use on a Lexus UK tool (website, portal, blog) a specific login from your own social media (for example, your Facebook account), Lexus UK will record your Personal Data available on this social media and your use of such social media means that you have explicitly allowed the communication of your Personal Data recorded by Lexus UK through its tool.

    Lexus UK sometimes facilitates the publication of (personal) data via social media such as Twitter and Facebook. All forms of social media have their own terms of use, which you need to take into account when active on social media. We remind you that publication on social media may have certain consequences, including for your privacy or for the privacy of persons whose Personal Data you share. You are fully responsible for your publications and Lexus UK will not have any responsibility and liability in this regard.

  • Transfers outside the EEA

    Your Personal Data will be transferred to recipients which may be outside the EEA, and will be processed by us and these recipients outside the EEA.

    When your Personal Data is transferred to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, Lexus UK will implement appropriate specific measures to ensure an adequate level of protection of your Personal Data. These measures can for instance consist of agreeing with recipients on standard contractual clauses which provide an adequate level of protection.

  • Your choices and your rights

    We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your Personal Data. To exercise your Rights under Data Protection Law, please use the DPO Contact Details listed above in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section.

    Your choices on how you want to be contacted and withdrawing consent

    You can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, SMS, phone), for which purpose and how frequently, by adjusting the privacy setting on the relevant device or updating your user or account profile or by following the unsubscribe instructions included in the communication.

    Your Personal Data and Right to Access

    You have the right to find out what Personal Data we have concerning you and its origin. Under certain conditions, you have the right to receive your Personal Data, which you have provided to us, in a commonly used, structured machine-readable format and to transmit your Personal Data to any third party of your choice. This can be done by providing details of your request to us, using the contact details provided in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section.

    Your corrections and Right to Rectification

    If you find any mistake in your Personal Data or if you find it incomplete or incorrect, you may also require from us that we correct or complete it. This can be done by providing details of your request to us, using the contact details provided in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section.

    Your restrictions and right to Restriction of Processing

    You have the right to request a restriction on the Processing of your Personal Data (for example, while the accuracy of your Personal Data is being checked). This can be done by providing details of your request to us, using the contact details provided in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section.

    Right to Object to Processing

    You may also object to the use of your Personal Data for direct marketing purpose (if you prefer, you can also indicate to us through which channel and how frequently you prefer to be contacted by us) or to the sharing of your Personal Data with a third party for the same purpose.

    Opting Out

    Personal Data that you have provided to us by unsubscribing to an email, changing your preferences in your account, visiting our Opt-Out form or by contacting our Data Protection Officer .

    Your Right to Erasure

    You may want us to erase your personal data and you are able to request this by providing details of your request to us, using the contact details provided in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section. We will assess your request and either explain to you the reasons we are still required to retain your data, which will be due to a legal requirement or business justification to keep your data. If we are able to erase your data we will inform you of the outcome.

    Your Right to Data Portability

    You have the right to request that data you have provided is sent to you in a structured, commonly used and machine-readable format and have the right to transmit that data to another organisation. This can be done by providing details of your request to us, using the contact details provided in the 'Who can you contact in case you have questions or requests? The data protection contact point’ section.

    Your Right to lodge a complaint

    If you wish to make a complaint then we would encourage you to initially contact our Data Protection Officer . However, you also have the right to lodge a complaint directly with the relevant supervisory authority, which for Lexus UK and the United Kingdom is the Information Commissioners Officer (ICO) whose contact details are:

    Postal Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

    Email:casework@ico.org.uk

    Online Formhttps://ico.org.uk/global/contact-us/email/

    Telephone: 0303 123 1113

    Please note: When you make contact with the ICO, they are responsible for the data you provide to them, the security of that information and ongoing management of that data.

    The ICO are also a public authority meaning that all the written material they hold, including any correspondence you send to them, may be considered for release following a request to them under the Freedom of Information Act, unless the information is exempt.

  • Changes to this policy

    We may occasionally make alterations to this page, which will reflect how we process and look after your date. This is to ensure our commitment to being transparent with you, protecting your information and upholding your Rights. If significant changes are made to this Policy or the way in which we process your personal data, we will draw your attention to this either through updates to this Policy on our website, through our service lines or by another means of communication such as email. The online version of this Policy is also subject to version control and we are able to provide specific versions if required. This allows you to assess the changes and make an informed decision on how your data is processed.