Introduction, who we are and who to contact
Lexus UK respects your privacy. Whether you deal with Lexus UK as a customer, a consumer, a member of the general public, a partner, supplier or staff member, you are entitled to the protection of your personal data.
This Policy applies to all the processing of your personal data across the services we deliver at Lexus UK and all of the different platforms we use to deliver those services such as online applications, websites, portals, sales and marketing activity and social media platforms. Data captured and processed at a Lexus Dealership is managed separately, which is further described below.
We’ve taken a layered approach to inform you how we deal with your data, as we recognise it can all be a little confusing at times. Therefore, this Policy is accompanied with privacy notices, which provide you with more specific and concise information on that particular area.
Capitalised terms refer to standard terms set out in within the General Data Protection Regulation (GDPR).
Who is responsible for the processing of your personal data?
Lexus UK of Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX is the Data Controller and responsible for the processing of your data.
However, please note that we also process your data, dependant on your relationship with us, to different data controllers, which form part of the Lexus UK Group but are separate legal entities and will have their own processes and procedures for handling your data. See Disclosure of personal data section.
Who can you contact in case you have questions or requests?
Lexus UK has appointed a Data Protection Officer (DPO) who is available to handle any questions or queries you may have relating to the processing of your data, this Policy and associated Privacy Notices.
The DPO can be contacted at firstname.lastname@example.org or alternatively by writing to the Data Protection Officer, Lexus UK, Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX.
At Lexus UK we collect personal data directly from you when:
You request a Test Drive, Brochure, Vehicle Valuation or complete a form on our websites.
This data is often shared between Lexus entities and your local dealership, to provide you with the best possible products, services and offers based on your requirements and preferences. This includes:
• Personal identifying information: full name, title, address (private and/or professional), previous addresses, telephone number (residential, business), e-mail address, nationality.
• Personal characteristics: age, gender, date of birth, place of birth, occupation, and marital status.
• Vehicle information: current and previous brand and type of vehicle, Vehicle Identification Number, Number plate, selected optional equipment, purchase, rental or leasing.
• Lifestyle: details on the consumption of goods or services, behaviour of the individual or his/her family, social contacts, complaints, incidents or accidents, use of media and means of communication, incl. Facebook account, Twitter account, LinkedIn account, Instagram…
• Household Composition: Marriage or present form of cohabitation, name of the spouse or partner, details of other members of the family or household.
• Hobbies and interests: Leisure activities and interests: hobbies, sports and other interests.
• Affiliations: Affiliations to charitable or voluntary organisations, motability, clubs, associations and groups.
• Marketing Preferences: We will often ask whether you would be interested in the latest news, offers and events via email, post, SMS and telephone communications.
You request a Test Drive, Brochure or complete a form on our partners’ websites.
This data is provided by you and collected by our third-party partners. It includes:
• Personal identifying information: full name, title, address (private and/or professional), telephone number (residential, business), e-mail address.
• Marketing Preferences: We will often ask whether you would be interested in the latest news, offers and events via email, post, SMS and telephone communications.
We need to verify your ID or driver’s licence (e.g. test drives, replacement car).
Personal data that will be collected from you can include:
• IDs assigned by us, types of formal identification data such as passport, driving license and utility bills
Such data will only be used for the specified purpose at the point of collection.
You use our connected and autonomous car services.
The following data can be collected;
• If you have a Lexus vehicle with an on-board Internet connectivity functionality, identification information requested by the mobile network operator which provides the Internet connectivity service (e.g. copy of ID documents, debit/credit card details);Geolocation information linked to your Lexus vehicle and/or your smartphone (e.g. GPS location, planned destination);
• Driving behaviour (e.g. driving logs, journey logs, driving speed, acceleration and brake speed);
If you do not want your Lexus vehicle’s geolocation data to be used, you can activate the “Privacy Mode” through your MyLexus account at any time. If the “Privacy Mode” is active, we will cease to use such geolocation data. However, please note, once activated this will apply to all services relying on geolocation, which could mean they are unavailable, or their quality and accuracy may be affected. You can check the current status of the “privacy mode” through your MyLexus account.
You purchase or apply for a financial service offering or insurance (including online).
The following data can be collected;
• Financial features (only in relation with financial services offerings): Income/possessions of Data Subject and his/her partner, solvency, assessment of income, financial status, credit rating, details relating to insurance, professional activities of the data subject and their partner, conventions and agreements.
• Housing characteristics: Address of housing, housing type, own house or leased, length of stay at this address, rent, charges, classification of housing, valuation details, names of key holders.
You correspond with us through our call centres (e.g. for customer queries).
We might record the calls in order continuously improve the quality of our services:
• Sound recordings: Recording on tape, call recording.
You interact with Lexus through online channels (e.g. website).
The following information can be captured (in accordance with the cookies policy):
• Electronic identification data, IP addresses, cookies, session cookies, your behaviours and usage of our website.
You attend an event and your picture is taken/used on social media
We occasionally run internal events, promoting the company, our employees and new products and services. These events are often attended by our employees, partner organisations and general visitors to our event locations. We often take pictures and videos at these events and post them on our social media pages on platforms such as Facebook and Linkedin.
When it comes to using pictures or videos that contain individuals from our partner organisations, suppliers and general visitors to our events, we do so using our legitimate interests but in order to respect your privacy and wishes, you are able to object to this processing at the time or at any point in the future by emailing email@example.com.
You use a specific login from your own social media on a Lexus UK tool (website, portal, blog).
Your use of such social media means that you have allowed the communication and collection of this information.
We remind you that publication on social media may have certain consequences, including for your privacy or for the privacy of persons whose personal data you share. You are fully responsible for your publications and Lexus UK will not have any responsibility and liability in this regard.
Why we process your data
We process your data based on the lawful grounds listed below:
Where you have provided your consent, we may use and process your information to:
• Contact you from time to time about Lexus’s products, offers and events that we think might be of interest to you. We will send these communications by email, phone, SMS or post.
For the avoidance of doubt, you will always have the right to withdraw your consent at any time by contacting us at firstname.lastname@example.org or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.
We may use and process your personal data where it is necessary to perform a contract to which you are a party or in order to take steps at your request prior to entering a contract and to fulfil and complete your orders, purchases, service subscriptions and other transactions entered into with us (or our authorised dealer network and affiliates).
We may use and process your personal data, as set out below, where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. We will always ensure this legitimate interest is not outweighed by your privacy rights and that the use of your personal data is duly communicated to you in the privacy notice related to that processing.
Processing necessary for us to support customers with sales and other enquiries
• To respond to correspondence you send to us and fulfil the requests you make to us (for example: test drives, service requests, brochure requests or information about specific vehicles);
• To provide service, maintenance and warranty information and reminders, unless you object;
• Processing necessary for us to respond to understanding customers’ and drivers’ needs to analyse, evaluate and improve our products and services so that your visit and use of our website, applications, customer service centre and authorised affiliates and subsidiary companies are more useful and enjoyable (we will generally use data amalgamated from many people so that it doesn’t identify you personally).
• To undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer and provide tailored offers, products and services. We will only send marketing communications to you if you have provided your consent for us to do so.
• We may analyse your personal data to create a profile of your interests and preferences so that we can tailor our products and services and target our communications in a way that is timely and relevant to our customers. We may make use of additional information about you when it is available from external sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and reduces the risk of someone receiving information they may find inappropriate or irrelevant. We are committed to putting you in control of your data so you are free to opt out of your information being used in this way at any time.
• For product development purposes (for example to improve vehicle quality, performance and safety);
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness or our campaigns.
• To send you information on our extended warranty and roadside assistance products where you are benefiting from a current Lexus service and it is about to expire. You have the right to object to us sending this information at any time;
• To contact you from time to time with marketing information (unless you object) if you have expressly indicated to us that you are acting on behalf of a business or where we have obtained business contact details from our authorised dealer network and affiliates.
• To contact you with targeted advertising delivered online through social media and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals who’s details it has received from us.
• To provide you with tailored advertising, based on your location, through your television subscription service. For example, delivering an advert ahead of an event at your local dealership. As part of these adverts, we also carry out quality and frequency checks, such as whether adverts were displayed correctly and how often particular adverts have been shown. You can choose not to receive this kind of tailored advertising by contacting us to opt-out or managing your preferences through your television service provider.
• To contact you when your local Lexus Centre opens, closes or moves premises.
Processing is necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
• To verify the accuracy of information that we hold about you and create a better understanding of you as a customer;
• To comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
• For network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access;
• To inform you of updates to our terms and conditions and policies.
Our Legal Obligations
• To comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;
• To verify or enforce compliance with Lexus UK’s policies and agreements; and
• To protect the rights, property or safety of Lexus UK and/or its customers;
• In connection with corporate transactions: in the context of a transfer or divestiture of all or a portion of its business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or part of Lexus UK’s business.
To protect the vital interests of you or another person
Sometimes we will need to process your personal data to contact you if there is an urgent safety or product recall notice and we need to tell you about it.
How long we keep your data and how we secure it
At Lexus UK we only retain your data for as long as required by law or where we have an appropriate business justification.
For further information on how long personal data is likely to be kept before being removed from our systems and databases, please contact us using the details provided.
Protecting your personal data
We have implemented a set of technical and organisational security measures to protect your personal data against unlawful or unauthorised access, use of modification, in addition to protection against accidental loss or damage.
Your personal data will only be processed by a third-party Processor if that Processor agrees to comply with a set of agreed contractual clauses, in addition to appropriate technical and organisational security measures.
Appropriate security means ensuring controls are in place to protect the confidentiality, integrity and availability of your personal data:
• Confidentiality: we will protect your personal data from unlawful disclosure to third parties.
• Integrity: we will protect your personal data from being modified by unauthorised third parties.
• Availability: we will ensure that authorized parties are able to access your personal data when needed.
We’ve put together specific information on how we process cookies in a policy document for you, which is available here .
Disclosure of personal data
Depending on the purposes for which we collect your personal data, we may disclose it to the following categories of recipients, who will then process your personal data only within the framework of the purposes detailed below
Within our organisations and our brand environment:
Our affiliates and subsidiary companies:
• Members of our Authorised Dealerships and Authorised Repairers network which you have indicated as preferred Authorised Dealerships or Authorised Repairers, or which are located near you (based on your postcode, address) or which you have been in contact with;
• Toyota Motor Europe (TME) – For personalised marketing communications we share your information with TME, as they provide system support to us and allow us to manage your preferences. TME also manage certain systems on our behalf, request certain business-related information from us to undertake European wide analysis of our customers experience and satisfaction.
Third Party System Providers – We also use approved third-party system providers who help us deliver our services, such as manage your preferences, help us communicate to our customers and understand our demographics and customer preferences better. We ensure that there are contracts in place with these Data Processors that include appropriate security and privacy contractual clauses and controls to protect your personal data.
Third party business partners:
From time to time, we may disclose your personal data to trusted organisations who handle services on our behalf.
When we disclose your personal data, we take steps to ensure that any third-party partners who handle your personal data comply with data protection legislation and protect your personal data just as we do.
We only disclose the information that is necessary for them to provide the following services:
• Research, advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns, promotions and products;
• Roadside assistance service providers;
• Customer contact centres: to help us administer your vehicle protection;
• Providers of IT related services);
Specific contact with our authorised dealerships and repairers
If you purchase a car or another product or service from one of our Authorised Dealerships or Authorised Repairers or if you give them your personal data, you will have a separate relationship with this Authorised Retailer or Authorised Repairer.
In this case, they become the Data controller of your personal Data, possibly together with us. For all questions or requests about the collection and use of your personal Data by one of the Authorised Dealerships or Authorised Repairers, please contact them directly
How is your preferred Authorised Retailer or Authorised Repairer identified?
The preferred Authorised Retailer or Authorised Repairer is chosen either by options you’ve chosen via the settings of your MyLexus account (which you can change at any time), automatically based on location (the nearest to you based on your postcode, address), or your historical contact with our network.
Transfer outside the EEA
Your Personal Data will be transferred to recipients which may be outside the EEA and will be processed by us and these recipients outside the EEA.
When your personal data is transferred to countries outside the EEA (European Economic Area) that do not generally offer the same level of data protection as in the EEA, Lexus UK will implement appropriate specific measures to ensure an adequate level of protection of your personal data.
Your choices and your rights
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your personal data. To exercise your Rights under Data Protection Law, please use the DPO Contact Details.
Your choices on how you want to be contacted and withdrawing consent
You can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, SMS, phone), for which purpose and how frequently. This can be done by adjusting the privacy setting on the relevant device, updating your user or account profile or by following the unsubscribe instructions included in the communication.
Your Personal Data and Right to Access
You have the right to know whether or not we are processing your personal data, to access that information and additionally specified information regarding how we process your information.
Your Right to Rectification
If you find any mistakes in your personal data, you find it incomplete or incorrect, you may also ask us to correct or amend it. This can be done by providing details of your request to us, using the contact details provided.
Restriction of Processing
You have the right to ask us to restrict the Processing of your personal data. This may be whilst we check the accuracy of the information we hold on you. This can be done by providing details of your request to us, using the contact details provided.
Right to Object to Processing
You may also object to the use of your personal data for direct marketing purposes or, if you prefer, you can tell us through which channel and how frequently you prefer us to contact you. You may also object to us sharing your personal data with a third party for the same purpose.
If we are using your consent to process your data, you may withdraw that consent at any time. You may withdraw your consent by unsubscribing to an email, changing your preferences in your account, visiting our Opt-Out form or using the contact details provided.
Your Right to Erasure
You may want us to delete your personal data. If you do, please provide details of your request to us, using the contact details provided. We will assess your request and if we are able to erase your data we will inform you of the outcome.
Your Right to Data Portability
You have the right to request that data you have provided is sent to you in a structured, commonly used and machine-readable format and have the right to transmit that data to another organisation. This can be done by providing details of your request to us, using the contact details provided.
Making a complaint
I, please contact our Data Protection Officer. If you are unhappy with the response from the Data Protection Officer then you have the right to lodge a complaint with the Information Commissioners Officer (ICO) whose contact details are:
Postal Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Changes to this policy
We may occasionally make alterations to this policy, which will reflect how we process and look after your data. This is to ensure our commitment to being transparent with you, protecting your information and upholding your rights. If significant changes are made to this Policy or the way in which we process your personal data, we will draw your attention to this either through updates to this Policy on our website, through our service lines or by another means of communication such as email.