Last updated: 08 January 2024
The official version is available here (in French) . In the event of any discrepancies between the English or Spanish version and the French version, the French version shall prevail.
Please read this Privacy Policy so that you understand how we process your Personal Data.
1. What is the purpose of this Personal Data Protection Policy?
The purpose of this Privacy Policy is to inform you about the way we process your Personal Data when you visit our website and the Toyota Paris 2024 – KINTO MICROMOBILITY application (hereinafter "the Application") and when you use our website and/or Application to use our services. So this Privacy Policy explains what Personal Data we collect and how we collect, use, store and disclose it. It also contains information about your rights in accordance with current regulations on the protection of personal data.
2. Who is your data controller?
Toyota Motor Europe (hereinafter referred to as "We" or "TME"), a company registered with Register of Entreprises under number 0441.571.714 and having its registered office at 1140 Bruxelles, Avenue du Bourget 60, is the "Data Controller" of your Personal Data.
As the personal data controller, we agree to process your Personal Data in compliance with applicable laws and regulations on the protection of personal data and, inter alia, Data Protection Act No. 78-17 of 6 January 1978, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
3. Has TME appointed a Data Protection Officer?
TME has a Data Protection Officer (hereafter "DPO").
If you have any questions regarding the processing of your personal data or if you wish to exercise your rights, please contact our DPO at data.protection@toyota-europe.com, or by post for the attention of the DPO of TME, located at Avenue du Bourget 60, 1140 Brussels.
4. Definitions
For the purposes of this Personal Data Protection Policy, the terms below have the following meaning:
- "Recipient(s)": means the individuals or legal entities who receive Personal Data from TME. The recipients of data may therefore be employees of TME or of the TOYOTA group to which TME belongs as well as external organisations (partners, exhibitors, banks, speakers, etc.);
- "Personal Data" means any information relating to an identified or identifiable individual, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity;
- "Purpose(s)": refers to the objectives pursued by each Personal Data processing operation;
- "Data Subject(s)": refers to Users whose Personal Data are processed by TME;
- "Data Controller": means the individual or legal entity, public authority, department, or other body which, alone or jointly with others, determines the purposes and means of the processing. For the purposes hereof, TME is the Data Controller.
- "Data Processor": refers to any individual or legal entity who processes Personal Data on behalf of TME;
- "Processing": means any operation or set of operations relating to Personal Data, regardless of the process used, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction;
- "Personal Data Breach": means a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data transmitted, stored, or otherwise processed.
5. For what purposes do we process your Personal Data?
The Personal Data that you provide us with or that is generated through your interactions with the Application or our website and the use of our mobility services, are processed in part or in full, as applicable. The main purpose of processing your Personal Data is to manage the contractual relationship.
In more detail, processing your Personal Data enables us to:
- Manage the creation of accounts on the KINTO Application: Verify the alleged identity as well as the essential information contained in the documents (required for your registration on the Application);
- Manage vehicle bookings ( Micro mobility vehicles) Collection, use and return;
- Manage claims: Manage claims relating to the use of the services;
- Carry out statistical studies: Preparing anonymous statistics relating to the use of the Share service to draw up reports on the running of the car-sharing service, carrying out market research and profitability studies based on anonymous data, and increasing knowledge about the use of services provided through the Application;
- Manage consent: Considering and respecting user consent;
- Manage customer relations: Handling customer complaints and requests;
- Manage the technical administration of the Application: Manage user accounts and carry out the necessary internal technical operations within the framework of incident resolution, data analysis, tests, research, etc;
- Manage the fleet: checking that the vehicle has been returned to the right place, monitoring the condition of the fleet, managing repairs and cleaning, recovering the vehicle in the event of theft, anticipating/preventing theft, assisting the customer in the event of a breakdown or accident;
- Profiling based on user consent: TME may analyse activity and profile users using internal and external data, to improve the quality of the Application's services, including the development of predictive and mobility models, and also for marketing communications purposes.
6. Who are the Data Subjects?
The Data Subjects here are mainly Users of the Application, Users of the Kinto service and visitors to our Website.
Also, we process Personal Data concerning the personnel of our commercial or institutional partners and our service providers within the framework of the contractual relations which bind TME to these persons or entities.
7. What is the legal basis for processing your Personal Data?
We only process your Personal Data if the processing is carried out at least on one of the legal bases set out in Article 6 of the GDPR.
The table below sets out the legal basis associated with each of the purposes for which your Personal Data is processed.
Purpose |
Legal basis |
Manage account creation on the Application |
Article 6.1.b GDPR: Contract |
Manage Micro mobility vehicle bookings and deliver the services |
Article 6.1.b GDPR: Contract |
Manage claims |
Article 6.1.b GDPR: Contract |
Carry out statistical studies |
Article 6.1.f GDPR: Legitimate interest |
Manage consents |
Article 6.1.c GDPR: Legal obligation |
Manage customer relations |
Article 6.1.b GDPR: Contract |
Manage the technical administration of the Application |
Article 6.1.f GDPR: Legitimate interest |
Carry out commercial canvassing (offers, promotions and marketing communications) |
Article 6.1.a GDPR: Consent (for prospective customers) (Article 6.1.f GDPR: Legitimate interest (for customers) |
Manage rental properties |
Article 6.1.f GDPR: Legitimate interest |
Conduct surveys, satisfaction surveys, studies, or statistics: |
Article 6.1.a RGPD: Consent (for prospective customers) (Article 6.1.f GDPR: Legitimate interest (for customers) |
Manage litigation |
Article 6.1.f GDPR: Legitimate interest |
8. What Personal Data do we process?
To fulfil the purposes for which your Personal Data is processed, we agree to collect only that which is strictly necessary.
If you are asked to provide optional Personal Data, we will clearly inform you of the optional nature thereof and specify which Personal Data is required.
The Personal Data we process within the framework of our mobility services includes the following categories:
Data types |
Data category |
Details of data processed |
Current data |
Civil status, identity, identification data |
Email address, telephone number, country of origin, bracket fitment and user validation |
Litigation |
When the users doesn’t respect the Terms and conditions or user conditions. |
|
Personal life (lifestyle, family situation, excluding sensitive or personal data) dangerous, etc.) |
Not collected |
|
Professional life (CV, education, professional training, awards...) etc.) |
Not collected |
|
Economic and financial information (income, financial situation, etc.), tax status, etc.) |
Not collected |
|
Connection data (IP addresses, logs events, etc.) |
Application traces Technical logs |
|
Location data (movements, GPS data, GSM, etc.). |
Vehicle booking data: start date and time, end date and time Location data (location when the services of your reservation starts and the location at the end of the reservation. Exceptionally when the terms and conditions aren’t respected (for example to find the location of the vehicle when the duration of the reservation has ended and the vehicle hasn’t returned to the appointed place) |
9. How do we collect your Personal Data?
The Personal Data we process within the framework of our mobility services comes mainly from the following sources:
- Personal Data provided directly by users of the Toyota Paris 2024 – KINTO: Data provided when a user account is created, when the services provided by the Application are used, or when a complaint or request is made by the user;
- Personal Data generated: Data automatically generated through use of the Application (including our website) and/or the service, as well as the data provided by the sensors on your mobile device when you activate the location services, for example to contact us to request assistance;
- Personal data supplied by third parties: data disclosed by the public authorities (fines, incidents, etc.), data disclosed by the user's employer.
We will only use your Personal Information for the purposes it was collected for, and in accordance with the law. We will not use your Personal Data for any other purpose without your prior consent. The only exception to this rule is if it is required or authorised by law, for example where it is necessary to prevent, investigate, detect, or prosecute criminal offences.
10. Who do we share your personal data with?
Your Personal Data that we process is intended for our teams whose access to your data is necessary for the provision of the micro mobility service, and within their respective remits.
Likewise, Your Personal Data is shared with our service providers engaged to perform certain services and tasks necessary for the operation of the service and to deal with problems that require special know-how (maintenance of the app., data hosting, billing, insurance, possibly customer service...) that cannot be handled internally or for the provision of a particular IT infrastructure (provision of software technology and updates to support the platform on which the carsharing service is based...).
For certain cases of use relating to products and/or services offered by TME within the framework of its activities, partnerships internal to the Toyota group may be linked with a view to providing support (temporary or regular; technical or in human resources), or an additional ad hoc expertise to the teams of TME.
We will only share your Personal Data with a provider once we have concluded a written Personal Data processing agreement with them in accordance with the GDPR. This agreement obliges the provider to comply with the GDPR and all data protection regulations and to act only in accordance with our strict instructions. Our processors will only process your Personal Data in accordance with our instructions and only in the manner described herein and in the General Terms and Conditions.
Also, and subject to the collection of your consent for profiling and/or marketing purposes, TME may disclose your Personal Data to other Toyota Group Companies or to its commercial partners.
Also, where we are required to do so by law, we may, in accordance with applicable laws and regulations, disclose your Personal Data to government authorities, authorised public and private bodies or the courts.
In any event, neither TME, nor any of its subcontractors and partners, will ever market your Personal Data.
11. How long do we keep your Personal Data for?
Your Personal Data processed by TME is kept for a limited period of time, defined according to the purposes of each data processing and the regulations in force.
The Toyota Paris 2024 – KINTO micromobility app and personal data will be deleted no later than 31th of december 2024, unless there is a legal or judicial exception to retain the data (for example with damaged vehicles (3Oth june 2025).
Data collected via the forms available on our Website and our Application is kept for the time needed to process the purpose of the form, a period which is extended, if necessary, by the time needed to meet the legal obligations of TME or for evidential purposes.
The data required to produce audience statistics is kept for the time necessary to achieve this statistical purpose, which may not exceed a maximum of 24 months in the case of data that does not allow you to be identified.
Also, to ensure that the data we process is retained in accordance with the law, we have adopted a data retention and archiving policy which specifies the retention and archiving period for each type of data and for each corresponding purpose.
In any event, we endeavour to do our utmost to store and archive all the data we process in appropriate security conditions that comply with the regulations, using the latest technology.
12. Where is the Personal Data we process located?
TME prefers to host and process your Personal Data within the European Union (EU).
However, your data may be transferred to countries outside the EU (for example, if you use a data processor located outside the EU). In this case, to guarantee an adequate level of protection for your Personal Data, each data transfer is governed by the European Commission's Standard Contractual Clauses (pursuant to article 46.c of the GDPR) or by any other legal instrument that guarantees a level of protection as high as that in France.
13. How do we secure the Personal Data we process?
We take technical and organisational measures to guarantee the security of your Personal Data and protect it against the risks of illegitimate access, unwanted modification, or disappearance. Our data security processes include: access security, backup systems, monitoring, review and maintenance, security incident management and continuity.
Our teams are trained in and made aware of the protection of Personal Data, and we limit their access to data necessary for the performance of their duties. Also, all TME personnel are subject to a non-disclosure obligation, as are all external contractors.
Also, your Personal Data may only be processed by a third party acting as a data processor insofar as this data processor agrees to comply without restriction with the technical and organisational security measures that we have defined.
We also carry out regular audits to check that data security rules are being properly applied at operational level.
We also have a data breach management policy that enables us to not only limit the impact of any incident involving the data we process, but also to meet our legal data protection obligations.
14. What are your rights in relation to our processing of your Personal Data?
In accordance with regulations on the protection of personal data, you have the following rights, depending on the legal basis for the processing concerned:
• Right to be informed;
• Right of access and rectification of your data;
• Right to erasure of your data;
• Right to limit the processing of your data;
• Right to object on legitimate grounds;
• Right to withdraw your consent;
• The right to port your data (to obtain from TME, where technically possible, in a commonly used computer format, the disclosure, to you or directly to another data controller, of your Personal Data processed using automated processes. However, this right is limited to Personal Data processed on the basis of consent or the performance of an agreement);
To find out more about the management of your personal data or to exercise your rights, please contact our DPO at data.protection@toyota-europe.com
If you feel the company has failed to respect your rights, please contact us, and lodge a complaint with the Commission Nationale Informatique et Libertés https://www.cnil.fr/fr/agir. or the Belgian Data protection Authority Introduire une plainte | Autorité de protection des données (autoriteprotectiondonnees.be)
15. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy from time to time. Updates to this Policy will be posted on our website and our App.
So you know when changes are made to this Privacy Policy, we will change the version date at the top of this page. Changes apply once they are published on our website and in our App. We therefore recommend visiting this page regularly to take note of any updates that may have been made.