Privacy Policy

Toyota (GB) PLC and Toyota Financial Services (UK) PLC (“we”) are committed to protecting and respecting your privacy. On this page we describe how we may make use of any personal data that you may supply to us when you visit this website and the Toyota My Finance mobile application (the “My Finance App”). Please read the following to carefully understand our views and practices regarding your personal data and how we will treat it.

Introduction, who we are and who to contact
Toyota (GB) PLC , which also includes Lexus UK, respects your privacy. Whether you deal with Toyota (GB) PLC as a customer, a consumer, a member of the general public, a partner, supplier or staff member, you are entitled to the protection of your Personal Data.

In this Privacy Policy (“Policy”) we describe how we collect, process, share and protect your data. We also describe why we process your personal data and the associated choices and rights you have with regards to your personal data.

This Policy applies to all the processing of your Personal Data across the services we deliver at Toyota (GB) PLC and all of the different platforms we use to deliver those services such as online applications, websites, portals, sales and marketing activity and social media platforms. Data captured and processed at a Toyota Dealership is managed separately, which is further described here.

We’ve taken a layered approach to inform you how we deal with your data, as we recognise it can all be a little confusing at times. Therefore, this Policy is accompanied with privacy notices, which provide you with more specific and concise information on that particular area.

These privacy notices will be communicated to you whenever we need to process your personal data, which could also be via a link to a privacy notice or privacy policy.

Capitalised terms refer to standard terms set out in within the General Data Protection Regulation (GDPR).

Who is responsible for the processing of your personal data?
Toyota (GB) PLC of Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX is the Data Controller and responsible for the processing of your data.

However, please note that we also process your data, depending on your relationship with us, to different data controllers, which form part of the Toyota Group but are separate legal entities and will have their own processes and procedures for handling your data.

Who can you contact in case you have questions or requests?
Toyota (GB) PLC has appointed a Data Protection Officer (DPO) who is available to handle any questions or queries you may have relating to the processing of your data, this Policy and associated Privacy Notices.

The DPO can be contacted at or alternatively by writing to the Data Protection Officer, Toyota (GB) PLC, Great Burgh, Burgh Heath, Epsom, Surrey KT18 5UX.

At Toyota (GB) PLC we collect personal data directly from you when:
You request a Test Drive, Brochure, Vehicle Valuation or complete a form on our websites, you interact with Toyota (GB) PLC through online channels (e.g. website), you attend an event and your picture is taken/used on social media, and/or you use a specific login from your own social media on a Toyota (GB) PLC tool (website, portal, blog).

Toyota (GB) PLC sometimes facilitates the publication of (personal) data via social media such as Twitter and Facebook. All forms of social media have their own terms of use, which you need to take into account when active on social media.

We remind you that publication on social media may have certain consequences, including for your privacy or for the privacy of persons whose personal data you share. You are fully responsible for your publications and Toyota (GB) PLC will not have any responsibility and liability in this regard.

For full details of what personal data we may collect, please visit

Why we process you data
We process your data based on the lawful grounds listed below:

  • Your consent
  • Contractual performance
  • Legitimate Interests
  • Processing necessary for us to support customers with sales and other enquiries
  • Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness or our campaigns.
  • Processing is necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
  • Our Legal Obligations
  • To protect the vital interests of you or another person

For full details of each of the above situations, please click here.

Where you have provided your consent, we may use and process your information to:

• Contact you from time to time about Toyota’s products, offers and events that we think might be of interest to you. We will send these communications by email, phone, SMS or post.

For the avoidance of doubt, you will always have the right to withdraw your consent at any time by contacting us at or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.

Sometimes we will need to process your personal data to contact you if there is an urgent safety or product recall notice and we need to tell you about it.

For further details of what personal data we may collect when we interact with you across our communication and social media channels, please click here.

How long we keep your data and how we secure it
At Toyota (GB) PLC we only retain your data for as long as required by law or where we have an appropriate business justification.

For further information on how long personal data is likely to be kept before being removed from our systems and databases, please contact us using the details provided.

Protecting your personal data
We have implemented a set of technical and organisational security measures to protect your personal data against unlawful or unauthorised access, use of modification, in addition to protection against accidental loss or damage.

Your personal data will only be processed by a third-party Data Processor if that Data Processor agrees to comply with a set of agreed contractual clauses, in addition to appropriate technical and organisational security measures.

Appropriate security means ensuring controls are in place to protect the confidentiality, integrity and availability of your personal data:

• Confidentiality: we will protect your personal data from unlawful disclosure to third parties.

• Integrity: we will protect your personal data from being modified by unauthorised third parties.

• Availability: we will ensure that authorised parties are able to access your personal data when needed.

Use of cookies and similar devices
We use cookies on our websites. This helps us to provide you with a better experience when you browse our website and also allows us to make improvements to our site.

Additional information on the cookies used by this blog is shown at the bottom of this page.

To manage your cookie settings, please click here.

Disclosure of personal data
For full details of how we may disclose your personal data, please click here.

Transfer outside the EEA
Toyota operates on a global scale and as a result, your personal data may be stored and processed by us or our partners in multiple countries. This is to enable us to deliver our services to you.

When your personal data is transferred to countries outside the EEA (European Economic Area) that do not generally offer the same level of data protection as in the EEA, Toyota (GB) PLC will implement appropriate specific measures to ensure an adequate level of protection of your personal data.

Your choices and your rights
We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your Personal Data. To exercise your Rights under Data Protection Law, please use the DPO Contact Details.

Your choices on how you want to be contacted and withdrawing consent
You can make a variety of choices about how you want to be contacted by us, through which channel (for example, email, mail, SMS, phone), for which purpose and how frequently. This can be done by adjusting the privacy setting on the relevant device, updating your user or account profile or by following the unsubscribe instructions included in the communication .

Your Personal Data and Right to Access
You have the right to know whether or not we are processing your personal data, to access that information and additionally specified information regarding how we process your information.

Your Right to Rectification
If you find any mistakes in your personal data, you find it incomplete or incorrect, you may also ask us to correct or amend it. This can be done by providing details of your request to us, using the contact details provided.

Restriction of Processing
You have the right to ask us to restrict the Processing of your personal data. This may be whilst we check the accuracy of the information we hold on you. This can be done by providing details of your request to us, using the contact details provided.

Right to Object to Processing
You may also object to the use of your personal data for direct marketing purposes or, if you prefer, you can tell us through which channel and how frequently you prefer us to contact you. You may also object to us sharing your personal data with a third party for the same purpose. Opting Out – If we are using your consent to process your data, you may withdraw that consent at any time. You may withdraw your consent by unsubscribing to an email, changing your preferences in your account, visiting our Opt-Out form or using the contact details provided.

Your Right to Erasure
You may want us to delete your personal data. If you do, please provide details of your request to us, using the contact details provided. We will assess your request and if we are able to erase your data we will inform you of the outcome.

Your Right to Data Portability
You have the right to request that data you have provided is sent to you in a structured, commonly used and machine-readable format and have the right to transmit that data to another organisation. This can be done by providing details of your request to us, using the contact details provided.

Making a complaint
If you wish to make a complaint, please contact our Data Protection Officer. If you are unhappy with the response from the Data Protection Officer then you have the right to lodge a complaint with the Information Commissioner’s Officer (ICO) whose contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Live Chat:
Online Form:

Changes to this policy
We may occasionally make alterations to this policy, which will reflect how we process and look after your data. This is to ensure our commitment to being transparent with you, protecting your information and upholding your rights. If significant changes are made to this Policy or the way in which we process your personal data, we will draw your attention to this either through updates to this Policy on our website, through our service lines or by another means of communication such as email.

Amend or remove cookie choices
You can change your cookie settings on at any time, by changing your choices here and clicking save.

You will also need to delete the cookies in your browser – gives full details of how to manage cookies in different types of web browser.

More information about cookies can be found at:

If you would like to stop receiving our latest offers and marketing communications then you will need to unsubscribe by completing this form.

Cookies used on this site

vcThis cookie is set by on sites that allow sharing on social media.functional
viewed_cookie_policyThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.necessary
cookielawinfo-checkbox-necessaryThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.necessary
cookielawinfo-checkbox-non-necessaryThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Non Necessary”.necessary
uidThis cookie is used to measure the number and behaviour of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisements.necessary
_cs_cThe cookie is used by Content Square to save the user consent to be tracked.functional
__atuvcThis cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.functional
__atuvsThis cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.functional
ouidThe cookie is set by Addthis which enables the content of the website to be shared across different networking and social sharing websites.functional
na_idThis cookie is set by to enable sharing of links on social media platforms like Facebook and Twitterfunctional
_gatThis cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.performance
_gaThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique
_gidThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous
uvcThe cookie is set by to determine the usage of
di2This cookie is set by on sites that allows sharing on social media. The cookie is used to track user behavior anonymously to generate usage trends to improve relevance to their services and
locThis cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are
umSet by not known)other