23. October 2023
Privacy Policy for KINTO Share Bike
Toyota Danmark A/S ("TDK")
- Introduction
This Privacy Policy for KINTO (“Policy”) applies to all Personal Data collected and processed in relation to KINTO Share Bike Services by (or on behalf of) Toyota Danmark A/S (“TDK”) (together referred to as "KINTO”, “we", “us" and “our" depending on the context).
This Policy indicates how we handle your Personal Data (“Personal Data”) when providing the KINTO Share Bike Services, to which you can subscribe through KINTO’s online booking system. In section 8 we describe the specific purposes for processing of Personal Data for the KINTO Share Bike Services.
KINTO respects your privacy. Whether you are in contact with KINTO as a potential, present or former customer, consumer, or businessman or as part of the public etc., you are entitled to protection of your Personal Data. Your Personal Data may include your name, telephone number, email address, but also the identification number of your rented bike, geographical location etc.
This Policy describes how and why we collect your Personal Data, for which purpose your Personal Data are collected, with whom they are shared, how we protect them, and your rights as a data subject in relation to your Personal Data.
This Policy applies to the processing of your Personal Data within the framework of KINTO and tools, applications, websites, portals, (online) campaigns, sales drives, sponsored social media platforms etc. offered or operated by or on behalf of TDK.
The Policy includes the general rules and explanations that apply. The regulation in this Policy may be supplemented by specific notices which you will receive in connection with specific Services, tools, applications, websites, portals, (online) campaigns, sales drives, sponsored social media platforms etc. offered or operated by or on behalf of TDK. If so, you will receive such specific notices when your Personal Data are used within the framework of the above activities (including websites, portals, individual communication services, newsletters, reminders, enquiries, offers, campaigns etc.).
At the back of the Policy you will find definitions of key concepts, which are written with capital initial letters (e.g. Personal Data, Processing and Controller).
- Who is Controller of the processing of your Personal Data?
Toyota Danmark A/S ("TDK")
Dynamovej 10
2860 Søborg, Denmark
- WHERE TO ADDRESS QUESTIONS AND ENQUIRIES – Point of Contact for Data Protection
We have created a Point of Contact for Data Protection to answer questions and enquiries concerning this Policy, and to issue any additional specific notices in relation to KINTO Share Bike Services or your Personal Data (and their processing).
If you have questions concerning this Policy, if you want to complain about our processing of your Personal Data, or if you want to exercise your rights as described herein, you may contact the Point of Contact:
- kundeservice.share.dk@kinto.services and
- KINTO Toyota Danmark A/S Dynamovej 10 2860 Søborg, Denmark
- Main principles
We want to protect your Personal Data, and we process them in a reasonable, transparent and secure manner.
We observe the following principles in connection with the processing of Personal Data:
- Lawfulness: We always process your Personal Data lawfully, fairly and in a transparent manner in relation to you as a data subject.
- Data minimisation: We limit the processing of your Personal Data to what is necessary and relevant in relation to the purposes for which they are processed.
- Limitation of purpose: We collect your Personal Data only for specific, explicit and legitimate purposes, and we do not further process them in a manner that is incompatible with these purposes.
- Accuracy: We make sure that your Personal Data are accurate and – if necessary – updated.
- Integrity and confidentiality: We use technical and organizational measures to ensure appropriate data protection, taking Account, among other things, the nature of the Personal Data concerned. Such measures protect against unauthorised disclosure and access, accidental or unlawful destruction, accidental loss or alteration and against other forms of unlawful processing.
- Access and rectification: We respect your rights in connection with the processing of your Personal Data.
- Storage limitation: We keep your Personal Data in accordance with applicable law and regulations and no longer than is necessary for the purposes for which the Personal Data are processed.
- Protection of international transfers: We ensure adequate protection of your Personal Data in connection with transfer outside the EEA.
- Protection in relation to third parties: We ensure that third parties are only allowed access to (and are only allowed to transfer) Personal Data in accordance with applicable data protection law and with adequate contractual protection.
- Lawful use of direct marketing and cookies: We only send advertising material to you or place cookies on your computer in accordance with data protection law and other relevant legislation.
- Processing of your Personal Data: Legal basis
Necessary for the performance of our agreement with you
We generally process your Personal Data if this is necessary for the performance of the agreement which you have entered by subscribing to one or more KINTO Share Bike Services.
Our legitimate interests
Where this is relevant, we process your Personal Data if required to pursue our legitimate interests in connection with the provision of the KINTO Share Bike Services, provided that our interests do bikery more weight than your interests, rights or freedoms (e.g. your right to protection of your privacy).
We process Personal Data inter alia,
- where this is relevant to enable you to share certain Personal Data with others (e.g. your location, the location of the KINTO Share Bike used by you, your destination, your expected time of arrival);
- to provide support/customer service for KINTO Share Bike Services;
- to enable us, in the event of an emergency, to contact a contact person named by you who is to be contacted if you and/or the KINTO Share Bike used by you is involved in a crash;
- if you have a KINTO Share Bike equipped with an internet connection, to enable external contractors (e.g. providers of the mobile network providing the internet connection) to fulfil their legal obligation to identify you (by collecting your ID Personal Data);
- research and development;
- to disclose your Personal Data when we are required to do so by the law enforcement authorities or courts of law; and
- to enable our KINTO network partners (e.g. national dealers, authorised dealers/repair shops, including Other parts of the KINTO organization and its partners) to contact you.
Our legal obligations
We process your Personal Data if this is necessary for the fulfilment of our legal obligations, including compliance with decisions handed down by courts of law or public authorities. If, for example, we have charged you for your use of the internet connection, we may be obliged to keep the invoice (and your Personal Data on the invoice) for a period determined by law.
- If Personal Data are processed
We process Personal Data about you, being the person who subscribed for one or more of the KINTO Share Bike Services.
- PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA
We collect your Personal Data only for specific, express, and lawful purposes, and we do not bikery out further processing in a way that is incompatible with these purposes.
We collect and use your Personal Data for the following purposes:
- To activate or deactivate your subscription to one or more KINTO Share Bike Services/your rental of the KINTO Share Bike.
- To deliver KINTO Share Bike Services to you.
- To handle your enquiries.
- To support our sales and marketing activities.
- To bikery out research and development to expand and improve the KINTO Share Bike Services, to develop new mobility and/or Services and solutions and to improve the performance of KINTO’s bikes and bikes, products and Services or develop new ones.
- To protect, maintain and support our networks, systems, and programs.
- If it may reasonably be required in connection with a dispute in which we are or may be involved, either directly with you or with a third party.
We share your Personal Data with others for the following purposes:
- If you have a KINTO Share Bike equipped with an internet connection, the provider of the mobile network providing the internet connection may have a legal obligation to gather certain Personal Data related to you.
- To enable our networks (national distributors and authorised dealers/repair shops) to contact you within the framework of the delivery/implementation of certain services/segmentation.
- Where we are required by public authorities (e.g. the law enforcement authorities) and courts of law to disclose your Personal Data to them.
- If it may reasonably be required in connection with a dispute in which we are or may be involved, we may share your Personal Data with e.g. the party, or the other parties involved in the dispute or with a court of law.
- If you have a user-based insurance agreement with an insurance company and, in accordance with such an agreement, we share with the insurance company any Personal Data necessary for them to establish the agreement (e.g. the geographical location data associated with your KINTO Share Bike, your driving behaviour etc.).
- Personal Data on damages, including Personal Data about the parties involved.
- specific PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA for each KINTO Service
In addition to the data processing described above, we will perform the following data processing for the KINTO Share Bike Service.
Step 1 – Application for membership in KINTO Share Bike
To register and use the KINTO Share Bike Service, you need sign up for an Account. When you register you must create a unique user id and password. You will also be required to confirm your acceptance of the KINTO Share Bike terms of use (the “Terms of Use”).
The provided information will be verified through use of NemID.
Your Personal Data is used in this step by KINTO with the purpose to create your KINTO Share Bike Account for us to assess the prerequisites of entering into an agreement.
The processing is legitimate since it is necessary for you to be able to enter into an agreement with us. The data will be retained until the bike sharing agreement is terminated and during such longer period that may be necessary to establish, exercise or defend any legal claims, or comply with legal obligations.
Step 2 - Activating your KINTO Share Bike Account
In connection with the creation and approval of your KINTO Share Bike Account, we will check whether you are registered / blocked in Ribers Kredit Information (“RKI”)'s list of bad payers.
The processing of your Personal Data as mentioned above is made to perform the agreement you enter with us and in accordance with current legislation. The data will be retained until the bike sharing agreement is terminated and during such longer period that may be necessary in order to establish, exercise or defend any legal claims, or comply with legal obligations such as replying to requests from authorities including the Authorities, the Danish Transport Agency’s or the police.
Step 3 - Rejection of activation of KINTO Share Bike Account
If your Account is not activated, this is based on you not fulfilling the Terms of Use for the KINTO Share Bike Service. You will always be notified if your Account cannot be activated and you may at all times following such rejection contact us in order to solve these questions or receive an explanation of why you cannot activate a KINTO Share Bike Account. If your Account request is rejected, your Personal Data will only be retained for the time necessary for us to manage potential claims between you and ourselves.
Step 4 - Using KINTO Share Bike
KINTO uses your Personal Data to create and administer reservations and rental agreements (for example, information on preferences for bikes, including bike identification data, use of the fuel biked to identify unauthorized refuelling in accordance with Terms of Use and to prevent fraud, odometer setting before and after rental, registered damage reports or notification of damage on the bike, date and time of reservation and driving distance).
In addition, KINTO uses your Personal Data for ongoing reservations and leases (for example, time and date of unlocking the bike via the App, registration of damages in the damage log after damage has occurred and description of the damage, including a photo of it provided through the Website and/or the App).
When you complete payment transactions, this occurs through the payment provider Braintree (Braintree is part of PayPal). Your payment information is stored in a secure Payment Biked Industry (Data Security Standard) certified PCI that complies with international security standards. When you need to enter your payment information, this is done directly at Braintree and only Braintree - and not KINTO - will have access to your payment information. You can read more about Braintree's processing of your personal data here:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Your Personal Data is finally used to ensure that your use of KINTO Share Bike takes place in accordance with the agreed terms and conditions, as well as to ensure our legitimate interest in the rented bike being returned to the right place at the agreed time.
The processing is lawful as it is necessary for us to comply with the agreement you have entered with us or to ensure our legitimate interest.
Personal data is retained until the bike-sharing agreement is terminated and for as long as is necessary to establish, exercise or defend any legal claims.
Step 5 - GPS coordinates
To the extent necessary to track the position of the bike in the event of theft, your breach of the Terms of Use, your failure to return the bike or your late return of the bike, or other breaches of contract or violations on your part, KINTO processes the bike’s GPS coordinates. This information is tracked in the bike's GPS box. Information on the Bikes position is transferred every second minute from the GPS-tracker and is stored centrally at KINTO but only further processed for the above purposes upon internal request and then only, in the event of any of the above events occurring.
KINTO processes such Personal Data on the basis of its legitimate interest in being able to track and manage its bikes and to fulfil its legal obligations in relation to requests from public authorities and, insofar as this applies to KINTO, to facilitate the performance of such public authorities by tasks performed in the public interest as well as to enforce the agreement with you and in accordance with applicable law. Such Personal Data is only stored for as long as is necessary to resolve the situation that is the reason for processing the geolocation data and normally for a period of five (5) years.
In cases where KINTO processes geolocation data in addition to what is stated above, we only use anonymised and aggregated data that cannot be linked to any person. Such data does not constitute Personal Data about you.
To ensure transparency to you as the renter of the bike in question, KINTO will send an SMS or email to you (if this contact information is provided to KINTO) as soon as "bike tracking" and/or "geofencing" is activated by KINTO. You are then informed of KINTO’s use of the above services.
Step 6 – KINTO Share Bike help
Through KINTO Share Bike we provide you support 24 hours a day, 7 days a week. To communicate with you in an efficient way, we use your Personal Data. For example, we may need to know how long your reservation is, or how long you have been driving, or we may need access to your reservation history to help you with current reservations and the pick-up of bikes.
We also need to be able to contact you when you register new damages in the damage log and describe such damages and send photos in the Website and/or the App. The processing is legitimate since the processing is necessary for our legitimate interests of ensuring that you may use KINTO Share Bike in a satisfactory way and ensure that damages on our bikes are reported. The Personal Data is retained for as long as a matter is open, and regarding certain Personal Data, at the longest until you or we terminate the agreement.
Step 7 - Registration on Ribers Kredit Information (“RKI”)'s list of bad payers
If you do not pay your debt to KINTO, we will, after sending you 3 reminders for non-payment, report your debt to RKI's information list.
We will report you to RKI if you have not paid our claims for:
• failure to return the rented bike after the end of the rental period
• failure to pay parking fines
• failure pay the rental fee or other remuneration
• mishandling the bike
• being reported to the police for illegal use and this entails a loss to us
• passing on the bike illegally to another driver and this results in a loss to us
However, we will only report information arising from debts of more than DKK 1,000, where KINTO has either obtained your written acknowledgment of an overdue debt or legal action has been taken against you.
We process your Personal Data to enforce the agreement with you as well as to safeguard our legitimate interest in protecting and taking bikee of our bikes and to determine, make and defend any legal claims.
RKI's information list at Experian has been certified by the Danish Data Protection Agency.
If we receive a match against the information list, such Personal Data is stored until your agreement with us is terminated and for such longer period as may be necessary to determine, make or defend any legal claims.
Step 8 – Terminating your membership and cancelling your KINTO Share Bike Account
You may terminate your membership with us by contacting us. In some cases, KINTO may have the right to immediately terminate your agreement with us. KINTO uses your Personal Data to terminate your membership. The processing is legitimate since it is necessary to perform the membership agreement and the agreement entered between you and us. If KINTO terminates the agreement, KINTO will retain your Personal Data during a period of 5 years from the data of the last usage of KINTO Share Bike or during such longer period that may be necessary in order to establish, exercise or defend any legal claims.
Step 9 - Our communicating with you
KINTO uses your Personal Data to communicate with you for the following purposes:
• to keep you updated (through mail or so-called push messages) on your use of the App, e.g. notification of upcoming reservations, end of reservation etc.;
• to inform you of updates to the Terms of Use and this Policy;
• to respond to any queries, you may have relating to KINTO’s use of your Personal Data accurately and promptly;
• to make changes you have requested to your Personal Data;
• to survey you on your user experience of KINTO Share Bike;
• to ask you if you approve of processing of your Personal Data for marketing purposes; and
• to support our sales and marketing activities.
Step 10 - Using your Personal Data for other purposes
KINTO use your Personal Data to:
• improve the performance of KINTO Share Bike Services, the App, its existing products, and Services and in order to develop new ones;
• conduct research and development, bikery out data analysis and create user group profiles from aggregated data to enhance and improve KINTO Share Bike and to develop new mobility Services and solutions; and
• secure, maintain and support its networks, systems, and applications.
The abovementioned Personal Data are only processed to a limited extent and during the period required to transform such Personal Data into aggregated data. The legal basis KINTO rely on to process your Personal Data for the abovementioned purposes and for the limited processing period is the legitimate interest to be able to provide the customer collective with relevant Services and to develop products and Services.
KINTO also use your Personal Data if necessary, in connection with a dispute in which we are or may become involved either directly with you or with a third party. The purpose of the processing is to solve such dispute and the processing is legitimate since it is necessary for our or a third party’s legitimate interest of solving a dispute.
KINTO also process your Personal Data to comply with legal obligations to which they are subject. The processing for such purposes is legitimate since it is made to comply with a legal obligation. The Personal Data is retained if it is required by law, which in terms of bookkeeping, in relation to KINTO, is 5 years.
- Can I cancel the use of THE BIKES’s geographical location?
You cannot cancel the use of your and/or your bike’s geographical location as it is part of the KINTO Share Bike Services.
- ACCURATE AND UPDATED PERSONAL DATA
It is important for us that your Personal Data are always accurate and up to date. You are requested to inform us as soon as possible of any changes or errors in your Personal Data by contacting the Point of Contact for Data Protection (see section 3 “Where to address questions and enquiries”). We do everything within reason to delete or correct erroneous or obsolete Personal Data.
- Access to your Personal Data
You are entitled to have access to your Personal Data processed by us and – if the Personal Data are erroneous or incomplete – to request that they be corrected or deleted. If you want further Personal Data on your rights or would like to exercise your rights, please contact the Point of Contact for Data Protection (see section 3 “Where to address questions and enquiries”).
- HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your Personal Data in accordance with applicable data protection law. We keep your Personal Data only for as long as this is necessary for the fulfilment of the purposes of the processing, or for as long as we are required to do so by law. If you want further Personal Data on how long certain Personal Data are kept before being deleted from our systems and databases, please contact the Point of Contact for Data Protection (see section 3 “Where to address questions and enquiries”).
We use the following criteria to determine the durations for which we keep your Personal Data:
- Duration of your subscription to and provision of KINTO Share Bike Services.
- Our legal obligations to keep certain Personal Data about you.
- Periods in which a claim may be made by or against us.
- The requirement for us to make investigations (e.g. security investigations).
- The requirement to use your Personal Data in connection with a current or potential dispute.
Upon termination or expiry of your subscription to KINTO we either delete your Personal Data after a period of five (5) years, or we keep your Personal Data after the end of the five-year period in a form that is not traceable directly to you.
- CONSENT
The KINTO organization and its partners may contact you through electronic media, by letter or phone concerning the mobility-related Services selected and for the marketing purposes selected. The marketing purposes selected will be stated in the consent given by you.
In this connection, electronic media include: Emails, notifications, push messages, text and multimedia messages, widgets, apps, Facebook, Instagram, Twitter, LinkedIn, Snapchat, Pinterest, blogs, vlogs (videoblogs on e.g. YouTube) and online games, the internet and other digital channels.
KINTO may further process, and mutually disclose, your Personal Data in relation to the product and mobility related KINTO Share Bike Services selected and for the marketing purposes selected.
Depending on the consent given by you to KINTO, mobility-related Services and products and marketing purposes selected include the following: (1) reminders etc., (2) product offers and news, (3) marketing-related surveys, (4) invitations to events and competitions and invitations to arrangements and the opportunity to win prizes, and (5) updating of your consent with regard to new partners, products or forms of contact.
You may withdraw your consent at any time.
- Categories of Personal Data
The following categories of Personal Data are processed:
Categori of data | KINTO Share Bike | |
Registration Data (first name, family name, username or similar identification, title, copy of your driver licence, date of birth, gender, driver licence number, photo, place of employment (name and address of company), organization or association through which you are given access to use KINTO Share Bike (name and address). | x | |
Login information | x | x |
Contact data (e-mail and telephone number, contact information in the event of emergencies (if you have provided this information in the online booking system)). | x | x |
Contact data (address) | x | x |
Financial data (bank account information, credit or debit biked information, e.g. history of your payments of KINTO Share Bike, invoices, VAT number, if relevant). | x | x |
Location data (collection and return of bikes, information on geographical location in relation to the bike used and/or your smartphone (e.g. GPS position, planned destination, information on trips run (starting place and time, finishing place and time, distance, time, localisation en route (however not the exact route)). Such information may include real-time location (from your mobile phone's GPS function, Wi-Fi or Bluetooth) and your itinerary | x | x |
Technical data (internet protocol (IP) address, your login data, cookies, browser type and version, time zone setting and position, browser plug-in types and versions, operating system and platform and other technology on the units you use to gain access to the online booking system). | x | x |
Information on social media (your ID on social media enabling you to share the location of your bike with others (e.g. regarding the services that allow you to share your bike’s location with others via social media as selected by you)). | x | x |
Marketing and communication data (your preferences for receiving marketing material). | x | x |
Bike-related information (ID information on the bike (e.g. the bike’s registration plate, bike identification data, information on the remaining driving range of an electric bike, current and historic information regarding the bike (e.g. accessories, tyres, economy, insurance, and warranty-related information if any), technical data on the bike (e.g. distance driven, fuel consumption, warnings). | x | x |
Information in App (favorite addresses as well as any home address and work address, , loyalty biked information (earnings, usage and discount), the device's unique ID number, possible rating of ride and possible rating of driver | ||
Information on blocking (i.e. information that you have violated the Terms of Use in any of the following ways: no return of the rented object; no payment of parking fines; no payment of the rent or other remuneration; mistreatment of the bike; reporting to the Police for unlawful use; unlawful use of the bike by another driver, use of the fuel biked to identify non-permissible fuelling, meter settings of the bike before and after the rental, | x | |
Damage information (i.e. potential registered damage reports or reports on loss of bike, registration of damage in the damage log after conducted damage control and description of the damage including a photo in the App), | x |
Please note: The above matrix includes examples of data which are not necessarily processed by all the controllers mentioned.
As a rule, we do not collect and process special categories of Personal Data on you or your civil registration number (CPR.no.). We receive a copy of your driver’s licence stating your civil registration number (CPR.no.), but we do not separately register or process your civil registration number (CPR.no.).
You will receive a separate notice if other categories of Personal Data are processed.
- PROTECTION OF YOUR PERSONAL DATA
We have introduced technical and organizational measures to protect your Personal Data from unlawful or unauthorised access and use and from accidental loss of and damage to their integrity. These measures are designed to consider our IT infrastructure, the possible consequences for the protection of your privacy and the costs involved, and to be in conformity with applicable standards and practices.
Your Personal Data will only be processed by a third party if the third party concerned accepts to comply with such technical and organizational security measures.
The establishment of data security means safeguarding the confidentiality, integrity and accessibility of your Personal Data.
- Confidentiality: We protect your Personal Data from unwanted disclosure to third parties.
- Integrity: We make sure that your Personal Data are not changed by unauthorised persons.
- Accessibility: We allow approved third parties access to your Personal Data as required.
Our data security procedures include access control, backup systems, monitoring, examination and maintenance, registration of security events and continuity.
- Use of cookies and similar features
We use cookies on our websites. This allows us to improve your experience when browsing the website and to continuously improve the website.
For further Personal Data on the use of cookies and how you avoid them, we refer to our cookie policy, which can be found at: https://kinto.services/dk/cookies .
- DISCLOSURE OF PERSONAL DATA
Depending on the purposes of the collection, the collected Personal Data may be disclosed to the following group of recipients:
- Within our organization and brand:
- Approved personnel
- Associated companies and subsidiaries, e.g. sales and marketing activities may be processed by other companies within the Toyota group, defined as the KINTO organization. If this is the case, KINTO will share your Personal Data with such companies, but only in accordance with your marketing preferences.
- Members of our network of Authorised Dealers and Repair Shops, including but not limited to authorised Toyota or Lexus dealers and repair shops you have been in contact with. Other parts of the KINTO organization and its partners include Gjensidige Forsikring, dansk filial af Gjensidige Forsikring ASA, Norge and Kinto Join Ltd.
- External partners
- Advertising agencies: To help us bikery out and analyse the effect of campaigns and sales drives.
- Partners: For example, trusted companies, which use your Personal Data to provide the Service KINTO, including support and Service, and/or to send advertising material to you (if you have given your consent to receive such material). We always ask such partners to comply with applicable law and this Policy, and we request that they process your Personal Data in confidence. Finance-related Personal Data may be passed to external partners, including insurance companies, utility companies, suppliers, bike importers, repair shops and drop-off locations etc. If you default on your obligations to us, we may report you to credit rating agencies or warning registers in accordance with applicable rules. All our Partners are bound by strict obligations regarding confidentiality and data security in accordance with GDPR. In such cases where our Service providers process Personal Data about you, on our behalf, we enter into data processing agreements which fulfils the requirements of GDPR with such parties.
- KINTO’s Service providers: Companies providing Services for or on behalf of KINTO (as an example, KINTO may share your Personal Data with external IT providers, roadside assistance providers and companies providing customer Service and support on behalf of KINTO).
- KINTO’s external lawyers, collection agencies and Accountants.
- Facebook - we will also share email-addresses with Facebook and other advertisement networks in order to communicate with our existing customers.
c) Other third parties:
- When it is necessary to comply with regulations or to protect KINTO.
- To comply with regulations, meet requests from the authorities, comply with court orders, legal procedures, Personal Data, and reporting obligations etc.
- To control and ensure compliance with our policies and agreements.
- To protect our own and/or our customers’ rights, assets, and security.
- In connection with company transactions: as part of a transfer or a sale of all or parts of Toyota’s/Lexus’s activities or in connection with a merger, amalgamation, change of control, restructuring or liquidation of all or parts of Toyota’s/Lexus’s activities.
Please note that the third parties mentioned in b) and c) – in particular service providers offering products, services or application through KINTO or through their own channels – may collect Personal Data from you independently. In such cases the third parties concerned are controllers for the handling of your Personal Data, and you will be subject to their terms and conditions.
If your Personal Data are disclosed to the KINTO organization and its partners, your Personal Data will be processed in accordance with Toyota’s/Lexus’s general Personal Data policy, which is accessible on https://www.toyota.dk/privatlivspolitik.json and
https://d3rvezpmgp265q.cloudfront.net/lexusone/lexdkdkv11/Lexus%20Privatlivspolitik_20200609_tcm-3195-1980708.pdf
- CONCRETE CONTACT WITH the other parts of the KINTO organization and ITS Partners, including OUR AUTHORISED DEALERS AND GARAGES
If you buy a product or service from a member of the other parts of the KINTO organization and its partners, including for example a bike from one of our authorised dealers or garages, or if you provide Personal Data to them, a separate legal relationship will exist between you and the party concerned. They will then (possibly together with us) be controllers in relation to your Personal Data. Any questions or enquiries concerning the other parts of the the KINTO organization and its partners’ collection and use of your Personal Data should be made to them directly.
- USE OF SOCIAL MEDIA
If you use a login from a social media (e.g. Facebook) on any KINTO tool (website, portal, etc.), KINTO registers Personal Data about you that is registered on such social media, and with your use of such social media you have expressly consented to the transfer of such Personal Data registered by KINTO through its tool.
KINTO sometimes facilitates the publication of Personal Data via social media such as Twitter and Facebook. These media have their own terms and conditions that you need to acknowledge. We remind you that publishing information on social media may have consequences, including for the protection of your Personal Data or of Personal Data of persons whose Personal Data you may share. It may be impossible to quickly withdraw a publication. You retain all responsibility for your publications. KINTO is - in this respect - without any liability of any kind.
- TRANSFER of Personal Data outside the EEA
KINTO operates a global business. Therefore, your Personal Data may be kept and processed by us or our Service providers in several countries, including countries outside your country of residence, or the country in which your KINTO Service was bought. Your Personal Data may, for example, be transferred to the United Kingdom, Japan and/or the USA.
If your Personal Data are transferred to countries outside the European Economic Area (“EEA”), we make sure that the required guarantees are provided, including:
- That the transfer is within the scope of a decision on required guarantees made by the EU Commission in accordance with GDPR, Article 45.
- That standard contract regulations for data protection, as approved by the EU Commission or a data protection authority in accordance with GDPR, Article 46.2, point c or d, are met
- That the the requirements for binding corporate rules as approved by a data protection authority in accordance with GDPR, article 46.2, point b, are met .
For further Personal Data on how the transfer of Personal Data outside the EEA is regulated, we refer to the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
For further Personal Data on how we have provided the necessary guarantees, you may contact us through the Point of Contact for Data Protection (see Section 3 “Where to address questions and enquiries”).
- Profiling and automated decision-making
We do not use automated decision-making in the sense stated in the GDPR.
- Your choices and rights
To allow you to make informed choices about how you want us to use your Personal Data, we would like to ensure the greatest possible transparency.
- Your Personal Data: You may contact us at any time through the Point of Contact for Data Protection (see section 3 “Where to address questions and enquiries”) to ascertain which Personal Data we have about you and where we obtained them. In some cases, you are entitled to receive the Personal Data we have collected about you, in a commonly used, structured and machine-readable format and disclose your Personal Data to a third party of your own choice.
- Right to correction of errors If you notice that your Personal Data are erroneous or incomplete, you may request that we correct them.
- Right to limitation of processing You have the right to request that the processing of your Personal Data be limited while the correctness of your Personal Data is being checked.
- Right to objection You also have the right to object to your Personal Data being used for direct marketing purposes (or, if you prefer, you may inform us how often you want to hear from us) or being disclosed to third parties for the same purpose. You may withdraw your consent to Processing of Personal Data at any time by contacting the mentioned Contact Point for Data Protection (see section 3 “Where to address questions and enquiries”) or by contacting the Toyota dealer or repair shop where you provided your consent.
In addition, you may ask us to delete your Personal Data (except in certain cases, e.g. for documentation of a transaction or to comply with legal requirements).
Please also note that you can complain about the Controller to the relevant data protection authority (“the Authority”).
The relevant Authority in relation to TME (as Controller) is the Belgian data protection authority.
The relevant Authority in relation to TDK or TFS (as Controller) is the Danish Data Protection Agency.
The Danish Data Protection Agency
Borgergade 28
1300 Copenhagen K
Phone+45 3319 3200
E-mail: dt@datatilsynet.dk
The relevant Authority for TIM (as Controller) is the Luxembourg data protection authority.
The relevant Authority for TFM (as Controller) is the German data protection authority.
The relevant Authority for KINTO Join Ltd. (as Controller) is the British data protection authority.
The relevant Authority for Toyota Sweden AB (as Controller) is the Swedish data protection authority.
- Legal Personal Data
The stipulations in this Policy supplement, but do not supersede, any other requirements under applicable data protection law. In the event of variance between this Policy and absolute requirements of applicable data protection law, the latter will have precedence.
KINTO may change this Policy at any time. Go to kinto-mobility.dk at any time and read the applicable version of this Policy. You will be notified of any changes of a material nature.
- Definitions
In this Policy the following terms are to be interpreted as follows:
- Controller should be understood as the natural or legal person who, alone or together with others, decides for which purposes and with which means the processing of Personal Data may be undertaken. Whoever is the right Controller of a specific processing activity will depend on the specific processing of your Personal Data. The Controller is Toyota Danmark A/S, Dynamovej 10, 2860 Søborg, Denmark You may address the Point of Contact for Data Protection (see section 3 “Where to address questions and enquiries") for additional Personal Data on this, or through a separate notice, e.g. when using specific Services (including communication Services), or as part of electronic newsletters, reminders, surveys, offers, invitations to campaigns etc.
- Processor should be understood as a natural or legal person who processes Personal Data on behalf of the Controller.
- Point of Contact for Data Protection should be understood as the point of contact (i.e. a person appointed by Toyota in the relevant jurisdiction), through which you may address any questions or enquiries concerning this Policy and/or (the processing of) your Personal Data to the Controller, and which will deal with such questions and enquiries.
- EEA means the European Economic Area (the member states of the European Union and Iceland, Norway and Liechtenstein).
- Personal Data means any form of Personal Data that is attributable to a specific person, even if the person is only identifiable, if the Personal Data is combined with other Personal Data.
- Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;.
- KINTO organization and its partners, currently includes KINTO (independent brand), authorized Toyota dealers and Toyota repairers in Denmark / Faroe Islands (a total of 35 legal entities), authorized Lexus dealers and Lexus repairers in Denmark / Faroe Islands, Toyota Danmark A/S, Lexus Danmark A/S, Toyota Motor Europe nv / sa., Toyota Financial Services Danmark A/, Lexus Financial Services Danmark A/S, Toyota Insurance Management SE, Lexus Insurance Management SE (independent brand), Toyota Fleet Management GmbH, Toyota Sweden AB and the KINTO organization's partners. Kinto