Effective Date: April 1, 2023.

Woven by Toyota Privacy Notice

In this Privacy Notice (“Notice”), we describe how Woven by Toyota, Inc. (“Company,” “Woven by Toyota,” “we,” or “us”) collects, uses, and discloses information that we obtain about visitors to our offices or other physical locations and/or our website, and the services and products available through our website (collectively, the “Services”).

Your use of our website or Services, and any dispute over privacy, is subject to this Notice and our Terms of Use at https://woven.toyota/en/terms-of-use.

For visitors outside the EEA / UK: By visiting the website or using any of our Services, you agree that your personal information will be handled as described in this Notice.

For residents of California, the EEA / UK or Japan: Additional information concerning the collection, use, and sharing of personal information, and the rights available to you under the laws of those jurisdictions, can be found below in Section 15. Additional Privacy Information for Certain Jurisdictions.

1. Scope

This Notice does not apply to the personal information that we collect and process about our employees and personnel or job applicants and candidates. In addition, this Notice does not apply to the extent we process personal information, as a processor or service provider, on behalf of our business clients (“Client Customer Data”). Our processing of Client Customer Data is subject to the terms of our written contracts with each business client, who is the controller or business for the Client Customer Data that we process on their behalf.

Additional Notices. In some cases, additional or supplemental privacy notices (each an “additional notice”) may be provided and will apply to certain personal information collected and processed by us. For example, we may provide an additional notice in order to provide more specific information about how we use and disclose personal information if you engage with us in a particular way. The additional notice will control to the extent there is a conflict with this Policy, with respect to your personal data that is subject to that notice.

2. The Information We Collect About You

We collect information about you directly from you and from third parties and automatically through your use of our website or Services.

Information We Collect Directly From You.

  • Communications and interactions. When individuals, including our business clients, email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of contact details, communications and our responses. We also maintain records of communications and information provided to us related to any business client support requests.

  • Surveys. We may ask you to provide feedback or participate in surveys. We may use this information, some of which may be personal information, to improve our Services and in any manner consistent with our policies.

  • Events and other requests. We also collect personal information related to participation in our events as well as other requests submitted to us related to our Services. For example, if an individual registers for or attends an event that we host or sponsor, we may collect information related to the registration and participation in such event and images of attendees at such events. When a business client or individual signs for our mailing lists or otherwise requests information from us, we collect and maintain records of those requests.

Information We Collect From Other Entities. We may collect personal information from third party sources, such as joint marketing partners, social media platforms or other third parties. We may receive lead and prospect information from third parties about prospective business clients that may be interested in our Services. We may also engage with third parties to enhance or update our business client information.

Information We Collect Automatically. We automatically collect information about your use of our Services and interactions with us and others, including information by using cookies, pixel tags and other technologies, as well as information we derive from the use of the Services. Such information includes:

  • IP address and/or Internet service provider;

  • date and time you access the website;

  • the referring URL, or the webpage that led you to our website;

  • the computer technology you are using;

  • your movements and preferences on the website, including the web pages you view on the website and links you click on;

  • general location information, such as city and country; and

  • the length of time you visit our website and or use our Services.test

3. Purposes of Use of Personal Information

Generally, we collect, use, disclose and otherwise process the personal information we collect for the purposes set forth in this section. While the purposes for which we may process personal information may vary depending upon the circumstances in which we collect such personal information, in general, we use personal information for the business and commercial purposes set forth below.

  • Services and support. To provide and operate our Services, communicate with our business clients about their use of the Services, provide troubleshooting and technical support, respond to inquiries, communicate, and for similar service and support purposes.

  • Analytics and improvement. To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features, and for internal quality control and training purposes.

  • Marketing and advertising. For marketing and advertising purposes. For example, we may send information about our Services, such as offers, newsletters and other marketing content. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content. Where required by applicable law, we will obtain your consent before marketing to you.

  • Planning and managing events. For event planning and management, including registration, attendance, and providing updates about relevant events and Services.

  • Research and surveys. To administer surveys and questionnaires, such as for market research or member satisfaction purposes.

  • Security and protection of rights. To protect the Services and our business operations, including (a) to prevent and detect fraud, unauthorized activities and access, and other misuse; (b) where we believe necessary to investigate, prevent or take action regarding illegal activities, situations involving potential threats to the safety or legal rights of any person or third party; or (c) violations of our Terms of Use or this Notice.

  • Legal proceedings and obligations. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.

  • General business and operational support. To consider and implement mergers, acquisitions, reorganizations, financings, bankruptcies, and other business transactions, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

4. Disclosures of Personal Information

Generally, we disclose the personal information we collect in order to provide our Services to our business clients, respond to inquiries and requests, as otherwise directed or consented to by you, and for the purposes otherwise described in this Notice, including:

  • Vendors and service providers. We disclose the personal information we collect from you to service providers, contractors, agents, or others who perform functions on our behalf. These may include, for example, IT and support service providers, sales representatives, distributors, analytics providers, consultants, auditors and legal counsel.

  • Affiliates and subsidiaries. We disclose the information we collect from you to our affiliates or subsidiaries. For example, when you submit an inquiry via a contact form or send an e-mail to us, we may route it to the responsible function in one of our group companies. We may also share aggregated statistics about the usage of our websites with other group companies to improve them.

  • Business clients. Any business client personal information such as employee or user information that we process on behalf of our business clients will be disclosed as directed by those business clients.

  • Third parties. We may disclose or make available personal information to third party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. We may also make certain information (such as browsing information) available to third parties in support of our marketing, advertising and campaign management.

  • In support of business transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain personal data as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.

  • Compliance and legal obligations. We may also disclose personal information to third parties to the extent required by applicable law and legal obligations. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process.

  • Security and protection of rights. We may disclose personal data where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property and safety of others. For example, we may disclose personal information in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of, our Terms of Use. We may also disclose information, including personal information, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.

5. Aggregate and De-Identified Information.

We may use and disclose aggregate and other non-identifiable data related to our business and the Services for quality control, analytics, research, development and other purposes. Where we use, disclose or process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in de-identified form and not to attempt to reidentify the information, except in order to determine whether our de-identification processes are reasonable and adequate pursuant to applicable privacy laws.

6. Cookies, Targeting, and Analytics.

We and our third-party service providers use cookies, pixels, local storage objects, log files, APIs, and other mechanisms to automatically collect browsing, activity, device and similar information within our Services. We use this information to, for example, to analyze and understand how users access, use and interact with our Services, as well to identify and resolve bugs and errors in our Services and to assess secure, protect, optimize and improve the performance of our Services. You have certain choices about our use of cookies and tracking within the Services, as described in this section. You can find further information related to our use of cookies in our Cookie Policy located here.

Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website and Services, while others are used to allow us to track your activities on our website and through the Services. There are two types of cookies: session and persistent cookies.

  • Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session. This allows us to process your online requests as you move through our website and Services.

  • Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags) in connection with our website and Services to, among other things, track the activities of website visitors, help us manage content, and compile statistics about website usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our website. We also may use other analytic means to evaluate our website. We use these tools to help us improve our website’s performance and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. You can download the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

Cross-Device Use. We and our third-party service providers may use the information that we collect about you (whether directly from our website, through your device(s), or from a third party) to help us and our third-party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our third-party service providers also may use the cross-device use and other information we learn about you to serve targeted advertising on your devices and to send you emails. To opt-out of cross-device advertising, you may follow the instructions set forth in the Third-Party Ad Networks section below. Please note: if you opt-out of these targeted advertising cookies, your opt-out will be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt-out each browser or device that you use.

Targeted Advertising. We work with third parties, such as analytics and measurement services and others (“third-party ad companies”) to personalize content and to manage our advertising on third-party sites. We may share certain information with these third-party ad companies, and we and them may use cookies, pixels tags, and other tools to collect usage and browsing information within our Services, such as IP address, location information, device ID, cookie and advertising IDs, and other identifiers, as well as browsing information. We and these third-party ad companies use this information to provide you more relevant ads and content on third-party sites and to evaluate the success of such ads and content.

Managing Your Preferences. We make available several ways for you to manage your preferences within our Services. Many of these are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Services; in addition, if you delete or block cookies, you may need to reapply these preferences.

  • Cookie preference manager. You can review or change your preferences for targeting cookies and tags on our websites by adjusting your cookie settings here. These settings are browser and device specific.

  • Browser signals. If our website detects that your browser is transmitting a “global privacy control”—or GPC— signal, we will apply that to opt that browser on your device out of targeting cookies on our website. If you come to our website from a different device or from a different browser on the same device, you will need to apply GPC for that browser and/or device as well. See Section 15.I. Additional Privacy Information for California Residents, below, for more information about GPC. Our website does not recognize or respond to browser “do not track” signals.

  • Industry ad choice programs. You can also control how participating third-party ad companies use the information that they collect about your visits to our websites and those of third parties, in order to display more relevant targeted advertising to you; for more information and to opt out of receiving targeted ads from participating third-party ad networks go to:

    • U.S. Users: aboutads.info/choices (Digital Advertising Alliance) (You can also download the DAA AppChoices tool in order to help control interest-based advertising on apps on your mobile device)

    • EU Users: youronlinechoices.eu (European Interactive Digital Advertising Alliance)

    • Japan Users: http://www.ddai.info/optout (Data Driven Advertising Initiative in Japan)

  • Browser settings. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Services who disable cookies will be able to browse the website, but some features may not function.

7. International Transfers of Data.

Woven by Toyota is headquartered in Japan, and has operations, entities, and service providers in Japan, the UK and the US, and elsewhere throughout the world. As such, Woven by Toyota may collect personal information from these countries, and we may transfer such personal information to and process such personal information in Japan, the UK and the US and other jurisdictions where we and our affiliates and service providers have operations. Some of these jurisdictions (including the US) may not provide equivalent levels of data protection as compared to your home jurisdiction. We will take steps to ensure that such personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

8. Your Privacy Choices.

You have certain choices regarding our processing of your personal information. In addition, residents of certain jurisdictions may be entitled to additional rights under the laws of those jurisdictions; please refer to the section titled, “Additional Privacy Information for Certain Jurisdictions” below for more information. We will not restrict or deny you access to our Services because of choices and requests you make in connection with your personal information:

  • Marketing communications. We may send periodic promotional emails to you. You may opt-out of promotional emails by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you emails about any services you have requested or received from us.

  • Targeted advertising/Cookies preferences. You can review or change your preferences for many cookies on our site, other than those that are necessary by adjusting your cookie settings through our cookie manager. These preferences are browser and devices specific so you will need to set your preferences for each browser and device you use, and if you subsequently delete or block cookies, you may need to reapply these settings. You may also adjust your advertising preferences as set forth above in Section 6. "Cookies, Targeting, and Analytics."

9. Access, Correction, and Deletion.

We provide all users of the Services with the option to access, correct, or delete their personal information, with some exceptions. There may be circumstances where we cannot comply with your request, as we may need to retain your personal information for legal and contractual obligations. Residents of certain jurisdictions have specific rights under applicable law, which are further disclosed under Section 15.

  • Access, correction, and deletion. You may review, correct, and request deletion of your personal information. You may submit a request to access, correct, and delete personal information, or another privacy request, through privacy-inquiries@woven.toyota.

When you submit a request regarding your personal information, we reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains and allow only those individuals or their authorized representatives to exercise rights with respect to that information. Woven by Toyota will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law. Please note that Woven by Toyota may not be able to comply with a request where personal information has been destroyed, erased or deidentified in accordance with Woven by Toyota’s record retention obligations and practices, or where we are unable to verify your identity.

Whenever we rely on your consent, you will always be able to withdraw it, although we may have other legal grounds for processing your data for other purposes.

10. Third-Party Links.

Our website and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Notice, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

11. Security.

We have implemented reasonable precautions aimed to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no security measures can guarantee absolute security.

12. Minors.

Our Services are not directed to minors under the age of 18, and we do not knowingly collect personal information from minors under the age of 18 without obtaining parental consent. If you are under 18 years of age, please do not use or access the Services at any time or in any manner. If we learn that personal information has been collected on the Services from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your minor child under 18 years of age has provided us with personal information, then you may alert us using the information provided in Section 13. "Contact Us," and request that we delete that minor’s personal information from our systems.

13. Contact Us.

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us or write to us at: privacy-inquiries@woven.toyota.

14. Changes to this Notice.

This Notice is current as of the Effective Date set forth above. We may change this Notice from time to time, so please be sure to check back periodically. We will post any changes to this Notice on our website. If we make any changes to this Notice that materially affect our practices with regard to the personal information, we have previously collected from you, we will provide you with notice in advance of such change by highlighting the change on our website.

15. Additional Privacy Information for Certain Jurisdictions.

I. California

This subsection provides California residents with additional information regarding our collection, use and disclosure of their personal information, as required by the California Consumer Privacy Act (“CCPA”) as amended. This section does not address or apply to our handling of publicly available information or other personal information that is exempt under the CCPA.

Categories of Personal Information Collected and Disclosed. While our processing of personal information varies based upon our relationship and interactions with you, the table below identifies, generally, the categories of personal information (as defined by the CCPA) that we collect and have collected in the past 12 months about California residents, as well as the categories of third parties to whom we have disclosed, or may disclose, this information for a business or commercial purpose.

Categories of Personal Information Collected

Categories of Personal Information Collected

Categories of Third Party Disclosures

Identifiers

Includes direct identifiers, such as name, alias, user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers.

- Service providers

- Advisors and agents

- Regulators, government entities and law enforcement

- Affiliates and subsidiaries

- Advertising networks

- Data analytics providers

- Social networks

- Internet service providers, operating systems and platforms

- Business customer/client

- Other users (in accordance with your privacy settings)

- Others as required by law (such as disclosures of sweepstakes and contests winners)

Internet and electronic network activity information

Including, but not limited to, browsing history, clickstream data, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services.

- Service providers

- Advisors and agents

- Regulators, government entities and law enforcement

- Affiliates and subsidiaries

- Advertising networks

- Data analytics providers

- Social networks

- Internet service providers, operating systems and platforms

- Business customer/client

- Other users (in accordance with your privacy settings)

- Others as required by law (such as disclosures of sweepstakes and contests winners)

Geolocation data

Location information about a particular individual or device.

- Service providers

- Advisors and agents

- Regulators, government entities and law enforcement

- Affiliates and subsidiaries

- Advertising networks

- Data analytics providers

- Social networks

- Internet service providers, operating systems and platforms

- Business customer/client

- Other users (in accordance with your privacy settings)

- Others as required by law (such as disclosures of sweepstakes and contests winners)

Visual data

Includes visual information, such as photographs and images collected from visitors that attend Company social events.

- Affiliates and subsidiaries

- Others as required by law

Professional information

Includes professional and employment-related information such as current employer(s) and position(s), business contact information and professional memberships.

- Service providers

- Advisors and agents

- Regulators, government entities and law enforcement

- Affiliates and subsidiaries

- Advertising networks

- Data analytics providers

- Social networks

- Internet service providers, operating systems and platforms

- Business customer/client

- Other users (in accordance with your privacy settings)

- Others as required by law (such as disclosures of sweepstakes and contests winners)

Sales and Sharing of Personal Information. California privacy laws define a "sale" as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA) certain technical information, including IP address, digital identifiers, information about your web browsing and usage of our Services, information about how you interact with our ads, and certain analytic information, with third party data analytics, marketing, and advertising partners. We do so in order to improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content. We do not sell or share personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal Information. In general, we may collect personal information from the following categories of sources:

  • Directly from the individual

  • Advertising networks

  • Data analytics providers

  • Social networks

  • Internet service providers

  • Operating systems and platforms

  • Business customer/client

Purposes of Collection, Use and Disclosure. As described in more detail in Section 3, Purposes of Use of Personal Information, and Section 4, Disclosures of Personal Information, above, we collect, use, disclose and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you:

  • Services and support

  • Analytics and improvement

  • Customization and personalization

  • Marketing and advertising

  • Planning and managing events

  • Research and surveys

  • Security and protection of rights

  • Legal proceedings and obligations

  • General business and operational support

  • In support of business transfers (e.g., if we are acquired by other company)

Retention. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with legal obligations.

California Residents’ Rights. Under the CCPA, California residents have the following rights (subject to certain limitations):

  • Opt out of sales and sharing: The right to opt-out of our sale and sharing of their personal information.

  • Limit uses and disclosure of sensitive personal information: the right to limit our use or disclosure of sensitive personal information to those authorized by the CCPA. We do not collect, use, or disclose sensitive personal information; thus, this right is not available to California consumers.

  • Deletion: the right to the deletion of their personal information that we have collected, subject to certain exceptions.

  • To know/access: The right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.

  • Correction: The right to correct inaccurate personal information that we maintain about them.

  • Non-discrimination: The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

Submitting CCPA Requests. California residents may exercise their CCPA privacy rights as set forth below.Request to know/access, correct, and delete. California residents may submit CCPA requests to access/know, correct and delete their personal information maintained by us online by submitting a request via email to privacy-inquiries@woven.toyota.

We will take steps to verify your request by matching the information provided by you with the information we have in our records. For that purpose, we may ask you for further information. You must provide us with the required information to verify your request. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor.

Authorized agents may initiate a request on behalf of another individual by contacting us at privacy-inquiries@woven.toyota. Authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Requests to Opt Out. California residents may exercise their right to opt out online via our cookie preference manager. In addition, our website responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our website. Note that if you come back to our website from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

II. European Economic Area (EEA) and UK

A. Purposes of Processing and Legal Bases

If you reside in the EEA or UK, this section details the purposes for processing personal information and the legal bases for which we process personal information, as required by the EEA and UK General Data Protection Regulation (the “GDPR”).

Legal Bases under GDPR. Pursuant to the GDPR, processing personal information may be justified by one of the following legal bases:

  • Performance of a contract with you, or taking pre-contractual steps at your request: This may include performance of an agreement with you, such as website Terms of Use. If we ask you to provide your personal information in order to enter into a contract with us, failure to do so may mean we cannot enter into the contract with you.

  • To comply with an EEA or UK legal obligation to which Woven by Toyota is subject: Personal information may be processed in order to comply with our legal obligations, such as to retain records of transactions. In some cases, we may need your personal information in order to comply with a statutory obligation.

  • For our legitimate interests: We may process personal information in furtherance of our legitimate interests, where those interests are not overridden by your rights, freedoms and interests.

  • With your consent: We may process personal information about you based on your consent, for example to send you marketing communications, surveys, news, and updates. Where our processing of personal information is based on your consent, you may withdraw consent at any time; please see Section 8. "Your Privacy Choices," or Section 15.II.E. "Contact Us" below for information on how to withdraw your consent.

Purposes and Legal Bases of Use and Processing. We use personal information for the purposes set forth below, and for the legal bases described below:

  • Services and support. To provide and operate our Services, communicate with our business clients about their use of the Services, provide troubleshooting and technical support, respond to inquiries and requests, and communicate for similar service and support purposes. (Legal basis: Performance of our contract with you; if your employer has entered a contract with us or requested that we take steps prior to entering into a contract, the legal basis is our legitimate interest in efficiently managing that contract or request in order to satisfy expectations and expand our business.)

  • Analytics and improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features, and for internal quality control and training purposes. (Legal basis: Our legitimate interests in improving our products and Services in order to expand our business and increase our revenue.)

  • Marketing. For marketing purposes. For example, we may send information about our Services, such as offers, newsletters and other marketing content. (Legal basis: Where required by law, your consent. In other cases, we rely on our legitimate interests in promoting our products and Services in order to expand our business and increase our revenue.)

  • Advertising. We may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content. (Legal basis: Our legitimate interests in improving the relevancy of our advertising in order to encourage interactions with us and grow our business.)

  • Planning and managing events. For event planning and management, such as organizing activities that align with participant interests. (Legal basis: Our legitimate interest in ensuring that events generate interest and participation, and well-managed, in order to satisfy expectations and maintain our reputation.)

  • Managing your event participation. For managing event participation, including registration, attendance, and providing updates about relevant event services. (Legal basis: Performance of a contract to manage your registration; if your employer has registered, the legal basis is our legitimate interest in efficiently managing event participation in order to satisfy expectations and expand our business.)

  • Research and surveys. To administer surveys and questionnaires, such as for market research or member satisfaction purposes. (Legal basis: Our legitimate business interests in improving the relevancy of our Services, products and advertising in order to improve Services and products and to encourage interactions with us, which allows us to grow our business.)

  • Security and protection of rights. To protect the Services and our business operations, including to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, situations involving potential threats to the safety or legal rights of any person or third party or violations of our contract terms, including our Terms of Use or this Notice; to respond to legal process and take actions related to legal process. (Legal basis: Our legitimate interests in conducting our business in a lawful manner and protecting our rights and interests as well as those of our stakeholders and society at large.)

  • Legal proceedings and obligations. To comply with the law and our legal obligations, such as accounting and reporting requirements. (Legal basis: To comply with an EEA or UK legal obligation, or in reliance on our legitimate interests in conducting our business in a lawful manner and protecting our rights and interests as well as those of our stakeholders and society at large where we need to comply with non-EEA or UK law.)

  • General business transactions. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, financings and other business transactions. (Legal basis: Our legitimate interests in organizing our business efficiently.)

  • General business and operational support. To administer general business, accounting, auditing, compliance, recordkeeping, and legal functions. (Legal basis: Our legitimate interests in running our business efficiently in order to improve our performance metrics and maintain profitability.)

B. Your Rights in respect of Your Personal Information

GDPR gives you certain rights regarding your personal information that we hold, subject to any conditions or limitations set out in applicable law:

  • Access. You have the right to obtain information about our processing of your personal information and obtain access to and a copy of your personal information.

  • Rectification. You have the right to update, complete or correct inaccuracies in your personal information.

  • Erasure. You have the right to have your personal information deleted.

  • Portability. You have the right to obtain a machine-readable copy of your personal information or to have us transfer it to another controller of your choice.

  • Restriction. You have the right to restrict the processing of your personal information, meaning that we will not further process your personal information except to store it.

  • Withdrawal of consent. You have the right to withdraw your consent to our processing of your personal information, without affecting the lawfulness of processing up until withdrawal.

- Objection. You have the right to object, on grounds relating to your particular situation, to the processing of your personal information when based on our legitimate interests.

- You also have the right to object to the processing of your personal information for direct marketing (including profiling) purposes.

See below, Section E. "Contact Us," for information about how to exercise your rights.

If you are not happy with how your rights are handled, you can submit a complaint with the relevant data protection authority.

C. Retention of Personal Information

We have a general policy of retaining personal information for as long as necessary in view of the purposes for which we process it, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We typically retain personal information for a period of time corresponding to a statute of limitation, for example to maintain an accurate record of your dealings with us, such as pursuant to a contract so that we can raise or defend a legal claim. In some circumstances we may retain personal information for other periods of time, for instance where we are required or permitted to do so in accordance with legal requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. We may also retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation.

D. International Data Transfers

We transfer personal information to countries outside of the EEA and UK, and notably to Japan, which is deemed by the European Commission to provide an adequate level of protection to personal information, and to the United States, which is not deemed by the European Commission to provide an adequate level of personal information protection.

Transfers within Woven by Toyota will be performed on the basis of the European Commission’s adequacy decision for Japan (recognized by the UK), or the EEA / UK standard contractual clauses for transfers, as approved by the European Commission or the ICO. Transfers to service providers or other third parties will be made pursuant to an adequacy decision; the recipient’s compliance with standard contractual clauses; the consent of the individual to whom the personal information pertains; as necessary to perform a contract with that individual or in the individual’s interest, or to carry out pre-contractual steps; or as otherwise permitted by applicable law. See below, Section E. "Contact Us," for information about how to obtain a copy of standard contractual clauses.

E. Contact Us

If you wish to exercise any rights, or have any questions about this Notice or our privacy practices, you can reach us at: privacy-inquiries@woven.toyota.

III. Japan

We will comply with the Act on the Protection of Personal Information (the “APPI”), other relevant laws and regulations concerning the protection of personal information, and the guidelines issued by the Personal Information Protection Commission, by competent ministers or relevant industry group.

A. Joint-Use with Group Entities

Your personal information specified in Section 2 of this Notice will be jointly used with our parent, subsidiary and affiliated companies for the purposes stipulated in Section 3 of this Notice. Woven by Toyota, Inc. (Address: Nihonbashi Muromachi Mitsui Tower, 3-2-1 Nihonbashimuromachi, Chuo-ku, Tokyo, Japan 103-0022), will be responsible for management of the jointly used personal information.

When requested by you, we will provide you the items specified under Article 18.3 of the Enforcement Rules for the Act on the Protection of Personal Information such as the information on the equivalent safeguards implemented by the joint users located outside of Japan pursuant to Article 28, Paragraph 3 of the APPI and Article 18 of the Enforcement Rules for the Act on the Protection of Personal Information.

B. Your Rights in respect of Your Personal Information

You have the following rights in respect of your personal information:

  • Right to Access - you have the right to request access to any of your personal information that we may hold, and to obtain information about the processing of that personal information.

  • Right to Rectify - We will take steps in accordance with applicable legislation to keep your personal information accurate, complete and up-to-date. You are entitled to have any inadequate, incomplete or incorrect personal information corrected.

  • Right to Erasure - You have the right to request deletion of or cessation of processing of your personal information if your personal information has been used beyond the scope necessary to achieve the purpose for which they were collected, processed or obtained by deceit or in violation of the APPI, if our use of your personal information triggers illegal acts, are no longer necessary in relation to the purposes for which they were collected, compromised or otherwise processed in a manner which could harm the rights or legitimate interest of you.

  • Right to Cease of Transferring to Third Parties - You have the right to request cessation of transferring of your personal information if your personal information is transferred to a third party in violation of the APPI or the transfer could harm your rights or legitimate interest.

C. Inquiries concerning Personal Information and Contact Point for Complaints

With respect to a request for disclosure, correction and discontinuance of use of personal information, as well as other inquiries and complaints, please contact us. If appropriate, we may ask you for additional information to verify your identity. Each of the rights listed Section B above may be subject to exemptions under the APPI. Where we rely on exemptions to withhold information or refrain from complying with all or part of a request, we will explain this to you.

Contact Point for Inquiries:

In principle, please notify us by email or phone to the following address.

Location: Nihonbashi Muromachi Mitsui Tower, 3-2-1 Nihonbashimuromachi, Chuo-ku, Tokyo, Japan 103-0022

Email: privacy-inquiries@woven.toyota