Privacy Policy
Toyota Insurance Protect
We consider it of the utmost importance to protect your privacy and to keep you informed on which personal data we process and why. Our Smartphone application (“App”) offers a set of services to the end users according to the following privacy policy.
For further information, please read this privacy policy (“Privacy Policy”), where it is explained what kind of personal data we process when you use our APP.
1. Who is responsible for processing your personal data?
Data Controller
Toyota Insurance Management SE, Toyota-Allee 2, 50858 Cologne is the Data controller of your personal data on this App.
Data Processor
AvMap Srlu (“AvMap”), Viale Zaccagna 6, 54033 Carrara (MS), Italia is the Data processor of your personal data.
Data protection officer
Our company has several branches and we want you to reach somebody who can speak your language. You can reach our Data protection officer at [Toyota Insurance Management SE, Toyota-Allee 2, 50858 Cologne, adding “addressed to the Data protection officer”] or under the email address [datenschutz@toyota-im.com].
2. Download, Installation and necessary rights for the App
To download this App, you need to access third party providers (f.e. Google or iTunes) in order to access and download the App. We are not part of any agreements you have to conclude in order to access such portals or online-shops, and also do not have any influence on data processing by such third party providers.
In order to use the App on your mobile device, the following rights on your Android /iOS system are required:
- Notifications
The App sends notifications in case of alerts (such as movement without ignition on, TKey battery status, ….) related to your service - Access to Wlan /mobile network
Your App needs access to your mobile network or Wlan services in order to submit information on your car
3. What kind of personal data we collect and from whom
We process the following data:
Registration and account creation:
- Identity information (First name, last name)
- Contact information (Telephone number, Email address)
- Information related to your account (f.e. preferred contact method, communication language, settings)
- Information related to your car and anti-theft device (Vehicle Identification Number, Anti-Theft device TKey IDs)
Vehicle related information:
- Car status (doors closed/open, status of anti-theft device on/off, geofence on/off)
- Last vehicle location @ ignition-off (map, address)
Insurance related information:
- Insurance policy information (policy number, expiration date)
Service related information:
- Movement with ignition off
- Battery status of your vehicle and Anti-Theft device TKeys
- Information submitted by you in case of a confirmed theft/suspected theft of your vehicle
We usually collect the data from the owner of the Anti-Theft device built into the vehicle, and registered on our App. In addition, the last location of the vehicle might give insight into the last location of any driver of the vehicle this App is used for. Please note that, if you allow another person to drive your vehicle, such driver should be informed by you of this privacy notice.
4. Why we process your personal data
We use and collect your data in order to
- Allow registration and account management
- Inform you about vehicle related information, including last known location
- Send you alerts for the pre-defined events registered on the Anti-Theft device
- Allow you to set up a geo fencing for your vehicle
- In the event of a theft, allow you to submit a report to your insurer or insurance intermediary in order to track your car
- Share your data with third parties such as your insurer or insurance intermediary in case of a reported theft
- Secure, maintain and support our App services to you
- Analyze reported alerts
5. Whom we share your data with and why
We share your data with others for the following purposes:
- provision of technical services by AvMap as our data processor, and their sub-processors which provide technical or IT services to them (such as Amazon Web Services and Microsoft Azure).
- If you submit a stolen vehicle report we will review your report and share it with your insurer.
- In case of a confirmed theft, we will share with official authorities the following:
- current location of your car,
- historical locations of your car for the 24 hours before your car was stolen; we will use your theft report to calculate the 24 hours before your car was stolen; we will use your reported theft date for calculating this. Upon request by authorities, we will share up to the last 30 days for the purposes of official law enforcement.
- We use third parties such as intragroup providers in connection with the provisioning of our services, such as data processors for IT related services or database management solutions.
6. Legal basis for processing your data
The processing of your data is necessary in order to offer you the services supported by the App, such as contacting you in case of certain alerts triggered by the Toyota Insurance Protect Anti-Theft device.
Your data is also processed based upon legitimate interest in cases where we want to analyze statistical information on the alerts of the App.
In case of a confirmed theft which you reported to us, we might have a legal obligation to share the report and any other submitted information with official authorities.
7. Data retention
Your data are kept for a period of time not exceeding the achievement of the purposes for which they are processed.
Your personal data are kept only for as long as is necessary in order to achieve the purposes described in this Privacy Policy. In particular:
- Account and registration data (identity, contact, vehicle and device/key information) are retained for as long as your account remains active, and for 6 months after you deactivated your account.
- Vehicle, location and service-related data (car status, movements, alerts, battery status) are in general, processed by the Anti-Theft device and then shown on the app. The retention of data is usually 90 days from collection, unless a longer period is needed to investigate a specific reported incident. In case of a confirmed theft, the relevant report and related data may be kept for longer, and as is necessary for the investigation and insurance claim.
Kindly note that your insurer might keep your data in line with their privacy notice.
8. Where we keep your data
The data are stored in our databases that are located in Europe. These data are managed by our personnel, by technicians in charge of the data processing and by people in charge of conducting periodic maintenance operations.
9. Minors
The App and more in general our services and products are not intended for minors under the age of 18, who shall not provide personal data to us. In the event that we become aware of the collection of personal data from users under the age of 18, we will take the necessary steps to delete such information as soon as possible.
10. Your rights
- Information: You can request information at any time about which personal data we process about you, where it comes from and for what purpose and in what way we process the data. Your right to information is regulated in Art. 15 GDPR.
- Right to data portability: If the requirements of Art. 20 GDPR are met, you have the right to receive your personal data that you have provided to us in a common, structured machine-readable format and to transfer your personal data to a third party of your choice or to have it transmitted by us.
- Correction of your data: If you notice an error in your personal data or notice that it is incomplete or inaccurate, you can request that we correct or complete this data in accordance with Art. 16 GDPR.
- Restriction of processing: If the requirements of Art. 18 GDPR are met, you have the right to demand a restriction of the processing of your personal data (for example, while an inaccuracy of your personal data asserted by you is being examined by us).
- Deletion: In addition, you can ask us to delete data about you under the conditions set out in Art. 17 GDPR, unless there is a statutory exception
- Objection: In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you that we carry out on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation. We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, in accordance with Art. 21 (2) GDPR; this also applies to profiling, insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
- Withdrawal of consent: You can revoke consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of consent before its revocation.
- Complaint to a supervisory authority: You are also entitled to lodge a complaint with you local data protection authority and in the event that you believe that the applicable regulatory provisions have not been respected.
Privacy Policy version
This Privacy policy was last reviewed on 14.07.2026.