Last updated 11 November 2022
1. Who are we?
In this policy the “Lexus Group” (or “we” or “us”) is:
- "Lexus Australia” a division of Toyota Motor Corporation Australia ABN 64 009 686 097; and
- "Lexus Financial Services” a division of Toyota Finance Australia Limited ABN 48 002 435 181.
The Lexus Group is part of the broader OneLexus Network of Lexus organisations in Australia. See section 2 for more information about the OneLexus Network.
We understand that your personal information and credit information (“information”) is important to you and we value your trust. This policy sets out how the Lexus Group handles your information. It also includes how we handle information collected from third parties, such as your credit report through the credit reporting system if you obtain finance with us.
We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and its Australian Privacy Principles (“APPs”). Lexus Financial Services is a participant in the credit reporting system and is bound by the credit reporting rules in the Privacy Act. For more information about Lexus Financial Services’ credit reporting practices, see section 9 on “Credit reporting (applies only if you seek finance from Lexus Financial Services)”.
2. OneLexus Network
The Lexus Group (Lexus Australia and Lexus Financial Services) is part of the OneLexus Network, which includes:
- Lexus Australia;
- Lexus Financial Services;
- authorised Lexus dealers in Australia; and
- Aioi Nissay Dowa Insurance Company Australia Pty Ltd trading as “Lexus Insurance”.
The Lexus Group collects and shares with other members of the OneLexus Network your personal information, including data collected from Connected Services, so that the OneLexus Network can provide you with an integrated OneLexus customer experience, including allowing you to be known across the Network regardless of which OneLexus entity you choose to deal with and to provide you with products, services, information and assistance, respond to your enquiries and help keep your information up to date. Your information may be disclosed to OneLexus Network service providers in Australia and overseas for these purposes.
3. What information do we collect and hold?
The kinds of information that we collect and hold about you will depend on the nature of your dealings with us.
Information we collect about you
We may collect and hold information about you including:
- contact and identification information, such as your name, date of birth, contact number(s), email address(es), residential and/or business address(es), demographic information (such as postcode, age, gender) and driver’s licence details;
- payment details (such as account or credit card details) and payment-related information in connection with your purchase of our products and/or services;
- vehicle and servicing details, including vehicle registration, vehicle purchase details, name of your selling or servicing Lexus dealer, service appointment bookings, vehicle service and repair history (including in relation to Lexus Service Advantage, warranty, repairs and recalls, if applicable);
- data collected as a result of connected services functionality, such as vehicle location. For details on the extent of information collected as a result of the connected services functionality, please see section 4;
- finance details such as financial, insurance or credit information, marital status, employment details and history; and
- information collected from marketing campaigns, product research, customer surveys, your interactions with us including via social media, via Lexus community platforms such as Lexus Community, or publicly available information that you post or publish or broadcast.
If you do not wish to provide particular information, we may not be able to respond to your query, provide you with our products and services or assess your application for a product or service.
Sensitive information: We will only collect sensitive information about you with your consent (unless we are otherwise allowed or required by law to collect that information). Sensitive information includes information about your health, race, ethnic origin and religious beliefs.
Providing someone else’s personal information: If you provide us with personal information about another person (such as a joint vehicle owner or authorised driver or contact person, or as part of a social media post or in relation to a trade promotion, competition, survey or other interaction with us), you need to tell the other person about this Policy so they are aware that you have provided their information to us and that they can read this Policy to understand how their information will be handled. You must obtain all necessary consent from the other person before supplying their personal information to us (including a parent or legal guardian’s permission for minors).
Information we collect automatically
Whenever you visit or interact with a Lexus Group website or other online platform of ours (“Platforms”), we, as well as any third-party service provider and/or advertiser, may use a variety of technologies that automatically or passively record information about how the Platform is accessed and used (“Usage Information”). Usage Information may include
your IP address or other unique identifier for the device used to access a Platform ("Device Identifier"),
email address, username, or other unique user identifier (“User Identifier”),
aggregated multi-platform information about Google users who have enabled personalised advertising on their Google accounts (Google Signals Data),
"Device” type (computer, mobile phone, tablet or other device),
operation system and/or application version,
date and time of visit, pages viewed, preceding page views and your use of features or applications on the Platform such as interactions with connections or groups.
Usage Information helps us keep our Platforms relevant to users and allows us to tailor content to a user’s interests. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we will treat it as personal information.
We may use Device Identifiers and User Identifiers to help us administer Platforms, diagnose problems with our servers, analyse trends, observe Platform usage and activity over time, help identify you and your shopping cart, provide you with access to a personalised view of our Platforms, and gather broad demographic information for aggregate use.
Cookies (data files placed on a Device when it is used to visit a Platform) may be used to associate you with media platforms like Facebook, Google Marketing Platform (GMP), Salesforce and other media, and, if you so choose, enable interaction between your activities on our Platforms and those social media platforms. We or our vendors may place cookies on your Device for security purposes, to facilitate site navigation and personalise your experience while visiting our Platforms (such as allowing us to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location or demographic information).
To learn how you may manage cookies, or delete cookies that have already been installed, please refer to your browser’s help menu or instructions. If you disable or opt out of receiving cookies, some features and functions on our Platforms may not work properly or fully because we may not be able to recognise and associate you with your Lexus account(s). In addition, the offers we provide may not be as relevant to you or tailored to your interests.
4. Connected Vehicle Services
Information we collect about you for Connected Services
If your vehicle is fitted with Connected Services functionality and an owner of the vehicle has not previously opted out of Connected Services, your vehicle will collect and transmit vehicle data for Connected Services via an over the air transmission or by direct connection to your vehicle’s computers.
Connected Services operate by using data collected from you and your vehicle, including your personal information, vehicle information and vehicle location. To confirm if your vehicle is fitted with Connected Services functionality, please refer to your Owners’ Manual or Lexus.com.au/connectivity.
To understand more about Connected Services and how Lexus handles connected vehicle data, please see Lexus.com.au/connectivity.
Connected Services that use personal information
The Connected Services which are currently available, and the ways those Connected Vehicles use your personal information and the vehicle data collected and transmitted by your vehicle, are listed below.
Safety & Security Your connected vehicle’s Safety & Security feature provides emergency assistance (SOS), Automatic Collision Notification (ACN) and stolen vehicle tracking (SVT). Safety & Security services use vehicle location data (your vehicle’s latitude and longitude) to determine where your vehicle needs assistance, your personal information (such as, your name, address, phone number, email address, etc.) to verify your account, and your voice recordings (when you call our Connected Services Response Centre) to provide assistance to you. Unless required or authorised by or under law, or an order of a court or tribunal, personal information collected for the purposes of ACN and SOS and SVT services will not be used for any other purpose than for providing the ACN and SOS / Safety and Security Connected Services.
Lexus Connected App You can choose to subscribe to additional Connected Services by downloading the Lexus Connected application onto your device and registering your vehicle. The Connected Services available via the Lexus Connected application operate by collecting and processing data obtained from you and your vehicle and displaying that data in the Lexus Connected application. The types of data collected via the Lexus Connected application includes your personal information (such as name, email address, phone number) vehicle information (such as VIN, fuel levels and oedometer reading), vehicle location and driving data. To find out more about the Connected Services available via the Lexus Connected application please visit Lexus.com.au/connectivity.
Managing your Connected Services
If you do not opt-out of Connected Services, your personal information and vehicle data will be collected, held, used and disclosed for Connected Services, to provide an integrated OneLexus customer experience and for research, product development and data analysis purposes.
To opt-out of, or opt-back in to, Connected Services (except for Safety & Security Connected Services) please go to the manage my subscription section of the Lexus Connected application.
To opt out of ACN and SOS, contact your local Lexus dealer for further assistance or the Lexus Connected Account Enquiries on 1300 064 789.
To opt out of SVT, please call Lexus Connected Account Enquiries on 1300 064 789.
If these Safety and Security Services have been opted out of and you would like to opt back in, then please contact a Lexus dealer for further assistance or the Lexus Connected Account Enquiries on 1300 064 789.
If you contact the Connected Services Response Centre via the SOS function in your vehicle or Lexus Connected Account Enquiries on 1300 064 789 for the purposes of Safety and Security services or any other reason, your conversation will be recorded to deliver Connected Services to you and for quality assurance and training purposes.
5. How do we collect your information?
We may collect information in a variety of ways, including directly from you, for example:
- when you complete a form to order a vehicle, parts or accessories, book your vehicle for servicing, apply for credit or make a general enquiry about our products and services;
- when you contact or interact with us whether in person, by email, phone, SMS or other forms of communication, or via our website or social media;
- when you use data-collecting devices, products or systems, including Connected Services; or
- when you participate in our surveys, competitions, promotions, events, sponsorships or other activities.
We may collect information from organisations within the OneLexus Network, such as:
- our authorised Lexus dealers, if you interact with or purchase products or services from that dealer; and
- Lexus Insurance, if you make enquiries, purchase and/or renew your insurance with Lexus Insurance.
Sometimes, we may collect your information from third parties such as:
- providers of data-collecting devices, products or systems that you use;
- your accountant for the purposes of assessing a credit application;
- where an individual is an officer of a company that has applied for credit, we may collect information about the officer from public records or from other officers of the company who arranged that company's credit application;
- when named as a personal referee by you, we collect that personal referee's personal information from the written credit application form;
- another credit provider where you have or had a credit account;
- the Credit Reporting Body (“CRB”) where we obtain your credit report;
- your insurer or broker;
- contractors performing a service or function on our behalf;
- regulatory authorities;
- marketing agencies and similar lists which are legally acquired by us;
- your employer, contractor or another person who makes a vehicle available to you; and
- any other parties you refer us to or who refer us to you.
6. What are the purposes for which we collect, hold, use and disclose your information?
The Lexus Group collects, holds, uses and discloses your information, including data collected from Connected Services, for a variety of purposes including:
- to provide you with an integrated OneLexus guest experience;
- any purpose which we notify you about when we collect your information or to which you have provided your consent;
- considering and assessing your application (including eligibility) for a product or service;
- determining your eligibility to purchase a vehicle, including whether you are purchasing the vehicle for commercial re-sale
- providing a Lexus product or service to you (including via our authorised Lexus dealers, agents and/or contractors where applicable);
- providing Connected Services to you if you use a vehicle fitted with enabled Connected Services functionality (refer to your Owners’ Manual or Lexus.com.au/connectivity to confirm if your vehicle is fitted with Connected Services functionality);
- providing customer assistance and support such as vehicle service reminders, recalls and assisting with warranty claims;
- responding to your enquiries, concerns or complaints;
- administering and managing our relationship with you, including by verifying your identity in order to provide a requested service;
- informing you about products, services, special offers and/or events from the OneLexus Network. For more on Direct Marketing, see section 7 below;
- improving your customer experience and our marketing, including through data analytics, product planning, product development and research;
- protecting our interests, including by registering a security interest on the Personal Property Securities Register or checking against sanctions or other reference lists;
- complying with our legal obligations, assisting government and enforcement bodies or regulators, or where otherwise required or authorised by or under law, or an order of a court or tribunal;
- assessing and considering your application (if applicable) as a prospective job applicant, dealer/franchisee or contractor;
- using data in aggregated form to analyse vehicle and/or road safety, environmental and energy issues, advanced technologies and usage; or
- where your employer is paying for some or all of the cost for you to use a vehicle, your information is used to provide reporting to your employer regarding your usage of our vehicles, including location, time, dates and any notices or information received in relation to the booking.
We may publish (including by posting on social media) customer testimonials/video testimonials which may contain personally identifiable information. We will obtain the customer’s consent prior to publishing the testimonial along with their name.
7. Direct marketing
The OneLexus Network (or any of the entities which make up the OneLexus Network including their agents and contractors if any acting on their behalf) may send you direct marketing to inform you about products or services, special offers, promotions and events that may be of interest to you. These marketing communications may include joint promotions with Lexus dealers or other promotion partners, and may be sent to you using any contact details provided by you, such as post, phone, email or SMS.
Please note that the organisations comprising the OneLexus Network are separate organisations. If you do not wish to receive marketing communications and surveys from a member of the Network, you can let that organisation know at any time using the contact details in their respective privacy policies or utilising the “unsubscribe” or other opt-out function offered by the organisation in each marketing communication.
If you do not wish to receive any marketing communications from Lexus Australia or Lexus Financial Services, you can let the relevant organisation know using the contact details provided in section 16 “Contacting us” below, or by utilising the “unsubscribe” function in electronic communications from the organisation. In some circumstances we may need to contact you to obtain additional information, verify your identity or to clarify your request, in order to action it.
Your consent to receive direct marketing communications from the OneLexus Network in the above ways will be deemed if you do not opt out when you are offered the opportunity to do so, and will remain current on an ongoing basis unless and until you advise otherwise.
If the law requires us to provide you with information about our products or services (for example, product recalls), we will provide that information even if you have elected not to receive information about our products and services generally.
8. Who do we disclose your information to?
We may share your information, including data from Connected Services, (except SOS and ACN Connected Services) within the OneLexus Network in order to provide an integrated OneLexus guest experience across our Network.
Your vehicle logbook data, and service and repair history (including in relation to warranty and recalls, if applicable) may be made available to subsequent owners (if any) of your vehicle.
We do not disclose any personally identifying information about you to subsequent owners of your vehicle.
- the Lexus Group’s related bodies corporate (including our parent company Toyota Motor Corporation in Japan);
- Lexus entities overseas such as Toyota Connected Europe and Lexus Motors North America who support the provision of Connected Services in Australia;
- suppliers of third party services where you have consented to us sharing your information with them (such as compatible app providers);
- other credit providers to assess your application with Lexus Financial Services or manage your credit
- a guarantor, if a finance arrangement is guaranteed;
- Emergency Service Providers (such as ambulance, police, fire brigade etc) to provide you with emergency assistance as part of the Safety & Security feature of Connected Services (applicable vehicles only);
- government and law enforcement agencies, bodies and regulators, or a dispute resolution body of which we are a member (for example, the Financial Ombudsman Service), if we are required to disclose your information to such authorities; or
- your employer or former employer, or their representative (for example, to conduct a reference check for potential employment or finance applications).
- a person that subsidises or makes a vehicle available to you (for example, your employer, your former employer or principal) including to conduct a reference check for finance applications, or for marketing purposes;
- our third party agents or contractors which perform a particular function or service on our behalf;
Examples of our third party agents or contractors include:
- mailing houses;
- finance and insurance product suppliers;
- organisations that assist us to conduct promotions or market research;
- customer support providers;
- information technology service providers;
- debt collection agencies; and
- accountants, lawyers and other professional advisors.
If you consent, we may also disclose your information to selected third parties to help you obtain discounts or services from those third parties. We will not disclose your information for this purpose without your consent, and you can opt out at any time.
We may also disclose your information to third parties where required or authorised by or under law.
We do not share your personal information with data resellers, social networks, advertising networks, insurance providers unless we have your consent or as otherwise required or authorised by or under law.
9. Credit reporting (applies only if you seek finance from Lexus Financial Services)
In this section, references to “we”, “us” or “our” refer to Lexus Financial Services only, not Lexus Australia. Lexus Financial Services participates in the credit reporting system to make better and more informed decisions about providing credit to our customers. When you apply for credit with Lexus Financial Services, or propose to be a guarantor, we may request a credit report about you from a Credit Reporting Body (CRB). Credit reports contain information about your credit history that will help us assess your credit worthiness and your ability to repay credit.
What credit information and credit eligibility information do we collect and hold?
The credit information we collect and hold includes your identification details, the type of credit you hold, the amount of credit borrowed, the terms and conditions of your credit, when your credit was opened or closed, whether or not you have met your repayment obligations under your loan contract and loan contracts with other credit providers, and information about your credit worthiness. The credit eligibility information we collect and hold includes credit reports obtained from a CRB and our own rating or score which help us to assess your creditworthiness.
What do we do with credit information and credit eligibility information?
We collect, hold, use and disclose credit information and credit eligibility information about you for purposes which include:
- confirming your identity;
- assessing your consumer or commercial credit or guarantor application;
- managing your account and collecting any overdue payments;
- helping you avoid defaulting on your loan;
- complying with any relevant laws and regulations.
We will use the information obtained from a CRB, and combine it with information we already hold about you, to calculate our own rating or score to help us assess your creditworthiness.
We may also disclose to the CRB if you have not met the payment obligations under your loan contract or if you have committed a serious credit infringement (for example fraud). Some of the information we disclose to a CRB may be included in your credit report and provided to other credit providers to help them assess your creditworthiness.
We may disclose your information to any of the following CRBs:
If you would like to know how these organisations manage your information, you can view their privacy policies on their websites or contact them directly by calling the numbers above.
What are your rights?
You have the right to ask a CRB not to use your information for the purpose of pre-screening or direct marketing by a credit provider. You can ask them not to use or disclose this information for a period of time if you reasonably believe that you have been, or are likely to be, a victim of fraud.
10. Holding and protecting your information
We may hold information about you in digital and paper forms. We take reasonable steps to protect your information from misuse, loss, interference, and from unauthorised access, modification or disclosure. Some of the ways we protect your information include:
- external and internal premises security;
- utilising secure servers;
- restricting access to your information only to personnel who need it to perform their functions;
- utilising and maintaining information security applications to prevent unauthorised access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls, encryption and anti-virus software as appropriate;
- limiting the functionality of Connected Services to only respond to commands from you, us or any authorised users and only for those features you have not opted out from receiving; and
- maintaining physical security over paper records.
11. Data Retention
Unless we are required to retain your information for a longer period as required or authorised by or under law, your information will be retained by us for as long as reasonably necessary to provide and support the products the services you have obtained from Lexus.
12. Disclosing your information overseas
We may disclose your information to organisations located overseas. These include:
- our related companies in Japan and elsewhere in the world such as the UK, and USA; or
- our service providers that are located or hold data overseas including in the USA, Singapore, India, the UK, Ireland, and Sweden.
In addition to the above, if your vehicle collects and transmits vehicle data for Connected Services, your vehicle data will be disclosed to:
- Toyota and Lexus entities and service providers located overseas which support the provision of Connected Services in Australia. These include organisations located in Japan, the UK, Singapore, and USA including Toyota Connected Europe in the UK and Toyota Motors North America in the USA.
- Toyota entities located overseas including Toyota Motor Corporation in Japan for research and development purposes, including improving vehicle quality, and conducting vehicle diagnostics.
13. Accessing and correcting your information
You can generally access and request the correction of information we hold about you by contacting us in any of the ways set out at the bottom of this policy. Please note that the organisations comprising the OneLexus Network (that is, each of Lexus Australia, Lexus Financial Services, each Lexus dealer and Lexus Insurance) are separate organisations, and each organisation may hold different information about you (if any).
We may charge an access fee to recover the reasonable costs incurred. This charge is only designed to help us reasonably recover the costs associated with providing you with access and does not apply to the making of the request. Before we act on a request, we will provide an estimate of the access fee and ask you to agree to it.
Access to your information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or if the request for access is frivolous or vexatious. If we deny or restrict your access, we will write to you to let you know why, unless, having regard to the grounds for the refusal, it would be unreasonable for us to do so. You may make a complaint about a refusal to the Office of the Australian Information Commissioner.
We rely on the information that we hold about you to provide our products and services to you, and to perform our business functions. Therefore, it is very important that the information we hold is accurate, complete, up to date and relevant. This means that, from time to time, we may ask you if your information is still accurate and up to date. If you find that any information that we hold about you is incorrect, you should contact us immediately and we will take reasonable steps to correct it.
14. Your Responsibilities
To ensure the information we hold is accurate, complete, up to date and relevant, we require that you:
- notify us of the sale or transfer of your Lexus vehicle
- notify us if you have purchased or acquired your Lexus vehicle outside of the Lexus Dealer network; and
- if your vehicle has an enabled Connected Services functionality, inform passengers and drivers of your connected vehicle that vehicle data is collected and used by us for Connected Services.
If you do not notify us of a sale, purchase, acquisition or transfer of a vehicle, we may continue to send communications in relation to that vehicle to the last known registered owner in our records.
15. Resolving concerns
If you believe that your privacy has been compromised, or if you feel that we have breached the privacy laws, you are entitled to make a complaint. Complaints can be made by contacting the person or department you were dealing with, or by contacting us using our contact details set out at the bottom of this policy.
We endeavour to respond to you within 24 hours to acknowledge the complaint and explain how we will investigate it. This may include consulting with the CRB or other credit providers if the complaint relates to your credit information. We will try to resolve your complaint within 20 working days and write to you to explain the reasons for our decision. When this is not possible, we will contact you and let you know how long it will take for us to resolve your complaint.
If your complaint is not satisfactorily resolved, you can contact us to discuss your concerns or lodge a complaint with Office of the Australian Information Commissioner by visiting oaic.gov.au, calling 1300 363 992 or emailing [email protected]. If your complaint relates to your finance with us you may access the Australian Financial Complaints Authority at afca.org.au or by calling 1800 931 678.
16. Contacting us
If your enquiry relates to Lexus Australia (Lexus vehicles, parts, accessories, roadside assistance), you can contact Lexus Australia by:
If your enquiry relates to Connected Services, you can contact Lexus Connected Account Enquiries on 1300 064 789
If your enquiry relates to Lexus Financial Services (including Lexus Financial Services, and insurance products), you can contact Lexus Financial Services National Customer Solutions Centre by:
You can contact us without identifying yourself or by using a pseudonym. However, if you do not identify yourself or provide your contact details, we may not be able to respond to your query.
If you contact us on behalf of another person, we will require evidence of your authority to act on behalf of that other person.