GENERAL PRIVACY POLICY

Last revised: February 27, 2025

OUR PRIVACY COMMITMENT

Subaru Canada, Inc. (“Subaru”, “we”, “us” or “our”) values its relationship with you and is committed to maintaining the privacy and security of your personal information. Subaru has developed this Privacy Policy (this “Policy”) to inform you about how we collect, use and disclose your personal information when you purchase or lease Subaru vehicles from our Authorized Subaru Dealers in Canada (“Dealers”), purchase products or other services from Subaru or Dealers (“Dealers”), and when you use Subaru’s websites and mobile apps.

Our SUBARU STARLINK^® Connected Services Privacy Policy applies to personal information we collect when you enroll for and/or use the SUBARU STARLINK^® Connected Services.

SCOPE OF POLICY

“Personal Information” as used in this Policy means information about an identifiable individual. This Policy does not apply to (i) personal information we collect in our capacity as your employer; or (ii) business contact information (for example the name, title, business address and telephone number of an employee of an organization) we collect in the course of our business dealings.

SUMMARY OF OUR PRIVACY PRACTICES

Accountability

Subaru’s Privacy Officer is responsible for Subaru’s compliance with this Policy.

Collection of Personal Information

Use of Personal Information

Disclosure of Personal Information

Choices

Consent

Cookies, Pixels and Other Web Tracking Technologies

We may use cookies, pixels and other web tracking technologies on our websites, mobile apps, email messages and advertisements to gather information about your device or browser, your visit and your interactions with us. We use this information to operate and secure our platform, to understand user interactions, to improve functionality and user experience, and to provide you with a personalized experience, including delivering targeted ads to you on our websites and other platforms. You may disable cookies in your browser settings. In some provinces where it is required by legislation, you may also manage your cookie preferences by using the Privacy Preference Center on our websites.

Online Tracking and Advertising

MySubaru

Mobile Apps

Third Party Products, Services, Websites and Mobile Apps

Subaru Dealers

Subaru and our Dealers are separate legal entities with their own privacy policies and practices. For questions about your Dealer’s privacy policy and practices, including opting out of marketing communications from your Dealer, please contact your Dealer directly.

Safeguards

We use physical, organizational and technological measures to protect personal information.

International Transfers of Personal Information

Accuracy

Retention of Personal Information

Access and Update to Personal Information

Challenging Compliance

Changes to Policy

Contact Us

ACCOUNTABILITY

Accountability for Subaru’s compliance with its Privacy Policy rests with Subaru’s Privacy Officer, even though other individuals within Subaru may have responsibility for management of personal information or may be delegated to act on behalf of the Privacy Officer.

COLLECTION OF PERSONAL INFORMATION

Subaru collects certain information about you, your vehicle, and your online activities (as described below) through your verbal and written interactions with Subaru, our Dealers, our third-party service providers, our products and services, websites and mobile apps owned or operated by or on behalf of Subaru, and social media.

The types of information that Subaru collects about you, your vehicle, and your online activities may include but are not limited to the following:

• contact information (e.g. name, address, telephone number, email address and alternate contact information such as the name of your employer and business contact information);
• vehicle information (e.g. Vehicle Identification Number (VIN), license plate number, make, model, model year, colour, mileage, warranty and service history, diagnostic trouble codes, insurance information; previous vehicles owned / leased);
• vehicle Event Data Recorder (EDR) and EyeSight data with your consent;
• vehicle transaction information (e.g. date and terms of your vehicle purchase / lease / finance);
• technical information when you visit websites and mobile apps owned and operated by Subaru (e.g. information about your connected devices such as mobile phone, computer or tablet, unique device identifiers, the Internet protocol (IP) address used to connect your computer to the Internet, the name of your Internet service provider, cookies, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform);
• information about your visit to websites and mobile apps owned and operated by Subaru (e.g. login and password, the full Uniform Resource Locators (URL) clickstream to, through and from our websites and mobile apps (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (including scrolling, clicks and mouse-overs) and methods used to browse away from the page);
• social media content (e.g. name, username, email address, profile picture, preferences, likes, dislikes, posts and messages);
• demographic information (e.g. gender, date of birth, marital status and household composition);
• complaints and preferences (e.g. languages, hobbies and interests, test drive information); and
• information to verify your eligibility for certain vehicle incentive programs (e.g. schools attended and degrees conferred in connection with Subaru’s Grad Rebate Program, and participation in athletic events for Subaru’s Athlete Rebate Program).

We will limit the amount and type of personal information we collect to that which is necessary for our purposes, which are outlined in the Use of Personal Information section below. We do not target or knowingly collect any information from children or persons under the age of majority.

USE OF PERSONAL INFORMATION

Subaru may use the information collected about you, your vehicle, and your online activities (as described in the Collection of Personal Information section above) for the following purposes:

• to administer your transaction including assisting you with the purchase, finance or lease of our vehicles;
• to assist Dealers in carrying on their business and providing Subaru products and services, such as warranty and non-warranty services for vehicles, vehicle parts, extended warranty arrangements and financing of vehicle purchases;
• to provide you with products and services related to your current and future vehicles, evaluate your satisfaction with our products and services, improve the quality, safety and security of our products and services, and develop new products and services;
• to permit carefully selected third-party providers of products and services related to your current and future vehicles to provide their goods and services to you, such as roadside assistance providers or satellite radio providers;
• to administer customer notification programs including government-mandated ones;
• to establish, administer and document incentive programs;
• to respond to your inquiries;
• to distribute Six Star Review, The Magazine for Canadian Subaru Owners and similar Subaru magazines and publications;
• to distribute Subaru promotional goods;
• to permit Subaru, Dealers and/or carefully selected third parties to provide you with news, information, updates, advertising, and promotions about products and services that may be of interest to you;
• to operate our websites and mobile apps, to improve functionality and user experience, to allow you to participate in their interactive features, to maintain safety and security, and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
• to display targeted advertising on our websites and mobile apps and on the websites of our third-party business partners, and to measure or understand the effectiveness of messages and advertising we serve to you and others;
• to allow you to participate in Subaru vehicle test drives;
• to administer your participation in surveys, contests, and promotions;
• to analyze the operations of Subaru, Dealers, our third-party service providers, suppliers and other business partners;
• to establish, administer and document training, development and educational requirements and programs;
• to protect Subaru, and its customers, suppliers, Dealers and partners, from theft, fraud and similar risks;
• to implement and manage security programs and internal controls (including computer monitoring and video surveillance); and

for any purpose authorized or required by law.

DISCLOSURE OF PERSONAL INFORMATION

Subaru may disclose the information it collects about you, your vehicle, and your online activities as described in the Collection of Personal Information section above for the purposes as described in the Use of Personal Information section above to the following persons or in the following circumstances:

• our parent company (Subaru Corporation), affiliates, subsidiaries and Dealers;
• our third-party suppliers and service providers who act on our behalf (e.g. sending communications, conducting customer research (including administering surveys), managing and analyzing data, and providing marketing services);
• our third-party business partners (e.g. satellite radio providers and roadside assistance providers);
• our third-party business partners that require the information to select and serve relevant messages and advertising to you and others (e.g. social networks: Facebook, Instagram, Twitter and YouTube, advertising networks, analytics providers: Google, and search engine providers: Google). We do not disclose identifiable information to these business partners, but we may provide them with aggregated and/or anonymized information about our existing or potential customers or website visitors, in accordance with applicable law. We may also share a hashed version of your contact information with some of these partners to show you targeted ads on their platforms. Our business partners will use the hashed aggregated and/or anonymized information to (i) help us reach our target audience with our messages and advertising on our business partners’ websites or platforms, and (ii) to measure the effectiveness of our ad campaigns;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a law enforcement request; and
• as required or permitted by applicable law (e.g. subpoena, government inquiry, litigation, dispute resolution or similar legal process).

Except as stated herein, Subaru will not disclose information about you, your vehicle, and your online activities with third parties for their independent use without your prior consent.

CHOICES

Subaru respects your privacy by providing you with certain choices over how we use and share your information. For example, you have a choice of whether you would like us to share your personal information with our roadside assistance providers or our satellite radio providers.

You also have a choice whether you would like to receive electronic marketing communications. You may choose certain communication preferences through your MySubaru account, Subaru.ca/update or you may follow the unsubscribe instructions in email and text message marketing messages you receive. When you unsubscribe, we will not remove you from any marketing lists that may have been created using your contact information and that we currently use to show you targeted ads on third-party platforms, such as social medias, but we will remove you from any future ones.

To make choices regarding cookies, pixels and web tracking technologies or interest-based advertising, please see the Cookies, Pixels and Other Web Tracking Technologies or Online Tracking and Advertising sections below.

Please note that if you choose not to receive marketing messages from Subaru, your personal information may still be used for the other purposes described in the Use of Personal Information section above. For example, you may continue to receive transactional emails related to your account or purchases, important updates about our products or services, safety recalls or notifications, and you may also see our ads on social media and other platforms that are not directly tied to your contact information.

CONSENT

The way in which Subaru obtains your consent to collecting, using, or disclosing your personal information varies depending upon its sensitivity and applicable privacy law. We may ask for your consent directly or our Dealers may obtain your consent on our behalf. Your consent also may be implied or implicit through your conduct when it is reasonable and legally permissible for us to do so.

We will honour any specific consents you provide to us regarding the collection, use, or disclosure of your personal information. You may withdraw or change your consent at any time, subject to legal or contractual restrictions, by giving us reasonable notice. In appropriate cases, we will inform you of any implications of withdrawing your consent. Notwithstanding the foregoing, we reserve the right to retain, collect, use, and disclose your personal information and to contact you where we are legally required or permitted to do so.

We will not, as a condition of the supply of services, require you to consent to the collection, use, or disclosure of your personal information beyond that which we require for our purposes.

In certain circumstances as permitted or required by law, we may collect, use, or disclose your personal information without your knowledge or consent. These circumstances include the following:

• to investigate a breach of an agreement or a contravention of a law;
• where collection or use is clearly in your interests and your consent cannot be obtained in a timely way;
• for debt collection;
• to act in respect to an emergency that threatens you; and
• to comply with a subpoena, warrant or court order.

COOKIES, PIXELS AND OTHER WEB TRACKING TECHNOLOGIES

Subaru may use cookies, pixels and other web tracking technologies on our websites, mobile apps, email messages and advertisements to gather information about your device or browser, your visit and your interactions with us (as described in the Collection of Personal Information section above). We use this information to operate and maintain the security of our platform, to understand how users interact with our services, content or ads, to improve functionality and user experience, and to provide you with a personalized experience, including delivering targeted ads to you on our websites and other platforms. Cookies and pixels are industry-standard technologies used by most major commercial websites.

Our websites use cookies to distinguish you from other users of our websites and mobile apps and to allow you to maintain your account login information or contact information on any request form (e.g. requesting a quote or test drive). This helps us to provide you with a good experience when you use our websites and mobile apps and also allows us to improve their functionality. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree to it. Cookies contain information that is transferred to your computer’s or mobile device’s hard drive.

When you visit our websites, we and our third-party business partners (including analytics providers and advertising partners) use the following categories of cookies for the purposes described in this Policy:

• Strictly necessary cookies: These cookies are essential to the operation of our websites and allow us to provide you with basic features such as the ability to stay logged in and remember your privacy preferences. Without these cookies, our services cannot be provided efficiently and some parts of our sites may not function properly.
• Functional cookies: These cookies enable the websites to provide enhanced functionality and customization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
• Advertising cookies: These cookies are used to build a profile of your interests based on your browsing activity and to show you relevant ads on our websites and other platforms. They are also used to help us measure the effectiveness of our ad campaigns. These cookies are typically placed by our advertising partners, as described in the Online Tracking and Advertising section below.
• Analytics and performance cookies: These cookies collect information about how you and others interact with our websites, such as which pages users visit most frequently and traffic counts or sources. This information is used to measure and improve the performance of our websites. In general, the information these cookies collect is aggregated and anonymous such that it cannot be linked back to a particular individual.

You can manage your cookie preferences in several ways, including:

• Your browser settings: You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block cookies, all or parts of our websites and mobile apps may not function correctly and your experience on our websites and mobile apps may be hindered.
• The Privacy Preference Center: In some provinces where it is required by legislation, you can accept or reject all or some of the categories of cookies used on our websites (other than strictly necessary cookies) by visiting the Privacy Preference Center on our websites. You may change your cookie preferences at any time.
• Third-party opt-out tools for interest-based advertising: In some cases, you may be able to opt out of interest-based advertising using third-party opt-out tools, as described in the Online Tracking and Advertisingsection below.

Pixels (as known as web beacons/web bugs/Javascript) are tiny graphics with a unique identifier that are used to track the online movements of web users, track what other websites you visit (both before and after visiting our websites), or to determine whether you have performed specific actions. Unlike cookies, which are stored on a user’s computer or mobile device hard drive, pixels are small graphics that are about the size of the period at the end of the sentence that are embedded invisibly on web pages or in HTML-based messages. When you access our websites or open our messages, the pixels generate a notice of that action to us or our third-party business partners.

Please note that the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Please see the MySubaru section below for more information.

ONLINE TRACKING AND ADVERTISING

Subaru may partner with third-party advertising companies that use their own tracking technologies (including cookies, pixels and other web tracking technologies) on Subaru and non-Subaru websites and mobile apps in order to provide you with tailored advertisements on our behalf.

These third-party advertising companies may collect information about your online activities across multiple devices on Subaru and non-Subaru websites and mobile apps and use this information to make predictions about your preferences and then deliver advertisements on our behalf that are more relevant to you. This information may also be used to measure the effectiveness of ad campaigns.

If you would like more information about advertisers’ use of tracking technologies to deliver targeted ads to you, or to opt-out of receiving targeted ads by advertising networks participating in the Digital Advertising Alliance of Canada’s (DAAC) opt-out program, you can go to: https://youradchoices.ca/choices/. You can also manage your cookie preferences through your browser settings or, in some provinces where it is required by legislation, through the Privacy Preference Center on our websites, as described in the Cookies, Pixels and Other Web Tracking Technologies section above.

We also encourage you to check the privacy policies of social networks that you belong to and to adjust your advertising settings on those social networks with regard to targeted advertising delivered on those social networks, including by Subaru if the social network is our business partner.

Please note that, even if you opt-out of interest-based ads, you may continue to receive ads, but they will be less relevant. Further, if you use a third-party tool to opt out of interest-based advertising, such as the DAAC’s opt-out program, you may continue to receive targeted content and/or ads from parties that do not participate in the opt-out tool or program. Also, if your browsers are configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access, your opt-out may not, or may no longer, be effective. Subaru is not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

MYSUBARU

MySubaru is both a website and mobile app that is designed to allow you to access and store information about your vehicle in one place. When creating your account, you will be asked to enter information specific to you and your vehicle. This includes your name, address, telephone number and e-mail address, as well as your Vehicle Identification Number (VIN). To protect you, and to keep this information private, you will be asked to establish a Username and Password. Your account can only be accessed with the correct Username and Password combination.

Subaru keeps a database of the information collected by this site, on your behalf, to allow you future access to your information. This database is located in the United States. Your information in the database will be commingled with information about Subaru customers in the United States and other markets but is subject to appropriate security safeguards. Please see the International Transfers of Personal Information section below to learn more about how we protect information located in foreign jurisdictions. Please note that any information you enter while registering for your account will be retained in the database regardless of whether you complete the account registration process. If you decide not to register for an account and you would like the information you entered anonymized, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.

If you have enrolled for SUBARU STARLINK^® Connected Services, you will receive certain billing information. You will not be able to opt-out of receiving billing information.

As indicated in the Cookies, Pixels and Other Web Tracking Technologies section above, the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Accordingly, when you log into your MySubaru account through the website or mobile app, Subaru will be able to identify you still and collect your information.

MOBILE APPS

Subaru has developed certain mobile apps (including MySubaru) that you may download to your mobile device. When you access our mobile apps, we may ask you for information about you and your vehicle. If you do not wish to provide this information, please decline to use the mobile app and/or uninstall the mobile app from your mobile device.

When you use Subaru’s Infotainment system, you may have access to mobile apps developed by third parties. When you download a third-party mobile app to your mobile device, the third party may ask you for information. Subaru is not responsible for any information collected by third-party mobile apps and the third-party mobile apps are not subject to this Policy. Please review carefully the privacy policies of third-party mobile apps before providing any personal information.

THIRD PARTY PRODUCTS, SERVICES, WEBSITES AND MOBILE APPS

SUBARU DEALERS

Subaru and its Dealers are separate legal entities with their own privacy policies and practices. For questions about your Dealer’s privacy policy and practices, including opting out of marketing communications from your Dealer, please contact your Dealer directly.

When you purchase or lease a vehicle or obtain service for your vehicle from your Dealer, your Dealer will share your information with Subaru. While Subaru encourages its Dealers to ensure their privacy policies and practices are compliant with applicable privacy laws, Subaru is not responsible for its Dealers’ compliance with applicable law.

SAFEGUARDS

Subaru protects the personal information it holds or controls, by establishing reasonable security arrangements against loss, theft, unauthorized access, use, disclosure, copying or modification. We train our employees on the importance of maintaining the confidentiality of personal information, and we exercise care in the disposal or destruction of personal information. Examples of safeguards include physical measures (such as locked filing cabinets and access cards), organizational measures (such as security clearances and restrictions on employee access to files and databases) and technological measures (such as passwords and firewalls). Also, we require our third-party service providers acting on our behalf to enter into contracts with us that ensure they will keep the information we share with them safe and secure.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Subaru transfers information outside of Canada including but not limited to the United States and Japan, for processing by Subaru, its parent company (Subaru Corporation), affiliates or third-party service providers for some or all of the purposes described in the Use of Personal Information section above. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. However, personal information may be still accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.

ACCURACY

Subaru will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary for the purposes for which it is to be used, including information that is disclosed to third parties, and information that is used to make a decision about an individual. Our reasonable efforts include obtaining updated information from our Dealers when you service your vehicle at the Dealer.

RETENTION OF PERSONAL INFORMATION

We keep information we collect for as long as necessary to fulfill the purposes described in the Use of Personal Information section above or as required or permitted by applicable privacy law. Once no longer required, we will anonymize or destroy the information.

When determining retention periods, we consider certain criteria including the following:

• whether the purposes for which we collected the information have been fulfilled;
• whether destroying the information will impact the services provided to you;
• whether the information has been used to make a decision about you in which case we will continue to retain that information for at least one year after using it to make the decision to reasonably allow you time to access the information and to exhaust any access request or challenge you may bring under applicable privacy laws; and
• retention periods required by law.

ACCESS AND UPDATE TO PERSONAL INFORMATION

You have a general right to access your personal information in our possession or custody. Upon receiving a written request (mail or e-mail) from you addressed to Subaru’s Privacy Officer clearly identifying the requested information with adequate information to identify you, we will inform you of the existence, use, and disclosure of your personal information and give you access to your personal information. If we are not able to provide a list of the organizations to which we may have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed the information.

We will respond to your written access request with information in a form that is generally understandable, within a reasonable timeframe (generally within 30 days) or we will provide you with an explanation if additional time is required to fulfil your request. Our response will typically be provided for a minimal handling fee which we reserve the right to vary depending on the nature of the request and the amount of information involved. We will inform you of the approximate cost to provide the response, and will provide you with the information upon receipt of payment.

You may question the accuracy and completeness of your personal information and request that we amend it as appropriate. If you demonstrate in a reasonable manner the inaccuracy or incompleteness of your personal information, we will amend the information as required. If a request is not resolved to your satisfaction, we will record the substance of the unresolved request. Where appropriate, the amended information or the existence of the unresolved request will be transmitted to third parties having access to the information in question.

In some situations, we may be permitted to refuse or not be able to provide access to certain personal information, and will upon request provide an explanation. Exceptions to the access right which are permitted or required by applicable privacy laws include the following:

• information that contains references to other individuals or contains confidential commercial information (where such information cannot be severed from the record);
• information collected in the course of investigating a breach of an agreement or in the course of a formal dispute resolution process; and
• information that is subject to solicitor-client privilege.

To make access requests to us for your personal information, please contact our Privacy Officer at the contact information at the end of this Policy.

CHALLENGING COMPLIANCE

Subaru will, on request, provide information regarding our procedure for addressing any complaints made with respect to Subaru’s application of privacy laws. Subaru will investigate all written complaints, and if we find a complaint to be justified, we will take the appropriate measures, including, if necessary, amending our policies and practices.

CHANGES TO POLICY

Subaru’s commitment to your privacy includes reviewing periodically its privacy policies and practices. Accordingly, Subaru may change this Policy from time to time and the revised Policy will be posted to our websites effective as of the revised date stated on the revised Policy. It is therefore important that you review this Policy regularly.

• CONTACT US

  If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru’s Privacy Officer at:

  Privacy Officer
  Subaru Canada, Inc.
  560 Suffolk Court
  Mississauga, Ontario L5R 4J7
  Email: [email protected]