Last revised: September 23, 2019
OUR PRIVACY COMMITMENT
SCOPE OF POLICY
“Personal Information” as used in this Policy means information about an identifiable individual. This Policy does not apply to (i) personal information we collect in our capacity as your employer; or (ii) business contact information (for example the name, title, business address and telephone number of an employee of an organization) we collect in the course of our business dealings.
SUMMARY OF OUR PRIVACY PRACTICES
Subaru’s Privacy Officer is responsible for Subaru’s compliance with this Policy.
We may collect information about you, your vehicle and your online activities through your interactions with Subaru, Dealers, third-party service providers, our products and services, websites and mobile apps owned and operated by Subaru, and social media.
We may use the information collected about you, your vehicle and your online activities to, among other things, provide you with and improve our products and services, to administer incentive programs, surveys, contests and promotions, to operate and improve our websites and mobile apps, to analyse business operations and to protect you from theft, fraud and other similar risks.
We may disclose information to our parent company (Subaru Corporation), affiliates, Dealers, third-party suppliers and service providers who act on our behalf and our third-party business partners to fulfill the purposes identified. We do not disclose information to any third parties for their independent use without your consent.
We provide you with choices over how we use and disclose your information for marketing and other purposes.
The way in which Subaru obtains your consent to collecting, using, or disclosing your personal information varies depending upon its sensitivity and applicable privacy law.
We may partner with third-party advertising companies that use their own tracking technologies on Subaru and non-Subaru websites and mobile apps in order to provide you with tailored advertisements on our behalf.
MySubaru is both a website and mobile app that is designed to allow you to access and store information about your vehicle in one place. When creating your personalized site, you will be asked to enter information specific to you and your vehicle. The information you provide through MySubaru will be stored in a database located in the United States.
When you access our mobile apps, we may ask you for information about you and your vehicle.
When using Subaru products, services, websites or mobile apps, you may be able to access third party products, services, websites and mobile apps that are not controlled by Subaru and therefore not subject to this Policy.
We use physical, organizational and technological measures to protect personal information.
We transmit personal information outside of Canada including but not limited to the United States and Japan, for processing by third-party service providers. Your personal information may be accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction.
We will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary.
We keep personal information we collect for as long as necessary to fulfill the purposes identified or as required or permitted by applicable privacy law.
Upon receiving a written request, we will inform you of the existence, use, and disclosure of your personal information we have in our possession and give you access to it.
We will investigate all complaints made with respect to Subaru’s application of privacy laws.
We may update this Policy from time to time and will post the revised Policy on our websites.
If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru’s Privacy Officer at the contact information provided at the end of this Policy.
COLLECTION OF PERSONAL INFORMATION
Subaru collects certain information about you, your vehicle, and your online activities (as described below) through your verbal and written interactions with Subaru, our Dealers, our third-party service providers, our products and services, websites and mobile apps owned or operated by or on behalf of Subaru, and social media.
The types of information that Subaru collects about you, your vehicle, and your online activities may include but are not limited to the following:
- contact information (e.g. name, address, telephone number, email address and alternate contact information such as the name of your employer and business contact information);
- vehicle information (e.g. Vehicle Identification Number (VIN), license plate number, make, model, model year, colour, mileage, warranty and service history, diagnostic trouble codes, insurance information; previous vehicles owned / leased);
- vehicle Event Data Recorder (EDR) and EyeSight data with your consent;
- vehicle transaction information (e.g. date and terms of your vehicle purchase / lease / finance);
- technical information when you visit websites and mobile apps owned and operated by Subaru (e.g. information about your connected devices such as mobile phone, computer or tablet, unique device identifiers, the Internet protocol (IP) address used to connect your computer to the Internet, the name of your Internet service provider, cookies, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform);
- information about your visit to websites and mobile apps owned and operated by Subaru (e.g. login and password, the full Uniform Resource Locators (URL) clickstream to, through and from our websites and mobile apps (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (including scrolling, clicks and mouse-overs) and methods used to browse away from the page);
- social media content (e.g. name, username, email address, profile picture, preferences, likes, dislikes, posts and messages);
- demographic information (e.g. gender, date of birth, marital status and household composition);
- complaints and preferences (e.g. languages, hobbies and interests, test drive information); and
- information to verify your eligibility for certain vehicle incentive programs (e.g. schools attended and degrees conferred in connection with Subaru’s Grad Rebate Program, and participation in athletic events for Subaru’s Athlete Rebate Program).
We will limit the amount and type of personal information we collect to that which is necessary for our purposes, which are outlined in the Use of Personal Information section below. We do not target or knowingly collect any information from children or persons under the age of majority.
USE OF PERSONAL INFORMATION
Subaru may use the information collected about you, your vehicle, and your online activities (as described in the Collection of Personal Information section above) for the following purposes:
- to administer your transaction including assisting you with the purchase, finance or lease of our vehicles;
- to assist Dealers in carrying on their business and providing Subaru products and services, such as warranty and non-warranty services for vehicles, vehicle parts, extended warranty arrangements and financing of vehicle purchases;
- to provide you with products and services related to your current and future vehicles, evaluate your satisfaction with our products and services, improve the quality, safety and security of our products and services, and develop new products and services;
- to permit carefully selected third-party providers of products and services related to your current and future vehicles to provide their goods and services to you, such as roadside assistance providers or satellite radio providers;
- to administer customer notification programs including government-mandated ones;
- to establish, administer and document incentive programs;
- to respond to your inquiries;
- to distribute Six Star Review, The Magazine for Canadian Subaru Owners and similar Subaru magazines and publications;
- to distribute Subaru promotional goods;
- to permit Subaru, Dealers and/or carefully selected third parties to provide you with news, information, updates, advertising, and promotions about products and services that may be of interest to you;
- to operate our websites and mobile apps, to improve functionality and user experience, to allow you to participate in their interactive features, to maintain safety and security, and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
- to display targeted advertising on our websites and mobile apps and on the websites of our third-party business partners, and to measure or understand the effectiveness of messages and advertising we serve to you and others;
- to allow you to participate in Subaru vehicle test drives;
- to administer your participation in surveys, contests, and promotions;
- to analyze the operations of Subaru, Dealers, our third-party service providers, suppliers and other business partners;
- to establish, administer and document training, development and educational requirements and programs;
- to protect Subaru, and its customers, suppliers, Dealers and partners, from theft, fraud and similar risks;
- to implement and manage security programs and internal controls (including computer monitoring and video surveillance); and
- for any purpose authorized or required by law.
DISCLOSURE OF PERSONAL INFORMATION
Subaru may disclose the information it collects about you, your vehicle, and your online activities (as described in the Collection of Personal Information section above) for the purposes (as described in the Use of Personal Information section above) to the following persons or in the following circumstances:
- our parent company (Subaru Corporation), affiliates, subsidiaries and Dealers;
- our third-party suppliers and service providers who act on our behalf (e.g. sending communications, conducting customer research (including administering surveys), managing and analyzing data, and providing marketing services);
- our third-party business partners (e.g. satellite radio providers and roadside assistance providers);
- our third-party business partners that require the information to select and serve relevant messages and advertising to you and others (e.g. social networks: Facebook, Instagram, Twitter and YouTube, advertising networks, analytics providers: Google, and search engine providers: Google). We do not disclose identifiable information to these business partners, but we may provide them with aggregated or anonymized information about our existing or potential customers or website visitors. Our business partners will use the aggregated and anonymized information to help us reach our target audience with our messages and advertising on our business partners’ websites;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a law enforcement request; and
- as required or permitted by applicable law (e.g. subpoena, government inquiry, litigation, dispute resolution or similar legal process).
Except as stated herein, Subaru will not disclose information about you, your vehicle, and your online activities with third parties for their independent use without your prior consent.
Subaru respects your privacy by providing you with certain choices over how we use and share your information. For example, you have a choice of whether you would like us to share your personal information with our roadside assistance providers or our satellite radio providers.
You also have a choice whether you would like to receive electronic marketing communications. You may choose certain communication preferences through your MySubaru account, Subaru.ca/update or you may follow the unsubscribe instructions in email and text message marketing messages you receive.
To make choices regarding cookies, pixels and web tracking technologies or interest-based advertising, please see the Cookies, Pixels and Other Web Tracking Technologies or Online Tracking and Advertising sections below.
Please note that if you choose not to receive marketing messages from Subaru, your personal information may still be used for the other purposes described in the Use of Personal Information section above.
The way in which Subaru obtains your consent to collecting, using, or disclosing your personal information varies depending upon its sensitivity and applicable privacy law. We may ask for your consent directly or our Dealers may obtain your consent on our behalf. Your consent also may be implied or implicit through your conduct when it is reasonable and legally permissible for us to do so.
We will honour any specific consents you provide to us regarding the collection, use, or disclosure of your personal information. You may withdraw or change your consent at any time, subject to legal or contractual restrictions, by giving us reasonable notice. In appropriate cases, we will inform you of any implications of withdrawing your consent. Notwithstanding the foregoing, we reserve the right to retain, collect, use, and disclose your personal information and to contact you where we are legally required or permitted to do so.
We will not, as a condition of the supply of services, require you to consent to the collection, use, or disclosure of your personal information beyond that which we require for our purposes.
In certain circumstances as permitted or required by law, we may collect, use, or disclose your personal information without your knowledge or consent. These circumstances include the following:
- to investigate a breach of an agreement or a contravention of a law;
- where collection or use is clearly in your interests and your consent cannot be obtained in a timely way;
- for debt collection;
- to act in respect to an emergency that threatens you; and
- to comply with a subpoena, warrant or court order.
COOKIES, PIXELS AND OTHER WEB TRACKING TECHNOLOGIES
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block cookies, all or parts of our websites and mobile apps may not function correctly and your experience on our websites and mobile apps may be hindered.
Please note that the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Please see the MySubaru section below for more information.
ONLINE TRACKING AND ADVERTISING
Subaru may partner with third-party advertising companies that use their own tracking technologies (including cookies, pixels and other web tracking technologies) on Subaru and non-Subaru websites and mobile apps in order to provide you with tailored advertisements on our behalf.
These third-party advertising companies may collect information about your online activity across multiple devices on Subaru and non-Subaru websites and mobile apps and use this information to make predictions about your preferences and then deliver advertisements on our behalf that are more relevant to you.
If you would like more information about advertisers’ use of tracking technologies to deliver targeted ads to you, or to opt-out of receiving targeted ads by advertising networks participating in certain opt-out programs, you can go to: https://youradchoices.ca/choices/.
We also encourage you to check the privacy policies of social networks that you belong to and to adjust your advertising settings on those social networks with regard to targeted advertising delivered on those social networks, including by Subaru if the social network is our business partner.
Please note that, even if you are able to opt-out of certain kinds of ads, you will continue to receive non-targeted ads. Further, you may continue to receive targeted content and/or ads from parties that do not participate in the opt-out programs. Also, if your browsers are configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access, your opt-out may not, or may no longer, be effective. Subaru is not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
MySubaru is both a website and mobile app that is designed to allow you to access and store information about your vehicle in one place. When creating your account, you will be asked to enter information specific to you and your vehicle. This includes your name, address, telephone number and e-mail address, as well as your Vehicle Identification Number (VIN). To protect you, and to keep this information private, you will be asked to establish a Username and Password. Your account can only be accessed with the correct Username and Password combination.
Subaru keeps a database of the information collected by this site, on your behalf, to allow you future access to your information. This database is located in the United States. Your information in the database will be commingled with information about Subaru customers in the United States and other markets but is subject to appropriate security safeguards. Please see the International Transfers of Personal Information section below to learn more about how we protect information located in foreign jurisdictions. Please note that any information you enter while registering for your account will be retained in the database regardless of whether you complete the account registration process. If you decide not to register for an account and you would like the information you entered anonymized, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.
If you have enrolled for SUBARU STARLINK® Connected Services, you will receive certain billing information. You will not be able to opt-out of receiving billing information.
As indicated in the Cookies, Pixels and Other Web Tracking Technologies section above, the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Accordingly, when you log into your MySubaru account through the website or mobile app, Subaru will be able to identify you still and collect your information.
Subaru has developed certain mobile apps (including MySubaru) that you may download to your mobile device. When you access our mobile apps, we may ask you for information about you and your vehicle. If you do not wish to provide this information, please decline to use the mobile app and/or uninstall the mobile app from your mobile device.
When you use Subaru’s Infotainment system, you may have access to mobile apps developed by third parties. When you download a third-party mobile app to your mobile device, the third party may ask you for information. Subaru is not responsible for any information collected by third-party mobile apps and the third-party mobile apps are not subject to this Policy. Please review carefully the privacy policies of third-party mobile apps before providing any personal information.
THIRD PARTY PRODUCTS, SERVICES, WEBSITES AND MOBILE APPS
When using Subaru products, services, websites or mobile apps, you may be able to access third party products, services, websites and mobile apps that are not controlled by Subaru and therefore not subject to this Policy. Please review carefully the privacy policies of third-party products, services, websites and mobile apps before providing any personal information.
When you purchase or lease a vehicle or obtain service for your vehicle from your Dealer, your Dealer will share your information with Subaru. While Subaru encourages its Dealers to ensure their privacy policies and practices are compliant with applicable privacy laws, Subaru is not responsible for its Dealers’ compliance with applicable law.
Subaru protects the personal information it holds or controls, by establishing reasonable security arrangements against loss, theft, unauthorized access, use, disclosure, copying or modification. We train our employees on the importance of maintaining the confidentiality of personal information, and we exercise care in the disposal or destruction of personal information. Examples of safeguards include physical measures (such as locked filing cabinets and access cards), organizational measures (such as security clearances and restrictions on employee access to files and databases) and technological measures (such as passwords and firewalls). Also, we require our third-party service providers acting on our behalf to enter into contracts with us that ensure they will keep the information we share with them safe and secure.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Subaru transfers information outside of Canada including but not limited to the United States and Japan, for processing by Subaru, its parent company (Subaru Corporation), affiliates or third-party service providers for some or all of the purposes described in the Use of Personal Information section above. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. However, personal information may be still accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.
Subaru will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary for the purposes for which it is to be used, including information that is disclosed to third parties, and information that is used to make a decision about an individual. Our reasonable efforts include obtaining updated information from our Dealers when you service your vehicle at the Dealer.
RETENTION OF PERSONAL INFORMATION
We keep information we collect for as long as necessary to fulfill the purposes described in the Use of Personal Informationsection above or as required or permitted by applicable privacy law. Once no longer required, we will anonymize or destroy the information.
When determining retention periods, we consider certain criteria including the following:
- whether the purposes for which we collected the information have been fulfilled;
- whether destroying the information will impact the services provided to you;
- whether the information has been used to make a decision about you in which case we will continue to retain that information for at least one year after using it to make the decision to reasonably allow you time to access the information and to exhaust any access request or challenge you may bring under applicable privacy laws; and
- retention periods required by law.
ACCESS AND UPDATE TO PERSONAL INFORMATION
You have a general right to access your personal information in our possession or custody. Upon receiving a written request (mail or e-mail) from you addressed to Subaru’s Privacy Officer clearly identifying the requested information with adequate information to identify you, we will inform you of the existence, use, and disclosure of your personal information and give you access to your personal information. If we are not able to provide a list of the organizations to which we may have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed the information.
We will respond to your written access request with information in a form that is generally understandable, within a reasonable timeframe (generally within 30 days) or we will provide you with an explanation if additional time is required to fulfil your request. Our response will typically be provided for a minimal handling fee which we reserve the right to vary depending on the nature of the request and the amount of information involved. We will inform you of the approximate cost to provide the response, and will provide you with the information upon receipt of payment.
You may question the accuracy and completeness of your personal information and request that we amend it as appropriate. If you demonstrate in a reasonable manner the inaccuracy or incompleteness of your personal information, we will amend the information as required. If a request is not resolved to your satisfaction, we will record the substance of the unresolved request. Where appropriate, the amended information or the existence of the unresolved request will be transmitted to third parties having access to the information in question.
In some situations, we may be permitted to refuse or not be able to provide access to certain personal information, and will upon request provide an explanation. Exceptions to the access right which are permitted or required by applicable privacy laws include the following:
- information that contains references to other individuals or contains confidential commercial information (where such information cannot be severed from the record);
- information collected in the course of investigating a breach of an agreement or in the course of a formal dispute resolution process; and
- information that is subject to solicitor-client privilege.
To make access requests to us for your personal information, please contact our Privacy Officer at the contact information at the end of this Policy.
Subaru will, on request, provide information regarding our procedure for addressing any complaints made with respect to Subaru’s application of privacy laws. Subaru will investigate all written complaints, and if we find a complaint to be justified, we will take the appropriate measures, including, if necessary, amending our policies and practices.
CHANGES TO POLICY
Subaru’s commitment to your privacy includes reviewing periodically its privacy policies and practices. Accordingly, Subaru may change this Policy from time to time and the revised Policy will be posted to our websites effective as of the revised date stated on the revised Policy. It is therefore important that you review this Policy regularly.
If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru’s Privacy Officer at:
Subaru Canada, Inc.
560 Suffolk Court
Mississauga, Ontario L5R 4J7