DENSO AND TOYOTA Joint Privacy Notice for Data Collection Through ON-Board Cameras

This Privacy Notice describes how we, as joint controllers, process your personal data, in particular within the meaning of the EU General Data Protection Regulation ("GDPR") and the Swiss Federal Act on Data Protection (SFADP) in the event that one of our vehicles collects your personal data as part of our project to develop vehicle tools to improve pedestrian and road safety ("Project").

If you are a resident in the European Union, the references to the GDPR apply. If you are a resident in Switzerland, the references to the SFADP apply.

This Privacy Notice was last updated in December 22, 2022

1. Controller, Representative

The controllers that are responsible for processing your personal data are:

DENSO CORPORATION 1-1 Showa-cho, Kariya-shi, Aichi, 448-8661 Japan (“DENSO”)


Toyota Motor Corporation 1 Toyota-cho, Toyota-shi, Aichi, 471-8571 Japan, (“Toyota”)

(both together as "we" or "us" or "our").

The contact details of our data protection officers are as follows:

for DENSO and for Toyota: DPO Service GmbH, Bethmannstraße 50-54, 60311 Frankfurt/Main, Germany,

The contact details of our representatives are as follows:

for DENSO: DENSO International Europe B.V., World Trade Center Tower 1, 4th Floor Strawinskylaan 1865 1077 XX, Amsterdam, The Netherlands,

for Toyota: Toyota Motor Europe NV/SA (TME) ,Avenue du Bourget/Bourgetlaan 60, 1140 Brussels, Belgium,

Further information about the distribution of obligations and responsibilities between the data controllers is available upon request.

2. Categories of personal data, processing purposes, legal basis and source

If you encounter one of our vehicles engaged in the Project, it may collect the following personal data about you: location; video; electronic or visual information such as if applicable, the number on the license plate of the car you are driving, age, gender etc.

It is not intended to process sensitive personal data. However, the data collected while filming the surroundings may include special categories of personal data such as facial features, ethnic origin, political opinions, religious or philosophical beliefs, data concerning health (disability, wearing glasses), sexual orientation, if any of these are visible.

We process such personal data for the following purposes:

  • The overall purpose is to increase road safety by reducing the risk of traffic accidents.

  • To achieve this, we are developing a further generation of the "advance driver assistance system" ("ADAS"). ADAS will act as driving aid and ensure that human beings as well as road signs are recognized and the ADAS reacts accordingly. ADAS has programs that make the decisions in the vehicle and help to control the vehicle/enable (partly) autonomous driving and contains algorithms for image recognition (AI).

  • We also develop and improve the ADAS applications which are developed based on the image recognition algorithms.

  • We evaluate the ADAS integrated into the vehicles.

  • In parallel to the development of a further generation of ADAS, we also process the personal data for a compatible purpose, which is the develop Autonomous Driving technologies ("AD"), as performance of ADAS applications have increased and higher levels of driver autonomy are key to reduce the risk of traffic accidents. We develop AD technologies using R&D and AI to pave the way towards automated driving. AD is categorized into four levels. On Level 1 and 2, the driver is basically responsible for driving, and the system supports the driver. On Level 3 and Level 4, the system performs the driving task. On Level 3, the driver must take over driving when the system cannot handle it. On Level 4, the fully automated driving system achieves driverless driving of small vehicles. Our purpose is to develop in particular technologies for Level 3 and Level 4 based notably on the processing of visual data.

The legal basis for the processing of such personal data is Article 6(1)(f) of the GDPR or the overriding private or public interest according to Art. 13 SFADP. Our legitimate interest are to validate and improve the functionality of the ADAS and of AD to avoid traffic accidents by recognizing traffic participations and to support driving processes by acting as a driving aid, and, with the development of AD technologies, by achieving AI-based fully automated driving. More information on the balancing of interests test performed to confirm that we could rely on the legal basis of legitimate interest is available upon request. Regarding the purpose of development of AD, we performed a compatibility test in accordance with Article 6(4) of the GDPR and concluded, based on the close link with the original purpose of development of ADAS, the context in which the personal data have been collected (by the same vehicles engaged in the Project and at the same time as for the purpose of development of AD), the nature of the personal data (same categories as for the purpose of development of AD), the possible consequences of the intended further processing for data subjects (none, given that the images and videos are blurred, as further described below), and the existence of appropriate safeguards, and we concluded that the further processing of personal data was compatible with the original purpose.

The data are stored on the servers of the data controllers in Japan in different types of formats: as encoded data, decoded original data (i.e. raw data) and blurred data. The raw data is required for AI leaning and Software in the Loop Simulation (SILS). Data are blurred as soon and to the maximum extent possible (Blurring data right after collection or storing only blurred data would not be possible, because the AI needs the raw data), so that natural persons (engineers) who work on the Project have access to blurred data only.

3. Recipients

3.1 Transfer to service providers

We engaged the following external service providers to provide certain services to us in connection with the Project:

  1. Contractors in Japan and Vietnam that will put tags on the blurred video footage to indicate e.g. what is a human being and what is a traffic sign.

  2. Contractors in Japan, China, Korea and the US that will (i) develop the analysis tool application, (ii) develop the recognition algorithms, (iii) develop SILS and (iv) conduct rapid application development.
    Among such contractors, only our service providers Woven Core, Inc. and J-QuAD DYNAMICS Inc. will have access to raw data, in addition to blurred data.

  3. A Contractor in Germany which supports international automotive manufacturers and suppliers by offering innovative solutions and products including complex automotive ECU software, self-learning software tools for data analysis as well as complete vehicle measurement systems for the generation of reference data, conducts the test driving with the vehicles, i.e. the collection and measurement of the data and dispatch the hard disc drive with collected data to us. The hard disc drive is encoded. This contractor does not have access to the personal data collected.

  4. DENSO Sweden AB, Gotaverksgatan 6 A, SE-417 55, Goteborg, Sweden (“DNSE”) conducts operation check on the vehicles. During the operation checks, this contractor will have access to personal data. After the operation check, DNSE does not have access to personal data.

We will sign contracts with those external service providers that will require them to safeguard the personal data and to process such data only as instructed.

We may also transfer your personal data to law enforcement agencies, governmental authorities, legal counsel and external consultants in compliance with applicable data protection laws. Our reason for such potential transfers could be compliance with our legal obligations or advancing our legitimate interests, such as the exercise or defense of legal claims. More information on the balancing of interests test is available upon request.

3.2 International transfers of Personal Data

The personal data that we collect about you is transferred to and processed by recipients which are located in Japan. Japan has been recognized by the EU Commission as providing an adequate data protection level (Art. 45 GDPR). Further, your personal data is transferred to other recipients outside of the European Economic Area and Switzerland, i.e. the US, China, Korea and Vietnam, that do not provide for an adequate level of data protection. We ensure that the transfer of data to these countries is in line with Japanese data protection law and related applicable data protection laws, including the GDPR. You can contact us if you wish to obtain more information on these transfer mechanisms.

Data transferred covered by the SFADP to countries with no appropriate data protection according to Swiss standards will be safeguarded by suitable measures to guaranty the same standards (e.g. appropriate data protection agreements).

The access to your personal data is limited to recipients with a need to know.

4. What rights do you have and how can you exercise your rights?

You may have the right to: request access to your personal data, request rectifications to your personal data; request erasure of your personal data; request restriction of processing of your personal data; and object to the processing of your personal data.

Please note that these rights might be limited under the applicable national data protection law and that we do not intend to identify you and may not be able to identify you. To learn more about these rights, please click on this link or scroll down to the Exhibit - Your Rights. Refer to section 1, above, to contact us to exercise your rights.

You may also have the right to lodge a complaint with a data protection supervisory authority. However, you do not have such right under the SFADP.

5. How long do we keep your personal data?

Your personal data will be retained for 7-10 years, as long as necessary in order to (i) develop the ADAS system and improve it after the launch of the system and to (ii) use the data for updates of the system.
For the purpose of development of AD, the personal data will be retained for 7-10 years.

6. Automated Decision Making

We do not engage in automated decision-making in the context of the Project.

Your Rights

1. Right of access

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

2. Right to rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to request erasure ("right to be forgotten")

Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.

4. Right to restriction of processing

Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

5. Right to object

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data.


When you wish to exercise your rights, you can send a request to

You can also contact us if you have any questions, comments or complaints regarding this Privacy Notice.

You can also file a complaint with the competent Data Protection Authority.