SUBARU CANADA, INC.
PRIVACY POLICY

GENERAL PRIVACY POLICY

Last revised: June 4, 2024

OUR PRIVACY COMMITMENT

Subaru Canada, Inc. (“Subaru”, “we”, “us” or “our”) values its relationship with you and is committed to maintaining the privacy and security of your personal information. Subaru has developed this Privacy Policy (this “Policy”) to inform you about how we collect, use and disclose your personal information when you purchase or lease Subaru vehicles from our Authorized Subaru Dealers in Canada (“Dealers”), purchase products or other services from Subaru or Dealers (“Dealers”), and when you use Subaru’s websites and mobile apps.

Our SUBARU STARLINK® Connected Services Privacy Policy applies to personal information we collect when you enroll for and/or use the SUBARU STARLINK® Connected Services.

SCOPE OF POLICY

"Personal Information" as used in this Policy means information about an identifiable individual. This Policy does not apply to (i) personal information we collect in our capacity as your employer; or (ii) business contact information (for example the name, title, business address and telephone number of an employee of an organization) we collect in the course of our business dealings.

SUMMARY OF OUR PRIVACY PRACTICES

Accountability

Subaru’s Privacy Officer is responsible for Subaru’s compliance with this Policy.

Collection of Personal Information

We may collect information about you, your vehicle and your online activities through your interactions with Subaru, Dealers, third-party service providers, our products and services, websites and mobile apps owned and operated by Subaru, and social media.

Use of Personal Information

We may use the information collected about you, your vehicle and your online activities to, among other things, provide you with and improve our products and services, to administer incentive programs, surveys, contests and promotions, to operate and improve our websites and mobile apps, to analyse business operations and to protect you from theft, fraud and other similar risks.

Disclosure of Personal Information

We may disclose information to our parent company (Subaru Corporation), affiliates, Dealers, third-party suppliers and service providers who act on our behalf and our third-party business partners to fulfill the purposes identified. We do not disclose information to any third parties for their independent use without your consent.

Choices

We provide you with choices over how we use and disclose your information for marketing and other purposes.

Consent

The way in which Subaru obtains your consent to collecting, using, or disclosing your personal information varies depending upon its sensitivity and applicable privacy law.

Cookies, Pixels and Other Web Tracking Technologies

We may use cookies, pixels and other web tracking technologies on our websites, mobile apps, email messages and advertisements to gather information about your device or browser, your visit and your interactions with us. We use this information to operate and secure our platform, to understand user interactions, to improve functionality and user experience, and to provide you with a personalized experience, including delivering targeted ads to you on our websites and other platforms. You may disable cookies in your browser settings. You may also manage your cookie preferences by using the Privacy Preference Center on our websites.

Online Tracking and Advertising

We may partner with third-party advertising companies that use their own tracking technologies on Subaru and non-Subaru websites and mobile apps in order to provide you with tailored advertisements on our behalf.

MySubaru

MySubaru is both a website and mobile app that is designed to allow you to access and store information about your vehicle in one place. When creating your personalized site, you will be asked to enter information specific to you and your vehicle. The information you provide through MySubaru will be stored in a database located in the United States.

Mobile Apps

When you access our mobile apps, we may ask you for information about you and your vehicle.

Third Party Products, Services, Websites and Mobile Apps

When using Subaru products, services, websites or mobile apps, you may be able to access third party products, services, websites and mobile apps that are not controlled by Subaru and therefore not subject to this Policy.

Subaru Dealers

Subaru and our Dealers are separate legal entities with their own privacy policies and practices. For questions about your Dealer’s privacy policy and practices, including opting out of marketing communications from your Dealer, please contact your Dealer directly.

Safeguards

We use physical, organizational and technological measures to protect personal information.

International Transfers of Personal Information

We transmit personal information outside of Canada including but not limited to the United States and Japan, for processing by third-party service providers. Your personal information may be accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction.

Accuracy

We will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary.

Retention of Personal Information

We keep personal information we collect for as long as necessary to fulfill the purposes identified or as required or permitted by applicable privacy law.

Access and Update to Personal Information

Upon receiving a written request, we will inform you of the existence, use, and disclosure of your personal information we have in our possession and give you access to it.

Challenging Compliance

We will investigate all complaints made with respect to Subaru's application of privacy laws.

Changes to Policy

We may update this Policy from time to time and will post the revised Policy on our websites.

Contact Us

If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru's Privacy Officer at the contact information provided at the end of this Policy.

ACCOUNTABILITY

Accountability for Subaru's compliance with its Privacy Policy rests with Subaru's Privacy Officer, even though other individuals within Subaru may have responsibility for management of personal information or may be delegated to act on behalf of the Privacy Officer.

COLLECTION OF PERSONAL INFORMATION

Subaru collects certain information about you, your vehicle, and your online activities (as described below) through your verbal and written interactions with Subaru, our Dealers, our third-party service providers, our products and services, websites and mobile apps owned or operated by or on behalf of Subaru, and social media.

The types of information that Subaru collects about you, your vehicle, and your online activities may include but are not limited to the following:

We will limit the amount and type of personal information we collect to that which is necessary for our purposes, which are outlined in the Use of Personal Information section below. We do not target or knowingly collect any information from children or persons under the age of majority.

USE OF PERSONAL INFORMATION

Subaru may use the information collected about you, your vehicle, and your online activities (as described in the Collection of Personal Information section above) for the following purposes:

DISCLOSURE OF PERSONAL INFORMATION

Subaru may disclose the information it collects about you, your vehicle, and your online activities as described in the Collection of Personal Information section above for the purposes as described in the Use of Personal Information section above to the following persons or in the following circumstances:

Except as stated herein, Subaru will not disclose information about you, your vehicle, and your online activities with third parties for their independent use without your prior consent.

CHOICES

Subaru respects your privacy by providing you with certain choices over how we use and share your information. For example, you have a choice of whether you would like us to share your personal information with our roadside assistance providers or our satellite radio providers.

You also have a choice whether you would like to receive electronic marketing communications. You may choose certain communication preferences through your MySubaru account, Subaru.ca/update or you may follow the unsubscribe instructions in email and text message marketing messages you receive. When you unsubscribe, we will not remove you from any marketing lists that may have been created using your contact information and that we currently use to show you targeted ads on third-party platforms, such as social medias, but we will remove you from any future ones.

To make choices regarding cookies, pixels and web tracking technologies or interest-based advertising, please see the Cookies, Pixels and Other Web Tracking Technologies or Online Tracking and Advertising sections below.

Please note that if you choose not to receive marketing messages from Subaru, your personal information may still be used for the other purposes described in the Use of Personal Information section above. For example, you may continue to receive transactional emails related to your account or purchases, important updates about our products or services, safety recalls or notifications, and you may also see our ads on social media and other platforms that are not directly tied to your contact information.

The way in which Subaru obtains your consent to collecting, using, or disclosing your personal information varies depending upon its sensitivity and applicable privacy law. We may ask for your consent directly or our Dealers may obtain your consent on our behalf. Your consent also may be implied or implicit through your conduct when it is reasonable and legally permissible for us to do so.

We will honour any specific consents you provide to us regarding the collection, use, or disclosure of your personal information. You may withdraw or change your consent at any time, subject to legal or contractual restrictions, by giving us reasonable notice. In appropriate cases, we will inform you of any implications of withdrawing your consent. Notwithstanding the foregoing, we reserve the right to retain, collect, use, and disclose your personal information and to contact you where we are legally required or permitted to do so.

We will not, as a condition of the supply of services, require you to consent to the collection, use, or disclosure of your personal information beyond that which we require for our purposes.

In certain circumstances as permitted or required by law, we may collect, use, or disclose your personal information without your knowledge or consent. These circumstances include the following:

COOKIES, PIXELS AND OTHER WEB TRACKING TECHNOLOGIES

Subaru may use cookies, pixels and other web tracking technologies on our websites, mobile apps, email messages and advertisements to gather information about your device or browser, your visit and your interactions with us (as described in the Collection of Personal Information section above). We use this information to operate and maintain the security of our platform, to understand how users interact with our services, content or ads, to improve functionality and user experience, and to provide you with a personalized experience, including delivering targeted ads to you on our websites and other platforms. Cookies and pixels are industry-standard technologies used by most major commercial websites.

Our websites use cookies to distinguish you from other users of our websites and mobile apps and to allow you to maintain your account login information or contact information on any request form (e.g. requesting a quote or test drive). This helps us to provide you with a good experience when you use our websites and mobile apps and also allows us to improve their functionality. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree to it. Cookies contain information that is transferred to your computer's or mobile device’s hard drive.

When you visit our websites, we and our third-party business partners (including analytics providers and advertising partners) use the following categories of cookies for the purposes described in this Policy:

You can manage your cookie preferences in several ways, including:

Pixels (as known as web beacons/web bugs/Javascript) are tiny graphics with a unique identifier that are used to track the online movements of web users, track what other websites you visit (both before and after visiting our websites), or to determine whether you have performed specific actions. Unlike cookies, which are stored on a user's computer or mobile device hard drive, pixels are small graphics that are about the size of the period at the end of the sentence that are embedded invisibly on web pages or in HTML-based messages. When you access our websites or open our messages, the pixels generate a notice of that action to us or our third-party business partners.

Please note that the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Please see the MySubaru section below for more information.

ONLINE TRACKING AND ADVERTISING

Subaru may partner with third-party advertising companies that use their own tracking technologies (including cookies, pixels and other web tracking technologies) on Subaru and non-Subaru websites and mobile apps in order to provide you with tailored advertisements on our behalf.

These third-party advertising companies may collect information about your online activities across multiple devices on Subaru and non-Subaru websites and mobile apps and use this information to make predictions about your preferences and then deliver advertisements on our behalf that are more relevant to you. This information may also be used to measure the effectiveness of ad campaigns.

If you would like more information about advertisers' use of tracking technologies to deliver targeted ads to you, or to opt-out of receiving targeted ads by advertising networks participating in the Digital Advertising Alliance of Canada’s (DAAC) opt-out program, you can go to: https://youradchoices.ca/choices/. You can also manage your cookie preferences through your browser settings or through the Privacy Preference Center on our websites, as described in the Cookies, Pixels and Other Web Tracking Technologies section above.

We also encourage you to check the privacy policies of social networks that you belong to and to adjust your advertising settings on those social networks with regard to targeted advertising delivered on those social networks, including by Subaru if the social network is our business partner.

Please note that, even if you opt-out of interest-based ads, you may continue to receive ads, but they will be less relevant. Further, if you use a third-party tool to opt out of interest-based advertising, such as the DAAC’s opt-out program, you may continue to receive targeted content and/or ads from parties that do not participate in the opt-out tool or program. Also, if your browsers are configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access, your opt-out may not, or may no longer, be effective. Subaru is not responsible for the effectiveness of, or compliance with, any third-parties' opt-out options or programs or the accuracy of their statements regarding their programs.

MYSUBARU

MySubaru is both a website and mobile app that is designed to allow you to access and store information about your vehicle in one place. When creating your account, you will be asked to enter information specific to you and your vehicle. This includes your name, address, telephone number and e-mail address, as well as your Vehicle Identification Number (VIN). To protect you, and to keep this information private, you will be asked to establish a Username and Password. Your account can only be accessed with the correct Username and Password combination.

Subaru keeps a database of the information collected by this site, on your behalf, to allow you future access to your information. This database is located in the United States. Your information in the database will be commingled with information about Subaru customers in the United States and other markets but is subject to appropriate security safeguards. Please see the International Transfers of Personal Information section below to learn more about how we protect information located in foreign jurisdictions. Please note that any information you enter while registering for your account will be retained in the database regardless of whether you complete the account registration process. If you decide not to register for an account and you would like the information you entered anonymized, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.

If you have enrolled for SUBARU STARLINK® Connected Services, you will receive certain billing information. You will not be able to opt-out of receiving billing information.

As indicated in the Cookies, Pixels and Other Web Tracking Technologies section above, the MySubaru website and mobile app do not respond to “do not track” beacons or other such signals. Accordingly, when you log into your MySubaru account through the website or mobile app, Subaru will be able to identify you still and collect your information.

MOBILE APPS

Subaru has developed certain mobile apps (including MySubaru) that you may download to your mobile device. When you access our mobile apps, we may ask you for information about you and your vehicle. If you do not wish to provide this information, please decline to use the mobile app and/or uninstall the mobile app from your mobile device.

When you use Subaru’s Infotainment system, you may have access to mobile apps developed by third parties. When you download a third-party mobile app to your mobile device, the third party may ask you for information. Subaru is not responsible for any information collected by third-party mobile apps and the third-party mobile apps are not subject to this Policy. Please review carefully the privacy policies of third-party mobile apps before providing any personal information.

THIRD PARTY PRODUCTS, SERVICES, WEBSITES AND MOBILE APPS

When using Subaru products, services, websites or mobile apps, you may be able to access third party products, services, websites and mobile apps that are not controlled by Subaru and therefore not subject to this Policy. Please review carefully the privacy policies of third-party products, services, websites and mobile apps before providing any personal information.

SUBARU DEALERS

Subaru and its Dealers are separate legal entities with their own privacy policies and practices. For questions about your Dealer’s privacy policy and practices, including opting out of marketing communications from your Dealer, please contact your Dealer directly.

When you purchase or lease a vehicle or obtain service for your vehicle from your Dealer, your Dealer will share your information with Subaru. While Subaru encourages its Dealers to ensure their privacy policies and practices are compliant with applicable privacy laws, Subaru is not responsible for its Dealers’ compliance with applicable law.

SAFEGUARDS

Subaru protects the personal information it holds or controls, by establishing reasonable security arrangements against loss, theft, unauthorized access, use, disclosure, copying or modification. We train our employees on the importance of maintaining the confidentiality of personal information, and we exercise care in the disposal or destruction of personal information. Examples of safeguards include physical measures (such as locked filing cabinets and access cards), organizational measures (such as security clearances and restrictions on employee access to files and databases) and technological measures (such as passwords and firewalls). Also, we require our third-party service providers acting on our behalf to enter into contracts with us that ensure they will keep the information we share with them safe and secure.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Subaru transfers information outside of Canada including but not limited to the United States and Japan, for processing by Subaru, its parent company (Subaru Corporation), affiliates or third-party service providers for some or all of the purposes described in the Use of Personal Information section above. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. However, personal information may be still accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.

ACCURACY

Subaru will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary for the purposes for which it is to be used, including information that is disclosed to third parties, and information that is used to make a decision about an individual. Our reasonable efforts include obtaining updated information from our Dealers when you service your vehicle at the Dealer.

RETENTION OF PERSONAL INFORMATION

We keep information we collect for as long as necessary to fulfill the purposes described in the Use of Personal Information section above or as required or permitted by applicable privacy law. Once no longer required, we will anonymize or destroy the information.

When determining retention periods, we consider certain criteria including the following:

ACCESS AND UPDATE TO PERSONAL INFORMATION

You have a general right to access your personal information in our possession or custody. Upon receiving a written request (mail or e-mail) from you addressed to Subaru's Privacy Officer clearly identifying the requested information with adequate information to identify you, we will inform you of the existence, use, and disclosure of your personal information and give you access to your personal information. If we are not able to provide a list of the organizations to which we may have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed the information.

We will respond to your written access request with information in a form that is generally understandable, within a reasonable timeframe (generally within 30 days) or we will provide you with an explanation if additional time is required to fulfil your request. Our response will typically be provided for a minimal handling fee which we reserve the right to vary depending on the nature of the request and the amount of information involved. We will inform you of the approximate cost to provide the response, and will provide you with the information upon receipt of payment.

You may question the accuracy and completeness of your personal information and request that we amend it as appropriate. If you demonstrate in a reasonable manner the inaccuracy or incompleteness of your personal information, we will amend the information as required. If a request is not resolved to your satisfaction, we will record the substance of the unresolved request. Where appropriate, the amended information or the existence of the unresolved request will be transmitted to third parties having access to the information in question.

In some situations, we may be permitted to refuse or not be able to provide access to certain personal information, and will upon request provide an explanation. Exceptions to the access right which are permitted or required by applicable privacy laws include the following:

To make access requests to us for your personal information, please contact our Privacy Officer at the contact information at the end of this Policy.

CHALLENGING COMPLIANCE

Subaru will, on request, provide information regarding our procedure for addressing any complaints made with respect to Subaru's application of privacy laws. Subaru will investigate all written complaints, and if we find a complaint to be justified, we will take the appropriate measures, including, if necessary, amending our policies and practices.

CHANGES TO POLICY

Subaru’s commitment to your privacy includes reviewing periodically its privacy policies and practices. Accordingly, Subaru may change this Policy from time to time and the revised Policy will be posted to our websites effective as of the revised date stated on the revised Policy. It is therefore important that you review this Policy regularly.

CONTACT US

If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru's Privacy Officer at:

Privacy Officer
Subaru Canada, Inc.
560 Suffolk Court
Mississauga, Ontario L5R 4J7
Email: privacyofficer@subaru.ca

SUBARU STARLINK® Connected Services Privacy Policy

Effective: September 8, 2022

OUR PRIVACY COMMITMENT

Subaru Canada, Inc. (“Subaru”, “we”, “us” or “our”) values its relationship with you and is committed to maintaining the privacy and security of your personal information. Subaru has developed this Privacy Policy (this “Policy”) to inform you about how we collect, use and disclose your personal information when you enroll for and/or use SUBARU STARLINK® Connected Services (the “Services”).

Our General Privacy Policy applies to personal information we collect when you purchase or lease Subaru vehicles from our Authorized Subaru Dealers in Canada (“Dealers”), purchase products or services from Subaru or Dealers, and when you use Subaru’s websites and mobile apps. You must access the MySubaru website or mobile app in order to use SUBARU STARLINK® Services. Accordingly, by accepting this Policy, you accept the General Privacy Policy as it applies to your use of MySubaru.

SCOPE OF POLICY

"Personal Information" as used in this Policy means information about an identifiable individual.

SUMMARY OF OUR PRIVACY PRACTICES

Accountability

Subaru’s Privacy Officer is responsible for Subaru’s compliance with this Policy.

Your Obligations

You agree to educate and inform all drivers and occupants of your vehicle and all users of your SUBARU STARLINK® Services about the SUBARU STARLINK® Services and the terms of this Policy. You also agree to delete any information about you in your vehicle or your related MySubaru account if you dispose of your vehicle.

Collection of Personal Information

We may collect information about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services such as account login information (including PIN), usage, and vehicle location.

We may also record calls made or received by you, another driver of your vehicle, or your vehicle’s occupants, with the SUBARU STARLINK® Connected Services Representative, whether these calls occur through the interactive voice recognition systems, or otherwise from inside or outside the vehicle.

Use of Personal Information

We may use the information collected about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services to deliver and improve the SUBARU STARLINK® Services, to manage your account, to provide services from SUBARU STARLINK® Connected Services Representatives, and to monitor and audit SUBARU STARLINK® Services usage.

Disclosure of Personal Information

We may disclose information about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services to our parent company, affiliates, Dealers, and third party suppliers and service providers who act on our behalf. We do not disclose information to any third parties for their independent use without your consent.

Fleet Vehicles

The location, speed, and time of driving of fleet vehicles used by employees as company cars may be monitored by the employer or by the fleet management company.

Websites and Mobile Apps

You will require a MySubaru account to use the SUBARU STARLINK® Services. You accept the General Privacy Policy as it applies to your use of MySubaru.

Choices

You may choose to deactivate your SUBARU STARLINK® Services at any time. However, if you do so, you will not have features such as Advanced Automatic Collision Notification, SOS Emergency Service, and Enhanced Roadside Assistance.

Consent

When you enroll for SUBARU STARLINK® Services or otherwise accept the SUBARU STARLINK® Connected Services Terms of Use, you agree to this Policy.

Contacting You

By enrolling for or using SUBARU STARLINK® Services, you consent to us contacting you.

Safeguards

We use physical, organizational and technological measures to protect personal information. You are required to use a PIN to access certain SUBARU STARLINK® Services. You must keep your PIN safe from unauthorized access otherwise others may be able to access your SUBARU STARLINK® Services.

International Transfers of Personal Information

We transmit personal information outside of Canada, including to the United States and Japan, for processing by third party service providers. Your personal information may be accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction.

Accuracy

We will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary.

Retention of Personal Information

We keep personal information we collect for as long as necessary to fulfill the purposes identified or as required or permitted by applicable privacy law.

Access and Update to Personal Information

Upon receiving a written request, we will inform you of the existence, use, and disclosure of your personal information we have in our possession and give you access to it.

Challenging Compliance

We will investigate all complaints made with respect to Subaru's application of privacy laws.

Changes to Policy

We may update this Policy from time to time and will notify you by posting the revised Policy on our websites and taking other steps as necessary.

Contact Us

If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru's Privacy Officer at the contact information provided at the end of this Policy.

Accountability for Subaru's compliance with its Privacy Policy rests with Subaru's Privacy Officer, even though other individuals within Subaru may have responsibility for management of personal information or may be delegated to act on behalf of the Privacy Officer.

The nature of Subaru’s products and services means that you may let someone else drive or occupy your vehicle equipped with active SUBARU STARLINK® Services or otherwise use your SUBARU STARLINK® Services. You agree to educate and inform all drivers and occupants of your vehicle and all users of your SUBARU STARLINK® Services about the SUBARU STARLINK® Services and the terms of this Policy.

If you sell, transfer, lease or otherwise dispose of your vehicle, you are solely responsible for deleting any information about you contained in the vehicle or in your related MySubaru account.

Subaru collects certain information (as described below) when you enrol for and/or use SUBARU STARLINK® Services. We may also collect the information through your verbal and written interactions with Subaru, our authorized Subaru dealers, and our third party service providers.

The types of information that Subaru collects about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services may include but are not limited to the following:

We will limit the amount and type of personal information we collect to that which is necessary for our purposes, which are outlined in the Use of Personal Information section below. We do not target or knowingly collect any information from children or persons under the age of majority.

Subaru may use the information collected about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services (as described in the Collection of Personal Information section above), for the following purposes:

Subaru may disclose the information it collects about you, your vehicle, other drivers and occupants of your vehicle, and other users of your SUBARU STARLINK® Services (as described in the Collection of Personal Information section above), for the purposes (as described in the Use of Personal Information section above), to the following persons or in the following circumstances:

We do not supply your payment method information to any third party, other than as required to process and service a transaction.

We may provide aggregated data derived from your use of SUBARU STARLINK® Services to third parties, but this data will be anonymized and will not include personally identifying information.

Except as stated herein, Subaru will not disclose information about you and your vehicle with third parties for their independent use without your prior consent.

The LOCATION, SPEED, and TIME OF DRIVING of fleet vehicles used by employees as company cars may be monitored by the employer or by the fleet management company leasing the vehicle to the employer.

In order to use the SUBARU STARLINK® Services, you will require a MySubaru account and a SUBARU STARLINK® Services subscription. Subaru collects, uses and discloses certain information associated with your use of Subaru websites and mobile apps including your MySubaru account. Subaru’s collection, use, and disclosure of your personal information associated with your use of Subaru’s websites and mobile apps is governed by Subaru’s General Privacy Policy, which is available to you at Subaru.ca and MySubaru.ca.

You may choose to deactivate your SUBARU STARLINK® Services at any time. However, if you do so, you will not have features such as Automatic Collision Notification and SOS Emergency Service, and Enhanced Roadside Assistance.

When you enroll for SUBARU STARLINK® Services or otherwise accept the SUBARU STARLINK® Connected Services Terms of Use, you accept and agree to be bound by, among other things, this Policy.

When you use certain SUBARU STARLINK® Services including but not limited to Locate Vehicle, Vehicle Alerts (Boundary Alert, Speed Alert, and Curfew Alert), and Vehicle Health, you may receive personal information about the other drivers and occupants of your vehicle including vehicle location. You agree to inform the other drivers and occupants of your vehicle that you are using these Services and you agree that you will have the consent of, or will have the authority to consent on behalf of, the other drivers and occupants of your vehicle to being monitored in this manner. You also agree to being monitored in this manner by an Authorized User or any other user of your SUBARU STARLINK® Services.

When you designate an individual as an “Authorized User” of your SUBARU STARLINK® Services through your MySubaru account, you will be providing certain personal information about the Authorized User to us. You agree that you will have the consent of, or will have the authority to consent on behalf of, the Authorized User to transmit his/her personal information to Subaru for this purpose.

Your consent to the collection, use or disclosure of personal information in connection with the SUBARU STARLINK® System or the SUBARU STARLINK® Services may also be implied or implicit through your conduct when it is reasonable and legally permissible for us to do so.

We will honour any specific consents you provide to us regarding the collection, use, or disclosure of your personal information. You may withdraw or change your consent at any time, subject to legal or contractual restrictions, by giving us reasonable notice. In appropriate cases, we will inform you of any implications of withdrawing your consent. IF YOU WITHDRAW YOUR CONSENT TO THE COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION AS DESCRIBED IN THIS POLICY, THEN YOU WILL NOT BE ABLE TO HAVE SUBARU STARLINK® SERVICES. TO WITHDRAW YOUR CONSENT, PLEASE LOG INTO MYSUBARU.CA AND UNSUBSCRIBE FROM SUBARU STARLINK® SERVICES. Notwithstanding the foregoing, we reserve the right to retain, collect, use, or disclose your personal information and to contact you where we are legally required or permitted to do so.

We will not, as a condition of the supply of services, require you to consent to the collection, use, or disclosure of your personal information beyond that which we require for our purposes.

In certain circumstances as permitted or required by law, we may collect, use, or disclose your personal information without your knowledge or consent. These circumstances include the following:

By enrolling for or using SUBARU STARLINK® Services, you consent to us contacting you about the Services via the SUBARU STARLINK® System in your vehicle, your mailing address, your email address, and your home, mobile or business phone number on file. You also consent on behalf of other drivers or occupants of your vehicle to allow us to contact them through the SUBARU STARLINK® System.

Subaru protects the personal information it holds or controls, by establishing reasonable security arrangements against loss, theft, unauthorized access, use, disclosure, copying or modification, commensurate with industry standards. We train our employees and Dealers on the importance of maintaining the confidentiality of personal information, and we exercise care in the disposal or destruction of personal information. Examples of safeguards include physical measures (such as locked filing cabinets and access cards), organizational measures (such as security clearances and restrictions on employee access to files and databases) and technological measures (such as passwords and firewalls).

Also, we require our third party service providers acting on our behalf to enter into contracts with us that ensure they will keep the information we share with them safe and secure. For example, our third-party service provider that processes your payment for SUBARU STARLINK® Services must comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. This includes encrypting payment information using Secure Socket Layers (SSL) and transmitting it over a private Multi-Protocol Label Switching (MPLS) network. Our third-party service provider that maintains your MySubaru account is required to encrypt all back-ups of personal information, logically separate the personal information we transmit to it from the personal information of its other customers, and use industry-standard password policies.

As an additional security measure, we provide you with a Personal Identification Number (PIN), which you are required to use when you access certain SUBARU STARLINK® Services. Our SUBARU STARLINK® Connected Services Representatives may also ask you certain security questions to authenticate your identity. You must keep your MySubaru account password, security question answers and PIN safe from unauthorized access. If others have access to this information, then they may be able to access certain SUBARU STARLINK® Services.

In providing SUBARU STARLINK® Services to you, voice and data are transmitted between our SUBARU STARLINK® Connected Services Representatives and your vehicle over a cellular telephone network. While our third-party service providers must secure data transmitted over this network, the network is complex, and the privacy and security of conversations or data transmitted to and from the vehicle cannot be guaranteed.

Subaru transfers information outside of Canada including but not limited to the United States, Sweden, India and Japan, for processing by Subaru, its parent company (Subaru Corporation), affiliates or third-party service providers for some or all of the purposes described in the Use of Personal Information section above. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. However, personal information may be still accessible to law enforcement agencies, government agencies, courts, and national security authorities of the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact Subaru’s Privacy Officer at the contact information at the end of this Policy.

Subaru will make reasonable efforts to ensure that the personal information we have is accurate, complete and up-to-date as necessary for the purposes for which it is to be used, including information that is disclosed to third parties, and information that is used to make a decision about an individual. Our reasonable efforts include obtaining updated information from our Dealers when you service your vehicle at the Dealer.

We keep information we collect for as long as necessary to fulfill the purposes described in the Use of Personal Information section above or as required or permitted by applicable privacy law. Once no longer required, we will anonymize or destroy the information in a secure manner.

When determining retention periods, we consider certain criteria including the following:

You are responsible for maintaining the accuracy of the information you submit to us, such as the contact information you provide as part of your enrollment for SUBARU STARLINK® Services. You may access, review, correct, or update the personal information you have provided to us, through your MySubaru account, or by making a request through email or mail to the address below.

You have a general right to access your personal information in our possession or custody. Upon receiving a written request (mail or e-mail) from you addressed to Subaru's Privacy Officer clearly identifying the requested information with adequate information to identify you, we will inform you of the existence, use, and disclosure of your personal information and give you access to your personal information. If we are not able to provide a list of the organizations to which we may have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed the information.

We will respond to your written access request with information in a form that is generally understandable, within a reasonable timeframe (generally within 30 days) or we will provide you with an explanation if additional time is required to fulfil your request. Our response will typically be provided for a minimal handling fee which we reserve the right to vary depending on the nature of the request and the amount of information involved. We will inform you of the approximate cost to provide the response, and will provide you with the information upon receipt of payment.

You may question the accuracy and completeness of your personal information and request that we amend it as appropriate. If you demonstrate in a reasonable manner the inaccuracy or incompleteness of your personal information, we will amend the information as required. If a request is not resolved to your satisfaction, we will record the substance of the unresolved request. Where appropriate, the amended information or the existence of the unresolved request will be transmitted to third parties having access to the information in question.

In some situations, we may be permitted to refuse or not be able to provide access to certain personal information, and will upon request provide an explanation. Exceptions to the access right which are permitted or required by applicable privacy laws include the following:

To make access requests to us for your personal information, please contact our Privacy Officer at the contact information at the end of this Policy.

Subaru will, on request, provide information regarding our procedure for addressing any complaints made with respect to Subaru's application of privacy laws. Subaru will investigate all written complaints, and if we find a complaint to be justified, we will take the appropriate measures, including, if necessary, amending our policies and practices.

Subaru’s commitment to your privacy includes reviewing periodically its privacy policies and practices. Accordingly, Subaru may change this Policy from time to time and the revised Policy will be posted to our websites effective as of the revised date stated on the revised Policy. If we make any material changes to this Policy, then we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice in your MySubaru account prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you continue to use SUBARU STARLINK® Services following changes to this Policy, then you will be deemed to have accepted the changes. You can access the current Policy online at MySubaru.ca and Subaru.ca or by requesting a copy by contacting us at the contact information set forth below.

If you have any questions or concerns regarding this Policy or Subaru’s privacy practices, please contact Subaru's Privacy Officer at:

Privacy Officer
Subaru Canada, Inc.
560 Suffolk Court
Mississauga, Ontario L5R 4J7
Email: privacyofficer@subaru.ca

SUBARU FINANCIAL SERVICES PRIVACY POLICY

TCCI Privacy Policy

Toyota Credit Canada Inc. (“TCCI” or “we”, “us”, “our”) operates throughout Canada under the business name of “Subaru Financial Services”. TCCI is the financial services provider to the Distributor (defined below).

This Privacy Policy

As a provider of financial services, the collection, use, and disclosure of your personal information is very important to our day-to-day business operations. The purpose of this Privacy Policy ("Privacy Policy") is to inform you of the specific types of personal information we collect, why we collect it, how it is used, how it is disclosed and how you may correct errors in your personal information collected by us.

In this Privacy Policy, the “Distributor” is the Canadian distributor of the vehicle for which you are applying for credit or for which you have entered a finance or lease agreement and the “Dealer” is the Distributor’s authorized dealership through whom you are applying for credit or through whom you have leased or financed your vehicle.

This Privacy Policy applies to information we collect, use, or disclose about our customers, including information you provide:

The Portal may include links to third-party websites, plug-ins, services, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third-party websites, and we encourage you to read the privacy policy of every website you visit.

We understand the importance of your personal information and take pride in our commitment to maintaining its confidentiality. We ensure that your personal information is collected, used and disclosed only in the manner in which you have consented. Our organization ensures that we meet or exceed the requirements of all laws and regulations applicable in Canada.

Please read this policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, your choice is to not provide information to TCCI or not use the Portal.

What is "Personal Information"?

"Personal information" is any personally identifiable information about you, which may include, but is not limited to, your name, mailing address, credit history, credit card number, banking information and voice recordings as well as the terms of your financing and lease agreements (as applicable). It does not include aggregated information that does not allow you to be directly identified.

How Do We Collect Personal Information?

When you finance or lease a vehicle through us, we will collect the personal information you provide to us in your credit application.

Your personal information is also collected when you enter into a finance or lease agreement with us, and when you provide documents, including banking or insurance documents, necessary for the administration of your finance or lease agreement with us.

We may also collect information during our interactions with you for our mutual protection including, monitoring or recording your telephone discussions with our representatives for servicing accuracy, quality assurance and/or for training purposes. We may also collect your personal information from third parties including, but not limited to, third parties referenced on your credit application and other credit providers or credit bureaus, however, your consent will have always been obtained prior to any third parties being approached. For example, when you have given us your consent to contact your references or your employer by providing us with their contact information on your credit application.

When you access and use the Portal, we use different methods to collect your personal information, including through:

The information we collect directly from you on or through the Portal may include:

Information We Collect Through Cookies

We use cookies to analyze traffic on the Portal and to make improvements to the Portal in order to create the best possible experience for users. We also share information about your use of the Portal on an anonymous basis with our analytics partners (including advertisers, ad networks and servers, content providers, and application providers) who may combine it with other information that you’ve provided to them or that they have collected from your use of their services. By continuing to use the Portal, you consent to our use of cookies.

How is Your Personal Information Used and Disclosed?

We may use and share your Application and Agreement personal information with the Distributor, your Dealer and the third parties described below, for the following purposes:

We use personal information that we collect about you or that you provide to us on or through the Portal, for the following purposes:

We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you, as permitted by law. If you do not want us to use your information in this way, please use the unsubscribe mechanism at the bottom of our marketing e-mails or contact us by telephone at 1-888-513-5949.

We may share personal information that we collect or you provide through the Portal as described below:

We may also share your personal information:

Your Consent

We will only collect, use and disclose your personal information with your consent.

Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information. In connection with your Application(s) and Agreement(s) you will be asked to consent expressly to our collection of personal information for the purposes identified herein. Additionally, you will be asked to consent expressly to any collection of personal information about you that is particularly sensitive, such as information about your credit history and social insurance number. In other cases, your consent is understood, such as when you respond to a customer satisfaction survey, register for updates on this Portal or speak with our representatives after having been notified that the call may be recorded.

Customers who prefer not to have their calls recorded can conduct their business with us in writing or you can immediately advise the Customer Service representative that you do not wish to be recorded and we will ensure that procedures are activated to comply with your request.

You may notify us that you do not wish us to use your personal information for any purposes that are not required to supply you with a product or service at any time by contacting us in any of the ways described below under the heading "How You Can Review and Update Your Personal Information". We will seek your further consent to any additional uses of personal information for which we have not obtained your consent previously.

Subject to legal and contractual restrictions, you may at any time withdraw or change your consent to our use or disclosure of your personal information, or request us to delete it from our files. However, if you do not provide personal information required to supply a product or service or withdraw or change your consent, we may not be able to provide that product or service. Notwithstanding any withdrawal of consent, we may retain and use your information for account administration purposes, including collection of any amounts you owe us.

Our services do not address anyone under the age of 16 (“child” or “children”). We do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our systems.

With Whom is Your Personal Information Shared?

We may share your personal information with the Distributor, the Dealer and with other third parties, as described in this section and above in the section called “How is Your Personal Information Used and Disclosed?” for the purposes described therein. We will not disclose any of your personal information to any other persons except with your prior express consent, or in connection with a sale of all or substantially all of the assets of one of our businesses, or as may be required or permitted by law.

Your personal information may be transferred to third party service providers that we use to assist in managing and processing your personal information. Our third party service providers are required to use, maintain and disclose your personal information only in accordance with our instructions to them and only on our behalf.

We will also share your information with our joint-marketing partners who may provide you with information about their products and services. You will be provided with an opportunity to opt-out of communications with our joint-marketing partners.

Does TCCI Transfer Information Outside of Your Jurisdiction?

The personal information that you provide to TCCI may be transferred outside of Canada (and for Quebec customers, outside of Quebec) for storage and processing. TCCI uses service providers that store and process your personal information on servers located in Canada, the United States and Ireland. When TCCI uses service providers to store and process your personal information, TCCI's policy is to have appropriate contractual provisions in place with those service providers limiting the purposes for which your personal information is being transferred to them and stipulating security requirements for that information. When required by applicable law, we conduct privacy impact assessments to assess the risk associated with transferring personal information outside of Canada (or outside of Quebec, as applicable). Please note that the privacy laws in other jurisdictions may differ from Canadian privacy laws and in some jurisdictions your personal information may be accessed by law enforcement authorities or the courts. If you have any questions regarding our policies and practices relating to storage and processing of personal information outside of Canada, please contact us in any of the ways described below under "How You Can Review and Update Your Personal Information".

How Long Do We Retain Your Personal information?

We retain your personal information as long as is required for the purposes identified when you provided the personal information and for any new purposes identified by us and consented to by you, and for an appropriate time thereafter. We then delete the personal information or anonymize it as described in the follow paragraph.

Under some circumstances we may anonymize, pseudonymise, or de-identify your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous, pseudonymous, or de-identified data for any serious and legitimate business purpose without further notice to you or your consent.

How Do We Protect Your Personal Information?

We protect your personal information using security systems appropriate to the sensitivity of the information. In our ongoing effort to safeguard your personal information from unauthorized collection, use or disclosure, we have put in place a number of safeguards including; contractual, organizational, structural and technological security standards.

Your Rights Regarding Your Personal Information

You have the following rights with respect to the personal information that we hold about you:

Please note, we rely primarily on you to provide us with your most complete, accurate and up-to-date personal information and to inform us of any changes to your personal information.

If you are a Quebec customer, you may also ask that we cease disseminating personal information about you in certain circumstances provided by applicable law.

For any inquiry related to your rights described in this section or this Privacy Policy, please contact us as follows:

Customer Service Manager
Toyota Credit Canada Inc.
80 Micro Court, Suite 200
Markham, Ontario
L3R 9Z5

or by telephone: Dial and Call 1-888-513-5949.

If you have any questions or concerns regarding our privacy policy and procedures, including with respect to your right to access or rectify your personal information, or to withdraw your consent, please contact the Privacy Officer at sfs-privacy@subaru.ca or using the address provided below:

Privacy Officer
Toyota Credit Canada Inc.
80 Micro Court, Suite 200
Markham, Ontario
L3R 9Z5

Will this Privacy Policy Change?

We reserve the right, at any time, to modify this Privacy Policy at our sole discretion, and you agree to be bound by any such modifications, which shall be effective immediately upon our posting the revised Privacy Policy on our web site or the Portal.

POSTED: September 22, 2023