General

Privacy is a cornerstone of our business. Based in Europe, our operations are subject to global privacy laws and regulations, including the European privacy laws (General Data Protection Regulation (GDPR)). GDPR privacy rules are considered to be the most demanding set of regulations in the world, offering a high level of data protection. Our global policies on privacy and the processing of your personal data reflect these standards, and in some cases the regulations are more stringent.

To read who has access to your information, get information about your rights and where we store your data, jump to more information.

Big data

Big data drives our business, but your privacy comes first. We collect data from our websites, products and services. Overall, there are four different types of data that we use:


Directly Identifiable data:

When you create a TomTom account, purchase and use our products or services, contact customer portal, or otherwise interact with us, you directly supply to TomTom personal data such as your name and email address, your home address and favorite locations that you synchronize between devices, reported feedback about speed cameras or map errors, your age and phone number. See more in the TomTom account section.


Sensor data:

Many TomTom products are equipped with sensors or use device sensors such as GPS receivers, Wi-Fi or Bluetooth, camera, microphone, G-force and touch screens. These sensors automatically collect data when activated.


Metadata:

While you use our websites, products and services, metadata gets automatically collected or generated as a result of you using a device, transmitting your data over a network or requesting a specific service such as TomTom Traffic. This data could contain information about your technical configuration, device settings, user interface and other events related to your usage, and can be linked to other details such as IP-addresses, unique identifiers, cookies (see also our cookie policy) and other records of your activities.

Data from others:

Our clients, such as car manufacturers, could share data with TomTom that they have collected under their responsibility and in accordance with their privacy policies, including the driver’s consent requirements. Examples of data delivered and processed in accordance with the car manufacturers instructions and technical standards, could include among others GPS location data, car and camara sensor data, active community input (feedback reported by the driver of the car manufacturer such as speed camara or hazard), application usage data, device properties data (brand, model, type, engine type and battery capacity), randomly generated session IDs or access tokens. We only use that data within the limits instructed by these parties, while adhering to contractual arrangements. To learn how TomTom handles data received by its car manufacturers customer, please see section Security.

Help us learn

TomTom does not process any personal data for the purpose of identifying you. Instead, you can help TomTom keep our products and services secure such as TomTom and GO Expert apps or Personal Navigation Device (PND), and have them perform as expected and improve the quality and user experience by sharing data on how and when you use our apps, products and services. This includes information about your device, operating software and information we receive when you use certain features such as locations, route planning, destinations and search.

We categorize our users based on aggregated information such as frequency of use, specific features, region information (e.g., country and city), product and device information. Our analysis does not contain individual location information or information that you have entered but may include information that identifies your device, such as a hashed identifier. You can stop sending this information at any time by adjusting the product settings to withdraw your consent. Some TomTom products such as TomTom and GO Expert apps or Personal Navigation Device (PND) ask your approval to collect your journey information for a longer period to analyze patterns and behavior. More details are available in the product privacy settings and in the DRIVE section.

We also collect analytics, technical and diagnostic information which may include information that identifies your device. This helps us to investigate crashes or service disruptions, detect fraud and abuse, security management, performance and capacity management, as well as for (aggregated) reporting purposes and to improve the quality of our products and services by being able to show you more accurate real-time information and develop better navigation products. We always protect your identity and remove personal user details by using different techniques such as temporary random identifiers to prevent the data can be easily linked back to you, your device or product. Third parties that support our business could also receive this data subject to the privacy policy of that third party, more information can be found in the product

Security

To ensure that TomTom meets the highest security standards, TomTom holds various compliance certificates, such as ISO/IEC 27018:2019 for Information Security Management Systems to protect personally identifiable information (PII) in public clouds acting as PII processor, ISO/IEC 27001:2022 for Information Security Management Systems outlining the implemented policies and procedures to manage risk and secure our data effectively, as well as TISAX (Trusted Information Security Assessment Exchange) certification, which is an industry-standard information security assessment catalog that focuses on operational security, data protection, third-party connections and prototype protection in the European automotive industry.

Additionally, to protect your data against unauthorized access TomTom applies appropriate technical, operational and security industry standards and methods, such as de-identification, anonimization, encryption or temporary random identifiers to prevent location details from being easily linked back to you or your device.

Within 24 hours of shutting down your device or app, TomTom automatically and irreversibly erases data that we hold which could re-identify you or your device.

To protect your journey information against unauthorized access, your device will randomly generate an identifier which is associated with your journey information sent to TomTom at regular intervals.

We don’t know where you have been and can’t tell anyone else, even if we were forced to. We never link actual location data to your TomTom account or any other information that identifies you directly. We also don’t sell your location data - our products are 100% ad-free.

We will not give anyone else other than our service providers access to the information subject to contractual safeguards and we don’t use it for any other purpose than communicated to you unless we have been lawfully ordered to do so. With the goal of enabling the collection and storage of the data between our online product and services, as well as car manufacturers and TomTom in a secure manner, we use an advanced technological system for data collection and archiving. This system applies technical measures, so the data is processed in a way that is secure and in compliance with privacy laws by adding layer of abstraction via encrypted, short-lived session codes to link sessions and datapoints from different backend systems that belong to the same device without revealing the particular device. In this way, it is not possible to disclose the devices beyond the systems and to correlate data between different databases due to different encrypted session codes, which vary per backend system, per device and per lifetime. The information may be further aggregated for analysis and system improvement to the benefit of the car driver (for instance, measuring the estimated travel time to reach a selected destination, or for electric vehicle drivers an accurate estimation of reachable range and the battery level at the next stop).

TomTom account

You can create your TomTom account when using our navigation devices, apps or website. For this we need some minimum details about you:

  • Email address – this is your username when you log in to your TomTom account. With your permission, we will send you emails about software updates, the latest news about TomTom products, how to get the most out of your product and exclusive offers. You can easily change your email preferences in your online account settings or unsubscribe via the link in the emails that you have received.
  • Name and country.
  • Password – we recommend you pick a strong password that you don’t use for anything else. We store the password in encrypted code, so we don’t see what your password is.

If you log into TomTom using Facebook or Google (collectively, “Third-Party Accounts”), we will create a TomTom account with your name and email address you agreed to make available. This information is collected by the Third-Party Account providers and is provided to TomTom under their privacy policies.

When you purchase a TomTom product or service via our online store, information about your orders, delivery address, repairs, subscriptions, navigation devices and apps could be linked to your TomTom account, and is visible by logging in to your account via tomtom.com. We don’t store your payment details, such as credit card information. These details are securely kept by our payment provider in their secure environment and TomTom has no access to this data.

TomTom Account is a cloud-based platform that saves your settings, preferences, favorite locations and destinations. When you log-in into your TomTom Account, this data becomes automatically available to all devices and apps you logged in to with the same account. The information within your TomTom Account will retain references to all your devices or apps associated with your account and doesn’t have access to your passwords.

When you log out of your TomTom Account, any adjustment of your data such as a planned route via another device will no longer be synchronized to that specific device. Your data within your TomTom Account will remain available via plan.tomtom.com or other logged in devices until you actively delete it via plan.tomtom.com (former Mydrive.tomtom.com) or by using devices and apps that support deletion. TomTom Account data is securely stored in the EU and apart from service providers that processes this data subject to contractual safeguards, TomTom will not give anyone else access to your TomTom Account data or use it for any other purpose than communicated to you unless we have been lawfully ordered to do so.

In case third parties such as car manufacturers select TomTom as service provider to deliver a cloud-based platform as part of the product portfolio offered to their clients, these parties make an account mechanism available under their own brand through their devices and apps. The collection and usage of data occurs under the full responsibility of these third parties providing services, devices or apps in accordance with their privacy policies. TomTom is only allowed to use this data within the limits as instructed by these parties while adhering to contractual privacy arrangements at the same time.

You can find more details about how to submit requests for accessing or deleting your (account) data with TomTom on our GDPR support page.

California Privacy Rights

If your personal data is protected by the California Consumer Privacy Act (CCPA), TomTom International B.V., on behalf of TomTom business, wishes to inform you about the data categories we collect from you and how we process your data. This privacy statement was last edited on August, 2024, and subject to change at any time with or without further notice. We recommend that you re-visit this information from time to time to see if anything has been updated.

This statement supplements our other privacy notifications. Each TomTom product and service collects certain categories of personal information, you can check the in-product privacy notification or relevant sections in our general online privacy statement for more information. In case another party is using our products, for example a car manufacturer, as part of a service offered to you, you can read their privacy statement for more information.


Categories of personal information

Overall, we collect the following categories of personal information:

  • Geolocation data:
  • Identifiers such as your name, postal address, country, email address, account details and other unique (online) identifiers;
  • Commercial information about your purchases such as invoices and order confirmations;
  • Information about your internet or other electronic network activities, including information obtained via cookies and similar technologies;
  • Audio and electronic information when you use specific product features such as voice commands;
  • Professional information when you are registered as a visitor of TomTom offices.

Use and disclosure of your personal information for business purposes

TomTom software uses your location data to function correctly and to enable certain features. With your permission, we use your location data to send information to your device that is relevant to where you are or enabling you to use a specific feature such as our traffic services. We also use your location data to improve the quality of our products and services after making sure it can no longer be linked back to you directly. TomTom deidentifies your location data within 24 hours after you have stopped using the TomTom product or service by automatically and irreversibly destroying the data that would allow you or your device to be identified from the location data we have received. You can choose to send your location data or stop sending this information to TomTom at any time via TomTom’s product settings. If location data is stored on your TomTom device, it will be deleted when you stop sending this information to TomTom. We don’t know where you have been or who you are.

Your personal information mentioned in categories 2 – 6 will be solely used for TomTom’s business purposes, such as auditing, detecting security incidents, registration and management of user accounts, providing customer support, processing or fulfilling orders and transactions, repair and warranty services, verifying customer information, processing payments, performing analytics and research to improve the quality, safety and content of TomTom products and services.

When necessary to fulfill certain of these business purposes, TomTom shares your information with other parties such as IT hosting providers, third-party cookie providers, social media and marketing partners and other service providers that keep our products secure and performing well or manage and analyze usage of our products. We have contracts in place with these parties to process your data only for authorized purposes to deliver certain services that require them to act consistently with this statement and to use appropriate security measures to protect your personal data.

Be aware that your device operating system, your service provider using TomTom software components, or communication networks may also collect, transmit and store your personal and location information. TomTom has no influence over this. For more details you can check the statement and settings from your mobile operator, device manufacturer, supplier and other app developers. When you share certain information on social media, the social media provider will process that information in accordance with its own privacy policies. You can check these policies for more details.

We promise not to give anyone else access to your information unless we have a legal obligation to do so, for example when we are obliged by applicable law to disclose your information to governments, competent authorities and law enforcement agencies or to defend TomTom’s legitimate interests in legal proceedings. We don’t sell your personal information to anyone or otherwise disclose your personal information in exchange for money or something else of value.


Your privacy rights

You can file a verifiable request with TomTom to specifically disclose, correct or delete your personal information. More details can be found on our privacy support page or within your TomTom account. You can also contact our customer service team for more information, contact details can be found here.

All our products contain privacy settings where you can manage the collection of your data. If you wish to opt-out of online tracking, please follow the steps listed in our cookie statement. You can manage emails campaigns in the settings of your online account, in case of any future change of preference.

In case you have appointed an authorized agent to make privacy requests on your behalf, this agent should follow the same process to provide your account details for verification.

When you request TomTom to disclose your personal information, TomTom is not obliged to reidentify or link any data that is not maintained in a manner that would be considered personal information and will not do so as such. TomTom will not discriminate you for exercising these rights.