More information

What is our legal basis for using your personal data?

When you set up a TomTom navigation device, download one of our apps or create a TomTom account, we need minimum information to enable you to use features safely and properly. The first time we need access to your location information (including your GPS location), you will see a notification asking for your consent to share this data with TomTom for specific purposes. We also ask your consent before we use your journey information (for instance, your driving patterns and behavior including time, location, direction, search interaction, product usage and other behavioral data) to improve the user experience, meaning depending on the product usage and other device properties or behavior data we improve our products. We only synchronize certain information between apps and devices after we have your consent. You can easily change your consent in the settings of your device, app or via your TomTom account. Withdrawing your consent could mean that some services are no longer available.

In some cases, we process your data based on TomTom’s legitimate interests pursued as a data controller, where we ensure that the processing is legal, reasonable and fair by considering the impact on your rights and freedoms in order to ensure we don’t contradict or place them at unreasonable risk.

  • It is in TomTom interest that we provide and maintain reliable products and services together with improving the customer experience. To help keeping them working as expected by testing and experimenting with new features, monitoring service performance including its efficiency, and ensuring software optimization, we collect information related to your device or cellular data signal strength, log information to resolve crashes or failures, information for troubleshooting, debugging and other technical diagnostic information.

  • It is also in our interest to secure our products and services, our systems, your user account, prevent fraud or detect threats or unlawful activities. To achieve this we use process your information subject to appropriate technical and operational measures to protect your identity in accordance with industry practices, taking into consideration the risk represented by the kind of processing activity and the nature of the data in scope.

  • It is in TomTom interest to improve the customer experience by looking at how and when you use our products and services. This includes collecting information about your activity, how you interact with our apps for example when you last updated your information about your account, timestamps related to your use such as when you last used our services to determine whether you’re still an active user, your interaction with our customer support service.


We also process your data as necessary to conclude and perform our contract with you to operate and provide our services as described in the terms and conditions of our products.

In some circumstances, we process your data to comply with a legal obligation including, for example, to access or disclose certain information if there is a valid legal request from a law enforcement authority or regulator.

How can you manage your personal data?

You can access your personal data, obtain a copy, have incomplete, incorrect, unnecessary or outdated data updated, withdraw your consent, transmit your data in structured commonly used and machine-readable formats (data portability), or request that your data will be deleted. When we process your personal data based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. You have the right to object to or restrict processing in certain circumstances, such as when you believe the data is inaccurate or the processing activity is unlawful. To execute your access and deletion rights, you can contact TomTom via our dedicated GDPR support page on tomtom.com or your TomTom account. For other requests, you can contact us directly using the DPO contact details on our website. Some TomTom product accounts give you the option to directly access or delete your data, for instance it’s possible to download and delete road trip information that we hold via plan.tomtom.com.

Who has access to your personal data?

We don’t sell or disclose your personal data to other parties unless otherwise stated below.

TomTom only shares your information with TomTom affiliates that are responsible for services and products, and with processors or service providers when necessary to operate TomTom’s business or deliver certain services that TomTom has hired them to provide, which may require access to your data. We have contracts in place with third parties, such as our IT cloud service providers (for example Microsoft and AWS) and other service providers such as logistics partners, payment service providers and repair centers, to process your data only for authorized purposes to deliver certain services that require them to act consistently with these arrangements and subject to appropriate security measures to protect your personal data. To learn about different types of service providers TomTom share data with, please see section Subprocessors.

Be aware that your device’s operating system, other apps running on your device or the communication networks collect, transmit and store your personal and location information. TomTom has no influence over this. For more details you can check the statement and settings from your mobile operator, device manufacturer and other app developers. When you share your information directly with a third party, for example posting details on social media, the third party will process that information in accordance with its own privacy policies. Our product privacy settings, such as AmiGO or GO Navigation apps contain more information on embedded third-party services.

We promise not to give anyone else access to your information unless we have a compulsory legal obligation to do so, for example when we are obliged by applicable law to disclose your information to governments, competent authorities and law enforcement agencies or to defend TomTom’s legitimate interests in legal proceedings.

Where do we store your personal data?

By default, we store your information in certain European countries, and countries where our external third-party service providers are located, please see section Subprocessors. TomTom has in place intragroup agreements between its different affiliates in order to comply with all common standards for international data transfers. In limited cases, your personal data may be transferred to countries outside the EEA with different regulations on data protection that have not received an adequate decision from the European Commission (EC) in compliance with the GDPR. In those cases, we assess that your privacy is protected in the best way possible and that an adequate level of data protection is met, for example through an official adequacy decision from the EC, including the EC’s adequacy decision for the United Kingdom under the GDPR; certification under the EU-US Data Privacy Framework which recognizes the U.S. as a country with sufficient level of protection for personal data of the EU data subjects, allows U.S. companies to self-certify their compliance with the Framework (without the need for any additional safeguarding mechanisms); or appropriate safeguards with standard contractual clauses set out under Commission Decision (EU) 2021/914 of 4 June 2021 (‘EU SCCs‘) incorporated in TomTom’s Data Processing Agreements (Module Two: Controller to Processor or Module Three: Processor to Processor, which are available at tomtom.com) to ensure that your personal data leaving the EEA area will be transferred in compliance with the GDPR, subject to additional transfer risks assessments.

To see which service providers TomTom works with, please see section Subprocessors. You may contact our DPO for more information about data transfers and safeguards.

How long do we store your personal data?

We apply the storage limitation principle pursuant to which we don’t use or retain your information longer than strictly necessary for the purpose for which it was originally collected. We delete all data related to you once there is no longer a lawful ground to process your data, for example you have submitted the data deletion request or a contract with third parties processing your data has terminated. In some cases, after the expiration of the applicable retention period, we may continue to use anonymous or de-identified information, when specific data is needed for further analyses, product improvements and reports. The length of time that we retain personal data and criteria for determining that time, are dependent on the nature of the personal data, our legal obligations, including legal claims, and the purpose for which it was provided. For example:

  • As described in Directly Identifiable data and TomTom Account above, we require certain information related to your account to deliver our services. Such information will be maintained for the lifetime of your account.

  • We generally keep customer support communication until a deletion request is received for an active account on tomtom.com, or according to the deletion criteria we established for the inactive accounts. In the absence of an account, we keep customer support information for 30 days after they have been dealt with.

  • We keep general tax, purchasing, sales and other administration related records for 7 years.

  • We keep consumer and products guarantee related information for 2 years.

  • We keep information provided by our car manufacturers clients in accordance with their instructions as specified in the contractual agreements.

  • We keep information collected using cookies as specified in the cookies policy.

  • We may keep certain data to continuously provide our customers with high-quality products and services which are expected to remain best-in-class. Hence historical data can provide indispensable insights to improve our products, enhancing their functionality, ensuring they remain competitive and meet the evolving needs of our customer during the product lifetime


You can contact our DPO at privacy@tomtom.com for more information about retention of your personal data.

Subprocessors

To learn more about the third parties which support the TomTom products and services secure such as AmiGO and GO Navigation apps or Personal Navigation Device (PND), please visit the product-related privacy details.

TomTom works with the following third parties that support our business:

Description of processing: Cloud services provider: processing and storing data in the cloud.
Recipients of data: Amazon Web Services EMEA SARL.
Data categories: All data.

Description of processing: Cloud services provider: processing and storing data in the cloud.
Recipients of data: Microsoft Ireland Operations Ltd.
Data categories: All data.

Description of processing: Logging management tool for online cloud services to analyze and search logs across multiple technical services that compose a product or service delivered to TomTom clients.
Recipients of data: Scalyr Inc.
Data categories: All data.

Description of processing: CRM platform for providing customer support.
Recipients of data: Zendesk.
Data categories: Customer ticket ID, email address, username, name, gender, date of birth, country, language password, phone number, ticket history, customer communication.

Description of processing: Chatbot for providing customer support.
Recipients of data: Ada.
Data categories: Name, email, customer ticket ID, order specifics, serial numbers, address, and other pertinent information related to user inquiries.

Description of processing: Marketing customer relations management solution where the email preferences center live.
Recipients of data: Airship Marketing Cloud.
Data categories: Email preferences selection, name, email address, physical address, order and purchase history, customer device information, complaints, reported incidents.

Description of processing: Tool to create internal bundled tickets for deletion and access requests, invoice processing.
Recipients of data: Jira and Confluence Cloud.
Data categories: ID, email address, username, name, gender, date of birth, country, language password, phone number, ticket history, customer communication.

Description of processing: Operational support, improvement of service quality & content, service management: technical diagnostics, service improvement, fraud and abuse detection, performance & capacity management, security management, aggregated reporting.
Recipients of data: TomTom Affiliates: TomTom Belgium NV, TomTom Germany GmbH & Co KG, TomTom Location Technology Germany GmbH, TomTom India Private Limited, TomTom Polska Sp. Z.o.o., TomTom North America Inc., TomTom Sales B.V. (UK branch), TomTom Global Content B.V.
Data categories: All data.

Do you have any questions or complaints?

You can contact TomTom’s Data Protection Officer (DPO) at:

TomTom International B.V.
Privacy Office / DPO
De Ruijterkade 154
1011 AC Amsterdam
The Netherlands
Email: privacy@tomtom.com

If you’re not satisfied, you can also contact the Dutch Privacy Authority.

Who’s responsible for your personal data?

TomTom International B.V., De Ruijterkade 154, 1011 AC Amsterdam, the Netherlands is responsible for your personal data in relation to TomTom products and services. TomTom affiliates providing specific products or services may be (joint) controller or data (sub)processor of your data. You can find more information about these affiliates in the product legal terms and conditions available through the product settings or our website.

Copyright © 2024 TomTom International BV. All rights reserved.