To ensure that TomTom meets the highest security standards, TomTom holds various compliance certificates, such as ISO/IEC 27018:2019 for Information Security Management Systems to protect personally identifiable information (PII) in public clouds acting as PII processor, ISO/IEC 27001:2022 for Information Security Management Systems outlining the implemented policies and procedures to manage risk and secure our data effectively, as well as TISAX (Trusted Information Security Assessment Exchange) certification, which is an industry-standard information security assessment catalog that focuses on operational security, data protection, third-party connections and prototype protection in the European automotive industry.
Additionally, to protect your data against unauthorized access TomTom applies appropriate technical, operational and security industry standards and methods, such as de-identification, anonimization, encryption or temporary random identifiers to prevent location details from being easily linked back to you or your device..
Within 24 hours of shutting down your device or app, TomTom automatically and irreversibly erases data that we hold which could re-identify you or your device.
To protect your journey information against unauthorized access, your device will randomly generate an identifier which is associated with your journey information sent to TomTom at regular intervals.
We don’t know where you have been and can’t tell anyone else, even if we were forced to. We never link actual location data to your TomTom account or any other information that identifies you directly. We also don’t sell your location data - our products are 100% ad-free.
We will not give anyone else other than our service providers access to the information subject to contractual safeguards and we don’t use it for any other purpose than communicated to you unless we have been lawfully ordered to do so. With the goal of enabling the collection and storage of the data between our online product and services, as well as car manufacturers and TomTom in a secure manner, we use an advanced technological system for data collection and archiving. This system applies technical measures, so the data is processed in a way that is secure and in compliance with privacy laws by adding layer of abstraction via encrypted, short-lived session codes to link sessions and datapoints from different backend systems that belong to the same device without revealing the particular device. In this way, it is not possible to disclose the devices beyond the systems and to correlate data between different databases due to different encrypted session codes, which vary per backend system, per device and per lifetime. The information may be further aggregated for analysis and system improvement to the benefit of the car driver (for instance, measuring the estimated travel time to reach a selected destination, or for electric vehicle drivers an accurate estimation of reachable range and the battery level at the next stop).