Skip to main content

Privacy Policy

1. Privacy Policy

This website (“the Website”) is operated by Gilbert + Tobin (ABN 88 775 098 848). We are the solicitors acting for the Applicants in the Toyota class action (“the Class Action”) described on the Website. Balance Legal Capital LLP is a litigation funder based in London, UK and is funding the Class Action. Together, Gilbert + Tobin and Balance Legal Capital are referred to as “us” or “we” or “our” on the Website.

We have a commitment to respecting your privacy and believe that privacy is an important individual right.

This Privacy Policy (“Policy”) applies in relation to aspects of conducting the Class Action and the administration of the Website in particular, and explains how we comply with the Privacy Act 1988 (Cth) (“the Privacy Act”) and (where applicable to persons residing in the European Economic Area “EEA”) the General Data Protection Regulation.

This Policy relates to the collection, storage and use of personal information that is covered by the Privacy Act, being information or an opinion relating to an individual, which can be used to identify that individual. This Policy is not intended to cover information that is not protected by the Privacy Act.

2. Collecting information about you

In the course of conducting the Class Action, we may collect information about you such as your name and contact details, and details about any vehicle you purchased from Toyota Motor Corporation Australia Limited (ACN 009 686 097). We, or third party service providers engaged by us, may collect personal information from you in the administration of the Website including in the context of addressing any queries you may have in relation to the Class Action. This information is collected in order to provide services and related administrative tasks in connection with the Class Action.

If you do not provide us with certain information where requested (or do not update that information) this may limit the services we provide.

We do not collect sensitive personal information (such as information about your health, religion, or membership of a professional / trade association) unless it is reasonably necessary for us to perform our services and you consent to the collection.

3. Using and disclosing your personal information

We collect, hold, disclose and use your personal information to:

  • provide our services in relation to the Class Action;
  • generally communicate with you;
  • conduct the Class Action;
  • comply with legal obligations, including in relation to the Class Action; and/or
  • other purposes related to any of the above.

If we engage third parties to perform services for us, which involves the third party handling personal information that we hold, or collecting personal information on our behalf or both, we will notify the third party that they may not use personal information about you, except for the specific purpose for which we supply it, and that it must be handled according to the terms of this Policy, the  Privacy Act and to the extent applicable, the General Data Protection Regulation.

The third party service providers who may have access to your personal information include other lawyers assisting with the Class Action and providers of information technology and other administrative services.

Where we employ third party providers to process personal information on our behalf, we only do so on the basis that such data processors have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

We do not disclose any personal information we collect to third parties for the purpose of allowing them to directly market their products and services. We do not sell or trade personal information.

If we collect, hold or use personal information in ways other than as stated in this Policy, we will ensure we do so pursuant to the requirements of the Privacy Act and to the extent applicable, the General Data Protection Regulation.

4. Disclosure of personal information outside Australia

We may disclose your personal information to overseas persons or entities if it is required for us to perform our services.  Balance Legal Capital LLP is located in the United Kingdom and as the funder of the Class Action, it will have access to your personal information and will collect, hold, disclose and use it in accordance with this Policy.

We will take all reasonable steps to ensure that any overseas persons or entities to whom any personal information is disclosed do not breach the relevant Australian Privacy Principles.

5. Accessing and correcting personal information we hold about you

You can contact us any time to request access to your personal information or for your personal information to be corrected or updated. To update your personal information, you can do this through the Update my Details page on the Website. For any other access or correction requests, you can email

Unless an exception applies, we will, upon written request made by email to and within 28 days, provide you with access to the personal information we hold about you. We will provide you with access to your personal information in a manner requested by you (providing it is reasonable and practicable to do so).

If we are unable to provide you with access to the information, we will provide you with reasons and inform you of any exceptions relied upon under the Privacy Act (e.g. if your request is unreasonable or relates to legal proceedings including privilege or is otherwise unlawful). We will also provide you details of the process for making a complaint about the refusal to grant you access.

We will take appropriate steps to verify your identity (or verify that you act as a legal guardian or authorised agent of the individual concerned) before granting a request to access your personal information.

We will take reasonable steps to ensure that the personal information we collect about you is accurate, up-to-date, complete and relevant. Upon request through the Update My Details page on the Website, we will correct your information within 28 days of the request. We will take reasonable steps to notify any relevant third parties of the correction where required to do so under the Privacy Act.

6. Storage and security of your personal information

We will take all reasonable steps to ensure that your personal information is kept secure. Your personal information may be stored in hard copy documents and/or as electronic data in our software or systems. We maintain physical security over our premises and also maintain computer and network security.

We require our employees to respect the confidentiality of any personal information held by us.

Your personal information is stored in a third-party data centre on servers in Australia, Singapore and the United States and / or Europe.  Balance Legal Capital LLP (based in the UK), the funder of the Class Action, may also copy and store your personal information on its own system, in which case your data will be stored by a third-party shared database supplier on servers in Europe or the United States under the EU-US Privacy Shield Framework.

7. Retention

We will only retain your personal information as long as is reasonably necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. Personal information provided in connection with the provision of our services will be retained in accordance with our retention policies unless agreed otherwise.

8. The Website and use of cookies

A cookie is a small data file that a website may write to your hard drive when you visit that website. A cookie file can contain information (such as a user ID) that a website can use to track the pages you have visited and your preferences. The only personal information a cookie can contain is information you personally supply. A cookie cannot read data from your hard disk or read cookie files created by other websites.

We may use cookies to track user traffic patterns through the Website.

9. Spam Act

We comply with the Spam Act 2003 (Cth), which regulates the sending of emails and other commercial electronic messages.

10. Effect of the Policy

This Policy does not form a contract between an individual and us. This Policy may change to reflect our business and technology. Whenever you need to refer to this Policy you should refer to the Website – – or contact us by emailing for the most up to date version.

Please note that the Website may contain links to other websites. When a user has clicked on a link to another site, they leave the Website and are no longer protected by this Policy.

11. Amendments

This Policy may be amended, including with changes, additions and deletions, from time to time, in our sole discretion and any such amendments will be notified to you by posting an updated version of the Policy on the Website. If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected we will notify relevant persons by email or via a prominent notice on the Website, and where necessary, we will seek the prior consent of the relevant persons.

12. Complaints

If you believe that we have breached a term of this Policy or the Australian Privacy Principles you may submit a written complaint by emailing You must include contact details for us to contact you regarding your complaint. If you are not satisfied with the way in which we handle your complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available

13. Change of Control

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

14. Transmission

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

15. Data Subject Rights (European Economic Area only)

If you are in the European Economic Area (EEA) you have the following rights in relation to your personal data (as that term is defined in the General Data Protection Regulation):

Access. Subject to certain exceptions, you have the right to request a copy of the personal data we are processing about you, which we will provide to you in electronic form. At our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee.

Rectification. You have the right to require that any incomplete or inaccurate personal data that we process about you is amended.

Deletion. You have the right to request that we delete personal data that we process about you, unless we are required to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

Restriction. You have the right to request that we restrict our processing of your personal data where:

  1. you believe such data to be inaccurate;
  2. our processing is unlawful; or
  3. we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

Portability. You have the right to request that we transmit the personal data we hold in respect of you to another data controller, where this is:

  1. personal information which you have provided to us; and
  2. we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).

Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from messages that you receive from us.

If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.

16. Contacting us
If you wish to gain access to your personal information, amend your personal information, have any query regarding this Policy or wish to obtain a hard copy of the Policy, please contact us directly on 1800 324 984.

IMPORTANT: Group Members who have previously subscribed for updates on this website still need to register their interest to receive compensation on the Group Member portal by clicking 'Register Now'