DATA PROTECTION NOTICE FOR SHIMANO FORCE VECTOR VIEWER APPS

1.Introduction and Scope

This Data Protection Notice (the "Notice") describes the data processing activities in connection with your use of the following apps developed and offered by Shimano Inc.

• SHIMANO Force Vector Viewer App
• SHIMANO Force Vector Viewer for Edge520 App

(each an "App")

Unless stated otherwise, the information provided herein applies to the Apps in general.

Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental economic, cultural or social identity of that natural person ("Personal Data").

You can find more information about how we process the Personal Data of California consumers by reviewing the "Additional Disclosures for California Consumers" section of this Notice below.

2.Data controller

Shimano Inc. ("SIC", “we”, “our” or “us”)
3-77 Oimatsu-cho, Sakai-ku, Sakai City
Osaka 590-8577, Japan

You can contact the data controller by postal mail at the address above.

3.Data Protection Officer

We have appointed a group Data Protection Officer ("DPO") to manage all matters related to data protection and privacy. If you have any questions regarding the processing of your Personal Data, please contact our DPO at privacy@shimano-eu.com.

4.Information we collect

The Apps offer you a variety of functionalities, services and features (the "Services") which require or allow you to provide us with Personal Data about you. Any information submitted by you to the Apps is submitted to us and not to Garmin. Garmin has no responsibility or liability for any such data in the App. Additionally, we automatically collect information about you, including Personal Data, upon download, installation, and use of an App on your Garmin device.

4.1Information you provide to us

When using the Apps, you have the option to enjoy our contents and Services which may require or allow you to provide us with Personal Data.

If certain information is required for us to be able to provide you with a specific service, we will mark it as such. Failure to provide us with the information results in the impossibility of providing you with the requested service.

• Settings: language
• Bike ride log: (ave.) pedaling power, pedaling power (L/R), (ave.) power balance, pedaling cadence, (ave.) pedaling efficiency, pedaling vector

5.Purposes and legal bases

We process your Personal Data only for specified, explicit and legitimate purposes and provided that we have a legal basis to rely on. Your Personal Data will not be processed for any purpose other than the one they were originally collected, unless the new purpose is compatible with the initial one or in the event you give us your consent.

We have summarized the purposes for which we process your Personal Data and the legal bases we justify the processing with in the list below:

• Use of the Apps and the Services:

  The Apps process your Personal Data to manage the ride logs collected via your used Garmin device. We base the processing of your Personal Data for the above purposes on the performance of a contract to which you are party, see Art. 6 (1)(b) GDPR.

• Product development and quality improvement:

  We process your Personal Data for product development and quality improvement purposes, e.g. to detect and analyze problems in our products, to carry out predictive maintenance and calculate the necessary product replacement timing, to develop and introduce new products and test their compatibility, etc.

  We base the processing of the bike ride log on our legitimate interests to improve the quality of our products and services, for product development research and to expand and grow as a business, see Art. 6 (1)(f) GDPR.

  We further aggregate user data in order to provide data analysis services (e.g. regarding model usage, gender ratio, average speed/distance/bike time, firmware status) to manufacturers of bikes or bike components. By way of data aggregation, all Personal Data is anonymized before it is transmitted to the respective recipient so that it is not possible for the manufacturer to directly or indirectly identify you.

  For this purpose, we rely on our legitimate interests to provide the added services to our cooperation partners and on the legitimate interests of our cooperation partners to be able to analyze model usage, see Art. 6 (1)(f) GDPR.

• Detect and avoid misuse of the App:

  We analyze technical data gathered via the Apps to detect and avoid misuse thereof.

  We base the processing of your Personal Data on the performance of a contract to which you are party, as well as on our legitimate interests in prosecuting any misuse of the Apps which could affect Shimano and could have legal consequences, see Art. 6 (1)(b) and (f) GDPR.

6.Recipients of Personal Data

The Personal Data will be shared with the following recipients:

• Third-party apps and services. Our Apps allow you to collect the information described under Section 4.1 of this Notice in your bike ride log. You can upload the bike ride log to the Garmin Connect service operated by companies of the Garmin group of companies (for more details about which Garmin company operates the service, please see Garmin’s data protection notice under the paragraph “Data Controller and Data Protection Officer”, currently available at https://www.garmin.com/en-US/privacy/connect/policy/#dataControllerAndDataProtectionOfficer). We are not responsible for the data processing carried out by Garmin in connection with the Garmin Connect services which is covered by Garmin’s data protection notice. From the Garmin Connect service, you will be able to share your bike ride logs with other third-party applications and services, which are operated by companies who have registered to Garmin's developer service, by manually connecting these applications and services with Garmin Connect. In particular, you will be able to connect the Garmin Connect service with Shimano’s SHIMANO CONNECT LAB in the settings of the SHIMANO CONNECT LAB. For more information about the data processing activities carried out by Shimano in the context of the SHIMANO CONNECT LAB, once the ride logs have been transferred to this service, please see the SHIMANO CONNECT LAB data protection notice.

The transfer of your Personal Data to recipients located in third countries outside of the European Economic Area ("EEA") is subject to the provisions set out in Section 7 below ("international data transfers").

7.International data transfers

All data collected via the Apps will be stored on your Garmin device. When the data is uploaded to the Garmin Connect service, the Garmin company which is indicated as controller of the data in Garmin’s data protection notice (currently available at https://www.garmin.com/en-US/privacy/connect/policy/#dataControllerAndDataProtectionOfficer) will obtain this data. If you connect the Garmin Connect service with other third-party applications and services, the companies which operate these applications and services will obtain the data (e.g. Shimano will obtain the data if you connect the Garmin Connect service with SHIMANO CONNECT LAB).

8.Retention periods

You are able to delete your Personal Data from your Garmin device at any point of time. Once you have chosen to transfer your Personal Data to Garmin’s servers, Garmin’s retention periods apply and we have no control over it. Please refer to Garmin’s data protection notice or contact the respective Garmin company indicated as controller for the Garmin Connect service in your country for more information about the data retention. If you transfer your ride logs to SHIMANO CONNECT LAB, the data protection notice for SHIMANO CONNECT LAB applies.

9.Your rights

Under applicable data protection law, you have certain rights with regard to the processing of your Personal Data by us:

• Right of access to your Personal Data;
• Right to rectification of inaccurate or incomplete Personal Data;
• Right to erasure of your Personal Data;
• Right to restriction of processing;
• Right to data portability, when the processing of your Personal Data is based on your consent or on a contract, and the processing is carried out by automated means;
• Right to withdraw consent with effect for the future
• Right to lodge a complaint with a supervisory authority; and
• Right to object to the processing of your Personal Data on grounds relating to your particular situation, and right to object to the processing of your Personal Data for direct marketing purposes.

10.Third-party links and websites

Our Services might offer you the possibility of accessing third party content, such as websites, apps and online services. Please note that we are not responsible for the data processing activities of these third parties. We encourage you to read the data protection notices of any third party website, app or online service you connect with.

11.Children

We do not knowingly process Personal Data from individuals under the age of 16 without parental or guardian consent. If you are the parent or the guardian of a child and you believe that we have processed Personal Data about him or her, please contact our DPO using the contact details described above in Section 3.

12.Miscellaneous

This Notice may be revised from time to time to reflect and comply with changes in applicable legislation. We will inform you about any updates in an appropriate manner. The date of the last update is available at the top of this Notice.