Privacy Notice 

 

May 2018

 

1.             General

1.1          Shimano respects your privacy. This privacy notice describes how Shimano treats your personal data.

1.2          Shimano will process your personal data in accordance with applicable law, including the General Data Protection Regulation (GDPR). When Shimano processes your personal data, such processing will be based on any of the following grounds listed in the GDPR:

(a)            your consent;

(b)            the performance of a contract to which you are a party (or in order to take steps at your request prior to entering into a contract);

(c)            compliance with a legal obligation to which Shimano is subject;

(d)            in order to protect the vital interests of you or of another natural person; or

(e)            legitimate interests of Shimano or a third party.

 

2.             Purposes for which your personal data may be processed

Shimano may process your personal data for the following purposes:

(a)            to send you information requested by you;

(b)            to perform and manage your orders for products and/or services;

(c)            to manage your Shimano account (if any);

(d)            to send you safety instructions or use instructions for your Shimano products and services;

(e)            to send you information about new features or new products or services that may be relevant for you based on the Shimano products and services previously purchased by you;

(f)             to ask you to participate in surveys and to manage the outcome of surveys in which you have participated;

(g)            to analyze your use of our products and services for quality control, product development and marketing purposes;

(h)            to send newsletters and commercial messages to you, which messages may be specifically tailored for you based on the type of services and products purchased by you and your use thereof;

(i)              to organize joint marketing events with third parties;

(j)              to satisfy statutory obligations of Shimano, such as obligations regarding bookkeeping and tax law;

(k)            to enable Shimano to perform possible product recalls and to enforce and defend its rights in disputes;

(l)              to test information security measures of Shimano, e.g. by performing pen tests;

(m)          to improve your online experience on our websites;

(n)            for any other purposes made known to you beforehand.

 

3.             Types of personal data we process

3.1          We may collect your personal data in the following manner(s):

(a)            When contacting us or when purchasing or using our products or services you may be asked to submit certain personal data, such as contact information when requesting information or contact and payment information when ordering products or services.

(b)            When you use a product or service that is designed to collect certain personal data, such as with respect to measurement data obtained during bikefitting services or with respect to products and services that assist you in remembering and applying your bike settings. The relevant product or service descriptions will further detail which personal data is processed.

(c)            The data made available by you in connection to a Shimano account.

(d)            The data we collect about your use of our websites, obtained by cookies and similar mechanisms. Our websites will inform you of our use of cookies.

(e)            By obtaining certain data from third parties. We will always ask such third party to confirm that making the data available to us is in compliance of law, e.g. because you have consented to such transfer of data.

3.2          Depending on the purpose of processing, Shimano may process the following personal data from you: name, contact information (including telephone number and e-mail address), shipping and billing address, date of birth, gender, the sort of products or services purchased or used by you, specific requests made by you, payment information (such as credit card information), and specific information that is requested or generated in order to use or benefit from a product or service (e.g. bikefitting), such as bodyweight, length, etc.

3.3          In addition, our servers automatically record certain data when you visit our website(s), such as URL, IP address, browser type and language, and the date and time of your visit.

3.4          We will not store your personal data for a longer term than necessary for compliance with the storage terms provided for by law and the fulfilment of the purposes as mentioned in this privacy notice

 

4.             If you are younger than 16

If you are younger than 16 years, you may only provide your personal data to Shimano if you have obtained permission from your parent(s) or your legal representative(s).

 

5.             Sharing personal data with third parties

5.1          We may make use of processors to support certain of our business functions, such as IT providers that offer storage services. If and insofar as these third parties process your personal data while doing this, they will do so on the basis of a processing agreement in accordance with the GDPR.

5.2          We will only supply your personal data to surveillance, tax and investigative authorities if we are obliged by law to do so. If you have given your unambiguous consent beforehand, we may share your personal data with third parties who advertise in and around our programs and digital extensions, provide sponsorship and offer prizes, etc.

5.3          We may share your personal information within our group of companies.

 

6.             International data transfers

We may transfer your personal data outside the EEA to third countries that may not offer adequate safeguards for the protection of personal data. Such transfers will always satisfy the requirements of the GDPR, e.g. by Shimano using contracts approved by the European Commission for the transfer of data to such countries.

 

7.             Security

We maintain state of the industry security measures to avoid unauthorized access to, alteration, disclosure or loss of your personal data.

 

8.             Links to websites of others

Our websites and apps may contain hyperlinks to third party websites. The privacy notice of third parties are subject to the processing of personal data by third parties. Shimano is not responsible for the content of these third party websites and the processing of personal data by these third parties.

 

9.             Opt-out and other rights

9.1          At any time you may notify us that you no longer wish to receive newsletters or other commercial messages from us via e-mail. We will process your notification in due course and remove you from our mailing list.

9.2          You have the right to request from Shimano access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability.

9.3          Where the processing of your data s based on your consent, you have the right to withdraw the consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9.4          You have the right to lodge a complaint about our processing of your personal data with the Dutch Data Protection Authority (Autoriteit persoonsgegevens) or the possible competent supervisory authority in your country.

9.5          When we ask for your data, we will indicate which data fields are optional. If you fail to provide us with the obligatory information, we may not be able to adhere to your request.

9.6          We reserve the right to refuse any requests if your identity cannot be demonstrated by you and/or we can invoke any of the exceptions stated in the GDPR. In such case, we will inform you of the refusal.

9.7          You may invoke any of these rights by sending your request to: privacy@shimano-eu.com

 

10.          Changes to this privacy notice

We reserve the right to make changes to this privacy notice without notifying you.

 

11.          Information about Shimano

11.1        In this privacy notice Shimano refers to Shimano Europe B.v., including bikefitting.com  and subsidiaries

11.2        If you have any questions, feedback or complaints regarding our use of your personal data or this privacy notice, please feel free to contact us by using the below contact details.

The data protection officer can be reached preferably at privacy@shimano-eu.com

or per post:

Shimano Europe B.v.
Attn. Data Protection Officer
High Tech Campus 92
5656 AG Eindhoven
The Netherlands