zh-TW

DATA PROTECTION NOTICE FOR SHIMANO FORCE VECTOR VIEWER APPS

Last Updated: May 2022

1.Introduction and Scope

This Data Protection Notice (the "Notice") describes the data processing activities in connection with your use of the following apps developed and offered by Shimano Inc.

  • SHIMANO Force Vector Viewer App
  • SHIMANO Force Vector Viewer for Edge520 App

(each an "App")

Unless stated otherwise, the information provided herein applies to the Apps in general.

Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental economic, cultural or social identity of that natural person ("Personal Data").

You can find more information about how we process the Personal Data of California consumers by reviewing the "Additional Disclosures for California Consumers" section of this Notice below.

2.Data controller

Shimano Inc. ("SIC", “we”, “our” or “us”)
3-77 Oimatsu-cho, Sakai-ku, Sakai City
Osaka 590-8577, Japan

You can contact the data controller by postal mail at the address above.

3.Data Protection Officer

We have appointed a group Data Protection Officer ("DPO") to manage all matters related to data protection and privacy. If you have any questions regarding the processing of your Personal Data, please contact our DPO at privacy@shimano-eu.com.

4.Information we collect

The Apps offer you a variety of functionalities, services and features (the "Services") which require or allow you to provide us with Personal Data about you. Any information submitted by you to the Apps is submitted to us and not to Garmin. Garmin has no responsibility or liability for any such data in the App. Additionally, we automatically collect information about you, including Personal Data, upon download, installation, and use of an App on your Garmin device.

4.1Information you provide to us

When using the Apps, you have the option to enjoy our contents and Services which may require or allow you to provide us with Personal Data.

If certain information is required for us to be able to provide you with a specific service, we will mark it as such. Failure to provide us with the information results in the impossibility of providing you with the requested service.

  • Settings: language
  • Bike ride log: (ave.) pedaling power, pedaling power (L/R), (ave.) power balance, pedaling cadence, (ave.) pedaling efficiency, pedaling vector

5.Purposes and legal bases

We process your Personal Data only for specified, explicit and legitimate purposes and provided that we have a legal basis to rely on. Your Personal Data will not be processed for any purpose other than the one they were originally collected, unless the new purpose is compatible with the initial one or in the event you give us your consent.

We have summarized the purposes for which we process your Personal Data and the legal bases we justify the processing with in the list below:

  • Use of the Apps and the Services:

    The Apps process your Personal Data to manage the ride logs collected via your used Garmin device. We base the processing of your Personal Data for the above purposes on the performance of a contract to which you are party, see Art. 6 (1)(b) GDPR.

  • Product development and quality improvement:

    We process your Personal Data for product development and quality improvement purposes, e.g. to detect and analyze problems in our products, to carry out predictive maintenance and calculate the necessary product replacement timing, to develop and introduce new products and test their compatibility, etc.

    We base the processing of the bike ride log on our legitimate interests to improve the quality of our products and services, for product development research and to expand and grow as a business, see Art. 6 (1)(f) GDPR.

    We further aggregate user data in order to provide data analysis services (e.g. regarding model usage, gender ratio, average speed/distance/bike time, firmware status) to manufacturers of bikes or bike components. By way of data aggregation, all Personal Data is anonymized before it is transmitted to the respective recipient so that it is not possible for the manufacturer to directly or indirectly identify you.

    For this purpose, we rely on our legitimate interests to provide the added services to our cooperation partners and on the legitimate interests of our cooperation partners to be able to analyze model usage, see Art. 6 (1)(f) GDPR.

  • Detect and avoid misuse of the App:

    We analyze technical data gathered via the Apps to detect and avoid misuse thereof.

    We base the processing of your Personal Data on the performance of a contract to which you are party, as well as on our legitimate interests in prosecuting any misuse of the Apps which could affect Shimano and could have legal consequences, see Art. 6 (1)(b) and (f) GDPR.

6.Recipients of Personal Data

The Personal Data will be shared with the following recipients:

  • Third-party apps and services. Our Apps allow you to collect the information described under Section 4.1 of this Notice in your bike ride log. You can upload the bike ride log to the Garmin Connect service operated by companies of the Garmin group of companies (for more details about which Garmin company operates the service, please see Garmin’s data protection notice under the paragraph “Data Controller and Data Protection Officer”, currently available at https://www.garmin.com/en-US/privacy/connect/policy/#dataControllerAndDataProtectionOfficer). We are not responsible for the data processing carried out by Garmin in connection with the Garmin Connect services which is covered by Garmin’s data protection notice. From the Garmin Connect service, you will be able to share your bike ride logs with other third-party applications and services, which are operated by companies who have registered to Garmin's developer service, by manually connecting these applications and services with Garmin Connect. In particular, you will be able to connect the Garmin Connect service with Shimano’s SHIMANO CONNECT LAB in the settings of the SHIMANO CONNECT LAB. For more information about the data processing activities carried out by Shimano in the context of the SHIMANO CONNECT LAB, once the ride logs have been transferred to this service, please see the SHIMANO CONNECT LAB data protection notice.

The transfer of your Personal Data to recipients located in third countries outside of the European Economic Area ("EEA") is subject to the provisions set out in Section 7 below ("international data transfers").

7.International data transfers

All data collected via the Apps will be stored on your Garmin device. When the data is uploaded to the Garmin Connect service, the Garmin company which is indicated as controller of the data in Garmin’s data protection notice (currently available at https://www.garmin.com/en-US/privacy/connect/policy/#dataControllerAndDataProtectionOfficer) will obtain this data. If you connect the Garmin Connect service with other third-party applications and services, the companies which operate these applications and services will obtain the data (e.g. Shimano will obtain the data if you connect the Garmin Connect service with SHIMANO CONNECT LAB).

8.Retention periods

You are able to delete your Personal Data from your Garmin device at any point of time. Once you have chosen to transfer your Personal Data to Garmin’s servers, Garmin’s retention periods apply and we have no control over it. Please refer to Garmin’s data protection notice or contact the respective Garmin company indicated as controller for the Garmin Connect service in your country for more information about the data retention. If you transfer your ride logs to SHIMANO CONNECT LAB, the data protection notice for SHIMANO CONNECT LAB applies.

9.Your rights

Under applicable data protection law, you have certain rights with regard to the processing of your Personal Data by us:

  • Right of access to your Personal Data;
  • Right to rectification of inaccurate or incomplete Personal Data;
  • Right to erasure of your Personal Data;
  • Right to restriction of processing;
  • Right to data portability, when the processing of your Personal Data is based on your consent or on a contract, and the processing is carried out by automated means;
  • Right to withdraw consent with effect for the future
  • Right to lodge a complaint with a supervisory authority; and
  • Right to object to the processing of your Personal Data on grounds relating to your particular situation, and right to object to the processing of your Personal Data for direct marketing purposes.

10.Third-party links and websites

Our Services might offer you the possibility of accessing third party content, such as websites, apps and online services. Please note that we are not responsible for the data processing activities of these third parties. We encourage you to read the data protection notices of any third party website, app or online service you connect with.

11.Children

We do not knowingly process Personal Data from individuals under the age of 16 without parental or guardian consent. If you are the parent or the guardian of a child and you believe that we have processed Personal Data about him or her, please contact our DPO using the contact details described above in Section 3.

12.Miscellaneous

This Notice may be revised from time to time to reflect and comply with changes in applicable legislation. We will inform you about any updates in an appropriate manner. The date of the last update is available at the top of this Notice.

Additional Disclosures for California Consumers

These disclosures describe how we collect, use, process, and disclose Personal Data of California consumers in the context of the Apps and Services (as defined above), as well as the rights you may have under California law. These disclosures are intended to supplement the Notice with information required by the California Consumer Privacy Act (“CCPA”).

Personal Data We Collect

California law requires that we describe the Personal Data we collect about California consumers, including by identifying specific categories of data. We collect Personal Data directly from consumers and automatically when consumers download, install, and use the Apps and Services. As we describe in more detail above in the “Information We Collect” section of this Notice, we have collected the following categories of Personal Data in the past 12 months in the context of the App:

  • Demographics (e.g., gender, language preferences)
  • Commercial Information (e.g., bike information such as model, firmware status, and other technical data)
  • Biometric Information (e.g., bike ride log information such as (ave.) pedaling power, pedaling power (L/R); (ave.) power balance; pedaling cadence; (ave.) pedaling efficiency; and pedaling vector)

For information about our business or commercial purpose(s) for collecting, or possibly sharing, your Personal Data, please refer to the “Purposes and Legal Bases” section of the Notice above.

How We Share Personal Data

We may share your Personal Data with third parties as described in the “Recipients of Personal Data” section of the Notice above. We do not sell Personal Data. California law also requires that we provide you with information about certain disclosures of Personal Data to third parties, where the disclosures are made for “business purposes”, such as disclosures to service providers. We disclose bike log information, which may be considered biometric information under California law, to third-party apps and services for our business purposes.

California Rights

California law grants certain rights to California consumers. These include the rights to:

  • Access specific pieces of Personal Data (“Right to Access”)
  • Learn about how we process and share Personal Data (“Right to Know”)
  • Request deletion of Personal Data we collected from you (“Right to Request Deletion”)
  • Opt out of “sales” of Personal Data, as that term is defined under California law
  • Not to be denied goods or services for exercising these rights

To exercise the Right to Access, Right to Know, or Right to Request Deletion: please contact us at privacy@shimano-eu.com or +1-800-423-2420. Only you or a person that you authorize to act on your behalf may make a request related to your Personal Data. A request to exercise any of these rights must (1) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Data (or an authorized representative of that person); and (2) describe your request with sufficient detail that allows us to understand, evaluate, and respond to your request. We will verify your identity by sending email to your registered email address and confirming reply from your email address. In certain cases, we may need to ask for more information. We may not be able to respond to your request or provide you with the information you requested if we are unable to verify your identity (or establish the authority of an authorized agent acting on your behalf). Authorized agents wishing to exercise rights on behalf of a California consumer should submit requests to privacy@shimano-eu.com along with a copy of the consumer’s signed authorization designating you as their agent. If you do not have an account with SHIMANO, while you may contact us at privacy@shimano-eu.com with questions or concerns, we may not be able to respond to requests to exercise your rights under the CCPA, including the right to know or delete your Personal Data. Because we only collect limited data about individuals without an account, we are unable to verify requests from non-accountholders to the standard required by the CCPA.

Additionally, under California Civil Code Section 1798.83, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal data that a business has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of such third parties. To exercise this right, please contact us at privacy@shimano-eu.com.

Contact Us

If you have any questions regarding the processing of your Personal Data, please contact us at privacy@shimano-eu.com.