Yamaha Motor Group EEA Privacy Policy

1. Legal basis for processing your personal data, and categories of personal data

Personal data means any information relating to a natural person that can directly or indirectly identify such person, or by which a natural person is directly or indirectly identifiable, by reference to an identifier such as a name, an address, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, social identity, or the like of that natural person. We obtain personal data related to you in the manner set out below. Upon obtaining your personal data, we process it in accordance with the GDPR and other applicable laws and regulations, which includes notifying you of the purpose of use. We use your personal data for the following purposes.

If it is necessary to process your personal data for purposes other than those provided below, we will individually inform you to that effect.

1) When processing is required for a contract

We use the personal data for the purposes listed in the table below further to a contract with you, or to take steps you have asked us to take before we enter into a contract with you.

Purposes	Categories of personal data
Provision of Group products and services, including supplemental and related services.	Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details, warranty information.
Fulfill contractual obligations.	Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; information regarding products, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details, warranty information.

2) When processing is required for the pursuit of legitimate interests

We obtain and process the following categories of your personal data for the following purposes because it is necessary to do so in order to pursue our legitimate interests (for details regarding the balancing test for legitimate interests, please inquire using the contact address at Section 12 of this Privacy Policy).

Purposes	Categories of personal data
Ensure smooth facilitation of a product or service which may involve sharing of your personal data within our Group.	Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details, warranty information.
For collecting and conducting data analysis of market information for purposes of research, development and improvement of the quality and variety of our Group products and services.	Name; age; date of birth; gender; occupation;　contact details, such as address, phone number, email address, and social media account information; family composition, purchase motivation, products and services you have purchased including product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details; products and services you intend to purchase; demands for new products and services.
Compliance with non-EU or non-Member State laws and regulations, such as product recalls or service campaigns.	Name; contact details, such as address, phone number, email address, and social media account information; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details.
Management of Group events participated by you to ensure safe and smooth operation.	Name; age; gender; and contact details, such as address, phone number, email address and social media account information; information related to products and services of the Group and licenses owned by you; other information obtained at the occasion of events.
Respond to inquiries, requests, and complaints.	Name; contact details, such as address, phone number, and email address; information regarding products and services you have purchased (including products and services you intend to purchase); details of inquiry.
Protect network and information asset (such as by access control and log acquisitions.	Contact details, such as phone number and email address; ID information and password; information regarding the device you use, such as IP address, browser, operating system (such as Android or iOS) and/or other information as needed to strengthen security measures in alignment with development of technology.
When processing is required for the exercise or defense of legal claims, including to ascertain and handle information regarding accidents related to products and services provided by the Group, and for the prompt response to and settlement of accidents related to products and services provided by the Group and other matters in dispute.	Name; age; date of birth; gender; contact details, such as address and phone number; information regarding products and services, such as product serial number, details of product model, status of use, inspection status, repair details; other information regarding the status of matters in dispute related to products and services provided by the Group. This may includes accident information including the date and place of the accident and "special category" health data, such as the type and degree of injury.

3) When your express consent is obtained in advance

Where we have obtained your express consent in advance, we will obtain and process the following categories of your personal data for the following purposes as well.

Purposes	Categories of personal data
To provide services that use location information (including data analysis for the improvement of services and marketing activities).	Location information; name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; information regarding products and services such as serial number; information regarding the device you use, such as IP address, browser, and operating system (such as Android or iOS).
Development of products and services (including quality improvement) implemented by using location information.	Location information; information regarding products and services such as serial number; information regarding the device you use, such as IP address, browser, and operating system (such as Android or iOS).
For sharing marketing information on new and existing Group products and services, and invites to events and campaigns held in association with our Group.	Name; contact details, such as address, phone number, email address, and social media account information; information regarding products and services you have purchased (including products and services you intend to purchase) and other information necessary to provide information, such as products and services provided by the Group in which you are interested.

If our processing of your personal data is conducted based on your consent, you may withdraw that consent at any time. Withdrawal of your consent does not affect the legality of personal data processing that we have conducted based on consent given before that withdrawal. You may withdraw your consent through services and the like you use or by contacting us using the contact details at Section 12.

4) When processing is required to meet our legal obligations under EU or Member State law

We use the personal data for the purposes listed in the table below further to a legal obligation under EU or Member State law to which we are subject.

Purposes	Categories of personal data
Compliance with laws and regulations, such as product recalls or service campaigns.	Name; contact details, such as address, phone number, email address and social media account information; other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details.
Respond to your rights requests.	Name; contact details, such as address, phone number, and email address; information regarding products and services you have purchased (including products and services you intend to purchase); details of rights request.
Ensure protection and safety of property and rights.	Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details, warranty information and/or as needed.

Personal data obtained by the Group includes information directly provided by you to the Group, information provided through a third party, such as counterparties, contractors, business partners, and social media providers (including Google and Apple), and information provided through products and services provided by the Group.

If a product or service involves automated decision making, this will be notified to you separately in the corresponding privacy notice. For any changes in the scope and details of the purposes of use post-collection, we will take action as required per the GDPR and other applicable laws and regulations.

2. Sharing your personal data

We do not disclose or provide your personal data to a third party, unless:

• we have already informed you about such disclosure or provisions;
• we have received your consent to disclose your data to the scope of third parties specified;
• the disclosure is required per requirements under the GDPR and other applicable laws and regulations.

We may also share your personal data within the Group to the extent necessary to achieve the purpose of use that you were notified of in advance.

We provide your personal data to the following third parties.

1) Contractors

In providing products and services to you, we may engage contractors to (including vendors, service provides, suppliers, contractors or agents) perform all or part of our duties and may provide personal data to the extent necessary to achieve the purpose of use. When doing so, we will take necessary and appropriate measures in accordance with the GDPR and other applicable laws and regulations. Specifically, it shall be made clear that contractors may only use the personal data we disclose exclusively to provide their respective contracted services to us in the agreement, and/or through other appropriate means.

2) Business partners and counterparties

In providing products and services to you, we may, to the extent necessary to achieve the purpose, provide your personal data to: our business partners, such as product development and sales services providers, IT and software development service providers, various manufactures, and co-researchers; and counterparties, such as agencies and dealers.
We may also share your personal data with business partners and counterparties to the extent necessary to deal with your inquiries, requests, or the like.

3) Legal or regulatory authorities, and professional advisors

We may also share or disclose your personal data with government authorities, regulatory agencies, law enforcement officials, and our professional advisors, if required for the purposes we have told you about, if mandated by law, or if required for the legal protection of our legitimate interests in complying with applicable laws.

3. Transfer of personal data outside the EEA

Your personal data obtained by the Group may be transferred, stored, and processed outside the EEA. In each case, your personal data must be protected safely at a level of security equivalent to that used for its protection within the EEA. We take all measures (including execution of the standard contractual clauses (Article 46, paragraph 2, item (c) and paragraph 5 of the GDPR) as approved by the European Commission) reasonably necessary to ensure your data is safely stored and processed in accordance with the provisions set forth in this Privacy Policy and the GDPR and other applicable laws and regulations. Please contact us at any time if you would like to know more about details regarding the safeguards we have in place for transfers of personal data outside the EEA.

4. Retention period

We store your personal data for the period necessary to fulfill the purpose of use and/or as required by applicable laws and regulations. The specific storage period is determined in consideration of the purpose for obtaining and processing the personal data, the nature of the personal data, and legal or business-related necessity for storing the personal data.

5. Your choices

It is your choice if you wish to participate or receive a particular service, and when laws and regulations require it, any collection and processing of your personal data shall be subject to your consent (opt in consent). You are not obligated to provide us with your personal data, however we may not be able to provide a particular service to you, depending.

6. Logging in from social media accounts

Some services provided by the Group adopt functions that enable users to log in by using their social media (including Google and Apple) accounts. When you use those functions, we may request your permission to use your social media account information, which includes name and email address and you will be able to utilize our services using those functions if you grant that permission. You may at any time remove your account from the applicable services of the Group and withdraw your approval from your social media accounts.

Please note that if you use a social media account to log in to our services, it is possible that the social media provider will process information related to you, such as use of applications provided by the Group, and the Group will not be liable for that processing of your information. For details on information related to you that is processed by each social media provider, please refer to each social media provider’s privacy policy.

7. Processing of children’s personal data

If we obtain a child’s personal data, if required we will obtain consent from statutory agents, such as a person with parental authority over that child. We will also take other steps in accordance with the GDPR and other applicable laws and regulations.

8. Cookies

The Group’s websites and applications (the “Applications”) may generate cookies, web beacons, and other similar technologies. These enable us to provide you with an enhanced experience when you use the Applications and allow us to improve the Applications. For more details, please refer to the cookie policy [link].

9. Security

We have established a management system pertaining to personal data protection and appropriately take organizational, physical, and technical safety management measures in order to prevent unauthorized access to personal data, prevent personal data loss, destruction, tampering, leakage, and the like, and otherwise to safely manage personal data. Also, we are aware of the importance of personal data protection and appropriately take personal safety management measures, which includes making efforts to provide educational and awareness campaigns regarding personal data protection for officers, employees, and the like who process personal data.

10. Direct marketing

If you do not wish to receive information that we provide to you in relation to our products, services, and the like (direct marketing), we refrain from conducting direct marketing addressed to you. If you do not wish to receive direct marketing, please contact us through the services, etc. you use or by contact us using the contact details at Section 12.

11. Your rights

You have the rights set out below in relation to EEA personal data used by the Group.

If we receive any request from you in relation to the following, we will faithfully and appropriately deal with that request in accordance with provisions set forth in the GDPR and other applicable laws and regulations after confirming that the person making the request is you or a person delegated by you to act on your behalf.

• Right to access personal data: You have the right to obtain confirmation from the Group regarding whether any of your personal data is being processed, and if your personal data is being processed, you will have the right to access your personal data and certain information in connection to that personal data.
• Right to rectify personal data: If your personal data held by the Group is incorrect, you will have the right to demand that the Group rectify the personal data.
• Right to erase personal data (right to be forgotten): If you satisfy certain conditions, you will have the right in some cases to demand erasure of your personal data held by the Group.
• Right to restrict processing of personal data: If you satisfy certain requirements, you will have the right in some cases to restrict the processing of your personal data held by the Group.
• Objections against processing of personal data: If you satisfy certain conditions, you will have the right in some cases to object to the Group’s processing of your personal data.
• Right to data portability of personal data: If you satisfy certain conditions, you will have the right in some cases to receive in a structured, commonly used, and machine-readable format the personal data that you have provided to the Group and will have the right to transmit that data to another controller without hindrance from the Group.

For rights related requests and inquiries, please contact us at the details below. When you contact us, please inform us of your contact details, including your name, address, phone number, and email address, so that we can accurately respond to your requests. We may contact you if any details sent by you are unclear. We may not be able to respond to you if we are not able to confirm such details.

12. Privacy related inquires

Contact address:
Yamaha Motor Co., Ltd.
Legal Strategy Division,
2500 Shingai, Iwata-shi, Shizuoka-ken, 438-8501, Japan

If you have any general queries or concerns regarding privacy, you are welcome to reach us at the contact details listed above.

Please be advised that messages sent to you are intended for you, and you only. Our response may vary depending on individual circumstances, and we ask customers to please refrain from uploading it onto social media platforms and/or forwarding it to others.

You can also contact the Group’s data protection officer.

Email:
dpo@yamaha-motor.nl (for customers who reside in the EEA)
dpo@yamaha-motor.co.jp (for customers who reside outside the EEA)

13. Filing complaints with supervisory authorities

In order to protect your personal data, you have the right to file a complaint with supervisory authorities for your residence, workplace, or the member state where a violation of the GDPR occurs in relation to the processing of your personal data by the Group.

14. Revision of this Privacy Policy

We may amend, revise, add to, or delete the contents of this Privacy Policy due to changes to the specifications, operations and/or applicable laws and regulations. If there are significant changes to this Privacy Policy, we will inform you to that effect on this page.