Skip to Main Contents

Yamaha Motor Group EEA Privacy Policy

Yamaha Motor Co., Ltd. (the “Company”) and the Company’s group companies [link] (collectively, the “Group”, “we”, “us”, and “our”) aim to provide safe and high-quality products and services that exceed customer expectations in order to “offer new excitement and a more fulfilling life for people all over the world”.

In order to achieve this goal, we consider it important to know about our customers (“you”). Through the process of learning more about you, a key issue for us is to respect and reliably secure your personal data in order to fulfill our social responsibilities through fair and faithful business activities.

We endeavor to protect your privacy by conducting lawful, fair, and transparent processing, by ensuring accuracy, integrity, and recency of personal data, and by taking appropriate security measures among other means under this “Yamaha Motor Group EEA Privacy Policy” (this “Privacy Policy”) and laws and ordinances regarding personal data protection.

This Privacy Policy applies to personal data processing subject to the General Data Protection Regulation (the “GDPR”) that is conducted by companies within the Group that adopt this Privacy Policy.

GDPR is applicable to customers in the following cases:

  1. the processing of personal data in the context of the activities of an establishment of a controller in the European Economic Area (the “EEA”), regardless of whether the processing takes place in the Union or not.
  2. the processing of personal data of customers who are in the EEA by a controller not established in the EEA, where the processing activities are related to:
    • (a) the offering of products or services to such customers in the EEA; or
    • (b) the monitoring of their behavior as far as their behavior takes place within the EEA.

Reading this Privacy Policy will deepen your understanding with respect to the protection of your personal data within the Group.

The data controller of your personal data will depend on the entity which provides you with our products or services, and this will depend on the country from which you obtain your products or services. You can find out who the relevant data controller is in [link]. If you would like help to find out who the relevant data controller is, please inquire using the contact address at Section 13 (Contacting us) of this Privacy Policy.



If any discrepancies arise between the contents of this Privacy Policy and those of the “Yamaha Motor Group Global Privacy Policy,” the contents of this Privacy Policy will prevail.

In addition to, or separately from, this Privacy Policy, some companies, products, and services of the Group may set forth individual privacy policies that inform you about detailed information in relation to the processing of your personal data. In such cases, if any discrepancies arise between this Privacy Policy and any of those individual privacy policies, that individual privacy policy will prevail.

Definitions for the terms used below have the same meaning as in the GDPR, unless specifically stated in this Privacy Policy.

1. Legal basis for processing your personal data, and categories of personal data

Personal data means any information relating to a natural person that can directly or indirectly identify such person, or by which a natural person is directly or indirectly identifiable, by reference to an identifier such as a name, an address, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, social identity, or the like of that natural person. We obtain personal data related to you in the manner set out below. Upon obtaining your personal data, we process it in accordance with the GDPR and other applicable laws, ordinances, and the like, which includes notifying you of the purpose of use. We use your personal data for the following purposes.

If it is necessary to process your personal data for purposes other than those provided below, we will individually inform you to that effect.

1) When processing is required for a contract

We use the personal data for the purposes listed in the table below further to a contract with you, or to take steps you have asked us to take before we enter into a contract with you.

Purposes Categories of personal data
To supply products and services of the Group to you, including delivering products and carrying out related customer management (e.g. sending invoices to you) Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration and sales store
To register product warranties, perform warranty services, perform maintenance services, which includes inspecting products, keep records of warranty services and maintenance services Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; and other information regarding products, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details
2) When processing is required for the pursuit of legitimate interests

We obtain and process the following categories of your personal data for the following purposes because it is necessary to do so in order to pursue our legitimate interests (for details regarding the balancing test for legitimate interests, please inquire using the contact address at Section 13 (Contacting us) of this Privacy Policy).

Purposes Categories of personal data
Management of customer information and for internal administrative purposes, including keeping our records up to date and sharing information with other companies in the Group Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration and sales store
Improvement of quality and customer service regarding products and services provided by the Group and provision of value-added services Name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details
Compliance with non-EU or non-Member State laws, ordinances, prefectural ordinances, and other regulations, such as those relating to the handling of recalls or service campaigns Name; contact details, such as address and phone number; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details
Implementation of surveys, such as questionnaires and interviews for planning and improvement of products and services, and implementation of analysis of results Name; age; date of birth; gender; occupation; contact details, such as address, phone number, email address, and social media account information; and information in connection with survey items, such as products and services you have purchased (including products and services you intend to purchase), family composition, purchase motivation, status of use, and demands for new products and services
Management and operation of, and safety management of participants for, events provided by the Group, such as test-drive events and riding courses Name; age; gender; and contact details, such as address, phone number, and email address; information related to products and services of the Group and licenses owned by you; and other information obtained at the occasion of events
Handling of inquiries, requests, and complaints Name; contact details, such as address, phone number, and email address; information regarding products and services you have purchased (including products and services you intend to purchase); and details of inquiries
Implementation of security measures, such as access control and log acquisition Contact details, such as phone number and email address; ID information and password; and information regarding the device you use, such as IP address, browser, and operating system (such as Android or iOS)
When processing is required for the exercise or defense of legal claims, including to ascertain and handle information regarding accidents related to products and services provided by the Group, and for the prompt response to and settlement of accidents related to products and services provided by the Group and other matters in dispute Name; age; date of birth; gender; contact details, such as address and phone number; and other information regarding products and services, such as product serial number, details of product model, status of use, inspection status, repair details; and other information regarding the status of matters in dispute related to products and services provided by the Group. This includes accident information including the date and place of the accident and "special category" health data, such as the type and degree of injury
3) When your express consent is obtained in advance

Where we have obtained your express consent in advance, we will obtain and process the following categories of your personal data for the following purposes as well.

Purposes Categories of personal data
To provide services that use location information (including data analysis for the improvement of services and marketing activities) Location information; name; age; date of birth; gender; contact details, such as address, phone number, email address, and social media account information; information regarding products and services such as serial number; and information regarding the device you use, such as IP address, browser, and operating system (such as Android or iOS)
Development of products and services (including quality improvement) implemented by using location information Location information; information regarding products and services such as serial number; and information regarding the device you use, such as IP address, browser, and operating system (such as Android or iOS)
Marketing activities and analysis regarding to products and services provided by the Group including provision of information related to products and services provided by the Group, such as distribution of emails and news Name; contact details, such as address, phone number, email address, and social media account information; information regarding products and services you have purchased (including products and services you intend to purchase) and other information necessary to provide information, such as products and services provided by the Group in which you are interested

If our processing of your personal data is conducted based on your consent, you may withdraw that consent at any time. Withdrawal of your consent does not affect the legality of personal data processing that we have conducted based on consent given before that withdrawal. You may withdraw your consent through services and the like you use or by contacting us using the contact details at Section 13 (Contacting us).

4) When processing is required to meet our legal obligations under EU or Member State law

We use the personal data for the purposes listed in the table below further to a legal obligation under EU or Member State law to which we are subject.

Purposes Categories of personal data
Compliance with laws, ordinances, and other regulations, such as those relating to the handling of recalls or service campaigns Name; contact details, such as address and phone number; and other information regarding products and services, such as product serial number, details of product model, date of sales or registration, sales store, status of use, inspection status and repair details

Personal data obtained by the Group includes information directly provided by you to the Group, information provided through a third party, such as counterparties, contractors, business partners, and social media providers (including Facebook and Google), and information provided through products and services provided by the Group.

We will not obtain or use sensitive personal data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or sexual orientation, or the like, unless that sensitive personal data is processed in accordance with standards provided for in the GDPR (Articles 9 and 10) and other laws, ordinances, and the like.

If after obtaining your personal data we change the purpose of use for which it is processed, we will process that personal data in accordance with the GDPR and other applicable laws, ordinances, and the like.

2. Sharing your personal data

We do not disclose or provide your personal data to a third party, unless:

  • we inform you about such disclosure or provision;
  • we obtain consent from you; or
  • that disclosure or provision is made in accordance with the GDPR and other applicable laws, ordinances, and the like.

We may share your personal data within the Group to the extent necessary to achieve the purpose of use that you were notified of in advance.

We provide your personal data to the following third parties.

1) Contractors
In providing products and services to you, we may engage contractors to perform all or part of our duties and may provide personal data to the extent necessary to achieve the purpose of use. If we engage any such third parties to process your personal data, we will take necessary and appropriate measures in accordance with the contents of the GDPR and other applicable laws, ordinances, and the like.
2) Business partners and counterparties
In providing products and services to you, we may, to the extent necessary to achieve the purpose, provide your personal data to: our business partners, such as product development and sales services providers, IT and software development service providers, various manufactures, and co-researchers; and counterparties, such as agencies and dealers.
We may also share your personal data with business partners and counterparties to the extent necessary to deal with your inquiries, requests, or the like.
3) Legal or regulatory authorities, and professional advisors
We may also share or disclose your personal data with government authorities, regulatory agencies, law enforcement officials, and our professional advisors, if required for the purposes we have told you about, if mandated by law, or if required for the legal protection of our legitimate interests in complying with applicable laws.

3. Transfer of personal data outside the EEA

Your personal data obtained by the Group may be transferred, stored, and processed outside the EEA. In each case, your personal data must be protected safely at a level of security equivalent to that used for its protection within the EEA. We take all measures (including execution of the standard contractual clauses (Article 46, paragraph 2, item (c) and paragraph 5 of the GDPR) as approved by the European Commission) reasonably necessary to ensure your data is safely stored and processed in accordance with the provisions set forth in this Privacy Policy and the GDPR and other applicable laws, ordinances, and the like. Please contact us at any time if you would like to know more about details regarding the safeguards we have in place for transfers of personal data outside the EEA.

4. Storage period for personal data

We store your personal data for the period necessary to achieve the purpose of use or to perform our obligations under applicable laws, ordinances, and the like. The specific storage period is determined in consideration of the purpose for obtaining and processing the personal data, the nature of the personal data, and legal or business-related necessity for storing the personal data.

5. Your choices

In principle, the provision of your personal data to the Group is made based on your will, and you are not obligated to provide us with your personal data.

However, if you do not provide us with your personal data, you may experience disadvantages, such as inability to use various services provided by the Group or partial system malfunctions.

6. Logging in from social media accounts

Some services provided by the Group adopt functions that enable users to log in by using their social media (including Facebook and Google) accounts. When you use those functions, we may request your permission to use your social media account information, which includes name and email address and you will be able to utilize our services using those functions if you grant that permission. You may at any time remove your account from the applicable services of the Group and withdraw your approval from your social media accounts.

Please note that if you use a social media account to log in to our services, it is possible that the social media provider will process information related to you, such as use of applications provided by the Group, and the Group will not be liable for that processing of your information. For details on information related to you that is processed by each social media provider, please refer to each social media provider’s privacy policy.

7. Processing of children’s personal data

If we obtain a child’s personal data, if required we will obtain consent from statutory agents, such as a person with parental authority over that child. We will also take other steps in accordance with the GDPR and other applicable laws, ordinances, and the like.

8. Cookies

The Group’s websites and applications (the “Applications”) may generate cookies, web beacons, and other similar technologies. These enable us to provide you with an enhanced experience when you use the Applications and allow us to improve the Applications. For more details, please refer to the cookie policy [link].

9. Organizational and technical measures to protect your personal data

We have established a management system pertaining to personal data protection and appropriately take organizational, physical, and technical safety management measures in order to prevent unauthorized access to personal data, prevent personal data loss, destruction, tampering, leakage, and the like, and otherwise to safely manage personal data. Also, we are aware of the importance of personal data protection and appropriately take personal safety management measures, which includes making efforts to provide educational and awareness campaigns regarding personal data protection for officers, employees, and the like who process personal data.

In the unlikely scenario that leakage of personal data or any other accident occurs, we will appropriately deal with the situation through investigation of the facts and causes and implementation of preventive measures for secondary damage and reoccurrence, etc.

10. Direct marketing

If you do not wish to receive information that we provide to you in relation to our products, services, and the like (direct marketing), we refrain from conducting direct marketing addressed to you. If you do not wish to receive direct marketing, please contact us through the services, etc. you use or by contact us using the contact details at Section 13 (Contacting us).

11. Automated decision-making

We do not conduct decision-making that is based on automated processing (including profiling) which produces a legal or similar material effect on you.

12. Customer rights

You have the rights set out below in relation to EEA personal data used by the Group.

If we receive any request from you in relation to the following, we will faithfully and appropriately deal with that request in accordance with provisions set forth in the GDPR and other applicable laws, ordinances, and the like after confirming that the person making the request is you or a person delegated by you to act on your behalf.

  • Right to access personal data: You have the right to obtain confirmation from the Group regarding whether any of your personal data is being processed, and if your personal data is being processed, you will have the right to access your personal data and certain information in connection to that personal data.
  • Right to rectify personal data: If your personal data held by the Group is incorrect, you will have the right to demand that the Group rectify the personal data.
  • Right to erase personal data (right to be forgotten): If you satisfy certain conditions, you will have the right in some cases to demand erasure of your personal data held by the Group.
  • Right to restrict processing of personal data: If you satisfy certain requirements, you will have the right in some cases to restrict the processing of your personal data held by the Group.
  • Objections against processing of personal data: If you satisfy certain conditions, you will have the right in some cases to object to the Group’s processing of your personal data.
  • Right to data portability of personal data: If you satisfy certain conditions, you will have the right in some cases to receive in a structured, commonly used, and machine-readable format the personal data that you have provided to the Group and will have the right to transmit that data to another controller without hindrance from the Group.

13. Contacting us

If you have any demands, inquiries, or requests regarding the processing of personal data, please contact the following address in writing.

Contact address:
General Affairs Division, Yamaha Motor Co., Ltd.
2500 Shingai, Iwata-shi, Shizuoka-ken, 438-8501, Japan

When you contact us, please inform us of your contact details, including your name, address, phone number, and email address, so that we can accurately respond to your requests. We may contact you if any details sent by you are unclear. We may not be able to respond to you if we are not able to confirm such details.

You can also contact the Group’s data protection officer.

Email:
dpo@yamaha-motor.nl (for customers who reside in the EEA)
dpo@yamaha-motor.co.jp (for customers who reside outside the EEA)

14. Filing complaints with supervisory authorities

In order to protect your personal data, you have the right to file a complaint with supervisory authorities for your residence, workplace, or the member state where a violation of the GDPR occurs in relation to the processing of your personal data by the Group.

15. Administrator of this Privacy Policy

Yamaha Motor Co., Ltd.
2500 Shingai, Iwata-shi, Shizuoka-ken, 438-8501, Japan
dpo@yamaha-motor.co.jp

16. Revision of this Privacy Policy

We may amend, revise, add to, or delete the contents of this Privacy Policy from time to time to deal with changes required by amendments to laws and ordinances, business-related requirements, and the like. If there are any substantial or material amendments to this Privacy Policy, we will inform you to that effect on this page and, if necessary, inform you to that effect by a method that enables you to become aware of those changes.

Last updated: March 25, 2020

Back to
Top