Privacy Notice

The Shimano company (listed here) that directly provides the Services to you or with whom you come into contact is responsible for processing your Personal Data and is the controllers under the applicable law.
If you have any questions or wish to exercise your rights as permitted by applicable laws and regulations regarding the processing of your Personal Data, you can contact each controller by postal mail at the address listed on the above Sites.

For EEA Individuals:
Shimano Inc., a Japanese company with its business address at 3-77 Oimatsu-cho, Sakai-ku, Sakai City Osaka 590-8577, Japan, is the global headquarter of the Shimano Group;

Shimano Europe B.V., a Dutch company with its business address at High Tech Campus 92, 5656 AG Eindhoven, the Netherlands, is the European headquarter of Shimano;
in addition to the local Shimano Sales Offices as specified per region on this webpage.
Each entity can be the controller within the meaning of GDPR for the processing of Personal Data concerning European residents, depending on the Service that is requested by the data subject.

Which entity is the controller depends on the Services you are using or used. Moreover, depending on the processing activity, Shimano Inc. and Shimano Europe B.V. or other companies within Shimano may be joint controller(s).

You can contact Shimano Europe B.V. by email at privacy@shimano-eu.com if you wish to obtain more information.

Shimano has appointed a Data Protection Officer ("DPO") under the GDPR to manage all matters related to data protection and privacy. If you have any questions regarding the processing of your Personal Data, please contact our DPO at privacy@shimano-eu.com.

The general framework of Shimano with respect to the protection and processing of Personal Data can be summarized as follows:

Definitions
“Personal Data” means information about a living individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual).

"Sensitive Data" means data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life, data concerning sexual orientation or other intimate areas, data concerning social security measures, data concerning administrative or criminal proceedings, data concerning criminal convictions and offences, and other sensitive Personal Data under the applicable law.

For EEA Individuals:
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (referred to as “Personal Data” in this Notice).

“Special Categories of Personal Data” include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation (also referred to as "Sensitive Data" in this Notice).

What type of data does Shimano collect?

Shimano may collect your Personal Data in several different ways, for example: when you fill in text fields, upload documents or visit our Sites. When we ask you to submit your Personal Data, we will indicate which data fields are optional. If you fail to provide us with the obligatory information, we may not be able to adhere to your request (e.g. to create a Shimano account).

1. Information that you provide us
   Whenever you interact with Shimano, you may be asked to provide us with Personal Data relating to you. For example:
   • Performance of transactions:When contacting us or when purchasing or using our products or services you may be asked to submit certain Personal Data, such as
     • name,
     • contact information (including but not limited to telephone number and email address),
     • shipping and billing address,
     • date of birth,
     • the sort of products or services purchased or used by you,
     • specific requests made by you,
     • payment information (such as credit card information), and
     • specific information that is requested or generated in order to use or benefit from a product or service (e.g. bike fitting), such as bodyweight, length, etc.
   • Service performance:When you use a product or service that is designed to collect certain Personal Data, we may ask you to provide Personal Data.
     For example, with respect to measurement data obtained during Bike fitting services or with respect to products and services that assist you in remembering and applying your bike settings, we may ask you to provide information such as your contact details (including but not limited to name, telephone number, date of birth), bodyweight, length, delivery date and place of purchase and payment information (such as credit card information). And also, when you use our online services, we may receive content that you choose to upload, such as product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to share with us, for example when selecting the services that you wish to receive. The relevant product or service descriptions may further detail which Personal Data is processed.
   • Account management:When you create and maintain a Shimano Service’s account, you may be asked to provide certain Personal Data, such as name, user name, a unique ID allocated by us, email address and password, and to keep such Personal Data up to date.
   • Warranty handling:When you purchase, register, apply for a warranty, send for repair or return one of our products online, we may record the call and/or ask you to provide information such as your contact details, delivery date, place of purchase, payment information and the content of warranty (including details of the event that caused malfunction or injury).
   • Customer Service:When you contact our customer service for assistance, we may keep information about the call, including your name, the product(s) you bought, the reason why you contacted us and the advice we gave you.
   • Events:When you visit us at a public event on- or offline, such as a trade show or exhibition or participate in one of our surveys, we may ask for information, such as your business card, name, contact details, interests and preferences.
   • Apps:When you use a Shimano app such as E-Tube or portal sites such as for learning purposes, we may collect your location and performance data to improve the usage of Shimano products, also we may keep a record of the access and certificates that you achieved during the usage of such app or portal sites.
   • Employment:When you apply for a position with Shimano, we may ask you for information necessary for recruitment processes and on-boarding processes.
   • Activations:When you subscribe to our newsletter, participate in surveys, research, raffles or contests, we may ask you for information, such as your email address and information about you.

   How does Shimano collect data?

2. Personal data we automatically collect
   When using our Services we automatically collect Personal Data. The Specific Categories of Personal Data concerned depend on the specific Services involved. For example:
   • Websites: When you visit and use our websites owned and/or operated by Shimano (collectively, the “Sites”), our servers automatically record certain data, such as URL, IP address, browser type and language, device information and the date and time of your visit. Also, we may collect Personal Data concerning your use of the Sites. Your Personal Data is obtained by cookies and similar mechanisms. The Sites will inform you of our use of cookies and similar mechanisms (Please also see section 8).
   • Emails and communication channels that you use to reach out to our call centers or other Shimano personnel may be monitored and logged.

   In general, this information is collected using digital identifiers such as a device number, browser cookie or your IP address. These identifiers are used to distinguish the information provided by your browser or device from that of another user’s browser or device. We may also associate the collected information with one of your accounts, if for instance you are logged into a service when the information is collected depending on the cookie selection provided in the Sites.

3. Personal Data we may collect from other sources
   
   • Third Parties: By obtaining certain Personal Data from third parties. We will always ask such third party to confirm that making the Personal Data available to us is in compliance of law, e.g. because you have consented to such transfer of Personal Data.
   • Public information: We may also collect information from publicly available sources and third parties, including:
     • When you seek to make a purchase from us, we may carry out credit and financial checks to ensure payment is not made fraudulently and that you have a suitable credit rating.
     • If you purchase products or services (including but not limited to warranty application) from Shimano or other local distributors, or dealer, we may receive certain information about your purchase such as contact information and the warranty details from them and their retailer.
     • We may also share information about you with other Shimano group companies that you interact with; in particular, when you apply for a warranty on our products.
     • When carrying out business to business sales calls, we may use business contact details that are publicly available.
     • When carrying out research and development, we may use information about you that are publicly available.
4. Personal Data we may collect from social media
   If you use any of our social media applications, pages or plugins or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:
   • If you log-in to one of our Sites or services using your social network account, we may receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings, however, they might include your social network ID, name, profile picture, gender and location. We may also receive additional information from your profile if you give us permission to access it.
   • If you click on a “like”, “+1” or “♡” or similar button or post comments on any of our services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive further information about interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you.
   For more information and for details about how you can control access to your social media profile, you should view the privacy policy and other guidance available on your social media’s website.

Shimano may use the information it collects for the following purposes:

1. Provision of Services
   When we use Personal Data to offer Services to you, we process the Personal Data on the legal basis of a contract between you and Shimano or your consent.
   In this context, we may use Personal Data to:
   • Provide you with Services you have requested, including sending information about our Services, confirming that payment is not made fraudulently, managing your Shimano account (if any), delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion (and performance of its obligations under any other agreement it may have with you).
   • Provide customer care (such as safety instructions or use instructions for your Shimano products and services), warranty, returns, inspection, replacement and other after sales services.
   • Process smoothly your searches and requests for information when you contact us about us and our Services.

   For EEA Individuals: We process the Personal Data on the legal basis of performance of contract, see Art. 6 (1)(b) GDPR. As far as we process Sensitive Data in our Services, in addition to such legal ground, we request your explicit consent, according with Art. 9 (2)(a) GDPR.

2. Development and improvement of Services
   We work constantly to improve our Services. We process your Personal Data for quality improvement purposes, e.g. to detect and analyze problems in our Services, to carry out predictive maintenance and calculate the necessary Services replacement timing, to introduce new products and test their compatibility, etc. We process the Personal Data on the legal basis of a contract between you and Shimano or your consent.

   For EEA Individuals: We process the Personal Data either on the basis of our legitimate interests to develop services to better meet customer requirements, to ensure data quality, to develop identity management, and to strengthen network and data security, or the basis of your consent, see Art. 6 (1)(a) and (f) GDPR.

3. Marketing of Services
   We process your Personal Data to send you information for marketing purposes. We either base this processing on our legitimate interests to know our customers, keep you up to date about Shimano’s latest Services or similar Services, to send you information about similar Services previously purchased by you, and to personalize your customer experience, or on your prior consent, e.g. for sending marketing messages and to personalize your customer experience.
   In this context, we may collect, store, track and profile your Personal Data to:
   
   • Provide you with newsletters and other commercial messages, if you have provided your prior consent or we are otherwise permitted to do so under the applicable law. These newsletters and messages may be specifically tailored for you based on the type of services and products purchased by you and your use thereof. You can unsubscribe from these newsletters or messages of Shimano at any time. After unsubscribing, we will remove your email address from the mailing list of the newsletters you subscribed to. However, we do send you essential messages, e.g. for user account verification, service update notifications or to operate our Services. Even after you unsubscribe from the newsletters, these transactional emails will also be sent to you. See the “7. Marketing” section below for more details.
   • Conduct campaigns, prize draws, contests and other promotional offers.
   • Ask you to participate in surveys and to manage the outcome of surveys in which you have participated.
   • Organize joint marketing events with third parties.
   • Show you personalized content, recommendations and advertisements and more effectively provide services, content, recommendations, adverts and communications. You may notice this personalization and targeting when you use Shimano’s Services, when we contact you with marketing communications and when you visit our Sites or third party websites and services that show advertisements from us or our advertising partners (for example, you might see an advertisement for Services that you have recently viewed on one of our Sites).
   • Create anonymous, aggregated statistical data about the use of Services, which we may share with third parties and/or make available to the public.

   For EEA Individuals: We process your Personal Data on the legal basis of legitimate interest as described above or your consent, see Art. 6 (1)(a) and (f) GDPR.

4. Security, detect and avoid misuse of Services
   

   We may use information collected from monitoring our Sites, online services and emails for security purposes. This information may be used to continuously improve our security measures, may be passed to the police or to other appropriate authorities. And we analyze technical data gathered via the online services to detect and avoid misuse thereof, for example, by a breach of the terms of use of the software license agreement. We base this processing on the performance of a contract to which you are party, as well as on our legitimate interests to protect you and our company, systems, employees and partners, or on a legal obligation to cooperate with competent authorities.

   For EEA Individuals: We process the Personal Data on the legal basis of the contract, compliance with a legal obligations, or legitimate interest as described above, see Art. 6 (1)(b), (c) and (f) GDPR.

5. Fraud prevention and investigation
   

   We may use your Personal Data to prevent fraud and to investigate violations of our policies. For example, we may use your Personal Data such as your name, shipping address and financial information to check that a payment is not made fraudulently. In this case, we base the processing of Personal Data on our legitimate interest to prevent fraud and to provide benefits only to our customers.

   For EEA Individuals: We process the Personal Data on the legal basis of legitimate interest as described above, see Art. 6 (1) (f) GDPR.

6. Compliance with law
   

   We may also use your Personal Data to comply with the applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies. We may use your Personal Data to perform possible product recalls and to enforce or defend the legal rights and property of any Shimano group company or the terms and conditions of any services. In this case, we base the processing on a legal obligation to which Shimano is subject or on our legitimate interest to defend our legal rights.

   For EEA Individuals: We process the Personal Data on the legal basis of compliance with a legal obligation and legitimate interest as described above, see Art. 6 (1) (c) and (f) GDPR.

7. Others
   

   We may process your Personal Data for any other purposes made known to you beforehand, e.g. to handle your application for a job or traineeship at Shimano.

We may anonymize Personal Data so that it cannot be used to identify you and is no longer Personal Data. We will maintain and use this data only in anonymized form and will not attempt to re-identify the data.

We generally do not sell, share or otherwise disclose your Personal Data to third parties without your prior consent.
On the other hand, we may share your Personal Data with the following recipients:

1. Our group companies
   

   Given the international footprint of our business, our group companies work closely together. To be able to do so, we share data, including your Personal Data, within the group as limited a manner as possible, as much as possible in order to achieve the purposes of use described in this Notice.
   With regard to the processing of your Personal Data to which only the Japanese Act applies, the Shimano companies may jointly use your name, address, telephone number, gender, date of birth, occupation and email address for the purposes described in section “4. How Shimano uses the Personal Data that it collects (legal basis)?” above, based on the joint use of the data as provided for in the Japanese Act. The company responsible for managing the jointly used Personal Data is Shimano Inc. (for the address and name of the representative, please see the “Company Profile” and “Shimano Executives”).

   For EEA Individuals: Where we share your Personal Data within our group, the following principles will be adhered to:
   1. Each group company must comply with our privacy policy and is not permitted to sell or otherwise disclose your Personal Data to third parties except as authorized by Shimano Europe B.V. and you, or as permitted or required by the applicable laws.
   2. Shimano has applied adequate safeguards to ensure organizational and technical security measures, including by agreeing on standard contract clauses where your Personal Data is transferred to group companies that are established outside the EEA and countries recognized as having an adequate level of data protection such as Japan.
   3. The data minimization principle will govern the processing of the Personal Data. In that sense, Shimano will only have access to the data and information on a need-to-know basis. For the cases whereby a group company does not have direct involvement with the Personal Data such company shall only have access to aggregated reports or pseudonymized data.
   Unless our group companies provide you with their own privacy policy, they may use your Personal Data for the purposes described in this policy.
2. Credit card companies, banks and other payment service providers
   We may share your Personal Data with your credit card company, bank or another payment service provider in the context of a transaction.
   If you choose to transact using a credit card or debit card, we will supply to your credit card company, bank or other payment service provider all relevant information about the name of the vendor, item(s) purchased, purchase date, total cost and other information necessary to process the transaction. Shimano will not otherwise provide any Personal Data to your credit card company, bank or payment service provider without your consent.
3. Service providers
   We may use third party service providers (either data processors or data controllers) to process your Personal Data for the purposes outlined above. For example, we use third party software, such as a portal for customers, consumer web shops, tools for sending newsletters, and invoices.
   To this end, your Personal Data will be provided to third parties in as limited a manner as possible. Shimano will assess upfront if the service providers who provide services including but not limited to cloud services or development and maintenance services process Personal Data according to the applicable law and have implemented technical and organizational measures prior to sharing your Personal Data.
   With all service providers acting on our behalf, we enter into a business contract. These service providers are legally and contractually required to respect and comply with applicable data protection legislation and this Notice in accordance with our instructions. Part of if this contract will contain mandatory agreements on data processing according to the applicable law.
4. Other third parties
   

   We will not disclose your Personal Data to any third parties other than your credit card company, bank or other payment service providers or our processors without your consent; provided, however, that we reserve the right to use or disclose to a third party any information without your consent in the following circumstances.

   1. If it is requested by any laws and regulations, in order to comply with legal obligations Shimano is subject to, such as recordkeeping requirements and filing tax returns.
   2. If we deem it necessary for protection and security of your interests.
   3. If we deem it particularly necessary for cooperation with a governmental body or other public organization or its designee in discharging its duties pursuant to the laws and regulations (including investigating breach of laws), or otherwise deems it particularly necessary for the performance of a task carried out in the public interest.

   In addition, your Personal Data (e.g. IP-addresses) collected by means of cookies and similar technologies may be shared if you provided the respective approvals (for more information please see section 8).

We process anonymized, aggregate or generic data (including “generic” statistics) for several purposes as outlined above. We may also share those (including but not limited to demographic) data with third parties, such as our distributors, our sponsors, promotional and business partners, and participating vendors.

For the purposes explained in this Notice, Shimano, as a global company, may transfer your Personal Data collected through its Services to, and store it at, a destination outside your country/region of residence, including Japan. Shimano will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Notice and the applicable laws.

For EEA Individuals: Shimano processes much EEA individuals’ data within EEA territory. In case data is shared outside EEA territory Shimano takes appropriate measures to ensure safe transfers of your Personal Data outside the EEA and to adequate countries only. For example, Shimano may use contracts approved by the European Commission for the transfer of data to Japan or the UK.

Please contact Shimano Europe B.V. or DPO if you want to receive further information regarding international data transfers.

1. Marketing through newsletter and emails

   We may use our customers’ contact information to send you newsletters and commercial emails, such as to inform you about new developments in relation to our products and Services. Also, we may extend email offers to you on behalf of business partners about a particular product or service that may be of interest to you, without sharing your name or email address with or disclosing your name or email address to those business partners.
   If you’re not a customer we will only send you such commercial emails if you have consented to receiving such emails.

   Sometimes we will give you the opportunity to opt in to receive email offers from third parties not affiliated with us in accordance with the applicable laws. If you decide to accept these offers, we will provide, upon your consent, your contact information to the third party. We urge you to review carefully the privacy policies of these firms. We are not responsible for the privacy policies and procedures of any third party.

   At any time you may notify us that you no longer wish to receive newsletters or other commercial messages from us via email. Every newsletter email contains an opt-out button that will immediately process your request. If you notify us manually, we will process your notification in due course and remove you from our mailing list within the timeframe stipulated by the applicable laws.

2. Marketing through social media platforms

   Only for those of you who have social media accounts, Shimano will also share your profile data to provide you with the best promotional content on social media platforms. Shimano may use your profile data such as email address or phone number to build audiences in Google, Facebook and other similar channels through a protected way of processing your data, also called hashing. The purpose is to use these audiences to increase the relevancy of ads shown to you. This means that you will either see ads that are relevant based on your interests and/or you will be excluded from seeing ads that are not relevant.

   Based on the audiences that are built, you will be shown ads on websites or apps that are part of the network of Google, Facebook and other similar channels.

   Based on past visits to Shimano’s Sites or apps and your acceptance of targeted advertising cookies, audiences will be built to show you relevant ads via Google, Facebook and other similar channels.

3. Opting out

   After you have opted in via the acceptance of cookies or registration for promotional updates, you can always opt out by the below options:

   • At any time you can opt out from our promotional emails by hitting the unsubscribe button at the bottom of the mails.
   • At any time you can opt out from the use of cookies by visiting the settings of Google, Facebook or other similar channels.

Shimano may use tracking technologies such as cookies (hereinafter collectively referred to as “Cookies”).

When you access our Sites, we may set Cookies to your device, and when you access the webpage again from the same device, we can refer to the Cookies to identify your device (typically, your web browser). However, in general, we do not directly identify you as an individual from the Cookies.

By referring to your Cookies, we can understand which content on our webpage you are interested in, and use this information to improve the functionality of our webpage. Additionally, Cookies collected by tracking your activity on our webpage may be used to display advertisements tailored to your interests, either on our webpage or across the internet, by advertising service providers. Furthermore, we can customize our content to suit your preferences by referring to your Cookies.

You can always choose (accept or reject) Cookie settings, other than those essential for the operation of our webpage, from the "Cookie Banner" or "Cookie Settings" displayed on our webpage, either for our webpage or for third parties (such as our analytics partners or advertising service providers).
If you choose the option of only necessary Cookies on our Sites, the “Cookie Banner” or “Cookie Settings” will not be displayed.

Additionally, you can enable or disable Cookies by changing the settings of your browser. Even if you disable Cookies in your browser, you will still be able to browse our webpage. However, please note that disabling Cookies may prevent some features of the webpage from functioning properly, or some pages may not display correctly.

Google analytics
Our Sites may use functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. (parent company: Google LLC, USA). Google Analytics uses Cookies.
You can find more information on how Google handles user data in Google Analytics here. You can find an overview of data protection at Google here. Google's privacy policy can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de.

We maintain state of the industry security measures to avoid unauthorized access to, alteration, disclosure or loss of your Personal Data. For example:

• We use Secure Sockets Layer (SSL) technology to encrypt important information, such as your credit card data, in an effort to prevent unauthorized access during the transmission of your orders over the Internet.
• We implement standard industry practices internally and with our service providers to maintain the security of your Personal Data depending on its sensitivity and to avoid disclosure of such Personal Data unpermitted under this Notice.
• We restrict access to the information we collect about you (for example, only those of our staff who need to know your information to carry out our business activities).

Although we have implemented systems and procedures to secure the data maintained by us, security during Internet transmissions can never be assured. Shimano employees are made aware of our privacy practices through periodic communications and training sessions. We store data on multiple secure systems, in controlled environments. To maintain security, we conduct internal reviews of our security measures on a regular basis. Please note, however, that any Personal Data you post in chat rooms or on message boards is available to anyone. While we have taken commercially reasonable precautions to safeguard Personal Data, we cannot and do not guarantee complete security of Personal Data because complete security does not presently exist on the Internet.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We also recommend not re-use passwords on other websites.

Under the applicable data protection law, you have certain rights with regard to the processing of your Personal Data by us. Shimano respects the rights of you in accordance with the applicable law of each country. Under the Japanese Act, you are entitled to request notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, suspension of provision to third parties, and disclosure of records of provision to third parties of their retained Personal Data (as defined in Article 16, Paragraph 4 of the Japanese Act).
Please also check the additional information for each country for information on your rights.
You may invoke any of these rights by sending your request to the contact points given in section 1.
We reserve the right to refuse any requests if your identity cannot be demonstrated by you and/or we can invoke any of the exceptions stated in the applicable law. In such case, we will inform you of the refusal.

Where the processing of your Personal Data is based on your consent, you have the right to withdraw the consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint about our processing of your Personal Data with a supervisory authority in the member state of the EU where you have habitual residence or place of work or where the alleged infringement of the GDPR took place, for example, the Dutch Data Protection Authority (Autoriteit persoonsgegevens) or the possible competent supervisory authority in your country.

Shimano has an internal retention policy in which we specify per data type and per data process what retention period is applicable. The retention periods are defined in accordance to the applicable legislation per subject such as tax legislation, labor law legislation and consumer laws. Tools and software systems that Shimano uses are to be configurated in line with the Shimano retention policy. We will retain your Personal Data for as long as is reasonably necessary for the various purposes set out in this Notice, any specific privacy policy, and in line with applicable laws and regulations concerning the mandatory retention of certain types of information. Shimano also uses technology to aggregate and anonymize data to be able to meet requirements of applicable law as well as the companies need to analyze data for product safety and continuous improvements. Once we are no longer required to maintain your Personal Data, the Personal Data will be deleted in a safe and secure manner.

The Sites may contain hyperlinks to third party websites, or embedded content of third party websites. The processing of Personal Data by third parties is subject to the privacy policies of these third parties. Shimano is not responsible for the content of these third party websites and the processing of Personal Data by these third parties.

We will not knowingly collect Personal Data via the Sites from visitors younger than sixteen (16) years of age. We encourage parents to talk to their children about their use of the Internet and the information they disclose on Sites. If you are younger than 16 and wish to visit or use the Sites, you may only provide your Personal Data to Shimano if you have obtained permission from your parent(s) or your legal representative(s).

In developing our business, we may engage in the sale or transfer of certain assets, and Shimano itself, or parts of it, may be sold, merged or otherwise assigned. In such transactions and changes in ownership, user data, whether personal or otherwise, may constitute one of the transferred assets. If required by law, we will notify you of such transfer or assignment in accordance with the procedure for changing this Notice described in section 15 below.

We will occasionally update this Notice as necessary to update our users about the continuous changing (online) environment. Changes to our Notice are effective from the date of posting on our Sites. We recommend that you check the Notice when you visit our Sites to be sure that you are aware of and understand our current Notice. If we make material changes to this Notice, we will make efforts to prominently post such changes. We do not intent to make any retroactive material changes in how we handle previously collected Personal Data unless you allow us to do so, or unless we are legally required to do so, or unless security measures to protect your Personal Data demand such a change.

More information about how we process the Personal Data of California persons can be found by reviewing the “California Consumer Private Notice” page below.
(Click here to view this section of the Notice.)

This Notice applies to residents of Mainland China and describes how we collect, use, process, and disclose Personal Data of Mainland China consumers in the context of the Services (as defined above), to supplement the Data Protection Notice, in accordance with PRC Personal Information Protection Law(“PIPL”) and other applicable laws and regulations. Some services also have their own privacy policy (we may also refer to it as a “Data Protection Notice [DPN]”) for Mainland China residents which provides details of the use of your personal data by that Services. Where there are inconsistencies between this Notice and the policies, these policies shall take precedence over this Notice.

1. Data Controller

The data controller who is responsible for the processing of Personal Data of Mainland China consumers in relation to the Services is Shimano Inc. or our Chinese group companies listed in here.
Each entity can be the controller within the meaning of the PIPL for the processing of Personal Data concerning Mainland China residents, depending on the Service that is requested by the data subject.
If you have any questions regarding the processing of your Personal Data, please contact the each data controller.

2. Personal Data We Collect

Definitions
“Personal Data” means any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, excluding information that has been anonymized.

“Sensitive Personal Data” means personal information that, once leaked or illegally used, will easily lead to infringement of the human dignity or harm to the personal or property safety of a natural person, including biometric recognition, religious belief, specific identity, medical and health, financial account, personal location tracking and other information of a natural person, as well as any Personal Data of a minor under the age of 14.

We collect Personal Data directly from consumers and automatically when consumers use the Portal, as described in “Personal Data that we collect and How we collect it” section 3 of the Notice above. For the processing of Sensitive Personal Data as provided by PIPL, separate consent shall be obtained from the data subject.

3. How We Disclose Personal Data

We may disclose your Personal Data to the third parties as described in the “Sharing of your Personal Data” section 5 of the above Notice for the purposes set out in that section. For China data subject, you may check the list of third parties who may receive your Personal Data by contacting us. In cases of providing Personal Data to other parties, and public disclosure of Personal Data, separate consent shall be obtained from the data subject.
Where sharing of Personal Data constitutes cross-border data transfer, we will comply with relevant requirements under the PIPL and other applicable regulations as described in the “International Data Transfer” section 4 of this Notice.

4. International Data Transfer

For China data subjects, when transferring your Personal Data outside of China, we will comply with relevant requirements under the PIPL and other applicable regulations.

5. Retention periods

We may store your Personal Data as described in the “Retention periods” section 11 of the Notice above.

6. Data Subject Rights

You may invoke any of these rights by sending your request to the contact points given in section 1 of this notice. In general, we will complete the processing of your request within 15 working days upon receiving it.