Yanmar Marine International B.V. (the “Company”), in connection with the provision of the marketing, sales, after sales, warranty, and technical support activities service (the “Service”) to Customers (the “Customers”), for the purpose of complying with the EU General Data Protection Regulation (the “GDPR”), and to appropriately process the personal data of the Customers, hereby establishes this “Privacy Statement” (this “Privacy Statement”).
1. PROCESSING PERSONAL DATA
“Personal data” means any data relating to an identified or identifiable natural person, including, without limitation, name, address, date of birth, telephone number, e-mail address, and user IDs of the Customer.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means a legal person, etc. which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a legal person, etc. which processes personal data on behalf of the Controller.
(2) Types of personal data to be collected The Company will collect the following types of personal data concerning the Customers in connection with the Service:
name, home and/or company address
phone number, fax number
Relationships with our network
Interests in our products
(3) Purposes of use of personal data
The Company will process the Customers’ personal data for the following purposes:
to promote Company’s products and services
to respond to inquiries and requests from the Customers
to retain warranty claim information
to contact the Customers when service campaigns are initiated
to decide whether or not to accept warranty claims
to make payments in relation to warranty claims
to provide after warranty service
to improve the perceived quality of Company’s products
to manage and monitor the contacts among Company, the Customers and service network
to improve the customer experience and
to provide a quality online user experience
If the Company is to process the Customers’ personal data for purposes other than the above, the Company will notify the Customers in advance such new purposes of use and other matters as required by applicable laws.
By manifesting their intention to consent to this Privacy Statement, the Customers will be deemed to have consented to the processing of their personal data by the Company within the scope of the above purposes of use, and the Company will process the Customers’ personal data based on such Customers’ consent; provided, however, that Customers may withdraw such consent at any time, which such withdrawal shall not affect any legitimate processing performed pursuant to the consent prior to the withdrawal. The Company may also process the Customer’s personal data within the scope of the above purposes of use under a legal basis permitted by GDPR.
The Company may require the Customers to provide their personal data in connection with the provision of the Services. In such case, if certain Customers do not provide its personal data, the Company may be unable to provide the Services.
(4) Retention Period
The Company will retain the Customers’ personal data to the extent the Company requires such data for achieving the purposes of use specified in 1.(3) above, and will promptly delete the same when such data is no longer necessary.
(5) Third Party Transfer
The Company may provide the Customers’ personal data to third parties such as the subsidiaries and affiliates of the Company, dealers, retailers, cloud vendors and contractors of the Company, etc., to implement the purposes of use specified above. Such third parties which the Company may provide Customer’s personal data include those located in countries outside the European Economic Area (the “EEA” including, without limitation, Japan; the same shall apply hereinafter), and the Customers are deemed to have consented to the following matters by consenting to this Privacy Statement:
(a) Certain countries outside the EEA may not be furnished with the same level of data protection laws as the EEA, thus part of the rights granted to the Customers within the EEA may not be available;
(b) the Customers’ personal data may be provided and processed for the purposes specified in 1.(3) above; and
(c) the Customers’ personal data may be provided to third parties located in a country outside the EEA.
(6) Disclosure, Correction, and other Procedures concerning the Personal Data
The Customers are entitled with the rights to access to, request for correction, request for deletion, request to limit the processing, object to the processing, and request for data portability, with regards to the personal data retained by the Company pursuant to the provisions of relevant laws and regulations. Such requests shall be attended to the contact point set forth in “5. Contact” as per below. The Company may refuse the Customers’ request if the Company deems that there is no basis for such request or if the request is deemed excessive.
The Customers may file objections to the data protection authorities having jurisdiction over the location of the Customers’ domicile with regards to the processing of their personal data by the Company.
(7) Unsubscribing from direct marketing
If the Customers wish to unsubscribe from the Company’s direct marketing, such Customers should contact the contact point set forth in “Contact” below.
2. SAFETY MANAGEMENT MEASURES
In order to protect the personal data from unauthorized access and loss etc., taking into account the type of personal data, the degree of sensitivity, and the degree of affect to the Customers, including economic influence and mental harm in case the personal data is unlawfully infringed, the Company has comprehensively evaluated and judged the risks of personal data infringement, and has implemented necessary and appropriate personal, organizational, and technical safety management measures in accordance with such the risk of personal data infringement, and further, will review such safety management measures as necessary, set up the process for taking corrective actions, and constantly make effort to improve its security.
The Company will make effort to appropriately manage personal data by restricting the entry of outsiders into the offices where the processing of personal data takes place, conducting educational awareness raising activities targeting all officers and employees involved in the protection of personal data, and appointing managers in charge for each division which processes personal data. If the Company, in its role as a Controller, contracts a Processor, the Company shall select a Processor which is capable of implementing appropriate technical and organizational measures and shall manage such Processor in an appropriate manner. Pursuant to the GDPR, the Company shall prepare records of the processing of personal data.
Please note that this website is not intended for children under the age of 16. If a child under the age of 13 has provided personally identifiable information to Yanmar through our website, a parent or guardian may contact email@example.com to request the information be deleted from our records. Following receipt of such a request, Yanmar will make reasonable efforts to delete the child’s information from our records.
4. CALIFORNIA USA RESIDENTS
California law (CCPA) permits California residents to request, free of charge, personal information that is held by Yanmar. California may make such request in writing by emailing firstname.lastname@example.org with your name and noting CCPA in the subject line of your email, or by calling 1-727-803-6565 (or toll free 1-800-545-4574). Within 30 days of receiving your request, we will reply with identification of the personal information in possession of Yanmar.
The California “Shine the Light Law,” California Civil Code Section 1798.83, permits California residents to request and obtain once a year, free of charge, information about Personal Information (as defined by California law), if any, that we disclose to certain third parties for direct marketing purposes in the preceding calendar year. California residents may make such a request in writing by emailing email@example.com with your name and address, and noting “California Shine the Light Request” in the subject line of the email. Within 30 days of receiving your request, and where required by law, we will send you a list of the categories of personal information disclosed for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.
5. CONTINUOUS IMPROVEMENT
The Company shall continuously review and revise its efforts regarding the processing of personal data in order to correspond with changes in the GDPR, processing methods and the environment.
6. AMENDMENT TO THIS PRIVACY STATEMENT
The Company may amend this Privacy Statement at any time. The Company shall determine the effective date of the amendment and inform the Customers by 30 days prior to such effective date by means of publication on our website and customer portal. The Customers who continue to use the Service on the effective date or thereafter shall be deemed to have consented to the amended Privacy Statement.
The Company’s contact point regarding this Privacy Statement is as shown below. Any questions or concerns regarding this Privacy Statement or the processing of personal data by the Company, or any requests concerning access, correction, deletion, limitation of processing or data portability of the personal data shall be attended to this contact point:
Yanmar Marine International B.V.
Brugplein 11, Almere