Grievance Mechanism
JaCER Engagement and Remedy Platform
Shimano Inc. participates in the Engagement and Remedy Platform operated by Japan Center for Engagement and Remedy on Business and Human Rights (JaCER), based on the United Nations Guiding Principles on Business and Human Rights, and accepts reports regarding cases of human rights violations in Shimano Group and its supply chain. For such a case, please report it through JaCER’s Grievance Form at below.
*When you consult with JaCER’s Contact Desk, JaCER processes your personal information in their policy. Please check the privacy policy set by JaCER regarding the processing of personal information. Shimano Group will obtain the personal data of reporters and reported person via JaCER. Please refer to the “Privacy Policy for Shimano Compliance Consultation Desk” regarding the processes of personal information in Shimano Group as described below.
Shimano Compliance Consultation Desk
We will also respond to reports concerning any violations of laws and regulations, our "Code of Conduct", "Human Rights Policy", "Vendor Code of Conduct" and any other illegal or unethical acts in Shimano or our supply chain from any person who has been suffered from any negative impact of such violation or with an interest in the violation by some reason, representatives acting on behalf of such person or other relevant stakeholders via the following Report Form.
*Please read the terms and conditions of use for our site and the following privacy policy carefully before using the Report Form.
*If you would prefer to report by post rather than using the Report Form, please send a report to the following address, including as much detail as possible about the content of the report (postage will be borne by the reporter).
The “Privacy Policy for Shimano Compliance Consultation Desk” will also apply to reports sent by post in the same way as reports received through this Report Form, so please check the contents of these policies carefully before reporting.
3-77 Oimatsu-cho, Sakai-ku, Sakai-shi, Osaka 590-8577, Japan
Shimano Compliance Consultation Desk, Shimano Inc.
Privacy Policy for the Shimano Group Compliance Consultation Desk
Effective date: January 1, 2025
Last updated: January 1, 2025
Shimano Inc. and each group company of Shimano Inc. (in principle this refers to each company listed in the “Locations” page of the Shimano Inc. website; hereinafter collectively referred to as “Shimano Group,” “we,” or “our”; the same applies hereinafter), as the controller operating the Shimano Group Compliance Consultation Desk (the “Reporting System”), process as follows the personal information of individuals who use the Reporting System to engage in reporting, individuals who are the subject of reports made using the Reporting System and the other individuals who are associated with the Reporting System(including but not limited to officers and employees, etc. of each Shimano Group and officers and employees of our business partners. hereinafter collectively referred as a “Data Subjects”.)
In addition to this Privacy Policy for the Shimano Group Compliance Consultation Desk (this “Privacy Policy”), the following country-specific exhibit may also apply, depending on the region of each Shimano Group company that processes the personal information of the Data Subjects, and the place of domicile or place of location or residence of the Data Subjects, so please refer to the country-specific exhibit. If this Privacy Policy conflicts with the exhibit, then the exhibit will prevail to the extent that such conflict exists.
- Exhibit 1: Handling of personal data of those located or residing in Europe (EEA and UK)
- Exhibit 2: Handling of personal data of those residing in the State of California
- Exhibit 3: Handling of personal data of those residing in Mainland China
1. Categories of personal information subject to processing
Each Shimano Group company processes the following personal information.
- Name, relationship with each Shimano Group company, country of residence, name and address of employer, affiliated department, occupation, title, phone number, e-mail address
- Contents of reports and personal information that supports the contents of those reports
- Any other personal information necessary for “2. Purpose of processing” of this Privacy Policy.
The personal information above may include data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of workers’ unions, genetics, biometric data for identifying individuals, health, sex life, sexual orientation, social security measures, administrative or criminal proceedings, criminal convictions and crimes, or any other sensitive personal information under applicable personal information protection legislation, depending on the contents of the reports.
2. Purpose of processing
Each Shimano Group company processes personal information for the following purposes and any other purposes permitted by applicable laws and regulations. In addition, each Shimano Group company may de-identify or aggregate personal information.
- For confirming facts and conducting necessary investigations related to consultations and reports
- For reporting end results to Data Subjects
- For responding to inquiries from Data Subjects
- For use in investigations of background information of consultations and reports to identify similar potential risks and for analyzing trends in consultations and reports received over a certain period of time and identifying similar risk events to comply with laws and regulations, codes of conduct, vendor codes of conduct, and human rights policies of Shimano Group companies and companies in supply chains, and to improve the management of Shimano Group companies.
- For identifying problems of our business partners and demanding preventative action from problematic business partners
- For reporting to, notifying, cooperating with, and performing various procedures for, government and public offices
- For ensuring full accountability to relevant stakeholders
- For exercising rights or fulfilling duties under applicable laws
- For managing personnel matters including processing necessary for personnel evaluations, human resource allocation, and performing employment contracts with Officers and Employees
- For protecting the rights or property of each Shimano Group company
- For the filing or defense of litigation
- For “6. Sharing of personal information”
3. Legal basis, etc. for processing
Each Shimano Group company processes personal information in accordance with legal bases for processing personal information in applicable personal information protection legislation (legitimate interests, compliance with related laws and regulations and consent by the Data Subjects, etc.).
4. Sources of personal information and obligation to provide personal information
Each Shimano Group company acquires personal information, directly, through the Data Subjects, or indirectly, through the following sources
- Representatives acting on behalf of the Data Subjects,
- Operational staffs affiliated with the Reporting System (including the relevant third party in cases where the operation of the Reporting System or similar consultation desk is outsourced to such external third party, including law firm)
- Each Shimano Group company
- Operating entities of the whistle blowing / grievance report acceptance platform in which each Shimano Group participates, including JaCER, etc.
5. Retention period for personal information
In order to decide the appropriate retention period for personal information, each Shimano Group company considers the following: the volume, nature, and confidentiality of personal information; the potential risk of damage caused by unauthorized use or disclosure of the personal information; the purposes for which each Shimano Group company processes the personal information, the period required for filing and defense of litigation, and whether each Shimano Group company can achieve those purposes by other means; and applicable legal requirements. If personal information of data subjects collected by each Shimano Group company becomes no longer necessary, each Shimano Group company will delete or anonymize the personal information, or if such measures are impracticable (for example, if the personal information has been stored in back-up archives), the personal information of data subjects will be safely retained until its deletion becomes practicable and ensure that any new processing will not be conducted with respect to that personal information.
6. Sharing of personal information
Each Shimano Group company may share personal information set out in “1. Categories of personal information subject to processing” above to third parties in the following cases.
- Sharing of personal information in order to fulfil the purposes set out in “2. Purpose of processing” above to another company in the Shimano Group (*)
-
Sharing of personal information in order to fulfil the purposes set out in “2. Purpose of processing” above to processors (contractors)
Processors include Whistle B’s agents and service providers (including cloud service providers).
- Sharing of personal information in order to consult with Attorneys, accountants, and financial advisors and the like
- Sharing of personal information in conjunction with the sale, merger, acquisition, or transfer of all or part of any other asset of a company
- Sharing of personal information in accordance with the law or an order from a government institution, etc.
- Sharing of personal information with third parties that is necessary for the protection of each Shimano Group company; data subjects; or the lives, bodies, or financial assets of third parties, and permitted under applicable personal information protection legislation.
- Sharing of personal information for any other cases permitted under applicable personal information protection legislation
Each Shimano Group company may jointly use personal information with other companies in the Shimano Group for the processing of personal information for which the Personal Information Protection Act of Japan is applicable on the grounds of joint use under the same Act, whereby the personal information of the Reporters described above under “1. Categories of personal information subject to processing” is used for the purposes described above under “2. Purpose of processing”. The party that is responsible for the management of personal information to be jointly used is Shimano Inc. (please refer to the Company Profile and Shimano Executives for the address of Shimano Inc. and the name of its representative.)
7. Cross-border transfer of personal information
Each Shimano Group company may transfer personal information to the following countries and regions to the extent necessary in order to fulfil the purposes set out in 2. above.
- United States
- Canada
- United Kingdom
- Ireland
- Germany
- Belgium
- Italy
- France
- Netherlands
- Spain
- Sweden
- Finland
- Norway
- Denmark
- Poland
- Czech Republic
- Turkey
- India
- Mainland China
- Taiwan
- Japan
- Singapore
- Cambodia
- Philippines
- Vietnam
- Indonesia
- Australia
- New Zealand
- Malaysia
- Mexico
- Brazil
- Argentina
- Uruguay
8. Safety management measures
Each Shimano Group company takes necessary and appropriate measures such as countermeasures against unauthorized access and countermeasures against computer viruses to prevent loss, destruction, falsification, leaking, and the like of personal information.
Each Shimano Group company will exercise necessary and appropriate supervision over employees of each Shimano Group company, and contractors, and the like, to protect personal information.
For more information on our Saftey management measures, please refer to Shimano Group Privacy Policy.
9. Rights of Data Subjects
Each Shimano Group company respects the rights Data Subjects hold under the applicable personal information protection legislation of each country. For example, rights of data subjects that may be recognized may include the right of access, correction, deletion, restriction, opposition, withdrawal of consent (may be granted to consent-based processing, but
does not affect the legality of consent-based processing that takes place before the withdrawal of consent), data portability, and the right not to be subject to automated decision-making, etc.
The Personal Information Protection Act of Japan grants the right to request the following in relation to retained personal information (meaning retained personal information prescribed in Article 16, paragraph (4) of the Personal Information Protection Act of Japan): notification of the purpose of use; disclosure; correction, addition, deletion,
suspension of use, erasure, or suspension of provision to third parties of content; and disclosure of records of provision to third parties. For rights granted under the personal information protection legislation of each country, please refer to the country-specific exhibits.
If you wish to exercise your rights granted under the personal information protection legislation of a country, please reach out to the point of contract found in “10. Contact details” below.
10. Contact details
For questions and inquiries regarding this Privacy Policy, please contact us using the contact details below.
ESG Development Department, Legal Affairs Section
Shimano Inc.
590-8577
3-77 Oimatsu-cho, Sakai-ku
Sakai City, Osaka
TEL +81-72-223-3210 / FAX +81-72-223-3258
Please refer to the Company Profile and Shimano Executives for the address of Shimano Inc. and the name of its representative.
11. Amendment of this Privacy Policy
We may amend all or part of, or make additions to, this Privacy Policy by giving notice by a method that each Shimano Group company deems appropriate (any methods required by applicable laws and regulations will be used, if any). In such a case, the post-amendment version of this Privacy Policy will be applied from the earlier of, the date on which individuals use the Reporting System for the first time after receiving such a notice, or the date stated in such notice. If there are any necessary procedures under personal information protection legislation that are to be applied, such procedures will be taken.
Exhibit 1: Handling of personal data of those located or residing in Europe (EEA and UK)
Effective date: January 1, 2025
Last updated: January 1, 2025
This exhibit relates to the GDPR and UK GDPR (collectively, the “GDPR”) applicable to the processing of personal information of Data Subjects located or residing in the EEA conducted by each Shimano Group company.
This exhibit includes information that relates to the rights of identifiable persons pertaining to data protection, including the right to raise an objection, with respect to certain data processing conducted by each Shimano Group company. Details regarding the rights of Data Dubjectes and how they can be exercised are listed in “3. Rights of Data Subujects”.
1. Legal Bases for Processing
(1) Legal bases for all processing of personal information
Each Shimano Group company processes the personal information of Data Subjects for the purposes listed in “2. Purpose of processing” of the Privacy Policy for the Shimano Group Compliance Consultation Desk based on the following legal bases.
Although there may be cases where the consent of a Data Subject that uses the Reporting System to engage in reporting (“Reporter”) is obtained in relation to the personal information of that Reporter, the legal bases for processing in those cases will also be “processing in cases where it is necessary for performing contracts,” “processing in cases where it is necessary for pursuing legitimate interests,” or “processing in cases where it is necessary in complying with legal obligations.” However, in cases where the processing purpose cannot be accommodated on those legal bases, consent serving as the legal basis will be obtained from the Reporter in question. As the Reporter in question would not be obligated to provide his or her personal information for the processing purpose in question, whether he or she provides his or her consent is at his or her full discretion. Furthermore, that consent may be withdrawn at any time. In the case that a Shimano Group company attempts to obtain consent to conduct processing for the personal data of a Reporter, the Reporter must be notified that he or she may withdraw his or her consent at any time and notified of the process for withdrawing his or her consent.
| Purpose of processing | Legal basis |
|---|---|
| For confirming facts and conducting necessary investigations related to consultations and reports |
|
| For reporting results to Reporters |
|
| For responding to inquiries from Reporters |
|
| For complying with laws and regulations, codes of conduct, vendor codes of conduct, and human rights policies of Shimano Group companies and companies in supply chains, and to improve the management of Shimano Group companies |
|
| For identifying problems of Shimano Group’s business associates and demanding preventative action from problematic business associates |
|
| For reporting to, notifying, cooperating with, and performing various procedures for, government and public offices |
|
| For ensuring full accountability to relevant stakeholders |
|
| For exercising rights or fulfilling duties under applicable laws |
|
| For managing personnel matters including processing necessary for personnel evaluations, human resource allocation, and performing employment contracts with officers and employees |
|
| For protecting the rights or financial assets of each Shimano Group company |
|
| For the filing or defense of litigation |
|
(2) Legal bases for processing of sensitive information
Each Shimano Group company processes special categories of personal information of Data Subjects, in cases where processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the Data Subject in the field of employment and social security and social protection law in so far as it is authorised by EU law, member-state law, or UK law or a collective agreement pursuant to member-state law providing for appropriate safeguards for the fundamental rights and the interests of the Data Subject (Article 9, paragraph (2)(b) of the GDPR). The personal information of Data Subjects that fall under special categories are processed in cases where relevant EU law, member-state law, or UK law does not exist or does not apply and where it is necessary to do so for the establishment, enforcement, or defense of legal claims (Article 9, paragraph (2)(f) of the GDPR).
2. Cross-Border Transfer of Personal Information
In the case of the transfer of personal data outside the EEA (European Economic Area) or the UK, for countries where adequacy decisions (Article 45 of the GDPR) are recognized, each Shimano Group company will base the transfer on the adequacy decision (including the EU-U.S. Data Privacy Framework) in question, and for other countries, each Shimano Group company will implement appropriate safeguards by entering into a Standard Data Protection Clause approved by the European Commission (Article 46, paragraph (2)(c) and paragraph (5) of the GDPR) or a Standard Data Protection Clause approved by the ICO (Article 46, paragraph (2)(d) of the UK GDPR) with the transferee. If any Data Subject wishes to receive a copy of the documents relating to these safeguards, he or she is requested to inquire with the contact indicated in “4. Contact Details of the Joint Controllers, the EEA Representative and the Data Protection Officer” below.
Each Shimano Group company bases the transfer of personal data to the following countries on adequacy decisions.
- Canada (Please refer here for details regarding adequacy decisions.)
- UK (Please refer here for details regarding adequacy decisions.)
- Japan (Please refer here for details regarding adequacy decisions.)
- New Zealand (Please refer here for details regarding adequacy decisions.)
- Uruguay (Please refer here for details regarding adequacy decisions.)
3. Rights of Data Subjects
Data Subjects have the following rights.
- Obtaining information regarding processing of data: Data Subjects have the right to obtain from each Shimano Group company all the requisite information regarding that company’s data processing activities that concern themselves (Articles 13 and 14 of the GDPR).
- Access to personal information: Data Subjects have the right to obtain from each Shimano Group company confirmation as to whether personal information concerning themselves is being processed, and, if so, then the right to access the personal information and certain related information (Article 15 of the GDPR).
- Rectification or erasure of personal information: Data Subjects have the right to have each Shimano Group company rectify inaccurate personal information concerning themselves without undue delay and the right to have each Shimano Group company complete any incomplete personal information (Article 16 of the GDPR). Also, if certain conditions are satisfied, Data Subjects will have the right to have each Shimano Group company delete personal information concerning themselves without undue delay (Article 17 of the GDPR).
- Restriction on processing of personal information: If certain conditions are satisfied, Data Subjects will have the right to have each Shimano Group company restrict processing of personal information concerning themselves (Article 18 of the GDPR).
- Objection to processing of personal information: If certain conditions are satisfied, Data Subjects will have the right to object to processing of personal information concerning themselves (Article 21 of the GDPR).
- Data portability of personal information: If certain conditions are satisfied, Data Subjects will have the right to receive personal information concerning themselves in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from each Shimano Group company (Article 20 of the GDPR).
- Withdrawal of consent: Data Subjects have the right to withdraw their consent at any time by the method designated by each Shimano Group company at the time that the consent is originally obtained from the Data Subjects. However, the withdrawal of consent will not affect the legality of consent-based processing that takes place before the withdrawal of consent.
- In relation to the processing of personal information of Data Subjects by each Shimano Group company, those Data Subjects may lodge a complaint with the Data Protection Supervisory Authority of the country where those Data Subjects reside, work, or any other place where the alleged infringement in question took place (Article 77 of the GDPR).
4. Contact Details of the Joint Controllers, the EEA Representative and the Data Protection Officer
For the processing of personal information to which the GDPR applies, Shimano Inc. (3-77 Oimatsucho, Sakai-ku, Sakai City) will act as the sole controller or as joint controllers with SHIMANO EUROPE B.V. (High Tech Campus 92, 5656 AG Eindhoven, the Netherlands), depending on the content of the processing of personal information.
If Shimano Inc. is the sole controller, SHIMANO EUROPE B.V. will be the EEA Representative. If you have any questions regarding the processing of your personal information by the Shimano Group, please contact us at the following e-mail address.
SHIMANO EUROPE B.V.: privacy@shimano-eu.com
The Shimano Group has appointed a Data Protection Officer.
The contact details of the Data Protection Officer are as follows.
privacy@shimano-eu.com
Exhibit 2: Handling of personal data of those residing in the State of California
Effective date: January 1, 2025
Last updated: January 1, 2025
This exhibit applies in cases where a Shimano Group company that is subject to the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) processes the personal information, as defined in the CCPA (“California Personal Information”), of a California resident who is a Data Subject. This exhibit explains the
rights available to you, including with respect to disclosure required by law.
Each Shimano Group company reserves the right to update this exhibit from time to time at its own discretion. If a Shimano Group company amends this exhibit, it will publish notice of the amendment on its website and update the expiration date of this exhibit. It is your responsibility to review this exhibit periodically. Notwithstanding the foregoing, if
a Shimano Group company significantly modifies this exhibit, it will give appropriate notice to you by publishing notice prominently on its website or sending an email to you if you have provided it with your email address.
In addition, Data Subjects with disabilities can access these special provisions using a standard screen reader or the method specified in “6. Rights Regarding California Personal Information of Identifiable Persons” below.
1. California Personal Information
Each Shimano Group company describes its general practices of handling personal information within the Privacy Policy for the Shimano Group Compliance Consultation Desk in the sections titled “1. Categories of personal information subject to processing” and “2. Purpose of processing”
(1) Categories of California Personal Information
In the past 12 months, we have collected the following categories of California Personal Information.
| Category | Example |
|---|---|
| Identifiers | Real names, phone numbers, addresses, email addresses |
| Personal information categories listed in Cal. Civ. Code § 1798.80(e) |
Real names, telephone numbers, addresses, education information, employment information, employment history ↓ This category may overlap with other categories. |
| Protected classification characteristics under California or federal law | Age, sex, gender identity, race, skin color, religion, health status, etc. |
| Professional or employment-related information | Names and addresses of employers, affiliated departments, occupations, titles, contents of reports and personal information that supports the contents of those reports |
| Sensitive personal information | Racial or ethnic origin, religious or philosophical beliefs, membership in unions, contents of emails and text messages, personal information regarding health that has been acquired and analyzed, personal information regarding sexual activity or sexual orientation that has been acquired and analyzed |
(2) Categories of Sources of California Personal Information
In the past 12 months, each Shimano Group company has obtained California Personal Information from the following sources:
- from you; and
- from third parties (including Reporters and affiliated companies).
2. Recipients of California Personal Information
In the past 12 months, each Shimano Group company has disclosed each type of California Personal Information listed under “1.(3)” of Exhibit: State of California above to the third parties listed in the section titled “6. Sharing of personal information” of the Privacy Policy for the Shimano Group Compliance Consultation Desk.
3. Use of California Personal Information
Each Shimano Group company uses categories of California Personal Information for the purposes listed in “2. Purpose of processing” of the Privacy Policy for the Shimano Group Compliance Consultation Desk. “Business purposes” as specified in the CCPA includes:
- Performing services on behalf of Shimano Group companies;
- Ensuring security and integrity; and
- Other forms of short term or temporary use.
Each Shimano Group company will not use or disclose sensitive personal information for purposes other than those specified in Article 7027, paragraph (m) of the CCPA.
4. Sale or Sharing of California Personal Information
No Shimano Group company sells or share California Personal Information. No Shimano Group company has sold or shared your California Personal Information in the past 12 months within the meaning in the CCPA regardless of whether or not you are younger than 16 years of age.
5. Rights Regarding California Personal Information of Identifiable Persons
California residents have certain rights with respect to California Personal Information collected by businesses. If you are a California resident, you may exercise the following rights regarding your California Personal Information, subject to certain exceptions and limitations. Each Shimano Group company will not discriminate against you for exercising
any of your CCPA rights. No Shimano Group company has established specific financial incentive programs for your prior opt-in consent.
To exercise your rights, please inquire with the contact point specified in “10. Contact details” of the Privacy Policy for the Shimano Group Compliance Consultation Desk .
- The right to know the categories of California Personal Information any Shimano Group company has collected about you, the categories of sources from which any Shimano Group company collected your California Personal Information, each Shimano Group company’s purposes for collecting your California Personal Information, the categories of your California Personal Information that any Shimano Group company has disclosed for a business purpose, the categories of third parties to which any Shimano Group company has disclosed that information for a business purpose, and the categories of third parties with which any Shimano Group company has shared that information. You also have the right to request a copy of specific pieces of your California Personal Information.
- The right to delete the California Personal Information any Shimano Group company has collected from you or maintain about you. If you request services that require the use of California Personal Information and you choose to delete your California Personal Information, the Shimano Group company in question may be prevented from providing those services.
- The right to opt out of a sale and sharing of your California Personal Information. Please note however that no Shimano Group company sells your California Personal Information, and therefore no Shimano Group company supports requests to opt out of a sale of California Personal Information.
- The right to correct incorrect personal information about consumers held by any Shimano Group company.
- The right to restrict any Shimano Group company’s use or disclosure of sensitive personal information if that Shimano Group company uses or discloses sensitive personal information for reasons other than those prescribed in the provisions of the CCPA.
Verification Process and Required Information. Note that each Shimano Group company may need to request additional information from you to verify your identity or understand the scope of your request if permitted or required under applicable laws and regulations. Although you will not be required to create an account with any Shimano Group company to submit a request or have it fulfilled, the Shimano Group company in question may ask you to provide certain California Personal Information as part of its verification process, including name, email address and member ID, which it already maintains.
Authorized Agent. You may designate an authorized agent to make a CCPA request on your behalf by submitting the written power of attorney or by providing the agent with written permission to act on your behalf. As permitted by law, each Shimano Group company may require verification of the agent’s authorization or require you to verify your own
identity in response to a request even if you choose to use an agent.
Please note that the Shimano Group company in question may not be able to respond to your request or provide you with your California Personal Information if it cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.
6. California Do Not Track Disclosure
The website and mobile app of each Shimano Group company are not designed to respond to “do not track” signals. As stated above, no Shimano Group company sells or share California Personal Information, and therefore no Shimano Group company supports opt-out preference signals.
Exhibit 3: Handling of personal data of those residing in Mainland China
Effective date: January 1, 2025
Last updated: January 1, 2025
This exhibit applies to the processing of personal information of Data Subjects located or residing in Mainland China by Shimano Group companies (China, excluding Hong Kong, Macau and Taiwan; “China”), and provides explanations regarding the handling of such personal information with respect to the Personal Information Protection Law of China, and the rights Data Subjects can exercise.
1. Legal Bases for Handling of Personal Information
When each Shimano Group company processes personal information, the consent of Data Subjects to the Privacy Policy for the Shimano Group Compliance Consultation Desk (the “Privacy Policy”), consent of Data Subjects to this exhibit, and consent by any other means must be obtained, and the processing of personal information must be conducted under the principles of legality, legitimacy, necessity, and good faith. However, in the following cases, personal information can be handled without the consent of Data Subjects in accordance with the Personal Information Protection Law of China.
- when it is necessary for the conclusion and performance of a contract to which the Data Subject is a party
- when it is necessary for the implementation of human resources management for labor regulation systems established in accordance with the law and for collective contracts concluded in accordance with the law
- when it is necessary for the performance of statutory duties or statutory obligations
- when it is necessary for responding to sudden public health events or protecting the lives, health, and property of natural persons in emergencies
- when handling the personal information of Data Subjects within a reasonable extent where such acts as news reporting and supervision by public opinions are carried out for the public interest
- when handling personal information that has been voluntarily disclosed by Data Subjects or any other personal information that has already been legally disclosed within a reasonable extent in accordance with the provisions of the Personal Information Protection Law of China
- for other reasons provided in laws and administrative regulations
2. Transfer of Personal Information Outside of China
Each Shimano Group company transfers the personal information of Data Subjects to Shimano Group companies located in countries and regions outside of China to the extent described in the Privacy Policy, and if a Data Subject provides his or her consent to the Privacy Policy or this exhibit, it will be considered that they also provide their consent for the
transfer of their personal information outside of China.
Furthermore, each Shimano Group company takes necessary measures to ensure that the handling of personal information by recipients outside of China satisfies the personal information protection standards prescribed in the Personal Information Protection Law of China.
3. Rights of Data Subjects
Each Shimano Group company ensures that Data Subjects may exercise the following rights with regard to their personal information, unless otherwise provided for in laws and administrative regulations.
- The right to know and right to make decisions regarding personal information. Data Subjects have the right to know about and make decisions regarding how their personal information is handled and Data Subjects have the right to restrict or refuse the handling of that personal information by others.
- The right to view or obtain copies of personal information. Data Subjects have the right to view or obtain copies of their personal information through Shimano Group companies. If a Data Subject requests to view or obtain copies of their personal information, Shimano Group companies must provide such information in a timely manner.
- The right to transfer personal information. If a Data Subject requests the transfer of personal data to a handler of personal information designated by them, and the conditions of the Cyberspace Administration of China are satisfied, Shimano Group companies must provide the means for the transfer of that personal information.
- The right to correct and supplement information. If a Data Subject notices that their personal information is incorrect or incomplete, that Data Subject has the right to request of a Shimano Group company the correction or supplementation of that personal information. If a Data Subject requests the correction or supplementation of personal information, Shimano Group companies must investigate the situation and correct and supplement the relevant personal information in a timely manner.
- The right to delete personal information. Data Subjects have the right to request of a Shimano Group company the deletion of personal information under any of the following circumstances: (1) where the purpose of handling personal information has been achieved or cannot be achieved, or the personal information is no longer needed for achieving that purpose; (2) where the retention period has expired; (3) where the Data Subject has withdrawn their consent; (4) where a Shimano Group company has handled personal information in a manner that violates a law or administrative regulation or an agreement; or (5) any other circumstance prescribed in laws or administrative regulations.
- The right to request an explanation of handling rules. Data Subjects have the right to request a Shimano Group company to provide an interpretation and explanation of their rules regarding the handling of personal information.
- The right to withdraw consent. Data Subjects have the right to withdraw their consent regarding the handling of personal information that is based on the Data Subject’s consent.
4. Contact Details for Mainland China
Please inquire using the following contact details for any questions regarding the handling of personal information by Shimano Group companies in Mainland China.
SHIMANO (KUNSHAN) BICYCLE COMPONENTS CO., LTD. (No. 6, Dong Ting Hu South Road, Kunshan, Jiangsu, China 215335).
Telephone number: +86-512-57310666