Privacy Notice
This privacy notice (“Notice”) describes the manner in which Shimano Inc. and its group companies (Shimano Inc. and its subsidiaries, affiliates, and other entities controlled by Shimano Inc. (listed here), hereinafter collectively referred to as “Shimano” or “we”) protect and process Personal Data (as defined below) obtained through the Sites (as defined below), products, events, sales activities and services we offer (hereinafter collectively referred to as "Services").
It also sets out how you can contact us if you have any queries or concerns about this notice or if you wish to exercise your rights under the applicable laws.
Some Services also have their own privacy policy (we may also refer to it as a “Data Protection Notice [DPN]”) which provides details of the processing of your Personal Data by that Service.
In this case, these policies shall take precedence over this Notice.
Shimano is a global company that is active all over the world. In principle, for Shimano Global activities the Act on the protection of personal information of Japan (“Japanese Act”) is applicable.
We would like to provide Services to you and comply to the applicable legislation.
To this end, we have provided some additional information for individuals located in the European Economic Area ("EEA" hereinafter referred as "EEA Individuals"), individuals located in California (here) and individuals located in Mainland China (here).
For EEA Individuals: In case any local privacy legislation conflicts with European General Data Protection Regulation (“GDPR”), GDPR shall prevail for Shimano activities in the European Economic Area. If we can apply local legislation such as UKGDPR or Turkish Privacy legislation without a breach of GDPR, we strive to be compliant with local legislation as well.
1. Data Controller and Data Protection Officer
The Shimano company (listed here) that directly provides the Services to you or with whom you come into contact is responsible for processing your Personal Data and is the controllers under the applicable law.
If you have any questions or wish to exercise your rights as permitted by applicable laws and regulations regarding the processing of your Personal Data, you can contact each controller by postal mail at the address listed on the above Sites.
For EEA Individuals:
Shimano Inc., a Japanese company with its business address at 3-77 Oimatsu-cho, Sakai-ku, Sakai City Osaka 590-8577, Japan, is the global headquarter of the Shimano Group;
Shimano Europe B.V., a Dutch company with its business address at High Tech Campus 92, 5656 AG Eindhoven, the Netherlands, is the European headquarter of Shimano;
in addition to the local Shimano Sales Offices as specified per region on this webpage.
Each entity can be the controller within the meaning of GDPR for the processing of Personal Data concerning European residents, depending on the Service that is requested by the data subject.
Which entity is the controller depends on the Services you are using or used. Moreover, depending on the processing activity, Shimano Inc. and Shimano Europe B.V. or other companies within Shimano may be joint controller(s).
You can contact Shimano Europe B.V. by email at privacy@shimano-eu.com if you wish to obtain more information.
Shimano has appointed a Data Protection Officer ("DPO") under the GDPR to manage all matters related to data protection and privacy. If you have any questions regarding the processing of your Personal Data, please contact our DPO at privacy@shimano-eu.com.
2. Privacy Policy
The general framework of Shimano with respect to the protection and processing of Personal Data can be summarized as follows:
3. Personal Data that we collect and How we collect it
Definitions
“Personal Data” means information about a living individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual).
"Sensitive Data" means data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life, data concerning sexual orientation or other intimate areas, data concerning social security measures, data concerning administrative or criminal proceedings, data concerning criminal convictions and offences, and other sensitive Personal Data under the applicable law.
For EEA Individuals:
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (referred to as “Personal Data” in this Notice).
“Special Categories of Personal Data” include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation (also referred to as "Sensitive Data" in this Notice).
What type of data does Shimano collect?
Shimano may collect your Personal Data in several different ways, for example: when you fill in text fields, upload documents or visit our Sites. When we ask you to submit your Personal Data, we will indicate which data fields are optional. If you fail to provide us with the obligatory information, we may not be able to adhere to your request (e.g. to create a Shimano account).
- Information that you provide us
Whenever you interact with Shimano, you may be asked to provide us with Personal Data relating to you. For example:-
Performance of transactions:When contacting us or when purchasing or using our products or services you may be asked to submit certain Personal Data, such as
- name,
- contact information (including but not limited to telephone number and email address),
- shipping and billing address,
- date of birth,
- the sort of products or services purchased or used by you,
- specific requests made by you,
- payment information (such as credit card information), and
- specific information that is requested or generated in order to use or benefit from a product or service (e.g. bike fitting), such as bodyweight, length, etc.
-
Service performance:When you use a product or service that is designed to collect certain Personal Data, we may ask you to provide Personal Data.
For example, with respect to measurement data obtained during Bike fitting services or with respect to products and services that assist you in remembering and applying your bike settings, we may ask you to provide information such as your contact details (including but not limited to name, telephone number, date of birth), bodyweight, length, delivery date and place of purchase and payment information (such as credit card information). And also, when you use our online services, we may receive content that you choose to upload, such as product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to share with us, for example when selecting the services that you wish to receive. The relevant product or service descriptions may further detail which Personal Data is processed. - Account management:When you create and maintain a Shimano Service’s account, you may be asked to provide certain Personal Data, such as name, user name, a unique ID allocated by us, email address and password, and to keep such Personal Data up to date.
- Warranty handling:When you purchase, register, apply for a warranty, send for repair or return one of our products online, we may record the call and/or ask you to provide information such as your contact details, delivery date, place of purchase, payment information and the content of warranty (including details of the event that caused malfunction or injury).
- Customer Service:When you contact our customer service for assistance, we may keep information about the call, including your name, the product(s) you bought, the reason why you contacted us and the advice we gave you.
- Events:When you visit us at a public event on- or offline, such as a trade show or exhibition or participate in one of our surveys, we may ask for information, such as your business card, name, contact details, interests and preferences.
- Apps:When you use a Shimano app such as E-Tube or portal sites such as for learning purposes, we may collect your location and performance data to improve the usage of Shimano products, also we may keep a record of the access and certificates that you achieved during the usage of such app or portal sites.
- Employment:When you apply for a position with Shimano, we may ask you for information necessary for recruitment processes and on-boarding processes.
- Activations:When you subscribe to our newsletter, participate in surveys, research, raffles or contests, we may ask you for information, such as your email address and information about you.
How does Shimano collect data?
-
Performance of transactions:When contacting us or when purchasing or using our products or services you may be asked to submit certain Personal Data, such as
- Personal data we automatically collect
When using our Services we automatically collect Personal Data. The Specific Categories of Personal Data concerned depend on the specific Services involved. For example:- Websites: When you visit and use our websites owned and/or operated by Shimano (collectively, the “Sites”), our servers automatically record certain data, such as URL, IP address, browser type and language, device information and the date and time of your visit. Also, we may collect Personal Data concerning your use of the Sites. Your Personal Data is obtained by cookies and similar mechanisms. The Sites will inform you of our use of cookies and similar mechanisms (Please also see section 8).
- Emails and communication channels that you use to reach out to our call centers or other Shimano personnel may be monitored and logged.
In general, this information is collected using digital identifiers such as a device number, browser cookie or your IP address. These identifiers are used to distinguish the information provided by your browser or device from that of another user’s browser or device. We may also associate the collected information with one of your accounts, if for instance you are logged into a service when the information is collected depending on the cookie selection provided in the Sites.
- Personal Data we may collect from other sources
- Third Parties: By obtaining certain Personal Data from third parties. We will always ask such third party to confirm that making the Personal Data available to us is in compliance of law, e.g. because you have consented to such transfer of Personal Data.
- Public information: We may also collect information from publicly available sources and third parties, including:
- When you seek to make a purchase from us, we may carry out credit and financial checks to ensure payment is not made fraudulently and that you have a suitable credit rating.
- If you purchase products or services (including but not limited to warranty application) from Shimano or other local distributors, or dealer, we may receive certain information about your purchase such as contact information and the warranty details from them and their retailer.
- We may also share information about you with other Shimano group companies that you interact with; in particular, when you apply for a warranty on our products.
- When carrying out business to business sales calls, we may use business contact details that are publicly available.
- When carrying out research and development, we may use information about you that are publicly available.
- Personal Data we may collect from social media
If you use any of our social media applications, pages or plugins or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:- If you log-in to one of our Sites or services using your social network account, we may receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings, however, they might include your social network ID, name, profile picture, gender and location. We may also receive additional information from your profile if you give us permission to access it.
- If you click on a “like”, “+1” or “♡” or similar button or post comments on any of our services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive further information about interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you.
4. How Shimano uses the Personal Data that it collects (legal basis)?
Shimano may use the information it collects for the following purposes:
- Provision of Services
When we use Personal Data to offer Services to you, we process the Personal Data on the legal basis of a contract between you and Shimano or your consent.
In this context, we may use Personal Data to:- Provide you with Services you have requested, including sending information about our Services, confirming that payment is not made fraudulently, managing your Shimano account (if any), delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion (and performance of its obligations under any other agreement it may have with you).
- Provide customer care (such as safety instructions or use instructions for your Shimano products and services), warranty, returns, inspection, replacement and other after sales services.
- Process smoothly your searches and requests for information when you contact us about us and our Services.
For EEA Individuals: We process the Personal Data on the legal basis of performance of contract, see Art. 6 (1)(b) GDPR. As far as we process Sensitive Data in our Services, in addition to such legal ground, we request your explicit consent, according with Art. 9 (2)(a) GDPR.
- Development and improvement of Services
We work constantly to improve our Services. We process your Personal Data for quality improvement purposes, e.g. to detect and analyze problems in our Services, to carry out predictive maintenance and calculate the necessary Services replacement timing, to introduce new products and test their compatibility, etc. We process the Personal Data on the legal basis of a contract between you and Shimano or your consent.For EEA Individuals: We process the Personal Data either on the basis of our legitimate interests to develop services to better meet customer requirements, to ensure data quality, to develop identity management, and to strengthen network and data security, or the basis of your consent, see Art. 6 (1)(a) and (f) GDPR.
- Marketing of Services
We process your Personal Data to send you information for marketing purposes. We either base this processing on our legitimate interests to know our customers, keep you up to date about Shimano’s latest Services or similar Services, to send you information about similar Services previously purchased by you, and to personalize your customer experience, or on your prior consent, e.g. for sending marketing messages and to personalize your customer experience.
In this context, we may collect, store, track and profile your Personal Data to:
- Provide you with newsletters and other commercial messages, if you have provided your prior consent or we are otherwise permitted to do so under the applicable law. These newsletters and messages may be specifically tailored for you based on the type of services and products purchased by you and your use thereof. You can unsubscribe from these newsletters or messages of Shimano at any time. After unsubscribing, we will remove your email address from the mailing list of the newsletters you subscribed to. However, we do send you essential messages, e.g. for user account verification, service update notifications or to operate our Services. Even after you unsubscribe from the newsletters, these transactional emails will also be sent to you. See the “7. Marketing” section below for more details.
- Conduct campaigns, prize draws, contests and other promotional offers.
- Ask you to participate in surveys and to manage the outcome of surveys in which you have participated.
- Organize joint marketing events with third parties.
- Show you personalized content, recommendations and advertisements and more effectively provide services, content, recommendations, adverts and communications. You may notice this personalization and targeting when you use Shimano’s Services, when we contact you with marketing communications and when you visit our Sites or third party websites and services that show advertisements from us or our advertising partners (for example, you might see an advertisement for Services that you have recently viewed on one of our Sites).
- Create anonymous, aggregated statistical data about the use of Services, which we may share with third parties and/or make available to the public.
For EEA Individuals: We process your Personal Data on the legal basis of legitimate interest as described above or your consent, see Art. 6 (1)(a) and (f) GDPR.
- Security, detect and avoid misuse of Services
We may use information collected from monitoring our Sites, online services and emails for security purposes. This information may be used to continuously improve our security measures, may be passed to the police or to other appropriate authorities. And we analyze technical data gathered via the online services to detect and avoid misuse thereof, for example, by a breach of the terms of use of the software license agreement. We base this processing on the performance of a contract to which you are party, as well as on our legitimate interests to protect you and our company, systems, employees and partners, or on a legal obligation to cooperate with competent authorities.
For EEA Individuals: We process the Personal Data on the legal basis of the contract, compliance with a legal obligations, or legitimate interest as described above, see Art. 6 (1)(b), (c) and (f) GDPR.
- Fraud prevention and investigation
We may use your Personal Data to prevent fraud and to investigate violations of our policies. For example, we may use your Personal Data such as your name, shipping address and financial information to check that a payment is not made fraudulently. In this case, we base the processing of Personal Data on our legitimate interest to prevent fraud and to provide benefits only to our customers.
For EEA Individuals: We process the Personal Data on the legal basis of legitimate interest as described above, see Art. 6 (1) (f) GDPR.
- Compliance with law
We may also use your Personal Data to comply with the applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies. We may use your Personal Data to perform possible product recalls and to enforce or defend the legal rights and property of any Shimano group company or the terms and conditions of any services. In this case, we base the processing on a legal obligation to which Shimano is subject or on our legitimate interest to defend our legal rights.
For EEA Individuals: We process the Personal Data on the legal basis of compliance with a legal obligation and legitimate interest as described above, see Art. 6 (1) (c) and (f) GDPR.
- Others
We may process your Personal Data for any other purposes made known to you beforehand, e.g. to handle your application for a job or traineeship at Shimano.
We may anonymize Personal Data so that it cannot be used to identify you and is no longer Personal Data. We will maintain and use this data only in anonymized form and will not attempt to re-identify the data.
5. Sharing of your Personal Data
We generally do not sell, share or otherwise disclose your Personal Data to third parties without your prior consent.
On the other hand, we may share your Personal Data with the following recipients:
- Our group companies
Given the international footprint of our business, our group companies work closely together. To be able to do so, we share data, including your Personal Data, within the group as limited a manner as possible, as much as possible in order to achieve the purposes of use described in this Notice.
For EEA Individuals: Where we share your Personal Data within our group, the following principles will be adhered to:
With regard to the processing of your Personal Data to which only the Japanese Act applies, the Shimano companies may jointly use your name, address, telephone number, gender, date of birth, occupation and email address for the purposes described in section “4. How Shimano uses the Personal Data that it collects (legal basis)?” above, based on the joint use of the data as provided for in the Japanese Act. The company responsible for managing the jointly used Personal Data is Shimano Inc. (for the address and name of the representative, please see the “Company Profile” and “Shimano Executives”).- Each group company must comply with our privacy policy and is not permitted to sell or otherwise disclose your Personal Data to third parties except as authorized by Shimano Europe B.V. and you, or as permitted or required by the applicable laws.
- Shimano has applied adequate safeguards to ensure organizational and technical security measures, including by agreeing on standard contract clauses where your Personal Data is transferred to group companies that are established outside the EEA and countries recognized as having an adequate level of data protection such as Japan.
- The data minimization principle will govern the processing of the Personal Data. In that sense, Shimano will only have access to the data and information on a need-to-know basis. For the cases whereby a group company does not have direct involvement with the Personal Data such company shall only have access to aggregated reports or pseudonymized data.
- Credit card companies, banks and other payment service providers
We may share your Personal Data with your credit card company, bank or another payment service provider in the context of a transaction.
If you choose to transact using a credit card or debit card, we will supply to your credit card company, bank or other payment service provider all relevant information about the name of the vendor, item(s) purchased, purchase date, total cost and other information necessary to process the transaction. Shimano will not otherwise provide any Personal Data to your credit card company, bank or payment service provider without your consent. - Service providers
We may use third party service providers (either data processors or data controllers) to process your Personal Data for the purposes outlined above. For example, we use third party software, such as a portal for customers, consumer web shops, tools for sending newsletters, and invoices.
To this end, your Personal Data will be provided to third parties in as limited a manner as possible. Shimano will assess upfront if the service providers who provide services including but not limited to cloud services or development and maintenance services process Personal Data according to the applicable law and have implemented technical and organizational measures prior to sharing your Personal Data.
With all service providers acting on our behalf, we enter into a business contract. These service providers are legally and contractually required to respect and comply with applicable data protection legislation and this Notice in accordance with our instructions. Part of if this contract will contain mandatory agreements on data processing according to the applicable law. - Other third parties
We will not disclose your Personal Data to any third parties other than your credit card company, bank or other payment service providers or our processors without your consent; provided, however, that we reserve the right to use or disclose to a third party any information without your consent in the following circumstances.
- If it is requested by any laws and regulations, in order to comply with legal obligations Shimano is subject to, such as recordkeeping requirements and filing tax returns.
- If we deem it necessary for protection and security of your interests.
- If we deem it particularly necessary for cooperation with a governmental body or other public organization or its designee in discharging its duties pursuant to the laws and regulations (including investigating breach of laws), or otherwise deems it particularly necessary for the performance of a task carried out in the public interest.
In addition, your Personal Data (e.g. IP-addresses) collected by means of cookies and similar technologies may be shared if you provided the respective approvals (for more information please see section 8).
We process anonymized, aggregate or generic data (including “generic” statistics) for several purposes as outlined above. We may also share those (including but not limited to demographic) data with third parties, such as our distributors, our sponsors, promotional and business partners, and participating vendors.
6. International transfers of your Personal Data
For the purposes explained in this Notice, Shimano, as a global company, may transfer your Personal Data collected through its Services to, and store it at, a destination outside your country/region of residence, including Japan. Shimano will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Notice and the applicable laws.
For EEA Individuals: Shimano processes much EEA individuals’ data within EEA territory. In case data is shared outside EEA territory Shimano takes appropriate measures to ensure safe transfers of your Personal Data outside the EEA and only to countries with an adequacy decision by the European Commission or, in case of data transfers to the USA, to organizations certified under the EU-USA Data Privacy Framework. For example, Shimano may use contracts approved by the European Commission for the transfer of data to Japan or the UK.
Please contact Shimano Europe B.V. or DPO if you want to receive further information regarding international data transfers.
Privacy Notice for California Consumer
More information about how we process the Personal Data of California persons can be found by reviewing the “California Consumer Private Notice” page below.
Privacy Notice for Mainland China residents
This Notice applies to residents of Mainland China and describes how we collect, use, process, and disclose Personal Data of Mainland China consumers in the context of the Services (as defined above), to supplement the Data Protection Notice, in accordance with PRC Personal Information Protection Law(“PIPL”) and other applicable laws and regulations. Some services also have their own privacy policy (we may also refer to it as a “Data Protection Notice [DPN]”) for Mainland China residents which provides details of the use of your personal data by that Services. Where there are inconsistencies between this Notice and the policies, these policies shall take precedence over this Notice.
1. Data Controller
The data controller who is responsible for the processing of Personal Data of Mainland China consumers in relation to the Services is Shimano Inc. or our Chinese group companies listed in here.
Each entity can be the controller within the meaning of the PIPL for the processing of Personal Data concerning Mainland China residents, depending on the Service that is requested by the data subject.
If you have any questions regarding the processing of your Personal Data, please contact the each data controller.
2. Personal Data We Collect
Definitions
“Personal Data” means any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, excluding information that has been anonymized.
“Sensitive Personal Data” means personal information that, once leaked or illegally used, will easily lead to infringement of the human dignity or harm to the personal or property safety of a natural person, including biometric recognition, religious belief, specific identity, medical and health, financial account, personal location tracking and other information of a natural person, as well as any Personal Data of a minor under the age of 14.
We collect Personal Data directly from consumers and automatically when consumers use the Portal, as described in “Personal Data that we collect and How we collect it” section 3 of the Notice above. For the processing of Sensitive Personal Data as provided by PIPL, separate consent shall be obtained from the data subject.
3. How We Disclose Personal Data
We may disclose your Personal Data to the third parties as described in the “Sharing of your Personal Data” section 5 of the above Notice for the purposes set out in that section. For China data subject, you may check the list of third parties who may receive your Personal Data by contacting us. In cases of providing Personal Data to other parties, and public disclosure of Personal Data, separate consent shall be obtained from the data subject.
Where sharing of Personal Data constitutes cross-border data transfer, we will comply with relevant requirements under the PIPL and other applicable regulations as described in the “International Data Transfer” section 4 of this Notice.
4. International Data Transfer
For China data subjects, when transferring your Personal Data outside of China, we will comply with relevant requirements under the PIPL and other applicable regulations.
5. Retention periods
We may store your Personal Data as described in the “Retention periods” section 11 of the Notice above.
6. Data Subject Rights
- Right of access to your Personal Data.
- Right to rectification of inaccurate or incomplete Personal Data.
- Right to restriction of processing: You have the right to ask us to (temporarily) stop processing your Personal Data, for example when we check the accuracy of your Personal Data.
- Right to be forgotten / right to erasure:You have the right to ask us to erase or destroy your Personal Data. In case we are obliged to retain certain Personal Data by legal or regulatory obligations, or when destruction is not possible from a technical point of view, we may not comply with your request.
- Right to data portability.
- Right to withdraw consent.
You may invoke any of these rights by sending your request to the contact points given in section 1 of this notice. In general, we will complete the processing of your request within 15 working days upon receiving it.
This Notice was last updated in November 2025.