We have compiled this Data Protection Statement to inform you about the collection of personal data when using our website. Personal data means all data that can be used to identify you, such as your name, address, email addresses and your use of our website. We have put comprehensive technical and operational safeguards in place to protect your data against coincidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and upgraded to reflect the latest technological developments.
1. Data Controller (the person who has control over your data)
The data controller pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Yamaha Music Europe GmbH, Siemensstrasse 22-34, 25462 Rellingen, Germany, Phone: +49 (0) 4101/ 303-0, Fax: +49 (0) 4101/ 303-333 (also refer to our legal notice).
2. How to contact the Data Protection Officer
You can contact our Data Protection Officer by sending an email to Dataprotection@contact.europe.yamaha.com
3. Your rights
You have the following rights in relation to your personal data:
3.1 General rights
You have a right to information, rectification, erasure, restriction of data processing, to object against the data processing and to data portability. To the extent a data processing is based on your declaration of consent, you have the right to revoke such consent with effect for the future.
3.2 Rights concerning data processing conducted on the basis of a legitimate interest
Article 21 para. 1 GDPR gives you the right to object against the processing of your personal data on the basis of Article 6 para. 1e GDPR (data processing in the public interest) or Article 6 para. 1f GDPR (data processing to safeguard a legitimate interest) for reasons resulting from your personal circumstances at any time, including against a profiling based on the same provision. We will cease to process your personal data if you object against it, unless we demonstrate compelling legitimate reasons for the data processing that prevail over your interests, rights and freedoms, or if the data processing serves the purpose of asserting, exercising or defending legal interests.
3.3 Rights concerning direct advertising
In as far as we process your personal data for direct advertising purposes, Article 21 para. 2 GDPR gives you the right to object against the processing of your personal data for the purpose of such advertising, including profiling to the extent it is related to direct advertising.
We will cease processing your personal data for direct advertising purposes if you object against such use of your personal data.
3.4 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint about the processing of your personal data by us with the relevant data protection supervisory authority.
4. Personal data collected when visiting our website
Where our website is only used for the purpose of gathering information, meaning without you registering or transmitting information to us otherwise, we will only collect the personal data transmitted by your browser to our server. When you browse our website, we will collect the following data required by us to display our website to you and ensure its stability and security. The legal basis for this collection of data is Article 6 para. 1f GDPR:–IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data transferred, referring website, browser, operating system and platform, browser language and version.
5. Contacting us by email or using the contact form
When you contact us by email or via one of the contact forms, we will store the data submitted by you (your email address, your name and telephone number, if provided) for the purpose of responding to your inquiries. In as far as our contact form requests information that is not necessary to get in contact with you, the respective fields are always marked as optional. This data allows us to substantiate your inquiry and to improve our handling of your request. This data is explicitly disclosed on a voluntary basis and on the basis of your consent pursuant to Article 6 para. 1a GDPR. In as far as the data concern communication channels (e.g. email address, telephone number), you also consent to us contacting you via such communication channels for the purpose of responding to your inquiry. You are free to revoke your declaration of consent at any time with effect for the future.
We will delete the relevant data subject to a revocation of consent as soon as their storage is no longer necessary, or alternatively restrict the data processing in cases where statutory retention obligations apply.
6.1 General information
You can subscribe to our newsletter offering information on our current deals and promotions by granting your consent pursuant to Article 6 para. 1a GDPR. The subscription to our newsletter uses the so-called double opt-out procedure. After you have registered on our website, we will send an email to the address specified by you. The email will ask you to confirm your subscription to our newsletter.
The IP addresses, as well as the time and date of your subscription and confirmation will be stored for longer periods. This serves the purpose of being able to evidence your subscription and investigate any potential misuse of your personal data.
Your email address, language and country are the only mandatory information required for receiving our newsletter. The disclosure of other data marked as optional is voluntary and will only be used for personalized communication with you. After you have confirmed your subscription, your email address will be stored by us for the purpose of sending you our newsletter. The legal basis for this collection of data is Article 6 para. 1a GDPR:
You may revoke your consent to receive the newsletter and cancel your subscription at any time. You can declare your revocation of consent by clicking on the link included in each newsletter email, or by contacting the Data Protection Officer at the address specified above.
6.2 Newsletter tracking
Please note that we analyse your user behaviour when sending out the newsletter. The data for this analysis is gathered by so-called tracking pixels, which are embedded in the emails. The data is analysed by linking the data specified above and the tracking pixels with your email address and an individual ID. This ID is also part of the links contained in the newsletter.
All data is collected in pseudonymised format only. This means that the IDs are not linked to any other personal data, which effectively precludes any direct references to persons. We will store the data for as long as you remain subscribed to the newsletter.
This kind of tracking can be prevented by disabling the automatic display of images in your email program settings. This may cause the newsletter to be displayed incompletely and you may not be able to use all functions. The tracking mentioned above will be activated when you click on 'show images' (or the equivalent command).
7. Registration and use of the website
In order to place an order on our website, you will need to register to create a customer account or log into an existing customer account. When registering, we will collect and store all or some of the following personal data:
- Title (optional)
- First name
- Last name
- Email (user name)
- Address (optional)
- Date of birth(optional)
- Product interests (optional)
- Registration of products (optional)
- Interests (optional)
Data above not specified ‘(optional)’ is mandatory. Any additional information may be entered on a voluntary basis when you are logged into our website.
Once you have created an account and are logged into the website, you will be able to see and amend the information you have provided; you will also be able to see information about orders placed using that account.
When you use our website, we will store your data required for the performance of the contract and information about the type of payment methods used (but no actual credit or debit card information. The legal basis for this collection of data is Article 6 para. 1a, b and f GDPR
8. Enrolment in prize competitions
If you enrol in prize competitions, we will collect the data required for conducting the price competition. This information usually consists of your individual contribution to the prize competition (e.g. a comment or a photo), as well as your name and contact details. We may in certain cases disclose your data to our prize competition partners, i.e. to deliver a prize to you. The processing and disclosure of data may vary from prize competition to prize competition and is therefore set out in the respective prize competition's conditions of participation. Enrolment in the prize raffle and the associated collection of data are voluntary. The legal basis for the data processing is your declaration of consent pursuant to Article 6 para. 1a GDPR. Your data will be deleted after the prize competition has ended.
9. Recruitment applications
Depending on the nature of the vacancy, you will be able to submit your application to our company electronically, i.e. by email or via a form on a webpage. We will only use the information submitted to us for the purpose of processing your application, the data will not be disclosed to third parties. Please note that unencrypted emails are not protected against third-party access during transmission.
If you have applied for a specific position that has already been filled, or if we believe there is another opportunity for which you would be suited equally or even better, we would like to be able to make your application available within our company. Please advise us if you object against us making your application available internally.
Your personal data will be deleted immediately after conclusion of the application process or within a maximum period of 6 months, unless you have granted your consent to a longer period of storage, or if we have entered into an employment agreement with you. The legal basis for this collection of data is Article 6 para. 1a, b and f GDPR.
10. Use of social plug-ins and 3rd party service providers
10.1 Social plugins
This website uses social plug-ins from the following companies:
- Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- Twitter (Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- Pinterest (Operator: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
- Instagram (Operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA)
- LinkedIn (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- YouTube (Operator: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA)
These plugins will usually collect your data automatically and transmit the data to the respective operator's server. To guarantee your privacy is protected, we have taken technical measures that guarantee your data cannot be collected by the provider of the respective plug-in without your consent. When accessing a site with embedded plug-ins, these are initially deactivated. The plus-ins are only activated by clicking the relevant symbol, and in doing so you grant your consent to the transmission of your data to the respective operator. The legal basis for the use of plug-ins is Article 6 para. 1a and f GDPR.
Following activation, the plug-ins also collect personal data such as your IP address, and transmit these to the server of the respective provider, where they will be stored. Activated social plug-ins also create a cookie with a unique identifier when the website in question is accessed. Providers are thus also able to create profiles about your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the provider's social network and you are logged in to the social network while you visit this website, your data and information about visiting this website can be combined with your profile on the social network. We have no influence on the exact scope of the data collected about you by the respective provider. More detailed information on the scope, nature and purpose of data processing and on rights and settings options to protect your privacy can be found on the data protection notices of the respective social network provider. These can be found at the following addresses:
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://twitter.com/privacy/
- Google+: https://www.google.com/intl/de/privacy/
- Pinterest: https://about.pinterest.com/de/privacy-policy
- Instagram: https://help.instagram.com/155833707900388
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- YouTube: https://www.youtube.com/static?template=privacy_guidelines
10.2 Service providers
We use Eventbrite as a service provider for events and the Eventbrite buttons and widgets on our website. With this service we plan and promote our events and offer tickets, either at a charge or free of charge. We also use the service to aggregate our event calendars. Eventbrite Inc. is a provider based at 651 Brannan Street, Suite 110, San Francisco, CA 94107, USA.
If you click an EventBrite button or use an EventBrite widget (usually on the information page of an event), information about your booking, the event and the organisers is retrieved from and stored on our Eventbrite profile. If you are already a registered member of Eventbrite, Eventbrite will use the information you’ve provided to Eventbrite to register for our events.
We use SimplyBook.me as a service provider for events and appointments (sessions, lessons, workshops et al) and the SimplyBook.me buttons and widgets on our website. With this service we plan and promote our events and offer appointments, either at a charge or free of charge. We also use the service to aggregate our event calendars. SimplyBook.me is a provider based at 36 Aigyptou Avenue, 6030 Larnaca, Cyprus.
If you click a SimplyBook.me button or use a SimplyBook.me widget (usually on the information page of an event), information about your booking, the event and the organisers is retrieved from and stored on our SimplyBook.me profile. If you are already a registered member of SimplyBook.me, SimplyBook.me will use the information you’ve provided to SimplyBook.me to register for our events.
For more information about SimplyBook.me’s privacy practices, please visit: https://simplybook.me/en/gdpr-compliance and https://simplybook.me/en/terms-and-conditions
We use 10to8 as a service provider for events and appointments (sessions, lessons, workshops et al) and the 10to8 buttons and widgets on our website. With this service we plan and promote our events and offer appointments, either at a charge or free of charge. We also use the service to aggregate our event calendars. 10to8 is a provider based at Ideaspace, 3 Laundress Lane, Cambridge, CB2 1SD, United Kingdom.
If you click a 10to8 button or use a 10to8 widget (usually on the information page of an event), information about your booking, the event and the organisers is retrieved from and stored on our 10to8 profile. If you are already a registered member of 10to8, 10to8 will use the information you’ve provided to 10to8 to register for our events.
For more information about 10to8’s privacy practices, please visit: https://10to8.com/legal/
We use Google as a service provider for events and appointments (sessions, lessons, workshops et al) and the Google buttons, widgets and forms on our website. With this service we capture information to plan and promote our events and offer appointments, either at a charge or free of charge. We also use the service to aggregate our event calendars. Google is a provider based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you use a Google button, form or widget (usually on the information page of an event), information you supply is stored on our Google profile.
For more information about Google’s privacy practices, please visit: https://policies.google.com/privacy/update?hl=en
We use "Facebook Pixel" of the social network "Facebook" on the legal basis of your consent according to Art. 6 para 1a GDPR for the following purposes:
- Facebook (website) Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.
- Facebook conversion tracking
- Joint Controller:
We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes:
- The creation of individualized or suitable ads, as well as for their optimization
- Delivery of commercial and transaction-related messages (e.g. via Messenger)
Therefore, we have concluded a corresponding agreement with Facebook for joint controllership, which can be accessed here:
This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership. The contact details of the Controller and the data protection officer of Facebook can be found here:
We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights. Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited. Information on the data security conditions can be found here.
and on processing on the basis of standard contractual clauses can be found here:
The “Facebook Custom Audiences” function can be deactivated in the Cookie Settings and for logged in users here:
When you use our website, cookies will be stored on your computer. Cookies are small text files, which are stored on your hard drive and are linked to the browser you use. The cookies send certain information to the owner of the cookie who has placed it on your computer. Cookies cannot execute programs or infect your computer with viruses. They serve the purpose of improving overall user-friendliness and making the internet service more efficient.
The types of cookies used on this website, the information they collect and their functionalities are explained in the following:
11.1 Transient cookies
These cookies are automatically deleted when you close your browser. The most popular transient cookie is the session cookie. These session cookies save a so-called session ID, which can be used to allocate different requests from your browser to the same session. This allows for the recognition of your computer when you return to our website at a later time. Session cookies are deleted when you log off, or when you close your browser.
11.2 Persistent Cookies
These cookies are automatically deleted after a certain period of time, which may vary from cookie to cookie. You can delete cookies at any time in the security settings of your browser.
11.3 Preventing cookies
You can configure your browser settings to your cookie preferences, e.g. by setting it to reject third-party cookies or to reject all cookies. We note that you may in this case not be able to use the full scope of functions offered by this website.
11.4 Legal bases and period of storage
The legal basis for the potential processing of your personal data and the period of their storage vary and are explained in the following sections.
12. Website analysis
We use the services explained in the following to analyse and optimize our webpages. These services allow us to analyse how users navigate our website, which information they are looking for and how users came across our service. The data collected by us includes information about the website that has referred the user to one of our webpages (the so called referrer), the sub-pages the user has accessed or how frequently and for how long a sub-page was viewed. This helps us in improving our services and in making them more user-friendly. The data collected is not used to identify individual users. It is anonymised or at least pseudonymised. The legal basis for this collection of data is Article 6 para. 1f GDPR.
12.1 Google Analytics
This website uses Google Analytics, a web analysis service offered by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). We use Googly Analytics in the universal analytics mode. This allows for the allocation of data, sessions and interactions to a pseudonymous user ID across multiple devices and therefore an analysis of the user's activities across multiple devices.
You can stop cookies being saved by amending the relevant setting in your browser software; however, we would like to point out that if you do this, you may not be able to use all of the functions of this website in full. Furthermore, you can stop the data generated by the cookie related to your usage of the website (including your IP address) being collected by Google, and stop Google processing these data by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en. Opt-out cookies prevent your data from being collected during future visits to our website. To prevent Google Analytics from collecting data across multiple devices, you will need to set an opt-out cookie on each device used by you. Please click here to place the opt-out cookie: Deactivate Google Analytics
12.2 Google Tag Manager
We can also use the "Google Tag Manager" to embed the Google analysis and marketing services in our website and manage these services.
More information on the use of data for marketing purposes by Google is available at: https://www.google.com/policies/technologies/ads, Google's data protection statement can be reviewed at https://www.google.com/policies/privacy If you would like to object against interest-targeted advertising by Google Marketing Services, you can use the settings and opt-out options offered by Google at: http://www.google.com/ads/preferences The legal basis is our legitimate interest pursuant to Article 6 para. 1f GDPR.
12.3 What HiFi Conversion Tracking
We use the conversion tracking service of What HiFi (Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA.) When you complete a purchase on our website the What HiFi conversion tracking pixel sends confirmation to What HiFi for data analysis. No personal details are transmitted.
14. Social Bookmarks
Our website features so-called embedded social bookmarks (e.g. from Facebook, Twitter and Xing). Social bookmarks are Internet bookmarks used by the users to collect links and news reports from these services. The social bookmarks are only embedded in our website as a link pointing to the respective services. When you click on the embedded image, you will be directed to the website of the respective service provider, i.e. user information will only then be transmitted to the respective service provider. Information concerning the handling of your personal data when using these websites can be found in the data protection statements of the respective service provider.
15. Disclosure of data
Your data is generally not disclosed to third parties, unless we are required to disclose the data under a law, the disclosure is necessary for the performance of a contract, or if you have granted your express consent to the disclosure of your data.
External service providers and partner companies, such as online payment providers or the shipping company contracted for the delivery, will only receive your data to the extent necessary for processing your order. However, in these cases, the extent of the data disclosed will be limited to the necessary minimum. In as far as our contractors come into contact with your personal data, we will ensure that the contract data processing pursuant to Article 28 GDPR also complies with the applicable data protection laws. Please take note of the data protection statements of the respective service providers. The responsibility for third-party content lies with the respective service provider of such content. We review such content on compliance with the statutory requirements, within the bounds of what is reasonable.
We take great care to ensure your data is processed within the EU / EEC. From time to time, it may be necessary for us to use contractors who will process data outside of the EU / EEC. We will in these cases ensure that an adequate level of data protection is afforded by the recipient prior to disclosing your personal data. This means that a data protection level comparable to the standards within the EU is achieved by way of entering into EU standard agreements or an adequacy decision, such as the EU Privacy Shield.
16. Data security
We have put comprehensive technical and operational safeguards in place to protect your data against coincidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and upgraded to reflect the latest technological developments.
Last modified: May 2018
Appendix: Cookie List