Yamaha Music Europe GmbH (“Yamaha”) believes that protecting the personal data of each customer (a “customer” or “you”) is Yamaha’s obligation under laws and ordinances as well as an essential social responsibility.  Yamaha sets forth this “Privacy Policy” as follows (this “Privacy Policy”), respects rights regarding your personal data, and protects such rights.

This Privacy Policy explains Yamaha’s handling of personal data in accordance with the laws and regulations of the European Union—including the General Data Protection Regulation (“GDPR”).

Yamaha processes personal data for a broad range of purposes, including the provision of products and services, customer support, personalisation and marketing, product development and analytics, compliance with legal obligations, corporate governance, and protection against misuse or fraud.

Where provisions of this Privacy Policy conflict with mandatory local law, the latter shall prevail to the extent required.

Contact details of the Controller

Responsible for the data processing is:
Yamaha Music Europe GmbH,
Siemensstrasse 22-34, D-25462 Rellingen,
Phone: +49 (0) 4101/ 303-0,
Fax: +49 (0) 4101/ 303-333

Contact details of the data protection officer

Attn. Data protection officer
Yamaha Music Europe GmbH,
Siemensstrasse 22-34, D-25462 Rellingen
Or via E-Mail: dataprotection@contact.europe.yamaha.com.

For questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, you may contact us at this address.

1.1 Collection of personal data when you visit our website

When you visit our website solely for informational purposes (i.e., without registering or actively providing information), we automatically collect the following technical information (“log file data”):

–IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, the amount of data transferred, website which sent the request, browser, operating system and desktop, language and version of browser software.

This log file data is collected and temporarily stored in order to:

• ensure the proper display and technical functionality of our website,
• maintain the stability and security of our IT systems,
• protect against misuse, fraud, or cyberattacks,
• perform usage analysis and statistical evaluations to optimise and improve our services, and
• support troubleshooting, error analysis, and continuous service development.

Log file data is generally stored only for a limited period and is automatically deleted or anonymized once it is no longer required for the purposes outlined above.

Processing is carried out on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR, specifically to provide, secure, optimise, and further develop our website and related online services.

1.2 Contacting us by email or using the contact form

When you contact us by email or via one of our online forms, we process the personal data you provide (such as your name, email address, telephone number, and the content of your inquiry). Mandatory fields in our forms are limited to information necessary to handle your request; all other fields are optional.

We use this data to:

• respond to and manage your inquiry,
• improve our customer service and communication processes,
• analyse and document customer interactions to enhance service quality, and
• where appropriate, use aggregated insights for training, analytics, and product development.

Processing is based on Art. 6(1)(b) GDPR (taking steps at your request prior to entering into a contract and/or performance of a contract) to handle and respond to your inquiry and, where applicable, to take follow-up steps. To the extent this is not covered by Art. 6(1)(b) GDPR, processing is based on our legitimate interests in effective communication and customer service (Art. 6(1)(f) GDPR).

1.3 Subscribing to our Newsletter

With your explicit consent, you can subscribe to our newsletters to receive information about Yamaha’s latest products, services, promotions, and events. We use the double opt-in method: after registration, you will receive an email asking you to confirm your subscription. If confirmation is not received within 24 hours, your information is blocked and automatically deleted within one month.

We may also use your subscription data to:

• personalise newsletter content based on your preferences or interactions,
• measure the effectiveness of our campaigns, and
• combine subscription information with other data you provide to Yamaha (e.g., Yamaha Music ID, website interactions) to enhance personalisation.

Processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with future effect.

Unsubscribing: You may unsubscribe at any time by clicking on the “unsubscribe” link in each newsletter or by contacting our Data Protection Officer using the details above.

1.4 Newsletter-Tracking

When we send newsletters, we use tracking technologies such as web beacons and pixels to measure your interaction with the email (e.g., delivery status, opening rates, clicks on links, time of access, device and browser details).

This data is linked to your email address and an individual identifier to create a usage profile. We may also combine this tracking information with other personal data you provide or that we collect in the context of your relationship with Yamaha, including (for example):

• your Yamaha Music Connect account information,
• your website browsing behaviour (see Section 1.1 and Cookies),
• data from participation in campaigns, prize draws, or surveys, and
• your purchase history and service usage with Yamaha.

By integrating these data sources, we are able to:

• tailor newsletters and other communications to your personal interests and usage patterns,
• create cross-channel profiles to provide more relevant product recommendations and offers,
• measure and improve the effectiveness of our marketing campaigns, and
• support product development and customer experience enhancements.

Newsletter tracking and the creation of such user profiles are conducted on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with future effect, for example by using the opt-out link included in every newsletter or by contacting our Data Protection Officer.

Dotdigital

We use the services of Dotdigital, a cloud-based marketing platform provided by dotdigital EMEA Ltd, No. 1 London Bridge, London, SE1 9BG, UK. Dotdigital enables Yamaha to centrally manage marketing and customer relationship activities, including:

• lead generation and nurturing,
• segmentation and targeting of contact groups,
• management of email and newsletter campaigns,
• marketing automation workflows, and
• analysis of customer interactions across multiple channels.

To provide these services, Dotdigital uses cookies and similar technologies (small text files or code snippets stored in your browser or device). These may collect information such as your IP address, approximate location, device/browser details, time and date of interactions, and usage behaviour on our website and in communications.

The data collected is stored on Dotdigital’s servers and processed on Yamaha’s behalf to:

• analyse user behaviour and campaign effectiveness,
• create and maintain customer and prospect profiles,
• optimise Yamaha’s digital marketing activities,
• personalise communications and recommendations, and
• support cross-channel marketing strategies.

Processing of personal data for newsletter tracking, segmentation/targeting, profiling and marketing analytics via Dotdigital is carried out on the basis of your consent (Art. 6(1)(a) GDPR), where required. You may withdraw your consent at any time with future effect.

We have a processor agreement with Dotdigital (Art. 28 GDPR) to ensure that personal data is safeguarded and not disclosed to unauthorised third parties. Data transfers outside the EEA are subject to appropriate safeguards (e.g., Standard Contractual Clauses).

You can withdraw your consent at any time with future effect, for example via the unsubscribe/opt-out link in each newsletter and (where applicable) via your cookie/tracking preferences.

Further information can be found in Dotdigital’s Privacy Policy:
https://dotdigital.com/terms/privacy-policy/

Qualtrics

We use Qualtrics CX Digital, a cloud-based customer experience management solution provided by Qualtrics LLC, 333 West River Park Drive, Provo, UT 84604, USA. Qualtrics enables us to conduct customer, product, and brand satisfaction surveys in order to:

• better understand customer expectations and experiences,
• evaluate and improve our products and services,
• generate insights for innovation and product development, and
• integrate feedback into Yamaha’s overall business and marketing strategies.

Qualtrics uses cookies and similar technologies to manage survey progress and analyse interactions. The information collected may include your IP address, browser type, device information, and survey responses.

The data is stored on Qualtrics’ servers and processed on Yamaha’s behalf to generate company-wide insights. In addition, Yamaha may combine survey data with other customer information (e.g., Yamaha Music ID, purchase history, website usage, newsletter tracking) to create a fuller understanding of customer needs and preferences.

Processing is carried out with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with future effect using the methods provided. Please note that disabling cookies or withdrawing consent may prevent participation in surveys.

We have a Data Processing Agreement with Qualtrics (Art. 28 GDPR) to ensure appropriate safeguards and compliance. Where data is transferred outside the EEA, Yamaha ensures suitable protections (e.g., Standard Contractual Clauses and supplementary measures).

Further details can be found in Qualtrics’ Privacy Statement:
https://www.qualtrics.com/privacy-statement/

Customer Data Platform

We use a Customer Data Platform (CDP) provided by Treasure Data, Inc., 800 W El Camino Real, Suite 180, Mountain View, CA 94040, USA, in order to analyse the use of our digital services and to improve our products and communication. This enables us to better understand customer behaviour, to personalise our marketing activities and to continuously improve our products and services.

For this purpose, different categories of personal data may be processed, in particular contact data (e.g. name, email address), product and registration data, Yamaha Music ID, transaction data as well as usage and behavioural data (e.g. website or in‑app logs, IP address and device information).

Where this involves the use of cookies or similar technologies and the processing of usage and behavioural data which are not strictly technically necessary, the legal basis is your consent pursuant to Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future. In all other cases, the data are processed on the basis of our legitimate interest in the efficient design and continuous improvement of our services pursuant to Article 6(1)(f) GDPR.

Treasure Data is certified under the EU‑US Data Privacy Framework. Where personal data is transferred to the USA, such transfer is based on the corresponding adequacy decision of the European Commission and, where required, on the EU Standard Contractual Clauses.

You can find more information about Treasure Data’s privacy policy at the following website address:
https://www.treasuredata.com/privacy-statement/.

1.5 Registration on Yamaha Music Connect

When you register on Yamaha Music Connect, we process and store the personal data necessary to provide our services to registered members. This typically includes your name, email address, login credentials, and any other information required to set up and manage your user account.

Your email address and other contact details are used for the following essential purposes: to confirm your account registration, to send payment confirmations or notifications, to inform you about updates or changes to our products and services, and to deliver legally required notifications or disclosures. These communications are necessary to manage the contractual relationship with you and are not considered marketing. The legal basis for such processing is the performance of a contract pursuant to Art. 6(1)(b) GDPR.

We use a double opt-in procedure to verify your registration. Your registration is only complete once you confirm your intent by clicking on the link in the confirmation email. If confirmation is not received within 72 hours, the registration data you provided will be automatically deleted.

As part of your use of Yamaha Music Connect, you may add your Yamaha products to your account and register them with us in order to receive relevant product-related information, such as available software or firmware updates and other information related to your product.

For the registration of Yamaha products, we process information such as the product model, serial number, date of purchase, purchase channel (store or online), and information on the purpose of use of the product. This allows us to provide and tailor services in relation to your Yamaha products.

The processing of personal data required for product registration is based on the performance of a contract pursuant to Art. 6(1)(b) GDPR. Where you voluntarily provide additional information, such as further details regarding the purchase, we process such data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in improving and personalising our services in relation to your Yamaha products. You are not obliged to provide such additional information and may choose not to do so by leaving the relevant fields blank.

Where registration forms request data not strictly necessary for contractual performance, such fields are marked as optional. Optional information may also be used for our legitimate interests, such as account optimisation, user experience improvements, personalisation of services, and statistical analysis (Art. 6(1)(f) GDPR).

You are contractually required to provide certain personal data in order for us to provide the services described above. The respective data fields are marked as mandatory during the registration process. Without this data, we cannot provide or maintain your account or the associated services.

In addition, Yamaha may combine account data with other personal data collected in the course of your interactions with Yamaha, such as website usage data, newsletter interactions, purchase history, or survey responses, in order to better understand how our services are used and to improve them. This may include providing more tailored services, improving usability and cross-device functionality, and supporting product development and service innovation. Such processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR or, where required by law, on your consent pursuant to Art. 6(1)(a) GDPR.

Internal Yamaha Group use: For the purposes described above and subject to applicable law, Yamaha may also share Yamaha Music Connect account data and related profile information with other companies within the Yamaha Group (including Yamaha Corporation and affiliated entities worldwide), as further explained in Section 3 below. This enables Yamaha to provide harmonised services across its group companies. Such sharing is carried out on the basis of our legitimate interests in efficient customer relationship management and group-wide service provision (Art. 6(1)(f) GDPR) or, where legally required, on the basis of your consent (Art. 6(1)(a) GDPR).

For more information and services, please see below the Privacy Notice of Yamaha Music Connect.

1.6 Cross-service analysis and personalised recommendations

With your explicit consent, Yamaha may use your Yamaha Music ID to link usage data across Yamaha digital services in order to (i) improve and develop services and (ii) provide personalised recommendations, cross-service suggestions, and tailored promotions.

Advertising and Customer Match ("List Upload")

With your explicit consent, Yamaha may use certain personal data, such as your email address and, where applicable, other contact identifiers, to create custom audiences and conduct customer matching ("Customer Match" / "List Upload") on selected advertising platforms (for example Google, Meta and, where applicable, other professional or social network platforms).

For this purpose, Yamaha may share your identifiers in hashed or otherwise pseudonymised form with the relevant advertising partners. These identifiers are used solely to determine whether you have an existing account on the respective platform, to create custom audiences, to measure the effectiveness of advertising campaigns, and to display more relevant advertisements to you on those platforms.

Yamaha does not receive additional personal data from the advertising partners as part of this matching process. However, Yamaha may receive aggregated or statistical information regarding the performance of its advertising campaigns.

You can withdraw your consent at any time with future effect.

1.7 Enrolment in prize draws and participation in campaigns

When you participate in prize draws, contests, promotions, or other campaigns organized by Yamaha, we process the personal data you provide (such as your name, email address, postal address, and, where applicable, submitted entries such as comments, photos, videos, or other content). This data is used to:

• register and manage your participation,
• communicate with you regarding the campaign,
• select and notify winners,
• deliver prizes or benefits, and
• comply with any legal or tax obligations related to the campaign.

If required for prize delivery or campaign fulfilment, we may share your data with trusted third parties (such as logistics or shipping providers, payment processors, or event partners). Specific details of the data processed in a given campaign are set out in the respective participation terms.

In addition to administering the campaign, Yamaha may also use participation data (including any submitted content) to:

• analyse the reach and effectiveness of campaigns,
• improve and develop marketing strategies,
• create profiles and personalise future communications,
• integrate insights with other data we hold about you (e.g., Yamaha Music ID, newsletter tracking, or purchase history) to provide more relevant offers and services, and
• publish winner names and/or submitted content (such as photos, testimonials, or entries) on Yamaha’s websites, newsletters, and official social media channels for promotional purposes.

The legal basis for processing your data for the purpose of participation and prize delivery is the performance of a contract (Art. 6(1)(b) GDPR). Where Yamaha uses participation data for further marketing, profiling, or publication of entries, this is based either on Yamaha’s legitimate interests in promoting its business and engaging with customers (Art. 6(1)(f) GDPR) or, where required by law (e.g., for the publication of photos or personal testimonials), on your explicit consent (Art. 6(1)(a) GDPR).

1.8 Social Plugins/Links to Social-Media Platforms

Our website may contain social media plugins and links (e.g., Facebook, Instagram, YouTube, X/Twitter, TikTok). By default, these plugins are deactivated to prevent any automatic transfer of personal data to the respective social media provider when you load our site. Data transmission to the provider only occurs after you actively click on the plugin or link.

Once activated, your internet browser will establish a direct connection to the provider’s servers, which may be located outside the European Union (EU) or European Economic Area (EEA), for example in the United States. Log file information such as your IP address, device details, browser type, and the specific page accessed on our site will then be transmitted to the provider. If you are logged into your social media account, the provider may link this information to your profile.

To minimize or prevent data exchange between your device and social media providers, you may:

• log out of your social media accounts before visiting our website,
• enable private mode or adjust your browser privacy settings,
• disable or restrict cookies in your browser, or
• use script-blocking add-ons.

In addition, Yamaha may use official social media channels to:

• share and promote content from our website, newsletters, or campaigns,
• publish campaign results, including winner names and user-generated content (e.g., photos, testimonials, or videos) where legally permitted,
• interact with you and respond to inquiries, and
• measure and analyse engagement with Yamaha’s social media presence to improve our marketing strategies.

Cross-channel profiling: Yamaha may also combine data about your interactions with Yamaha’s social media channels (e.g., likes, shares, comments, follows, or ad interactions) with other data we hold about you—such as Yamaha Music ID, newsletter activity, website usage, purchase history, or campaign participation. This enables us to:

• create a more complete picture of your preferences and interests,
• provide more relevant offers and personalised communications across channels,
• optimise advertising campaigns and target audiences, and
• develop Yamaha’s products and services in line with customer needs.

Any comments or activities from other social media users do not fall under Yamaha’s control or endorsement. Opinions expressed by third parties do not represent Yamaha.

For details on how your data is processed by social media providers when you interact with plugins, links, or Yamaha’s official channels, please refer to the privacy policies of the respective providers.

1.9 Apply for a Job

You may apply for positions at Yamaha through several channels, including email, web forms, or our online application portal. We process the personal data you provide (such as your name, contact information, CV, references, qualifications, portfolio materials, and other supporting documents) for the purpose of:

• assessing and managing your application,
• communicating with you during the recruitment process,
• conducting interviews and evaluations, and
• making recruitment decisions.

If you submit your application via email or web forms on our website, we will treat your data confidentially and will not disclose it to unauthorised third parties. Please note, however, that sending data by unencrypted email may not be secure. For enhanced protection, we recommend using our encrypted online application portal.

Applications submitted through the online portal are transmitted directly to Yamaha’s Human Resources department via a secure connection and are processed confidentially. Additional details on data processing for portal submissions are provided in the portal’s dedicated privacy policy.

If you apply for a specific vacancy that is subsequently filled, or if we consider your profile suitable for other current or future vacancies, we may with your explicit consent retain your application data in our talent pool for three hundred and sixty-five (365) days and forward it to other relevant departments or affiliated Yamaha Group companies. This enables Yamaha to match candidates to suitable opportunities across the group and streamline recruitment processes.

Centralized HR Systems and international transfers: To manage recruitment efficiently and ensure consistency across the Yamaha Group, your application data may (if applicable) be stored and processed in centralized HR and recruitment systems and/or shared within the Yamaha Group on a need-to-know basis, accessible to authorised HR personnel within Yamaha Music Europe GmbH, Yamaha Corporation (Japan), and other affiliated group companies worldwide. Where such processing or access involves countries outside the EU/EEA, Yamaha will ensure that appropriate safeguards (such as the European Commission’s Standard Contractual Clauses and, where required, supplementary measures) are in place to protect your data in accordance with Art. 44 et seq. GDPR.

In addition, Yamaha may use anonymized or aggregated application data for statistical purposes, such as:

• analysing recruitment trends,
• improving our recruitment processes,
• supporting diversity and inclusion monitoring, and
• enhancing overall HR planning.

Access to your personal data is restricted to authorised employees within Yamaha Music Europe GmbH and, where applicable, other Yamaha Group companies who are directly involved in recruitment and HR management.

The processing of your application data is based on:

• Art. 6(1)(b) GDPR (steps necessary prior to entering into an employment contract),
• Art. 6(1)(a) GDPR (your explicit consent, e.g., for inclusion in a talent pool, forwarding to other group companies, or extended retention), and
• Art. 6(1)(f) GDPR (our legitimate interests in improving recruitment efficiency and HR planning, to the extent permitted by law).

For information about Yamaha Corporation’s (Japan) processing and the Yamaha Group’s global privacy governance (where applicable), please refer to Yamaha Corporation’s Global Privacy Policy. This does not replace the information provided in this section for Yamaha’s recruitment processing.

2. Safety management of personal data

Yamaha employs comprehensive technical, organizational, and physical safeguards to protect personal data against unauthorised access, loss, destruction, alteration, disclosure, or other forms of misuse. These safeguards are designed to ensure an appropriate level of security in line with technological standards, regulatory requirements, and Yamaha’s global compliance commitments.

Measures include, but are not limited to:

• secure IT systems and encrypted data transmission (e.g., SSL/TLS and end-to-end encryption where appropriate),
• restricted access to data through role-based permissions and identity/access management systems,
• implementation of multi-factor authentication and continuous monitoring of access logs,
• regular staff training on data protection, information security, and phishing awareness,
• deployment of firewalls, anti-malware, intrusion detection and prevention systems,
• secure facilities with physical access controls and surveillance,
• data backup and recovery mechanisms to ensure business continuity, and
• documented procedures for managing, investigating, and responding to data security incidents.

To ensure global consistency, Yamaha may use centralized IT and cloud infrastructures accessible to authorised Yamaha Group entities worldwide. Where such infrastructures involve processing outside the EU/EEA, Yamaha ensures compliance with GDPR requirements for international transfers, including Standard Contractual Clauses and supplementary technical measures (e.g., encryption, pseudonymization).

In accordance with data protection by design and by default (Art. 25 GDPR), Yamaha integrates privacy and security considerations into the design of its systems, applications, and business processes. This includes minimizing the collection of personal data, ensuring that only data necessary for the specific processing purpose is used, and implementing default settings that favour the highest level of privacy protection for customers.

Our security systems and policies are subject to regular audits, penetration testing, and risk assessments, and are routinely reviewed and updated to reflect:

• the latest technological advancements,
• industry best practices, and
• evolving regulatory requirements.

Through this continuous improvement approach, Yamaha maintains a high and up-to-date standard of data protection across all regions where it operates.

3. Recipients of personal data

Yamaha may engage trusted third parties, service providers, and partners to assist in the performance of its operations including the processing of your personal data. Your information may be shared with service providers acting on Yamaha’s behalf for specific business purposes such as: IT hosting, support, and infrastructure management, marketing facilitation and analytics, customer service and helpdesk operations, logistics and shipping, payment processing, and professional services (e.g., auditors, consultants, legal advisors).

In all such cases, the personal data shared is limited to what is necessary for the fulfilment of the relevant service. Yamaha ensures compliance with GDPR and other applicable regulations by concluding appropriate data processing agreements (as required under Art. 28 GDPR), committing providers to uphold the same data protection standards, confidentiality, and security.

In addition, personal data may be disclosed to third parties if required for the provision of services (e.g., shipping providers to deliver products, event partners for campaign fulfilment), or where Yamaha is legally obligated to disclose such data (e.g., to courts, supervisory authorities, or other regulatory bodies).

Yamaha may share personal data within the Yamaha Group for both internal administrative purposes and customer-related services. This includes, but is not limited to:

• Yamaha Corporation
• Japan: https://www.yamaha.com/en/about/locations/group_companies_japan/ and Yamaha Music Foundation

In particular, data may be shared in order to:

1. respond to customer inquiries (such as through a “Contact Us” form), and provide support,
2. ensure harmonized service provision across Yamaha entities,
3. manage group-wide customer relationship management (CRM) systems,
4. conduct profiling and personalisation across channels (e.g., linking Yamaha Music ID, newsletter data, purchase history, and campaign interactions),
5. coordinate global marketing and promotional campaigns, and
6. enable centralized IT, HR, and compliance systems.

Where Yamaha Group companies exchange usage data across different Yamaha Group applications or regional entities, this is implemented as appropriate controller-to-controller disclosures (and, where applicable, processor arrangements) depending on the concrete processing activity. Any cross-service linking, profiling or personalisation is carried out only where and to the extent described in the relevant service-specific Privacy Notices and based on the applicable legal basis (in particular consent where required).

In addition, personal data may be shared within the Yamaha Group on a need-to-know basis for internal administration and to provide customer-related services (e.g., handling inquiries/support). Where such intra-group sharing involves recipients outside the EU/EEA, Yamaha ensures compliance with Art. 44 et seq. GDPR (e.g., adequacy decision, Standard Contractual Clauses and supplementary measures, as applicable). Yamaha will otherwise only share personal data with third parties where permitted under applicable laws and regulations.

4. Transfer of personal data to third countries

Yamaha aims to process your personal data within the European Union (EU) or European Economic Area (EEA) whenever possible. Where it becomes necessary to transfer personal data to recipients located outside the EU/EEA, Yamaha ensures that such transfers are conducted in full compliance with the GDPR and that an adequate level of protection is maintained for your data.

Appropriate safeguards for international transfers may include:

• the use of EU Standard Contractual Clauses (SCCs) adopted by the European Commission, obliging recipients to protect personal data in accordance with European standards,
• adequacy decisions issued by the European Commission for specific countries (e.g., Japan), confirming that such countries ensure an adequate level of data protection,
• Binding Corporate Rules (BCRs) for intra-group transfers, and
• supplementary technical and organizational measures, such as encryption, pseudonymization, or access restrictions, to mitigate risks in jurisdictions without EU-equivalent protections.

Before any transfer, Yamaha performs – where necessary - a Transfer Impact Assessment (TIA) to evaluate the legal and practical conditions in the recipient country and implements supplementary measures where necessary, in line with guidance from the European Data Protection Board (EDPB).

In cases where GDPR does not apply (e.g., for data processed wholly outside the EU/EEA or for non-European residents), Yamaha may transfer personal data to countries outside your place of residence (including Japan) and store personal data in those countries (“Transfer”). In such cases, privacy laws equivalent to those of your home country may not apply or be enforceable in the destination country.

Nevertheless, Yamaha processes your personal data in accordance with all applicable laws, local regulations, and the commitments of this Privacy Policy to safeguard your personal data to the highest possible standard.

5. Storage period for personal data

Yamaha stores personal data only for as long as necessary to fulfil the purposes for which it was collected and processed, as described in this Privacy Policy. Once the relevant purpose has been achieved, your personal data will be deleted or anonymized, unless statutory or regulatory retention obligations require continued storage.

Typical retention periods include (unless longer storage is legally required or permitted):

• Customer account and Yamaha Music Connect data: retained for the duration of the contractual relationship and deleted three (3) years after the last activity, unless further retention is necessary for legal or business reasons.
• Newsletter subscription data and marketing profiles: retained until you withdraw your consent or object to processing, and for up to three (3) years after the last interaction with Yamaha communications.
• Purchase, service, and contractual data: retained for up to ten (10) years in line with statutory commercial and tax law obligations.
• Campaigns and prize draws: data generally retained for up to one (1) year after campaign closure; winning entries or published content may be retained longer for promotional purposes, based on consent or legitimate interest.
• Recruitment and job applications: retained for the duration of the application process and, if unsuccessful, deleted one hundred and eighty (180) days thereafter, unless you have consented to longer retention in a talent pool.
• Log file and technical data (website visits): generally retained for up to twelve (12) months, unless longer storage is necessary for security or fraud-prevention purposes.

Where deletion of personal data is not possible because it is required for other legitimate purposes (such as the establishment, exercise, or defence of legal claims), Yamaha restricts processing of such data. This means that the data is securely stored, access is limited, and it is used solely for those lawful purposes.

Yamaha regularly reviews retention schedules to ensure that personal data is deleted, anonymized, or securely archived in accordance with applicable legal requirements and Yamaha’s internal data management policies.

6. Processing of children’s personal data

Yamaha is committed to protecting the personal data of children in strict accordance with applicable laws and regulations, including the GDPR. Where Yamaha knowingly collects personal data directly from a child below the age required for lawful consent in their jurisdiction (typically under 16 years within the EU, but possibly lower in certain Member States or non-EU countries), Yamaha will obtain verifiable consent from the child’s legal guardian or person with parental authority before processing such data.

Additional safeguards may include:

• clearly stating minimum age restrictions for particular services, features, competitions, or campaigns,
• implementing verification procedures to confirm parental consent (e.g., requiring provision of guardian contact details, use of confirmation emails, or secure electronic consent mechanisms),
• providing transparent information to parents or guardians about the type of data collected, the purpose of processing, and their data protection rights,
• restricting access to certain services, content, or features unless proper age verification or parental consent has been obtained, and
• flagging children’s accounts in Yamaha’s systems to ensure special handling in line with regulatory requirements.

Yamaha may also process children’s data as part of group-wide educational programs, competitions, or services (e.g., Yamaha Music School). In such cases, Yamaha ensures that appropriate intra-group agreements, technical safeguards, and regional compliance checks are in place before children’s data is shared or processed across borders.

Yamaha will not knowingly collect, use, or share personal data from children without the required consent or contrary to applicable legal requirements. If Yamaha becomes aware that personal data from a child has been collected without proper authorization, Yamaha will promptly take steps to delete such data, notify the relevant guardian where appropriate, and ensure compliance.

7. Cookies

Yamaha uses cookies and comparable technologies on its websites to enhance user experience, provide customized services, analyse usage, and deliver relevant advertisements tailored to your interests.

Cookies are small text files placed on your device by your browser when you visit a website. They enable functions such as saving user preferences, efficient navigation, and recognition of repeat visits. In addition to cookies, Yamaha may use other technologies such as pixels, web beacons, tags, or local storage for analytics, functionality, and marketing purposes.

Categories of cookies used:

• Necessary cookies: Essential for the operation of our websites, such as enabling navigation, security functions, and access to secure areas. These do not require consent.
• Functional cookies: Allow websites to remember choices you make (e.g., language, region, login details) and provide enhanced features.
• Analytics cookies: Collect aggregated information on how visitors use our websites, enabling Yamaha to understand usage patterns, measure performance, and improve website design and services.
• Marketing and personalisation cookies: Track your interactions across websites and online services to build user profiles, deliver personalised content and offers, and display advertisements relevant to your interests. Yamaha may also use these cookies to measure the effectiveness of advertising campaigns.

Yamaha may rely on third-party providers (e.g., analytics, advertising, and social media partners) that set cookies or comparable technologies in connection with embedded content, social plug-ins, or external services. These third parties may also combine cookie data with information from other sources to create cross-channel profiles.

When you first visit our website, you will be informed about the use of cookies and similar technologies. Yamaha will obtain your consent for all non-essential cookies in accordance with applicable legal requirements. You can manage or withdraw your consent at any time via our cookie management tool or by adjusting your browser settings. Please note that disabling certain cookies may limit website functionality.

Integration with Yamaha services: Cookie data may be combined with other personal data Yamaha holds about you (e.g., Yamaha Music ID, newsletter interactions, campaign participation, or purchase history) to provide more relevant recommendations, targeted offers, and improved cross-channel personalisation.

Retention periods for cookies and related data vary depending on their purpose. For detailed information on cookie types, purposes, storage duration, and how to control or opt out, please refer to our full Cookie Policy:
https://europe.yamaha.com/en/cookie-policy/

8. Customer rights regarding personal data

As a data subject under the GDPR, you have the following rights in relation to your personal data processed by Yamaha. To exercise your rights, please contact us using the details provided in this Privacy Policy. Yamaha will respond to all valid requests in accordance with applicable legal requirements.

8.1 General rights

• Right of Access: You may request information about your stored personal data, including the categories of data, recipients, and purposes of processing.
• Right to Rectification: You may have inaccurate or incomplete personal data corrected or supplemented.
• Right to Erasure (Right to be Forgotten): You may request deletion of your personal data where legal grounds apply (e.g., data is no longer necessary for the purpose, consent is withdrawn, or processing is unlawful). Please note that Yamaha may retain certain data where legally required or where necessary to establish, exercise, or defend legal claims.
• Right to Restriction of Processing: You may request restriction of processing in specific circumstances (e.g., where the accuracy of data is contested or the processing is unlawful and you oppose erasure). Restricted data will be marked accordingly and processed only for permitted purposes.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, and (where technically feasible) request its direct transfer to another controller.
• Right to Withdraw Consent: Where processing is based on consent, you may revoke that consent at any time with effect for the future. This does not affect the lawfulness of processing prior to withdrawal.

8.2 Rights concerning data processing conducted on the basis of a legitimate interest (Article 21 GDPR)

If your personal data is processed on the basis of Yamaha’s legitimate interests (Art. 6(1)(f) GDPR) or in the public interest (Art. 6(1)(e) GDPR), you may object to processing at any time on grounds relating to your particular situation, including objection to profiling carried out on these bases.

If you object, Yamaha will assess your request and cease processing unless Yamaha demonstrates compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is required for the establishment, exercise, or defence of legal claims.

8.3 Rights concerning direct advertising

Where personal data is processed for direct marketing purposes (including profiling to the extent it relates to such marketing), you have the unconditional right to object at any time under Art. 21(2) GDPR.

If you object, Yamaha will immediately stop processing your data for direct marketing purposes.

8.4 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace, or the place of the alleged infringement, if you believe that the processing of your personal data infringes applicable data protection law.

Obligation to Provide Personal Data: To establish or perform a business relationship with Yamaha, you must provide the personal data necessary for the conclusion or performance of the contractual relationship, or that Yamaha is legally obliged to collect. Without this data, Yamaha may not be able to provide the requested services, products, or enter into a contractual relationship.

9. Compliance with laws and ordinances

Yamaha strictly complies with all applicable laws, regulations, and official guidelines governing the processing of personal data. This includes, in particular, the General Data Protection Regulation (GDPR) as well as other relevant European and national legislation.

Yamaha recognizes the protection of personal data as a core corporate responsibility and is committed to maintaining the highest standards of data protection across its business operations and global group companies. Yamaha’s compliance program includes regular monitoring of regulatory developments, adaptation of internal processes and technologies, and close cooperation with supervisory authorities where required.

10. Continuous improvement

Yamaha is committed to the continuous improvement of its privacy and data protection practices. To ensure long-term compliance and operational excellence, Yamaha maintains a structured Privacy Governance Framework that integrates data protection into all levels of its business operations.

This framework includes:

• Regular reviews of internal policies, processes, and IT systems to ensure compliance with evolving legal and regulatory requirements,
• Independent audits and assessments (both internal and external) to test the effectiveness of Yamaha’s technical and organizational measures,
• Monitoring of global regulatory developments (e.g., GDPR, CCPA/CPRA, LGPD, APPI) and timely adaptation of Yamaha’s compliance program,
• Certification and accountability mechanisms (e.g., ISO/IEC 27001 or comparable industry standards) to demonstrate Yamaha’s commitment to information security and data protection,
• Documentation and accountability tools (e.g., Records of Processing Activities, Transfer Impact Assessments, Data Protection Impact Assessments) to ensure transparency and traceability,
• Employee training and awareness programs across all Yamaha Group entities, ensuring that privacy and data protection are embedded in the corporate culture, and
• Feedback mechanisms for customers and regulators to identify and address areas of improvement.

Through these measures, Yamaha ensures that privacy compliance is not treated as a one-time obligation, but as a dynamic and continuously evolving process that adapts to new technologies, customer expectations, and global regulatory standards.

11. Revision of this Privacy Policy

Yamaha may update, modify, or supplement this Privacy Policy at any time to reflect changes in our business operations, internal policies, technological developments, or applicable legislation and regulatory guidance.

In particular, Yamaha reserves the right to revise this Privacy Policy in response to:

• new technologies (including Artificial Intelligence, Internet of Things, cloud computing, data analytics, and personalisation tools),
• changes in our products, services, and digital platforms,
• evolving customer expectations and market practices, and
• updates to legal and regulatory frameworks worldwide.

Material amendments will be communicated to you in an appropriate and prominent manner, as required by law (e.g., via website notice, account notification, or email). We encourage you to review this Privacy Policy periodically to remain informed about how Yamaha protects and uses your personal data.

Last modified: 01.06.2026

1. Scope

This Privacy Notice applies to the use of Yamaha Music Connect (“Music Connect”) service by Yamaha Music Europe GmbH (“Yamaha”). It supplements the Yamaha’s Privacy Policy and provides service-specific information on how personal data is collected, processed, and protected in connection with Music Connect. Both documents apply cumulatively; in the event of any inconsistency, this Privacy Notice prevails for processing activities that are specific to Music Connect.

2. Data Controller

The Music Connect service is provided by:
Yamaha Music Europe GmbH
Siemensstraße 22–34, 25462 Rellingen, Germany
Phone: +49 (0) 4101 303-0
Email: dataprotection@contact.europe.yamaha.com

Yamaha Music Europe GmbH acts as the sole controller within the meaning of Article 4 (7) GDPR for all processing activities related to the Music Connect service.

No joint-controller relationship under Article 26 GDPR exists for this service. Yamaha Corporation, Japan, may provide certain technical infrastructure or maintenance support as a data processor under a data processing agreement pursuant to Article 28 GDPR.

Yamaha Music Europe GmbH remains fully responsible for ensuring compliance with the GDPR and for enabling you to exercise your rights as a data subject under Articles 12–22 GDPR.

Cross-Analysis of Usage Data

• Aggregated / pseudonymised service analytics (no profiling / no personalised outcomes)

  Yamaha may analyse and evaluate aggregated or pseudonymised usage data from Music Connect to enhance user experience, improve the service and support Yamaha’s European digital strategies. This processing does not aim to draw conclusions about individual users or to create personalised profiles or offers.

  Such processing is carried out based on Yamaha’s legitimate interests in service analytics and improvement (Article 6(1)(f) GDPR). You may object to this processing at any time (Article 21 GDPR).

• Personalisation / profiling / segmentation (individual-level outcomes)

  To the extent Yamaha carries out any analysis of usage data that results in personalised recommendations, offers, profiling or segmentation at individual user level (including cross-service linking), such processing will be carried out only with your explicit consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time with future effect (Article 7(3) GDPR). Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

3. Types of Data Processed & Purposes

In the context of Music Connect, Yamaha processes the following categories of personal data:

• User Identification Data: Name, email address, Yamaha Music ID, country/region, preferred language.
• Service Usage and Activity Data: Interactions with features and content, participation in community functions (e.g. messages, comments, feedback), engagement metrics, and logs of in-service communications.
• Marketing and Segmentation Data: Preferences, declared interests, reactions to offers or content, segmentation attributes for personalisation.
• Device and Access Data: Device type, operating system, browser information, IP address, session identifiers, and access logs.

Purposes of Processing:

• Provision, administration, and continuous improvement of the Music Connect service (Art. 6(1)(b) GDPR – contractual necessity).
• Technical operation and security of the platform, including fraud prevention and error detection (Art. 6(1)(f) GDPR – legitimate interests).
• Personalisation of communications, content, and recommendations, as well as segmentation and analysis for marketing purposes (Art. 6(1)(a) GDPR – consent).
• Market research and service optimisation (Art. 6(1)(f) GDPR – legitimate interests).

Important: Where processing activities are based on consent (e.g. personalised communications, marketing segmentation, newsletter tracking), this will be obtained separately and can be withdrawn at any time with future effect.

Personal data will be stored only for as long as necessary to fulfil the above purposes. Usage and segmentation data will generally be retained until you withdraw your consent or delete your account, unless longer retention is required by law or justified to assert, exercise, or defend legal claims.

Please note that personal data may also be stored for a limited period in secure system backups maintained solely for business continuity and disaster recovery purposes. Such data is not actively processed and will be automatically deleted or overwritten in accordance with Yamaha’s backup and retention policies.

4. Purposes and Legal Bases

The processing of your personal data within Music Connect is based on the following legal grounds under the GDPR:

4.1 Performance of a Contract (Art. 6(1)(b) GDPR)

• To provide access to and functionality of Music Connect, including account management, service availability, and user support.

4.2 Legitimate Interests (Art. 6(1)(f) GDPR)

• To ensure the technical operation and security of the platform.
• To monitor and optimise service performance.
• To perform aggregate statistical analysis (without direct identification of users).

4.3 Consent (Art. 6(1)(a) GDPR)

Processing activities requiring your prior consent include:

• Personalised marketing communications, recommendations, and offers.
• Analysis of your activity and behaviour within Music Connect to enable personalisation and market segmentation.
• Use of cookies and similar technologies for analytics and marketing purposes (in accordance with Yamaha’s Cookie Policy).
• Profiling and segmentation to provide tailored experiences across Yamaha services.

4.4 Consent Management

When registering for Music Connect or via your account settings, you may be asked to provide explicit consent for certain processing activities (e.g., personalised offers and recommendations, analysis of your activity for personalisation and market research, the use of cookies and similar technologies, and profiling and segmentation). The specific consent options are presented clearly in the Music Connect interface.

You may withdraw or modify your consent at any time with future effect, either through the Music Connect profile settings or by contacting Yamaha at:
dataprotection@contact.europe.yamaha.com.
Please note that refusing or withdrawing consent will not affect your ability to use the core functions of Music Connect. However, most of the optional features, such as personalised recommendations, tailored communications, or marketing-related content, may not be available without consent.

5. International Transfers

Personal data processed within Music Connect may be transferred to Yamaha Corporation (acting as a processor under Article 28 GDPR) and, where necessary, to other authorised entities within the Yamaha Group or to external service providers located outside the European Economic Area (EEA).

Transfers outside the EEA are carried out only where an adequate level of protection for personal data is ensured, in particular through:

• Adequacy Decisions of the European Commission (e.g., for Japan);
• EU Standard Contractual Clauses (SCCs) concluded with the recipient, including supplementary safeguards where required;
• Other legally recognised safeguards under Articles 44–49 GDPR.

Where transfers are based on appropriate safeguards such as the EU Standard Contractual Clauses, you may request a copy of the relevant safeguards by contacting Yamaha using the contact details provided in this Privacy Notice.

In all cases, Yamaha ensures that your personal data remains subject to a level of protection essentially equivalent to that guaranteed within the EU/EEA.

For further details on Yamaha’s general approach to international data transfers, please also refer to the corresponding section of the Yamaha Privacy Policy, which applies in addition to this Service-specific Privacy Notice.

Where GDPR does not apply (for example, data of non-EU/EEA residents processed wholly outside the EU/EEA), Yamaha nevertheless processes personal data in accordance with applicable laws and the commitments in this Privacy Notice.

6. Data Security and Technical Measures

Yamaha applies appropriate technical and organisational measures to protect personal data processed in connection with Music Connect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, as required by Article 32 GDPR.

These measures include, in particular:

• Encrypted transmission of communications and user data between client devices and Yamaha servers;
• Access controls and authentication ensuring that only authorised users and Yamaha staff can access relevant data;
• System monitoring and vulnerability management to maintain platform integrity and prevent misuse;
• Regular security audits and testing of Yamaha’s IT infrastructure and that of authorised service providers;
• Training and confidentiality commitments for employees with access to personal data; and
• Incident-management procedures to detect, report, and mitigate personal-data breaches in accordance with GDPR requirements.

Where Yamaha engages third-party processors, contractual safeguards ensure that they apply equivalent data-protection and security standards.

7. Storage Period for Personal Data

Yamaha stores personal data processed within Music Connect only for as long as is necessary to fulfil the purposes described in this Privacy Notice. The specific retention periods depend on the type of data and the context of processing:

• Account Data (e.g., name, email, Yamaha Music ID): Stored for the duration of your active Music Connect account. Upon account deletion, your data will be erased or anonymised without undue delay, unless statutory retention obligations apply.
• Service Usage and Activity Data: Retained for a limited period necessary to provide the service, improve user experience, and ensure technical security, after which the data is either deleted or anonymised.
• Marketing and Consent-Based Data: Retained until you withdraw your consent or object to processing. Once withdrawn, Yamaha will cease processing and erase such data without undue delay, unless legal retention obligations apply.
• Legal Retention Obligations: Where required by law (e.g., commercial, tax, or regulatory requirements), Yamaha may retain certain data for the legally prescribed retention period. In such cases, processing will be restricted to compliance with legal obligations.
• Assertion or Defence of Legal Claims: If necessary, Yamaha may retain relevant personal data beyond standard periods for the establishment, exercise, or defence of legal claims.

Yamaha regularly reviews its retention practices to ensure that personal data is not kept longer than necessary and is securely deleted or anonymised in accordance with applicable legal requirements.

8. Children’s Data

Music Connect is generally designed for adult users. Where Yamaha knowingly collects personal data directly from a child below the age required for lawful consent in their jurisdiction (typically under 16 years within the EU, though this may be lower in certain Member States), Yamaha will obtain verifiable consent from that child’s legal guardian before processing any personal data.

Yamaha may also take additional protective measures, such as:

• Clearly stating minimum age requirements for access to Music Connect.
• Implementing parental consent verification procedures (e.g., requiring guardian contact details).
• Providing parents with information on the type of data collected, the purposes of processing, and available rights.

Yamaha does not knowingly collect or use personal data from children without appropriate consent or contrary to applicable legal requirements. If Yamaha becomes aware that data from a child has been collected without the necessary consent, Yamaha will promptly delete the data and ensure compliance.

9. Cookies & Tracking Technologies

Music Connect uses cookies and similar technologies (such as pixels, local storage, and web beacons) to ensure proper functionality, enhance user experience, and provide personalised features.

These technologies may be used for the following purposes:

• Necessary cookies: Required to operate Music Connect and provide secure access.
• Analytics cookies: To analyse service usage, identify trends, and improve performance.
• Personalisation & marketing cookies: To tailor offers, recommendations, and content to your preferences.

When you first use Music Connect, you will be informed about the use of cookies and similar technologies. Yamaha will obtain your consent for non-essential cookies in accordance with GDPR and applicable local regulations.

You can manage your preferences at any time through the cookie settings available in Music Connect or your browser settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

For further details, please refer to Yamaha’s Cookie Policy.

10. Data Recipients and Processors

Yamaha limits access to personal data processed in connection with Music Connect to those employees, affiliated companies, and external service providers who require it to perform their designated tasks and obligations.

Data may be shared with the following categories of recipients:

• Yamaha Corporation , and other regional Yamaha Group entities, where necessary for centralised platform management, technical support, or infrastructure services.
  Such sharing takes place under data-processing agreements in accordance with Article 28 GDPR.
• Authorised service providers (processors) supporting the operation and maintenance of Music Connect, such as IT hosting providers, cloud infrastructure vendors, analytics partners, and customer support tools. These entities act exclusively on Yamaha’s documented instructions and are bound by contractual obligations ensuring confidentiality, data security, and compliance with the GDPR.
• Public authorities or legal representatives, where disclosure is required by applicable law or necessary to establish, exercise, or defend legal claims.

Yamaha does not sell, rent, or otherwise disclose personal data to independent third parties for their own marketing or unrelated purposes. All data sharing is governed by Yamaha’s internal Data Protection Policy, and Yamaha ensures that each recipient provides an adequate level of protection consistent with EU data-protection standards.

10.1 Online music lessons / Integration of FastSpring

The purchase of online music lessons/digital goods is made on behalf of and for the account of FastSpring (Bright Market, LLC dba, FastSpring B.V. Fred. Roeskestraat 115, 1076 EE Amsterdam, Netherlands). When you place an order on our website, your payment details (e.g. name, Yamaha Music Connect account ID, billing address, email address, payment information) are transmitted directly to FastSpring or collected directly by FastSpring for the purpose of payment processing and contract execution.

FastSpring processes your data on its own responsibility in order to fulfil the contract with you. Your data is transferred on the basis of Art. 6(1)(b) GDPR (contract fulfilment) and, where necessary, on the basis of our legitimate interest in secure and efficient order processing in accordance with Art. 6(1)(f) GDPR. We receive the necessary data from FastSpring to provide our services. This includes your name, email address, Yamaha Music Connect account ID and the amount paid in the respective local currency.

Further information on data protection at FastSpring can be found in FastSpring's privacy policy:
https://fastspring.com/privacy/

11. Your Rights

As a user of Music Connect, you have the rights granted under the General Data Protection Regulation (GDPR), including:

• Right of Access (Art. 15 GDPR): to obtain confirmation as to whether personal data concerning you is being processed, and access to such data.
• Right to Rectification (Art. 16 GDPR): to request the correction of inaccurate or incomplete personal data.
• Right to Erasure (Art. 17 GDPR): to request the deletion of your personal data where legal grounds apply.
• Right to Restriction of Processing (Art. 18 GDPR): to request restriction under certain conditions (e.g., contesting accuracy or unlawful processing).
• Right to Data Portability (Art. 20 GDPR): to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to Object (Art. 21 GDPR): to object at any time to the processing of personal data concerning you carried out on the basis of legitimate interests or for direct marketing purposes (including profiling related to such marketing).
• Right to Withdraw Consent (Art. 7(3) GDPR): where processing is based on your consent, you may withdraw this consent at any time with future effect.
• Right to Lodge a Complaint (Art. 77 GDPR): to contact or file a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

You may exercise your rights at any time by adjusting your Music Connect profile settings or by contacting Yamaha at:
dataprotection@contact.europe.yamaha.com

12. Further Information

This Privacy Notice for Music Connect supplements the Yamaha Privacy Policy, which contains additional details on data processing, recipients, transfers, storage periods, security measures, and your privacy rights. For more information, please see the Yamaha Privacy Policy available in the section above on this page.

If you have any questions or concerns regarding the processing of your personal data within Music Connect, or about this Privacy Notice, you may contact our Data Protection Officer at any time:
dataprotection@contact.europe.yamaha.com

Last updated: 01 June, 2026