Yamato Privacy Statement
Version August 2023
This Privacy Statement sets out how Yamato Transport Europe B.V. and Yamato Holdings Co., Ltd. handle personal data of their website visitors, customers, suppliers and other third parties (“you”). For information on our data processing in the HR context, e.g. of applicants and employees, please be referred to our HR Privacy Statement.
The scope of this Privacy Statement is limited to processing activities to which the privacy rules of the countries of the European Economic Area (“EEA”) and United Kingdom (“UK”) apply, such as the General Data Protection Regulation (“GDPR”) and UK GDPR. If you click on the ‘expand’-button next to one of the topics below, the information on this topic will fold out. Please note that all definitions used are explained at the bottom of this Privacy Statement.
1. RESPONSIBILITY DATA PROCESSING expand
1.1 Responsible Yamato entities. Yamato Transport Europe B.V. (“Yamato EU”) and its mother company Yamato Holdings Co., Ltd. (“Yamato Holding”) are both involved with processing your personal data. These companies will together or separately also be referred to as “Yamato”, “we”, “our” or “us”. We are jointly responsible for how we handle your personal data. This means we are joint controllers for this processing.
1.2 Division of responsibility. Yamato EU and Yamato Holding are jointly responsible for processing your personal data. In principle, Yamato EU and Yamato Holding are both responsible for their own part of processing your personal data. However, Yamato EU is responsible – also on behalf of Yamato Holding – for informing you on how we handle your personal data and for dealing with your questions, comments or requests. For convenience’s sake, you may direct all your questions, comments and requests (e.g. your right to object) to Yamato EU, and not (also) to Yamato Holding. Yamato EU and Yamato Holding will arrange between themselves how to best deal with your questions, comments or requests that (also) relate to Yamato Holding.
1.3 Yamato EU and Yamato Holding as data processor. In principle, we control the processing of your personal data. However, in exceptional cases, we may process your personal data on behalf of another party. This may for instance apply if a customer of us requests us to process personal data about the recipients of packages in a specific way. This Privacy Statement does not regard that part of our processing activities. To such processing, the Privacy Statement of the relevant controller applies.
1.4 Compliant processing. We will only process personal data in accordance with the Applicable Privacy Legislation and as described in this Privacy Statement.
1.5 Third party references Website. The Website includes links to websites of third parties (for example hyperlinks, banners or buttons). We are not responsible for the content of these websites, services provided by these third parties, or their compliance with the Applicable Privacy Legislation.
2. HOW WE OBTAIN YOUR PERSONAL DATA expand
2.1 Means of collection. We obtain your personal data in various ways:
a. Provided by you. We obtain information actively provided by you. For example, if you contact us, if you sign up for our newsletter or if you provide information to us in the course of our removal services. When you provide personal data to Yamato, please do not provide information that is irrelevant, not accurate and/or unnecessary for the services provided.
b. Automatically retrieved. We obtain some information automatically when you visit our website. For example, we automatically obtain information about you via cookies when you visit our Website. For more information on this, please see our Cookie Policy.
c. Third-party sources. We also obtain information from third parties. For example, we may request information about your company from the Trade Register of the Chamber of Commerce. We may also obtain information about you from professional social media sources like LinkedIn, or other websites.
d. Derived. We may perform analysis on personal data about you. The resulting data can also qualify as personal data about you. For example, we may analyse which webpages are visited most frequently, and from which previous website the website visitor was referred to such webpage.
2.2 Required provision. It may be that providing certain personal data to us is a statutory or contractual requirement, a requirement necessary to enter into a contract, or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you thereof separately, and will also explain the possible consequences if you fail to provide such personal data to us.
3. DETAILS DATA PROCESSING: CATEGORIES OF PERSONAL DATA, PROCESSING PURPOSES AND LEGAL GROUNDS expand
3.1 Specifications per category. It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. If you click on the processing activities stated below, this further information will appear.
a. Website visitors and webshop expand
CATEGORIES OF PERSONAL DATA
If you visit our website, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) name and address details; (ii) information about an order or services, including the location of a package, the address details of the sender and consignee (and employee thereof); (iii) e-mail address; (iv) username and password; (v) IP address; (vi) payment details; (vii) employment information, resume. 2. Sensitive personal data. Via our Website we do not collect sensitive personal data such as copies of your ID or information about your health. 3. Collection of your personal data. Your personal data is collected by us when you: (i) request a Yamato newsletter; (ii) register on the Website; (iii) place an order on the Website; (iv) apply for a job via the Website; or when you (v) otherwise use the Website. |
PURPOSES AND LEGAL GROUNDS
If you visit our website, we may process your personal data for the following purposes: i. Performance of a contract: We use your personal data for the performance of a contract that you have concluded with us or another party or in order to take steps at your request prior to entering into such a contract. If you decide to place an order via the Website, your personal data are processed by us for the performance of a Contract between us. This includes the track-and-trace service and handling of the payment details. For the processing of personal data for the provision of our services reference is made to our General Privacy Terms. We do not process more personal data than is strictly necessary for the performance of a contract. ii. Communication: We use your personal data to communicate with you about our products and services and to inform you of matters that are important for your account and/or use of the Website. We also use your personal data to respond to any questions, comments or requests you filed with us and the handling of any complaints. If you create an account on the Website, we will keep your personal data so that you do not have to enter it every time. This processing of personal data is necessary for the performance of a contract and/or for purposes of legitimate interest pursued by Yamato, namely to conduct its normal business. iii. Marketing purposes: Your personal data are used to send you our newsletter, if you have registered for it. To approach you via e-mail for marketing purposes, we always request your prior consent, unless it concerns offers about similar products or services that you have previously ordered with us. You always have the option to unsubscribe from our mailings, e.g. via the unsubscribe link in our newsletter. This processing of personal data is necessary for purposes of a legitimate interest pursued by Yamato, namely to keep in touch with you and to offer you similar products and services, or is based on prior consent. iv. Customer service: If you contact our customer service, your personal data are used to provide you with our customer service. This processing of your personal data is necessary for the performance of a contract, or is necessary for purposes of a legitimate interest pursued by Yamato, namely to conduct its normal business. v. Job applications: If you apply for a job via our Website, your personal data are used by us to handle your job application. This processing of your personal data is necessary for purposes of a legitimate interest pursued by Yamato, namely to hire people to work for Yamato. |
b. International removal service expand
CATEGORIES OF PERSONAL DATA
If we arrange your removal, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) Name, initials, titles, gender; (ii) Contact information such as telephone number, e-mail address and address; (iii) Bank and giro account number; (iv) Family structure and number of dependents; (v) Occupation; (vi) Reason of removal; (vii) Day of removal, day of departure, entry date; (viii) Insurance application claim form; (ix) Copy of passport / ID (incl. citizen service number), residence card/contract, permits or visa; (x) Company name / company letter; (xi) Tax information; (xii) Vessel schedule, travel/fare/ticket information; (xiii) Information considering goods/cargo to be moved (address shipper and consignee, size, weights, description and value, tracking no., bill of lading no., proof of delivery, prepaid or collect, invoice & packing list, etc.); (xiv) Information considering calculating and recording income and expenditure, making payments and collecting receivables; (xv) Information for maintaining contacts with customers; and (xvi) Power of Attorney for the customs. 2. Sensitive personal data. The copy of passport / ID may include your citizen service number, and information about your racial/ethnic background. 3. Collection of your personal data. Your personal data is collected by us when you: (i) You (and your employer) request your removal; (ii) When we are in contact with other (logistic) service providers to arrange your removal; (iii) When we have contact with the authorities with respect to your removal. |
PURPOSES
If we arrange your removal, we may process your personal data for the following purposes: 1. Moving of a person and its family (if applicable); 2. Moving of goods (packing, unpacking, transportation (including loading); 3. Storage of goods; 4. Tracking and tracing of shipments/freights; 5. Calculating and recording income and expenditure; 6. Making payments and collecting receivables, including placing them in the hands of third parties; 7. Maintaining contacts with customers; 8. (Direct) marketing; 9. Dealing with disputes and auditing; 10. Custom clearance services (collecting information for and arranging); 11. Applying for a permit on behalf of private individual (through a power of attorney) Duty/VAT free importation; 12. Applying for insurance on behalf of private individual (through a power of attorney). |
LEGAL GROUNDS
If we arrange your removal, we base the processing of your personal data on the following legal grounds: 1. Performance of a contract. Most of the personal data we process for your removal, we process because this is necessary for executing the removal agreement. 2. Consent. For processing your sensitive personal data, we obtained your consent via a specific consent form. You may withdraw this consent at any time (see below). 3. Legitimate interest. We may process some of your personal data if this is not strictly necessary for execution of the removal contract, for which you also did not provide your consent, but for which we have a legitimate business purpose that overrides your privacy interest. We may for example process your personal data for statistical purposes to optimize our removal services. Please contact us via the contact details stated below if you wish to be further informed on this. |
c. Freight forwarding / logistics, parcel delivery and storage services expand
CATEGORIES OF PERSONAL DATA
If we process your personal data in the context of our freight forwarding / logistics, parcel delivery and storage services, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) Name, initials, titles, gender; (ii) Contact information such as telephone number, e-mail address and address; (iii) Bank and giro account number; (iv) Position; (v) Administration number; (vi) Information considering deliveries and orders or providing services; (vii) Data about the goods; (viii) Data other than these that require processing as a result of or necessary with a view to the application of another law. 2. Sensitive personal data. If we process your bank and giro account number, we process sensitive personal information about you, namely financial information. 3. Collection of your personal data. Your personal data is collected by us: (i) When you provide this to us in the context of our business together; (ii) When we obtain such information from another party such as your colleague/employer or another party involved with our freight forwarding / logistics, parcel delivery and storage services; (iii) When we have contact with the authorities in the context of our freight forwarding / logistics, parcel delivery and storage services. |
PURPOSES
If we process your personal data in the context of our freight forwarding / logistics, parcel delivery and storage services, we may process your personal data for the following purposes: 1. Maintaining contact with customers for the purpose of: – Handling orders and deliveries; – Track and trace services; – Storage of goods; – Providing proposals for optimized logistics systems; – Improving supply chains of corporate clients; – Calculating and recording income and expenditure; – Making payments; – (Direct) marketing; – Dealing with disputes and auditing. 2. Handling orders and deliveries; 3. Track-and-trace service for parcel and delivery; 4. Storage of goods; 5. Transportation of goods; 6. Handling orders from client system ‘Suzuki Menu’. |
LEGAL GROUNDS
If we process your personal data in the context of our freight forwarding / logistics, parcel delivery and storage services, we base the processing of your personal data on the following legal grounds: 1. Legitimate interest. Most personal data we process in the context of our freight forwarding / logistics, parcel delivery and storage services, we process based on legitimate interests. This applies where our legitimate business interests override your privacy interests. A common example is the processing of contact details of our business contacts. Please contact us via the contact details stated below if you wish to be further informed on this. 2. Performance of a contract. Some personal data we process about you, we process for the performance of a contract to which you are a party. This may for instance be the case if you concluded an agreement with us for freight forwarding / logistics, parcel delivery and storage services, and if you are a sole trader. 3. Consent. For some processing activities we require your previous consent. This applies for example to some of our direct marketing activities. You may withdraw your consent at any time (see below). |
d. Small parcel expand
CATEGORIES OF PERSONAL DATA
If we process your personal data in the context of our small parcel services, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) Name, initials, titles, gender; (ii) Administration number; (iii) Contact information such as telephone number, e-mail address and address; (iv) Bank and giro account number; (v) Data about the goods; (vi) Data other than these that require processing as a result of or necessary with a view to the application of another law; (vii) Information considering calculating and recording income and expenditure, making payments and collecting receivables; 2. Sensitive personal data. If we process your payment details, this concerns sensitive personal information. 3. Collection of your personal data. Your personal data is collected by us: (i) When you provide this to us in the context of our business together; (ii) When we obtain such information from another party such as your colleague/employer or another party involved with small parcel services; (iii) When we have contact with the authorities in the context of our small parcel services. |
PURPOSES
If we process your personal data in the context of our small parcel services, we may process your personal data for the following purposes: 1. Handling orders and deliveries; 2. Track and trace services; 3. Transportation of goods; 4. Optimized logistics systems; 5. Improving supply chains of corporate clients; 6. Calculating and recording income and expenditure; 7. Making payments; 8. (Direct) marketing; 9. Dealing with disputes and auditing; 10. Maintaining contacts; 11. Custom formalities. |
LEGAL GROUNDS
If we process your personal data in the context of our small parcel services, we base the processing of your personal data on the following legal grounds: 1. Legitimate interest. We may process your personal data in the context of our small parcel services, on legitimate interests. This applies where our legitimate business interests override your privacy interests. A common example is the processing of contact details of our business contacts. Please contact us via the contact details stated below if you wish to be further informed on this. 2. Performance of a contract. We may also process your personal data for the performance of a contract to which you are a party. This may for instance be the case if you concluded an agreement with us or another party for the delivery of a parcel. 3. Consent. For some processing activities we require your previous consent. This applies for example to some of our direct marketing activities. You may withdraw your consent at any time (see below). |
e. Custom consultancy expand
CATEGORIES OF PERSONAL DATA
If we process your personal data in the context of our custom consultancy services, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) Name, initials, titles, gender; (ii) Contact information such as telephone number, e-mail address and address; (iii) Position. 2. Sensitive personal data. We do not process any sensitive personal data about you in the context of our custom consultancy services. 3. Collection of your personal data. Your personal data is collected by us: (i) When you provide this to us in the context of our business together; (ii) When we obtain such information from another party such as your colleague/employer or another party involved with our custom consultancy services; (iii) When we have contact with the authorities in the context of our custom consultancy services. |
PURPOSES
If we process your personal data in the context of our custom consultancy services, we may process your personal data for the following purposes: 1. Service for fiscal representation companies; 2. To provide VAT – information services; 3. To provide VAT – administrative services; 4. To provide customs services; 5. Service for fiscal representation companies. |
LEGAL GROUNDS
If we process your personal data in the context of our custom consultancy services, we base the processing of your personal data on the following legal grounds: 1. Legitimate interest. We may process your personal data in the context of our custom consultancy services, based on legitimate interests. This applies where our legitimate business interests override your privacy interests. A common example is the processing of contact details of our business contacts. Please contact us via the contact details stated below if you wish to be further informed on this. 2. Performance of a contract. We may also process your personal data for the performance of a contract to which you are a party. This may for instance be the case if you concluded an agreement with us and if you are a sole trader. 3. Consent. For some processing activities we require your previous consent. This applies for example to some of our direct marketing activities. You may withdraw your consent at any time (see below). |
f. CCTV expand
CATEGORIES OF PERSONAL DATA
If you visit us at one of our branches, we may process the following personal data about you: 1. Categories of personal data. We process the following personal data about you: (i) Name, initials, titles, gender; (ii) Video footage; (iii) Company name. 2. Collection of your personal data. Your personal data is collected by us when you are visiting one of our branches. |
PURPOSES
The purposes of the processing of your personal data using CCTV are:
1. Access control of our branches; 2. To protect our personnel, other persons visiting our branch and to protect or properties and business processes; 3. Dealing with disputes when defining Yamato’s right.
|
LEGAL GROUNDS
If we use CCTV, we base the processing of your personal data on Legitimate interest. We have legitimate business purposes (described above) that overrides your privacy interest. Please contact us via the contact details stated below if you wish to be further informed on this. |
3.2 Specification legitimate interests. If and insofar your personal data is processed on the basis of legitimate interests, information can be obtained by you as to the so-called balancing test that was carried out to allow us to rely on this processing ground. Please find our contact details below.
3.3 Further processing. It may be that we intend to further process your personal data for a purpose other than those for which the personal data have been collected, but compatible with the initial processing purpose. In such case, we will provide you with information about the(se) other purpose(s) and all relevant further information prior to that further processing.
4. COOKIES expand
We use cookies to ensure that the Website functions properly. Please be referred to our Cookie Policy for further information on this.
5. SHARING WITH THIRD PARTIES expand
5.1 Conditions data sharing. We only share your personal data with trusted third parties if:
a. They need to know the information for the purposes of providing their services;
b. They agreed to comply with the Applicable Privacy Legislation or if our Privacy Terms and Conditions apply, in which this is required. This means for instance that such third party needs to put adequate security measures in place; and that where applicable, the transfer complies with any legitimization requirements for cross border transfer.
5.2 Parties with whom we share your personal data. For the provision of our services we share your personal data on a strictly need-to-know-basis with:
a. Entities of the Yamato Group (list of group companies);
b. Agents involved, operating on behalf of Yamato;
c. Subcontractors and service providers involved, such as: airlines, shipping lines, trucking companies, depots, auditing companies, consulting and law firms, insurance companies, other authorities and hosting and payment providers.
d. Persons authorized to this end, employed or engaged by a data processor of YTE or affiliated companies of YTE, involved in the processing of HR data, on a need-to-know basis (accounting and auditing firms, insurance and payroll companies and tax institutions);
e. Competent authorities, such as the police or the authorities of the country of transit or destination for customs clearance in as far as required by the laws of the respective country; and
f. Incidentally: other third parties, on a need-to-know basis.
6. TRANSFER TO COUNTRIES OUTSIDE THE EEA AND UK expand
6.1 Transfer outside the EEA and UK. Parties involved with processing your personal data may be located outside of your jurisdiction. We also share personal data of you within the Yamato Group, including but not limited to the Yamato Holding. This will involve transferring your data to countries outside the EEA and UK (‘Third Countries’), such as Japan. See this link for an overview of the EEA countries. Any data transfer shall always take place in compliance with Chapter V of the GDPR and additional recommendation or decision issued in this regard by the European Data Protection Board (‘EDPB’), European Commission (‘EC’) or other competent authority or body under the Applicable Privacy Legislation.
6.2 Legitimization of transfer outside the EEA and UK.
Transfers of your personal data to a country outside the EEA may in the first place be legitimized on the basis of a so-called adequacy decision. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions. An example of transfers of Yamato based on an adequacy decision is transfer of your personal data to Japan. The transfer of your data from the UK to a third party outside the UK can in the first place be legitimized based on an adequacy regulation of the UK government. See this link for an overview of the applicable adequacy regulations.
If and insofar as we transfer personal data to Third Countries to which no adequacy decision or adequacy regulation applies, we will conclude the applicable version of the model clauses to safeguard data protection as published by the European Commission, so called standard contractual clauses (‘Transfer SCCs’). If deemed required under the Applicable Privacy Legislation, additional measures will be taken. This may concern technical, organizational and/or contractual measures. Where the UK GDPR is applicable, a UK Addendum will be added to the Standard Contractual Clauses mentioned above, as required by UK laws and regulations.
Further information on our legitimization of data transfers to Third Countries will be provided upon your request. Please use our contact details to make such a request, as stated below.
7. SECURITY expand
7.1 Security measures. We take appropriate organizational and technical security measures to protect your personal data and to prevent misuse, loss or alteration thereof. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to have access in view of their work/services. Also, the aforementioned persons involved are bound by a confidentiality obligation, either in their employment agreements or (data processing) agreements.
7.2 Technical security measures. Examples of technical security measures taken by us are:
a. Logical and physical security (e.g. safe, doorman, firewall, network segmentation);
b. Technical control of the authorizations (as limited as possible) and keeping log files;
c. Management of the technical vulnerabilities (patch management);
d. Keeping software up-to-date (e.g. browsers, virus scanners and operating systems);
e. Making back-ups to safeguard availability and accessibility of the personal data;
f. Automatic erasure of outdated personal data;
g. Encryption of personal data;
h. Applying hashing or (other) pseudonymization methods to personal data; and
i. Provide secure storage facilities for end-users (e.g. file server storage).
7.3 Organizational security measures. Examples of organizational security measures taken by us are:
a. Assign responsibilities for information security;
b. Promote privacy and security awareness among new and existing employees;
c. Establish procedures to test, assess and evaluate security measures periodically;
d. Check logfiles regularly;
e. Using a protocol for handling data breaches and other security incidents;
f. Conclude confidentiality, data processing and data protection agreements;
g. Assess whether the same objectives can be achieved with less personal data;
h. Provide access to personal data to as few people within the organization as possible; and
i. Define the decision-making and underlying considerations per processing.
7.4 Security policies. We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach. We will for example notify the relevant supervisory authority and the data subjects involved if required under Applicable Privacy Legislation.
8. RETENTION PERIODS expand
8.1 Main rule. In principle, we do not store your personal data any longer than is strictly necessary for the purposes for which we process your personal data. Yamato has put in place a Retention Policy to ensure that your personal data are deleted after a reasonable period.
8.2 Exception: shorter retention. If you or another person successfully exercises one of your privacy rights, it can be that the relevant personal data may no longer be retained. In such cases, we may process your personal data for a shorter period, than as stated under the ‘main rule’. Please be referred to the ‘Your Rights’ section below, for more information on this.
8.3 Exception: longer retention. In exceptional cases, we may process your personal data longer. In such cases we may process your personal data longer than as stated under the ‘main rule’. This is the case if we need to process your personal data for a longer period in view of:
a. A longer minimum statutory retention period that applies to Yamato or other specific statutory obligation;
b. Practicality: in order to practically be able to act in line with the Retention Policy, some retention periods have been categorized and for the various Yamato locations within Europe some periods have been integrated;
c. A legal procedure;
d. The right to freedom of expression and to information;
e. A task carried out in the public interest or in the exercise of official authority vested in the controller; or
f. Public health.
8.4 Contact. Please contact us via our contact details displayed below, should you wish to be further informed on how long we process your personal data.
9. YOUR RIGHTS (INCL. THE RIGHT TO OBJECT) expand
9.1 In relation to our processing of your personal data, you have the below privacy rights. For more information on your privacy rights, please be referred to this webpage or this webpage of the European Commission or this webpage of the UK Information Commissioner’s Office.
a. Right to withdraw consent. In so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.
b. Right of access. You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.
c. Right to rectification. You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
d. Right to erasure. You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.
e. Right to object. You have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.
f. Right to restriction. You have the right to request restriction of processing of your personal data in case: (i) the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest
g. Right to data portability. You have the right to request to transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third party, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
h. Automated decision-making. You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.
i. Right to complaint. In addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or the UK, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities in the EU and their contact details, and to this webpage for the supervisory authority in the UK. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.
9.2 How to exercise your rights. The exercise of the abovementioned rights is free of charge and can be carried out by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.
9.3 Verification of your identity. We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.
9.4 Follow-up of your requests. We will provide you with information about the follow-up to the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The Applicable Privacy Legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
10. CONTACT DETAILS expand
10.1 Contact Yamato EU. For any questions, comments or requests, you may contact us via . Please let us know by e-mail if you prefer to have further contact over the phone and indicate your preferred language, provided that this is the national language of an EEA country, or Japanese. Yamato will then provide you with the relevant phone number.
10.2 Contact DPO. Yamato EU has appointed a Data Protection Officer. The DPO can be contacted via . Please let the DPO know by e-mail if you prefer to have further contact over the phone and indicate your preferred language, provided that this is the national language of an EEA country, or Japanese. The DPO will then provide you with the relevant phone number.
10.3 Contact Yamato Holding. You also have the right to exercise your rights in respect of Yamato Holding. You can contact Yamato Holding for those matters, and any other questions relating to your privacy, via . However, for your convenience’s sake, you may also direct all your questions, comments and requests (e.g. your right to object) to Yamato EU, and not (also) to Yamato Holding. Yamato EU and Yamato Holding will arrange between themselves how to best deal with your questions, comments or requests that (also) relate to Yamato Holding.
11. MISCELLANEOUS expand
11.1 Deletion of your personal data by us. Yamato is entitled at all times to delete your personal data without notice. In such a case, Yamato owes no compensation to you as a result of the termination of the account.
11.2 Changes to the Privacy Statement. Yamato reserves the right to change this Privacy Statement on a regular basis. Where required, Yamato will inform you of updates made to this Privacy Statement. The current version is always available on our website www.yamatoeurope.com. This Privacy Statement was last amended and revised in April 202021.
12. DEFINITIONS expand
12.1 In this Privacy Statement, the following definitions apply:
Applicable Privacy Legislation | All applicable privacy legislation, including the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts. |
Privacy Statement | This present privacy statement. |
Yamato EU | Yamato Transport Europe B.V.
Capronilaan 22 1119 NS SCHIPHOL-RIJK The Netherlands Chamber of Commerce number: 24172596 |
Yamato Holding | Yamato Holdings Co., Ltd.
2-Chome 16-10 Ginza, Chuo-Ku, Japan Chamber of Commerce number: 0199-01-034964 |
Website | www.yamatoeurope.com |
12.2 Other terms that are defined in the Applicable Privacy Legislation, such as ‘personal data’, ‘(joint) controller’, ‘processor’, ‘data subject’ and ‘processing’ will have the meaning as described in the Applicable Privacy Legislation.
*****