Privacy Policy

This Privacy Policy explains how personal data is processed for the Yamaha European Highlight Concert 2027 application platform. The legal information for this platform is provided in English only.

Controller and contact

Controller: Yamaha Music Europe GmbH, Siemensstrasse 22-34, 25462 Rellingen, Germany.

Project and privacy contact: Christoph Seiler, Education Department, christoph1.seiler@music.yamaha.com.

Platform scope and processing roles

The platform is operated as a pilot project for professional internal and educational use (B2B/B2E) within the Yamaha Education Department. Technical administration for the platform is carried out by Christoph Seiler on behalf of Yamaha Music Europe GmbH.

The platform is hosted on infrastructure in Germany. IONOS SE is used as the hosting provider and processor. A data processing agreement is in place with the hosting provider.

Categories of personal data

We process teacher contact details, school operator contact details, applicant details, participant details, chaperone contact details for final applications, music school information, piece information, uploaded recordings, score files, optional interim feedback files, validation status, jury comments, jury scores for final applications, assignment labels, administrator and jury account data, authentication and security records, audit records, and first-party operational analytics events.

Purposes of processing

Data is processed to receive applications, verify submissions, organize jury review, document assignments, prepare the concert selection process, operate a secure application platform, and receive public help or contact requests submitted through the website.

Uploaded recordings and score files are used only for jury and admin review, rating, commenting, and application administration. They are never used for promotion, social media, advertising, public relations, or internal company presentation purposes.

Legal basis

Personal data is processed under Art. 6(1)(b) GDPR where processing is necessary to carry out the application workflow and related organizational steps. Personal data and media submitted on the basis of permission from the participant or, for minors, the legal guardian, are processed under Art. 6(1)(a) GDPR where consent is the relevant basis. Platform security, access control, auditability, operational analytics, and service stability are processed under Art. 6(1)(f) GDPR based on Yamaha Music Europe GmbH's legitimate interest in operating a secure and specialized educational application platform.

The application process is open only to Yamaha Music School teachers, school staff, or school owners submitting applications for Yamaha Music School students. For minors, the submitting teacher or school representative confirms that the legal guardian has consented to the processing of the applicant's personal data and media files and that the signed consent can be provided on request.

Access and recipients

Access to applications and uploads is limited to authorized administrators and jury members. Data is not shared with venue staff, production partners, press, social media teams, or other external recipients for review purposes. Technical service providers are used only where required to operate hosting, storage, backup, email delivery, and contact-form spam protection. Confirmed contact requests are forwarded only to the Yamaha project mailbox yehc27@yms-hub.com, which may internally redirect to the shared Yamaha staff mailbox for operational handling. Data is not sold or used for advertising.

Help and contact form

The public help and contact form collects the sender's email address, the question submitted in the message field, the selected language context, technical abuse-prevention metadata such as minimized IP-derived hashing and user agent information, and records showing whether the sender confirmed the email address through a double opt-in confirmation link.

Contact messages are stored in a pending state first. A confirmation email is sent to the submitted address. Only after the confirmation link is used is the message forwarded to the Yamaha project mailbox. This process is used to verify control over the submitted email address, reduce spam, and document the affirmative action taken by the sender before Yamaha responds.

Storage and security

Application data is stored on servers located in Germany. Uploaded files are protected through private storage and, depending on file type, additional application-level encryption. Access to admin and jury areas is restricted to authenticated users, and security records are maintained to protect the platform and investigate misuse.

The platform uses application databases, protected upload storage, and operational backups on infrastructure located in Germany.

Cookies, local storage, analytics, and third-party content

The platform uses essential cookies and local browser storage for secure sessions, language preferences, theme preferences, and remembering optional content choices. These technologies are required to operate the platform.

The platform also records limited first-party operational analytics events, including page views, locale, phase, selected country and region where submitted, upload failures, path, referrer, and user agent. This processing is used for operational insight, troubleshooting, and service security.

Privacy-focused website measurement using Umami is active at launch. Umami is used for aggregated usage analysis and is not intended for advertising or cross-site tracking.

Optional third-party content such as YouTube videos and Google Maps embeds is loaded only after the user chooses to allow optional content. When that happens, the relevant third-party provider may process technical data such as IP address, browser information, device information, page URL, and interaction data.

The help and contact form uses Cloudflare Turnstile for spam protection. When the form is submitted, Cloudflare may process technical data needed to assess whether the request is legitimate. Turnstile is used only for abuse prevention and not for advertising.

Retention and deletion

Application-related personal data, reviews, and uploads are retained for up to six months after the Yamaha European Highlight Concert 2027 unless a longer retention period is legally required or retention is necessary to establish, exercise, or defend legal claims. Deleted submissions also trigger deletion of associated uploads.

Pending public contact requests that are never confirmed are retained only for a short technical period and then deleted. Confirmed and forwarded contact requests are retained for up to twelve months unless earlier deletion is required or a longer retention period is necessary to establish, exercise, or defend legal claims.

Deletion requests and consent withdrawals are handled through the project contact. Where consent is withdrawn, future consent-based processing will stop, without affecting the lawfulness of processing carried out before the withdrawal.

Your rights

Data subjects may request access, correction, deletion, restriction, portability, and withdrawal of consent. They may also lodge a complaint with a competent supervisory authority.

Competent supervisory authority for the controller's registered office: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstrasse 98, 24103 Kiel, Germany, mail@datenschutzzentrum.de.