Shiseido Parlour Co., Ltd. (hereafter referred to as “we”) believe that it is our social responsibility to protect all personal information we hold and that fulfilling this is essential to realizing our company’s mission. We will handle personal information in accordance with the following policy.
We will comply with applicable laws, national guidelines, other codes and industry guidelines with respect to personal information and will manage personal information in an appropriate manner in accordance with the Shiseido Global Privacy Principles.
We acquire the minimum personal information to the extent necessary to achieve our purpose of use. We acquire personal information by the following two methods. In either case, as a general rule, we will obtain personal information only after obtaining your consent.
When obtaining personal information directly from you: We acquire personal information after obtaining your consent.
In the event we acquire your personal information from a third party: We acquire personal information from a third party after confirming that you have agreed to the provision of your personal information to other parties.
Registration and provision of personal information are optional, but if you do not register or provide your information required for each item, you may not be able to receive the respective services, etc.
We will not, in principle, acquire sensitive information that may cause unreasonable discrimination, prejudice, or other disadvantages, however, if there are justifiable grounds within the extent of the purpose of use of the personal information, we may obtain the following sensitive information after obtaining your consent.
Examples of sensitive information
Matters relating to political views, philosophical beliefs, and religion
Race, ethnicity, family origin, physical or mental disability, criminal record, and other matters that may cause social discrimination
Matters concerning the right of workers to organize, collective bargaining or other collective action
Participation in collective demonstrations, exercise of the right to petition, and other matters concerning the exercise of political rights
Health, medical or sex life
We may acquire, store and use Individual Related Information which contains attribute information (such as age, gender, and residential areas) that does not correspond to personal information on its own or information of Internet use (such as IP addresses, MAC addresses, SSID, terminal identifiers such as Cookies, RDID, and web beacons).
In addition, we may receive, store and use Individual Related Information from DMP operators and other advertising companies, research and analysis companies, media operators, database management companies and other business contractors and partners.
Although it is not possible to identify a particular individual on its own, after obtaining your consent, we may treat it as identifiable data by linking it to other information that we hold.
In principle, when acquiring personal information, we will clearly indicate the purpose of use in writing, on the website screen, orally, or by other means on a case-by-case basis.
When the purpose of use for personal information is clear, such as when the contact is initiated or requested by you, or when the business card is exchanged under business practices, we may not indicate the purpose of use. Even in this case, the personal information acquired will be used within the extent of the purpose of use indicated to you.
In the event we provide personal information to a third party (a company other than us), except as otherwise provided by law, we shall obtain your prior consent concerning the provision to a third party.
Provided, however, that even if it is provided to a company other than us, in the following cases, it may not be regarded as a "third party" because it may be regarded as the same entity as us in substance, and therefore, we may not obtain your prior consent for such provision.
When outsourcing all or part of the handling of personal information to an outside company, etc.
Cases where personal information is provided due to merger of the Company or succession of business, etc.
Where two or more companies, etc., jointly use personal information in order to achieve the "Purpose of Use"
In some cases, we handle Individual Related Information. When we provide Individual Related Information to a third party, personal information provided may be treated as personal information at the third-party recipients by linking it to other data held by the third-party recipients. In the event it is anticipated that Individual Related Information will be handled in such a manner, we will provide Individual Related Information to a third party only after confirming that consent has been obtained from you.
We may provide retained personal information to a third party in a foreign country by one of the following methods:
1. 1. Provision based on your consent. (please see here for specific information)
2. 2. Provision of personal information to a third party in EU/EEA member countries and the United Kingdom which are recognized as having a personal information protection system at the same level as Japan in the "Enforcement Regulations of the Personal Information Protection Law. (Personal Information Protection Commission Regulation No. 3 of 2016)"
3. 3. Provision to a party to whom it is considered possible to guarantee that measures for the handling of personal information required by the Act on the Protection of Personal Information in Japan are continuously taken.
Examples of paragraph 3:
Cases where the handling of personal information is entrusted to a business operator in a foreign country, and where it is clearly stipulated by contract that the measures required by the Act on the Protection of Personal Information in Japan will be taken.
Provision to companies within the Shiseido Group overseas in compliance with the privacy management rules established within the Group.
We may jointly utilize acquired personal information with other companies in accordance with procedures permitted by law. When we jointly utilize personal information with other companies, we provide notice of the following.
The fact that they will jointly utilize personal information.
The categories of the jointly utilized personal information.
Scope of a jointly utilizing person.
The purpose of use of the utilizing person.
The name or appellation and address, and, for a corporate body, the name of its representative of the person responsible for controlling the said personal data.
If you do not have sufficient ability to judge the consequences of your consent to the handling of personal information, your representative or someone other than you may provide consent on your behalf.
In order to ensure the security (confidentiality, integrity and availability) of personal information, we will establish and maintain a system for the protection and management of personal information and procedures for the handling of personal information, and will properly protect, manage and use such information.
Confidentiality: Manage personal information so that it is not accessible to anyone other than a defined person.
Integrity: Manage personal information so that it is not falsified or damaged.
Availability: Manage the handling of personal information so that it is available only in situations where it is necessary.
The personal information protection management system consists of the implementation of safety management measures from the aspects of organization, people, physical, and technology. An overview of this is shown below.
‹Organizational safety management measures›
In handling personal information, we appoint a Representative Director as the Information Manager and under the direction of the Information Manager, the persons in charge of handling personal information will be limited to ensure appropriate protection, management, and use.
The Information Manager is obliged to conduct periodic inspections of the management and operation of personal information. In the event that improper handling of personal information is discovered through inspections, we shall identify the cause of such improper handling, implement corrective measures, formulate measures to prevent recurrence, and inform employees.
‹Human safety management measures›
In order for employees to properly handle personal information, we regularly conduct education and training programs for all employees engaged in business related to the handling of personal information.
‹Physical safety management measures›
In order to restrict access to facilities where personal information is stored, we are reinforcing the security of entering and leaving of the facilities, certifying those who enter and leave the facilities, and taking measures to prevent other persons from entering and leaving the facilities. In addition, records of entering and leaving the facilities and other facilities are prepared so that the facts of entering and leaving can be confirmed afterwards.
‹Technical safety management measures›
When personal information is handled through a system, the establishment, management, operation, security measures, etc., of the system will be implemented in accordance with the regulations concerning the handling of information systems. Certification and authorization functions will be provided so that the person in charge can perform only the identified operations, and monitoring will be conducted to ensure that there are no problems in the status of handling.
‹Understanding of the external environment›
When we handle personal information in a foreign country, we take safety management measures based on an understanding of the systems related to the protection of personal information in the relevant foreign country. Please refer to this Link for detailed information.
In the event it is necessary to provide retained personal information to an entrusted company due to the entrustment of business involving the handling of personal information, we will conclude an agreement requiring the appropriate management of the information designated by us after carefully selecting a trustworthy entrusted company. In addition, we regularly receive reports on the status of handling from the entrusted company in order to confirm that the entrusted company properly handles personal information in accordance with the applicable agreement, and if there are any problems, we will clearly indicate the measures to be taken for improvement as needed.
In some cases, we handle pseudonymously processed information after appropriately processing personal information in our possession in accordance with laws and regulations. In the event the information is used as pseudonymously processed information for purposes other than those stated in the purpose of use of personal information, the following matters shall be disclosed.
Contents of pseudonymously processed information to be prepared
Purpose of use of pseudonymously processed information
We may prepare and provide anonymously processed information to a third party by properly processing the obtained personal information so that it cannot be identified as belonging to a specific individual and the personal information used for the preparation thereof cannot be restored in accordance with the procedures permitted by laws and regulations.
When preparing or providing anonymously processed information, the following matters shall be publicly announced.
Safety management measures, etc., concerning anonymously processed information.
Categories of information relating to an individual included in anonymously processed information to be prepared.
Categories of information relating to an individual contained in anonymously processed information to be provided to third parties and its providing method.
Inquiry method for anonymously processed information.
We will promptly respond to requests for the handling of personal information. If necessary, please contact us at the following address.
Shiseido Parlour Co., Ltd.
8-8-3, Ginza, Chuo-ku, Tokyo 104-0061
Phone : 0120-4710-04
(10:00-17:00; excluding Sundays, national holidays, Summer break, and year-end / new-year holidays)
E-mail ： firstname.lastname@example.org
Please note that we do not accept any requests via personal visits to our company.
Also note that your inquiries to our toll-free number will be recorded for improvement of our customer service.
We appreciate your understanding and cooperation in this matter.
‹Name and address of business operator handling personal information and name of representative›
Last Modified: July 1,2023