Information that the Group handles as personal data will be limited to information that meets the definition of “personal data” under the applicable laws and regulations in the relevant jurisdiction.
1. Categories of Personal Data the Group Collects
Categories of information that the Group collects in relation to Customers are as set forth below, provided, however, that as noted above, the Group treats such information as personal data only if such information meets the definition of “personal data” under applicable laws and regulations of each jurisdiction:
- (a) name - surname;
- (b) gender;
- (c) age;
- (d) date of birth;
- (e) company which he/she is working for and his/her position or title;
- (f) telephone and facsimile numbers;
- (g) e-mail address;
- (h) resident address and office address;
- (i) shipping address and billing address;
- (j) geolocation information;
- (k) order and billing history;
- (l) how you use the Group’s websites, and browsing history;
- (m) credit card information (such as full number, last 4-digits, and type);
- (n) bank account information;
- (o) unique customer identifier (such as user ID number);
- (p) ID information of social media account or the like;
- (q) your login ID and password;
- (r) consent status of newsletter or direct mail etc.,;
- (s) information regarding your device (such as your IP address, device identifiers, networks, browser and operating system);
- (t) reviews, opinions, comments, enquiries, and indications about the Group’s goods and services; and
- (u) other categories of personal data necessary for the purposes described in Section 2. “Purposes of the Group’s Use of Your Personal Data” below (if required under applicable law, the Group will notify you of the categories of such personal data separately).
As described in Section 3. “How the Group Shares Your Personal Data” below, Glico group companies may collect personal data from another Glico group company.
The Group may also collect personal data from publicly available sources such as third party websites, blogs, social media sites and professional networking sites.
2. Purposes of the Group’s Use of Your Personal Data
The Group uses your personal data for the purposes described below. However, legal grounds to process your personal data may change subject to the applicable relevant laws and regulations of the respective jurisdictions, so please also refer to the applicable Local Annex.
Personal data collected by the Group will be used for:
- (a) fulfilling the Group’s contractual obligations in relation to transactions between you and the Group, including, without limitation, processing your orders and payments;
- (b) communicating with you about the goods, services, campaigns, and events offered by the Group, including, without limitation, responding to your enquiries and opinions, providing news and information which the Group thinks will be of beneficial to you and shipping out prizes related to campaigns and events;
- (c) permitting you to participate in surveys, campaigns, and events;
- (d) monitoring and analyzing trends, usage and the status of activities in connection with the Group’s goods and services, with an aim to improve or develop the Group’s goods and services;
- (e) detecting, investigating and preventing fraudulent transactions and other illegal activities; and protecting the rights and property of the Group, you and others;
- (f) distributing targeting advertisement to you on websites or the like of the Group and those of third parties, according to your tastes and preferences coming out from analyzing information such as browsing history obtained from you;
- (g) reporting internally within the Group;
- (h) carrying out any other purpose described to you at the time personal data was collected;
- (i) conducting internal audits on Glico group companies;
- (j) complying with applicable laws, regulations and other requirements (such as cooperating with law enforcement agencies, regulatory authorities, and other governmental agencies);
- (k) responding to any request from you; and
- (l) such other purposes as mentioned in Section 3. “How the Group Shares Your Personal Data” below.
3. How the Group Shares Your Personal Data
The Group may share your personal data as described below or as otherwise described in the Local Annex or the Specific Policy:
- (a) sharing with other Glico group companies, where such sharing is necessary for the purposes described in Section 2. “Purposes of the Group’s Use of Your Personal Data” above;
- (b) sharing with other Glico group companies, where such sharing is necessary for administrating the Group’s business;
- (c) sharing with the Group’s distributors and retailers for providing Customers with goods and services of the Group, provided that they are required to use the personal data which the Group shares only for the purpose of providing Customers with goods and services of the Group and to process such personal data in compliance with all applicable data protection laws and regulations;
- (d) sharing with digital marketing and web development agencies for digital marketing and website related activities, provided that they are required to use the personal data which the Group shares only for the purpose of digital marketing and/or developing and updating websites for the Group and to process such personal data in compliance with all applicable data protection laws and regulations;
- (e) sharing with external analysis agencies for evaluation of product defects, provided that they are required to use the personal data which the Group shares only for the purpose of the Group’s evaluation of product defects and to process your personal data in compliance with all applicable data protection laws and regulations;
- (f) sharing with companies or individuals (including, without limitation, service providers, agents, sub-contractors and contractors), where such sharing is necessary for providing the Group’s goods, campaigns and services, including, without limitation, sending the Group’s consumer prizes to you, provided that they are required to use the personal data which the Group shares only for the purpose of providing the Group’s goods, campaigns and services and to process your personal data in compliance with all applicable data protection laws and regulations;
- (g) sharing with the Group’s professional advisors (such as lawyers, accountants and financial advisors), to the extent necessary and only if they are bound to keep your personal data confidential;
- (i) disclosing where required by law, where requested by a government entity or where necessary to prevent crime or to ensure the rights, property or personal safety of the Group, the Group’s Customers or any other person; and
- (j) sharing personal data as otherwise permitted by applicable law. The Group may also share statistical or anonymized information in a form that cannot reasonably identify you.
4. Data Transfer Outside of Country
The Group may transfer any personal data the Group collects from you to other countries (including, without limitation, those where Glico group companies are located other than your country of residence) and handle the personal data in such other countries. Those other countries may not have the same data protection laws and regulations as the country of your residence, and your personal data will be subject to laws and regulations of each of those countries. When the Group transfers your personal data to such other countries, the Group will implement safeguards to protect your personal data required under applicable laws and regulations.
The Group will take reasonable physical, technical and procedural measures to safeguard personal data within the Group’s organization against loss, theft and unauthorized use, disclosure or modification. Where personal data is held by third parties on behalf of the Group, the Group has also imposed contractual obligations on such third parties to ensure the confidentiality and security of such data.
While the Group will take all reasonable measures (as required by applicable law) to protect the integrity of such data, it is your duty to keep (including, to take reasonable steps to keep) confidential any user names and passwords issued by or relating to the Group’s websites, and to inform the Group promptly of any possible security breaches (including unauthorized access to your personal data through the Group’s websites). The Group cannot be responsible for any loss, unauthorized access or alteration, or misuse which occurs due to your failure to comply your duty.
6. Retaining and Deleting Personal Data
The Group will periodically review the personal data held by the Group to ensure that such data is accurate and up to date. The Group will also retain your personal data only for so long as it is necessary (subject to the Group’s internal policies on data retention if applicable ones exist or subject to applicable laws and regulations if such policies applicable do not exist) and will use reasonable efforts to delete it without delay after it becomes not necessary.
7. Customers’ Rights
To the extent required by applicable law, you have the right to withdraw your consent for handling of your personal data. If you want to withdraw your consent, please contact the Group by using the contact details set forth in Section 11. “Contact Details” below.
To the extent required by applicable law, you also have other rights regarding your personal data including, without limitation, rights of access, deletion, cease of use, or correction. If you want to assert your rights, please contact the Group by using the contact details set forth in Section 11. “Contact Details” below.
If you make a request as set out above, you will be required to provide the Group with sufficient information to identify you. Upon receipt of your request, the Group may ask you to provide additional information (including proof of identity) in order to deal with your request. Please note that it may also take some time to deal with the application, although the Group aims to deal with all requests as soon as possible. The Group will deal with your requests above made in accordance with the applicable law; however, where permitted by law, the Group may also charge an appropriate fee to cover the cost of dealing with requests.
8. Cookies and Similar Technologies
Cookies and other similar technologies are used on certain pages of the Group’s website and other third party websites. Cookies are a technology for communicating between the website’s server and the browser. With cookies, your viewing history of a certain website such as the Group’s website is recorded, which makes your use of the internet more beneficial. Cookies are widespread as a standard technology of the internet, and are used by many sites for the purpose of improving customer convenience, displaying advertising to customers and collecting statistics.
By changing the cookie settings, you can block cookies. However, by blocking cookies, you may become unable to use some of the services on the site. Furthermore, depending on your usage environment (such as browser settings and internet connection), it may not be possible to block cookies.
9. Direct Marketing Communications
If you no longer want to receive direct marketing communications from the Group (including, without limitation, direct mail), you may stop receiving those communications by following the instructions therein contained or by contacting the Group by using the contact details set forth in Section 11. “Contact Details” below. Please note that if you stop receiving direct marketing communications, the Group may still send you messages that are necessary for administrative purpose.
10. Third Party Services / Websites
The Group’s websites contain links to websites other than those of the Group. The Group bears no responsibility for anything related to such other websites linked from those of the Group, including, without limitation, for the privacy on such other websites. In addition, the Group bears no responsibility for any handling of personal data or other information submitted by you through those websites, or otherwise collected from you by those website operators.
11. Contact Details
12. Policy Changes
The Group follows applicable laws and regulations in each relevant jurisdiction when collecting personal data from children.