Shiseido Company, Limited and Shiseido Japan Co., Ltd. (collectively, "we" or “Shiseido”) believe that it is our social responsibility to protect all personal information we hold and that fulfilling this is essential to realizing our company’s mission. We will handle personal information in accordance with the following policy.
We will comply with applicable laws, national guidelines, other codes and industry guidelines with respect to personal information and will manage personal information in an appropriate manner in accordance with the Shiseido Global Privacy Principles.
This Privacy Policy applies specifically to the privacy practices of Shiseido Company, Limited and Shiseido Japan Co., Ltd. For information about the privacy practices of other Shiseido Group companies and affiliated brands, please refer to the privacy policy links listed here.
For residents of the European Union or the United Kingdom, please refer to the Additional Disclosures for Residents of the European Union & United Kingdom Residents section of this Privacy Policy (here).
For residents of the United States, please refer to the Additional Disclosures for Residents of the United States section of this Privacy Policy (here).
For residents of other countries where applicable law provides you with certain privacy rights related to our acquisition of your personal information, please refer to the Additional Disclosures for Residents of Other Countries section of this Privacy Policy (here).
We acquire the minimum personal information to the extent necessary to achieve our purpose of use.
Registration and provision of personal information are optional, but if you do not register or provide your information required for each item, you may not be able to receive the respective services.
We will not, in principle, acquire sensitive information that may cause unreasonable discrimination, prejudice, or other disadvantages. However, if there are justifiable grounds within the extent of the purpose of use of the personal information, we may obtain the following sensitive information after obtaining your consent (to the extent required under applicable laws).
Matters relating to political views, philosophical beliefs, and religion
Race, ethnicity, family origin, physical or mental disability, criminal record, and other matters that may cause social discrimination
Matters concerning the right of workers to organize, collective bargaining or other collective action
Participation in collective demonstrations, exercise of the right to petition, and other matters concerning the exercise of political rights
Health, medical, or biometrics
We may acquire, store and use information which contains attribute information (such as age, gender, and residential areas) that does not correspond to personal information on its own, or information of Internet use (such as IP addresses, MAC addresses, SSID, terminal identifiers such as cookies, RDID, and web beacons) (“Individual Related Information”).
In addition, we may receive, store and use Individual Related Information from data resellers and other advertising companies, research and analysis companies, media operators, database management companies and other business contractors and partners.
Although it is not generally possible to identify a particular individual on its own based only on Individual Related Information, after obtaining your consent (to the extent required under applicable laws), we may treat it as identifiable data by linking it to other information that we hold.
In principle, when acquiring personal information, we will clearly indicate the purpose of use in writing, on the website screen, orally, or by other means on a case-by-case basis.
When the purpose of use for personal information is clear, such as when the contact is initiated or requested by you, or when the business card is exchanged under business practices, we may not indicate the purpose of use. Even in this case, the personal information acquired will be used within the extent of the purpose of use indicated to you.
| Contents of personal information | Purpose of Use |
|---|---|
| Personal information on the person who requested the inquiry or consultation, etc. |
・To respond appropriately to inquiries and consultations from you ・For the improvement and enhancement of products and services of Shiseido Group companies ・For the planning measures for and advertising and marketing of products and services of Shiseido Group companies ・To check reaction or request cooperation about the above |
| Personal information handled by each service |
・To operate, maintain and improve the quality of our services and to respond to inquiries about our services *For the detailed purpose of use for personal information for each service, please check the Terms of Use or equivalent document for each service. |
| Personal information handled in research and development |
・For the planning, development, advertising, introduction, and marketing of beauty-and-health-related products and services ・For inclusion in research and papers, presentations at academic meetings, and other academic and research purposes ・For publishing in training materials and other uses in various training sessions ・For corporate brochures, business reports, publication in company history materials, and other public relations activities |
| Personal information related to business partners | ・For business negotiations and associated contacts |
| Information on the "Shareholders of Shiseido Co., Ltd. Stated in the Shareholder Registry" |
・For the purpose of exercising shareholders' rights and fulfilling our obligations in accordance with the Companies Act and other relevant laws and regulations ・To provide various information and services regarding the status of shareholders and to conduct surveys and other measures to facilitate the relationship between shareholders and us ・For shareholder management, including the preparation of shareholder data based on prescribed standards under the Companies Act and other related laws and regulations |
| Information on "recruitment candidates" (including unofficial offers, early unofficial offers, and internships) |
・For sharing information and communicating with recruitment candidates, including internships ・For recruitment selection ・For job offer management ・For consideration of assignments after formal employment |
| Information on "employees" | ・For the management of employees |
| Information on "retirees" | ・To provide information to retirees and to pay retirement benefits and pensions |
| Information on Disclosure, etc., of Personal Information and Applicants for Complaints and Consultations | ・In order to respond to Disclosure, etc., of personal information (disclosure of the purpose of use, disclosure, correction, addition, deletion, cease of utilization, and cease of provision to a third party of personal information) |
| Applicant information on other application activities |
・To operate, maintain, develop and improve other application activities, and to respond to inquiries about the activities *For the detailed purpose of use of personal information for each activity, please check the Terms of Use or the equivalent document for each activity. |
In the event we provide personal information to a third party (a company other than us), we shall obtain your prior consent concerning the provision to a third party to the extent required under applicable laws.
However, even if it is provided to a company other than Shiseido, in the following cases, it may not be regarded as a "third party" because it may be regarded as the same entity as us in substance, and therefore, we may not obtain your prior consent for such provision.
When outsourcing all or part of the handling of personal information to an outside company, etc.
Cases where personal information is provided due to merger of the Company or succession of business, etc.
Where two or more companies, etc., jointly use personal information in order to achieve the "Purpose of Use"
When we provide Individual Related Information to a third party, personal information provided may be treated as personal information by the third-party recipients by linking it to other data held by the third-party recipients. In the event it is anticipated that Individual Related Information will be handled in such a manner, we will provide Individual Related Information to a third party only after confirming (to the extent required by applicable laws) that consent has been obtained from you.
We may provide retained personal information to a third party in a foreign country by one of the following methods (please see here for specific information):
Examples of paragraph 3:
Cases where the handling of personal information is entrusted to a business operator in a foreign country, and where it is clearly stipulated by contract that the measures required by the Act on the Protection of Personal Information in Japan will be taken
Provision to companies within the Shiseido Group overseas in compliance with the privacy management rules established within the Group
We may jointly utilize acquired personal information with other companies in accordance with procedures permitted by law. When we jointly utilize personal information with other companies, we provide notice of the following:
The fact that they will jointly utilize personal information
The categories of the jointly utilized personal information
Scope of a jointly utilizing person
The purpose of use of the utilizing person
The name or appellation and address, and, for a corporate body, the name of its representative of the person responsible for controlling the said personal data
We will strive to delete personal information without delay if we have achieved the matters stated in the purpose of use of personal information and determine that there is no need to retain such personal information. In addition, if we receive a request from you to delete your personal information, we will delete the personal information unless we are legally obligated to retain this information, or unless there are special circumstances.
If you do not have sufficient ability to judge the consequences of your consent to the handling of personal information, your representative or someone other than you may provide consent on your behalf.
In order to ensure the security (confidentiality, integrity and availability) of personal information, we will establish and maintain a system for the protection and management of personal information and procedures for the handling of personal information, and will properly protect, manage and use such information.
Confidentiality: Manage personal information so that it is not accessible to anyone other than a defined person.
Integrity: Manage personal information so that it is not falsified or damaged.
Availability: Manage the handling of personal information so that it is available only in situations where it is necessary.
The personal information protection management system consists of the implementation of safety management measures from the aspects of organization, people, physical, and technology. An overview of this is shown below.
We develop and maintain a system for protecting personal information under the instructions of the Chief Information Technology Officer at Shiseido Company, Limited.
In the handling of personal information, the heads of each department and facility shall be the responsible persons for protecting personal information, and under the direction of the responsible person, a limited number of persons will be put in charge of handling personal information to ensure appropriate protection, management, and use of said information.
The person responsible for protecting personal information is obliged to conduct periodic inspections into the management and operation of personal information. In the event that improper handling of personal information is discovered through said inspections, in addition to informing all employees, the cause of the improper handling shall be identified, corrective measures implemented, and measures to prevent recurrence formulated.
In order for employees to properly handle personal information, we regularly conduct education and training programs for all employees engaged in business related to the handling of personal information.
In order to restrict access to facilities where personal information is stored, we are reinforcing the security of entering and leaving of the facilities, certifying those who enter and leave the facilities, and taking measures to prevent other persons from entering and leaving the facilities. In addition, records of entering and leaving the facilities and other facilities are prepared so that the facts of entering and leaving can be confirmed afterwards.
When personal information is handled through a system, the establishment, management, operation, security measures, etc., of the system will be implemented in accordance with the regulations concerning the handling of information systems. Certification and authorization functions will be provided so that the person in charge can perform only the identified operations, and monitoring will be conducted to ensure that there are no problems in the status of handling.
When we handle personal information in overseas countries and regions, we take safety management measures based on an understanding of the systems pertaining to the protection of personal information in the relevant overseas countries and regions. Please see here for specific information.
In the event it is necessary to provide retained personal information to an entrusted company due to the entrustment of business involving the handling of personal information, we will conclude an agreement requiring the appropriate management of the information designated by us after carefully selecting a trustworthy entrusted company. In addition, we will regularly receive reports on the status of handling personal information from the entrusted company in order to confirm that the entrusted company properly handles personal information in accordance with the applicable agreement, and if there are any problems, we will clearly indicate the measures to be taken for improvement as needed.
In some cases, we handle pseudonymously processed information after appropriately processing personal information in our possession in accordance with laws and regulations. In the event the information is used as pseudonymously processed information for purposes other than those stated in the purpose of use of the personal information, the following matters shall be disclosed:
Contents of pseudonymously processed information to be prepared
Purpose of use of pseudonymously processed information
We may prepare and provide anonymously processed information to a third party by properly processing the obtained personal information so that it cannot be identified as belonging to a specific individual and the personal information used for the preparation thereof cannot be restored in accordance with the procedures permitted by laws and regulations.
When preparing or providing anonymously processed information, the following matters shall be publicly announced:
Safety management measures, etc., concerning anonymously processed information
Categories of information relating to an individual included in anonymously processed information to be prepared
Categories of information relating to an individual contained in anonymously processed information to be provided to third parties and its providing method
Inquiry method for anonymously processed information
In response to a request from you related to your personal information and our data practices under this Privacy Policy, including the purpose of use, disclosure, correction, addition or deletion, cease of utilization and cease of provision to a third party of personal information, and disclosure of records relating to the provision or receipt of personal information to a third party (hereinafter referred to as "Disclosure"), we will respond to you pursuant to the instructions set forth below.
The recipients of a demand for Disclosure related to a "Beauty Key Member" information and "Shareholders of Shiseido Company, Limited." are as follows:
| Contents of personal information | The procedure for a demand, etc., for Disclosure |
|---|---|
| Beauty Key Members |
"Disclosure," "Change," and "Withdrawal" related to information of a " Beauty Key Member " will be conducted on your own from the following pages within the Shiseido website. Click here for confirmation and change of registration of Beauty Key Members. (Japanese Only) |
| Shareholders of Shiseido Company, Limited |
Please contact Sumitomo Mitsui Trust Bank, Limited, the shareholder registry administrator of Shiseido Co., Ltd., for "disclosure," "changes," etc., related to information of "shareholders of Shiseido Company, Limited." Please also check with Sumitomo Mitsui Trust Bank, Limited for the specific procedures in such case. <Applications> For shares owned for the account of a securities company, please submit to such securities company of the transaction, etc. |
Please refer to the individual service terms of use for the party to whom the demand for Disclosure is made, the method of request, and the contents that can be handled with regard to individual services other than the above. Please note that we may not be able to accept your demands, such as when you need to submit an application directly at a store.
When demanding for Disclosure of information other than the above, please fill in the required information in the adequate document below, enclose a document to confirm the identity, and send it to the following address. When doing so, please write "Personal Information Disclosure Demands Involved in Documents" on the envelope.
The party to whom the demand for Disclosure is made, documents to confirm the identity, how to respond to a demand for Disclosure, purpose of use of personal information obtained in connection with a demand for Disclosure, and reasons for non-disclosure of "personal information subject to disclosure" are as follows (except as otherwise required under local laws):
| The party to whom the demand for Disclosure is made |
1-6-2, Higashi-Shimbashi, Minato-ku, Tokyo 105-8310 *Please write " Personal Information Disclosure Demands Involved in Documents " on the envelope, and send it by registered mail. |
| Documents to confirm the identity (specific documents may vary based on your jurisdiction) |
Identification documents:
*All identification documents must be valid or issued within the past 3 months. *Please black out the insurance provider number and insured person code/number on the health insurance card. *If there is a change of address or other information on the back of the driver's license, please also send a copy of the back side. Confirmation documents for proxy: [In the case of a legal representative of a minor (one of the following copies)]
[In the case of a legal representative of an adult ward]
[In the case of a voluntary proxy]
|
| How to respond to a demand for Disclosure | After confirming the identity of the person demanding Disclosure, we will respond by completing the method in the "Disclosure Method" section of the application for Disclosure (In the case of an application by a proxy, we will respond to the proxy as soon as we confirm that the demand by the proxy is legitimate.) |
| Purpose of use of personal information obtained in connection with a demand for Disclosure | Personal information obtained in connection with a demand for Disclosure, shall be handled only to the extent necessary for the demand for Disclosure. The submitted documents will be stored for five years after the response to the demand for Disclosure, is completed, and will be deleted thereafter. |
| Reasons for non-disclosure of "personal information subject to disclosure" |
We will not disclose if the following is stipulated. When we decide not to disclose the information, we will notify you to that effect and the reason.
|
For questions about this Privacy Policy, our handling of personal information, or your rights, please contact us at the following address:
<Contact Information>
Shiseido Customer Service
1-6-2 Higashi-Shimbashi, Minato-ku, Tokyo 105-8310
Phone: 0120-81-4710 (9:00-17:00 (from January 2025, 10:00-17:00); excluding Saturdays, Sundays and national holidays)
Beauty Key Customer Service
Phone: 0120-77-4710 (9:00-17:00; not available during the year-end and New Year holidays and on statutory inspection days)
<Notice>
Please note that we do not accept any requests via personal visits to our company.
Also note that your inquiries to our toll-free number will be recorded for improvement of our customer service.
We appreciate your understanding and cooperation in this matter.
<Name and address of business operator handling personal information and name of representative>
| Name | Shiseido Company, Limited |
| Address | 7-5-5, Ginza, Chuo-ku, Tokyo 104-0061 |
| Representative | Kentaro Fujiwara, Representative Corporate Executive Officer |
| Name | Shiseido Japan Co., Ltd. |
| Address | 7-5-5, Ginza, Chuo-ku, Tokyo 104-0061 |
| Representative | Kentaro Fujiwara, Representative Director |
This Privacy Policy shall be governed by and construed in accordance with the laws of Japan.
In the event of any dispute, the Japanese version of this Privacy Policy will prevail over any other language versions.
This Privacy Policy may be updated. Please check the last modified date.
Last Modified: November 25, 2024
This section of the policy applies to residents of the EU and UK and supplements the disclosures in the main policy above. References in this section to “personal data” shall be understood to have the same meaning as references to “personal information” in the main policy. Where any disclosures in this section differ from practices or descriptions in the main policy, these differences shall be understood to only apply with respect to residents of the EU and UK.
<Data controller>
For purposes of this section, Shiseido Company, Limited and Shiseido Japan Co., Ltd. (collectively, "we" or “Shiseido”) are the applicable data controllers responsible for the processing of your personal data.
<Descriptions of personal data collected, sources of personal data, purposes for processing, disclosures of personal data, data retention practices, and security of personal data>
Please refer to the descriptions in the respective sections in the main policy above.
<Legal basis for processing personal data>
Where required by applicable local law, our legal bases for processing your personal data are as follows:
The performance of the contract we have with you: in certain circumstances, we need personal data from you in order to fulfill our contractual obligations. For example, if you buy products through our websites, we need certain personal data such as your name and contact details so that we can communicate with you and deliver the products you ordered. If you do not provide your personal data, we will not be able to provide you with the requested products and services. For employees, an example of processing based on contractual necessity would be to ensure your salary is paid correctly, provide you with access to equipment and facilities necessary for your employment, and so forth.
Your prior consent: in certain cases, we may ask for your consent before collecting, using, or disclosing your personal data. For example, where required under applicable laws, we will request that you provide permission to send you marketing communications; also to the extent required under applicable laws, we will obtain consent prior to the collection of sensitive personal data such as data relating to health or medical conditions or skin tone.
Compliance with legal obligations: we also use and retain personal data to comply with our legal obligations. For example, tax laws require us to maintain certain information related to your purchases, or for employees, in connection with tax requirements relating to payment records, health and safety obligations at the workplace, etc.
Our legitimate interests: in addition to the other legal bases listed above, we process personal data as necessary to support our legitimate business interests, e.g., our legitimate interests in marketing goods and services to you, improving our goods and services, raising or defending legal claims as may be appropriate, personalizing our services, the efficient management and administration of our business, provision of services to employees, keeping our records accurate and up to date, and other legitimate business interests (as set forth in this Privacy Policy and consistent with applicable law). When we use personal data to support our legitimate interests, we take steps to ensure our processing is lawful and fair, being mindful of your interests and rights under applicable laws.
<Cookies and web tracking technologies>
When you visit our websites or other online services, we automatically collect certain personal data about you over time and across different sites, including through the use of “cookies” and similar web tracking technologies. For more information about cookies, and to opt out of certain cookies that are not strictly necessary for the operation of our sites and services, please refer to “Cookie Settings” provided in our websites or other online services.
<International transfers>
As described in the main policy above, in some cases your personal data may be transferred to, stored, and processed in a country that does not provide the same level of privacy protections as the laws of your home country. Where required under applicable laws, we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protection for your personal data. For more information on the safeguards in place, please contact us at the details provided in the main policy above.
<Data subject rights>
Where applicable under local law, you may have the following rights regarding your personal data: the rights to access personal data we hold about you, and in some situations, the right to have that personal data corrected or updated, erased, restricted, or delivered to you or a third party in a usable electronic format (the right to data portability). Where applicable, you may also object to how we use your personal data if the legal basis for processing that information is our legitimate interest. Where you have provided consent and where applicable under local law, you may have the right to withdraw any consent you have given at any time. You also have the right to register a complaint to the appropriate data protection authority, where applicable. Please note that we may require additional information from you in order to honor your requests. If you wish to exercise these rights, or if you have questions about this notice or our privacy practices, please contact us at the details provided in the main policy above or by contacting our Data Protection Officer for Shiseido Europe at dpo@emea.shiseido.com.
This section of the policy applies to residents of the U.S. and supplements the disclosures in the main policy above.
<Data controller / business>
For purposes of this section, Shiseido Company, Limited and Shiseido Japan Co., Ltd. (collectively, "we" or “Shiseido”) are the applicable data controllers (or “businesses” under applicable laws) responsible for the processing of your personal data.
<Categories of personal information>
In the past 12 months, we have collected the following categories of personal information:
Identifiers (e.g., name; address; phone number; email; IP address; usernames, account credentials, device identifiers; etc.)
Demographic information (e.g., date of birth; age information; gender; facial and other physical characteristics; skin type; skin tone; etc.)
Commercial information (e.g., transaction records; purchase history; payment details; in-store purchase activity; social network information; loyalty program participation; payroll information for employees; investment details for shareholders; etc.)
Biometric information (e.g., face scans; eye scans; etc.)
Internet or other electronic network activity information (e.g., usage information; browsing history; pages viewed; links clicked; time spent on a page; referring links; etc.)
Geolocation data (e.g., general geographic location)
Visual information (e.g., photos you submit; photos collected in connection with research; social media profile picture; etc.)
Professional or employment-related information (e.g., employment history; details from resume or CV; etc.)
Education information (e.g., education history submitted in connection with a job application)
Inferences drawn from the above information (e.g., preferences and interests; estimated income bracket; etc.)
Sensitive personal information (e.g., information revealing race or ethnic origin; religious or philosophical beliefs; health information such as skin conditions allergies, or other adverse reactions to products; account log-in information and passwords; or biometric information)
<Descriptions of purposes for processing and data retention practices>
Please refer to the descriptions in the respective sections in the main policy above. To the extent we process sensitive personal information, we do not use or disclose such information for purposes other than those permitted under applicable laws.
<Deidentified data>
We may deidentify personal information so that it cannot be linked to you or any other individual. Deidentified data is not considered “personal information” and may be subsequently used for any purpose. We will maintain and use this data only in deidentified form and will not attempt to re-identify the data.
<Disclosures of personal information>
We may disclose your personal information to service providers for the business purposes described in this section, as set forth in the chart below (and as described in more detail in the main policy). We also may “sell” or “share” your personal information (as those terms are defined under applicable privacy laws) with certain third parties as described below. In the preceding 12 months, we may have sold or shared your personal information, or disclosed it for a business purpose, to the following categories of recipients:
| Category of information | Categories of recipients of disclosures for a business purpose | Categories of recipients of disclosures of sales or sharing |
|---|---|---|
| Identifiers | Service providers | Advertising partners; analytics providers |
| Demographic information | Service providers | Advertising partners; analytics providers |
| Commercial information | Service providers | n/a |
| Biometric information | Service providers | n/a |
| Internet & network activity information | Service providers | Advertising partners; analytics providers |
| Geolocation data | Service providers | Advertising partners; analytics providers |
| Visual information | Service providers | n/a |
| Professional & employment-related information | Service providers | n/a |
| Education information | Service providers | n/a |
| Inferences | Service providers | n/a |
| Sensitive personal information | Service providers | n/a |
In addition, we may disclose each of the categories of information described above in the event of a merger or other succession of the business or upon request by government authorities (to the extent required under applicable laws). Please note that we do not “sell” or “share” personal information of children under the age of 16.
<Financial incentive programs>
We may offer you various discounts, special offers, access to loyalty programs, or other financial incentives if you provide us with your personal information to allow us to market our products to you. You may unsubscribe from receiving our communications at any time by unsubscribing from an email, requesting that we delete your personal information, or withdrawing from any loyalty program. The value of the personal information you provide is reasonably related to our estimated cost of providing you with the discount, special offer, or financial incentive.
<Data subject rights>
Where applicable under local laws, you may have the following rights: the right to request a disclosure about how we process your personal information (the right to know); the right to request access to the specific pieces of personal information we hold about you; the right to request deletion of certain information we hold about you; the right to request certain of the information we hold about you in a portable format (the right to portability); the right to request correction of your information; the rights to opt out of sales, sharing, and targeted advertising; the right not to be discriminated against for exercising your rights; the right to appeal a decision relating to a request to exercise your rights.
To opt out of sales of personal information, sharing of personal information, or targeted advertising, please refer to “Cookie Settings” provided in our websites or other online services and follow the instructions. Where applicable under local law, we also honor requests to opt-out submitted via privacy preference signals, such as the Global Privacy Control (GPC). (For more information on the GPC and how to use a browser or browser extension incorporating the GPC signal, see https://globalprivacycontrol.org/.)
To exercise any of the other rights described above, please contact us using the contact details set out in the main policy or contact us at privacy@sac.shiseido.com. Please note that we may need to request additional personal information from you to verify your identity before we can honor your request.
Where applicable under local law, you may also use an authorized agent to exercise your rights on your behalf. If you wish to use an authorized agent, we require that your authorized agent provides written proof to us that he or she is authorized to act on your behalf, and we may also require that you directly verify your identity with us. Authorized agents may submit requests using the contact details set out in the main policy or contact us at privacy@sac.shiseido.com.
<In the event of updates to this Privacy Policy>
If we subsequently change the way we handle personal information, we will post those changes in this Privacy Policy. For material changes (i.e., substantially new practices you wouldn’t expect from us or that we didn’t previously tell you about), we may decide to notify you more prominently and/or give you prior choice.
<Data subject rights>
Where applicable under local law, you may have certain rights regarding your personal data. If you wish to exercise these rights, or if you have questions about this section or our privacy practices, please contact us at the details provided in the main policy above or by contacting us at:
Shiseido Customer Service
1-6-2 Higashi-Shimbashi, Minato-ku, Tokyo 105-8310 Japan
Phone: 0120-81-4710 (9:00-17:00 (from January 2025, 10:00-17:00); excluding Saturdays, Sundays and national holidays)