Privacy Policy

Citizen Systems Japan Co., Ltd. (the “Company”) hereby prescribes as follows the processing of personal data (meaning information prescribed as personal data in light of the applicable personal information protection laws of each country; the same applies hereinafter) that the Company obtains for its business activities. The Company complies with the applicable personal information protection laws of each country, such as the Personal Information Protection Act of Japan, in accordance with this Privacy Policy.

1. Categories of personal data processed by the Company

The Company employs lawful and fair means to obtain and use the following personal data (including personal information provided for in the Personal Information Protection Act of Japan) for business activities (see details on the Company’s business activities here). Some of it may be collected automatically.

  • Personal data of customers

    • Identification information, such as name, date of birth, gender, address, telephone number, email address, credit card information (card number, security code, and expiration date), and ID and password for membership services

    • Information related to product purchases or product repairs, such as product number, date of purchase, store of purchase, and delivery information for the product

    • Information related to product preferences, such as questionnaires related to products and services and video recording data for online customer services

    • Information related to communications from customers, such as details entered in inquiry forms and telephone record data

    • Cookie-based information of customers who visit the Company’s website, such as user activities, user environment (IP address, etc.), and user attributes

    • Information obtained from social media, such as user name, etc. of each customer who applies for or participates in campaigns or events related to products and services handled by the Company or any of the Company’s group companies or business partners

  • Personal data of officers and employees of clients, etc.

    • Information necessary for transactions, such as name, company or association name, department, place of work, title, address, telephone number, email address, and account number

    • Information related to sales promotion and sales negotiations for the products of the Company

    • Information related to the security of offices, such as images from security videos

    • Information related to membership sites for clients, such as ID and password, registration date, registered person, area, and date and time of final login

    • Information used as material for in-house magazines in the Company’s group companies, such as images and text

  • Personal data of regular employment or internship applicants and of resignees

    • Information related to recruitment selections and internships, such as the following: name; date of birth; address; telephone number; email address; name of scholastic institution, faculty, and school; work experience; and information on CVs

    • Information related to paperwork for retiring officers, such as term of office, remuneration, and account number

    • Information related to paperwork for the shareholder association for resignees, such as the following: company name; employee code; and monthly contribution, securities account information, and number of shares held pertaining to the shareholder association

  • Other personal data

    • Information related to systems for provision of awards, such as name, address, telephone number, email address, account number, and portrait of award recipient

    • Information related to the security of offices, such as images from security videos

* Cookie-based information of customers who visit the Company’s website, such as user activities, user environment (IP address, etc.), and user attributes, may or may not qualify as personal data (or personal information provided for in the Personal Information Protection Act of Japan) depending on the applicable personal information protection laws of each country. This information is handled as personal data (or personal information provided for in the Personal Information Protection Act of Japan) in this Privacy Policy only to the extent that such information qualifies as personal data (or personal information provided for in the Personal Information Protection Act of Japan) under the applicable personal information protection laws of the country in question.

2. Purposes for processing personal data

When the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies throughout “2.” (Purposes for processing personal data)) for business activities, the Company will process that personal data within the scope necessary for achieving the purposes for processing by specifying those purposes for processing in advance and will not conduct processing for any other purpose, except in cases where your consent has been obtained or where such processing is authorized under the personal information protection laws of the country in question.

The purposes for processing personal data that the Company processes for business activities are as follows The Company will provide separate notification to persons involved or make a public announcement in relation to the purposes for processing of personal data of officers and employees, etc. of the Company.

  • Personal data of customers

    • (1) For handling of orders, etc.

      • To confirm the contents of products or services ordered, etc.

      • To invoice for products and services ordered, etc. and confirm payment or payment status

      • To sell and provide products and services

      • To deliver products to winners or participants in relation to products, campaigns, or events or to deliver rewards or trial goods for questionnaires or monitor-based research

    • (2) For provision of membership services

      • To provide membership services

      • To provide log-in functions for membership service sites

      • To provide operational information, such as information on membership services and changes in conditions of use

      • To ascertain the registration status of member information and status of use for membership services

      • To deal with violations of the Company’s terms, policies, etc. related to membership services, such as fraudulent credit card transactions

    • (3) To provide information

      • To provide product information (including catalogs) and information on campaigns, events, questionnaires, monitor-based research, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer hobbies and preferences based on analysis of product purchasing history and other similar information)

      • To provide support and maintenance information, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer hobbies and preferences based on analysis of product purchasing history and other similar information)

      • To customize information provided in the services handled by the Company or the Company’s group companies or business partners and advertisement distribution in line with customer age, occupation, gender, hobbies and preferences, etc.

    • (4) For operational management of campaigns and events

      • To operate and manage campaigns, events, questionnaires, monitor-based research, etc. related to products and services handled by the Company or the Company’s group companies or business partners

    • (5) For product development, marketing activities, etc.

      • To conduct, tabulate, and analyze questionnaires and monitor-based research, prepare and analyze statistical materials, and collect and analyze data to plan, develop, and improve products and services handled by the Company and use for business, sales, and marketing activities (including analyzing individual customer’s hobbies and preferences, etc.)

      • To use for improvement of websites, campaigns, and events of the Company by analyzing information on customers who access the Company’s website (including analyzing individual customer’s hobbies and preferences)

    • (6) To deal with inquiries and after-sales services, etc.

      • To deal with, confirm, and record inquiries and consultations related to products and services handled by the Company

      • To issue warranties related to products and to deal with, confirm, and record customer services and after-sales services, etc., such as repair, support, and maintenance

  • Personal data of officers and employees of clients, etc.

    • For communications, sales negotiations, or arrangements necessary for business, and procedures related to those communications, negotiations and arrangements

    • To send notices of releases of new products and events, etc., and greeting cards, etc.

    • To provide digital content for the purpose of ordering promotional goods, distribution of news regarding new products, etc., distribution of information related to advertising, management of sales, etc.

    • For duties related to preparation of marketing strategies and sales strategies and implementation of such strategies

    • To provide information for sales promotion related to products and services handled by the Company

    • To use for improving activities related to planning, development, refinement, operations, sales, and marketing for products and services handled by the Company

    • For management of entry and exiting and security management for facilities of the Company

    • To conduct monetary payments and other actions related to performance of agreements

    • To deal with, confirm, and record inquiries and consultations related to products and services handled by the Company

    • To issue warranties and to provide information on customer services and after-sales services, etc., such as repair, support, and maintenance related to products handled by the Company

    • To issue and distribute in-house magazines for the Company’s group companies

  • Personal data of regular employment or internship applicants and of resignees

    • To execute and manage duties related to recruiting activities and internships

    • For provision of information on recruitment and the like to, or communication with, regular employment or internship applicants

    • To deal with labor-related laws concerning resignees, perform duties related to the shareholder association, conduct monetary payments and other actions related to performance of agreements, and for other necessary communications

  • Other personal data

    • To provide awards, etc. to award recipients based on systems for provision of awards

    • For security management of offices

Please note that the Company may omit notice, etc. of the purposes for processing if those purposes for processing are clear in consideration of the circumstances of acquisition of that data.
[Please note that the Company may process information that the Company obtains through its products and services (including its websites and apps) by linkage with personal data that the Company already holds. In this case, the Company will manage the information linked to the personal data under this Privacy Policy.

3. Legal basis, etc. for processing

The Company processes your personal data in accordance with applicable personal information protection regulations.

If you do not provide your personal data even when the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, the Company might not be able to provide you with products and services of the Company (including websites and apps of the Company).

4. Retention period, etc. for personal information

The Company maintains the accuracy and recency of personal data within the extent necessary for the achievement of the purposes for processing. Furthermore, to decide on an appropriate retention period for personal data, the Company considers the volume, nature, and confidentiality of the personal data, the potential risk of damage caused by unauthorized use or disclosure of the personal data, the purposes for which the Company processes the personal data and whether the Company can achieve those purposes by other means, and applicable legal requirements. If your personal data that the Company has collected is no longer necessary, the Company will delete or anonymize your personal data, and if such measures are impracticable (for example, if your personal data has been stored in back-up archives), the Company will store your personal data safely until deletion becomes practicable and ensure that new processing will not be conducted with respect to your personal data.

5. Provision of personal data

The Company provides to third parties the personal data set forth in “1.” (Categories of personal data processed by the Company) above in order to fulfill the purposes set forth in “2.” (Purposes for processing personal data) in the following cases.

If the Company delegates processing of personal data to any processors (service providers), the Company will conduct necessary and adequate supervision over those processors (service providers) for the security of personal data.

  • Provision to processors (service providers)

    • (1) Personal data related to customers

      • Providers of store management services

      • Providers of EC site operation and management system services

      • Providers of online customer system services

      • Providers of customer services and after-sales services

      • Providers of customer management system services

      • Providers of data storage services

      • Providers of product delivery services

      • Providers of rewards point services

      • Providers of fraud detection services

      • Providers of payment services

      • Financial institutions

      • Providers of data analysis services

      • Providers of advertising services

      • Providers of data collection services

      • Any other contractors that provide services necessary for the business activities of the Company

    • (2) Personal data of officers and employees of clients, etc.

      • Providers of advertising services

      • Financial institutions

      • Providers of vehicle operating services

      • The Company’s group companies

      • Providers of client management services

      • Providers of data storage services

      • Providers of data collection services

      • Any other contractors that provide services necessary for the business activities of the Company

    • (3) Personal data on applicants for regular employment or internship applicants and of resignees

      • Providers of data storage services

      • Providers of business services related to the employee shareholding association

      • Any other contractors that provide services necessary for the business activities of the Company

  • Others

    In addition, the Company may, in the following cases, also provide to third parties the personal data set forth in “1.” (Categories of personal data processed by the Company).

    • Cases where you have consented in advance

    • Cases where the provision of personal data is conducted in accordance with laws or regulations

    • Cases where the provision of personal data is necessary for the protection of the life, body, or property of an individual and when it is difficult to obtain your consent

    • Cases where the provision of personal data is especially necessary for improving public health or promoting the sound growth of children and when it is difficult to obtain your consent

    • Cases where the provision of personal data is necessary for cooperation with a state organ, a local government, or any party delegated by either a state organ or local government to execute affairs prescribed by laws and regulations and when obtaining your consent is likely to impede the execution of those affairs

    • Cases where the third party in question is an academic research institute, etc. and the third party needs to process the personal data for the purpose of academic studies (including cases where a part of the purpose for processing the personal data is for academic studies, and excluding cases where that purpose entails the risk of unjust infringement of the rights and interests of individuals)

    • Cases where the business of the Company that incorporates provision of personal data is succeeded to due to a merger, a company split, a transfer of business, or any other similar reason

    • Other cases permitted under applicable laws and regulations (For example, the Company may jointly use personal data with a specified person on the grounds of joint use under the Personal Information Protection Act of Japan. In this case, the Company will, in advance, inform you of the following or make the following readily ascertainable by you: that joint use will be conducted; the categories of the jointly used personal data; the scope of persons with whom joint use will be conducted; the purpose of use for the person using the personal data; and the name or appellation of the person responsible for controlling the personal data.)

The Company may, without limitation, provide information that has been de-identified or aggregated.

6. Safety management measures

The Company takes the following safety management measures for the safe management of personal data.

  • Formulation of basic policies: To ensure proper processing of personal data, the Company formulates basic security policies, including those related to “compliance with related laws, regulations, guidelines, and the like,” and “reception desk for processing questions and complaints.”

  • Preparation of rules related to processing of personal data: The Company formulates procedures for processing personal data in relation to processing methods, persons responsible, persons in charge, their duties, and the like for acquisition, use, storage, provision, deletion, disposal, and all other steps.

  • Organizational safety management measures: In addition to appointing persons responsible for the processing of personal data, the Company clarifies which employees will process personal data and the scope of personal data processed by those employees, and maintains a system to report to and communicate with persons responsible for cases where any instance or indication of a violation of any laws or handling procedures is discovered.

  • Human safety management measures: The Company conducts regular training for employees in relation to important matters regarding the processing of personal data.

  • Physical safety management measures: In areas where personal data is processed, the Company takes measures to prevent access to personal data by persons without authority, in addition to managing employees’ access of rooms and limiting devices and the like brought into those rooms. The Company takes measures so that personal data is not readily identified when carrying devices, electronic media, and the like for processing personal data (including when relocating inside the office), in addition to taking measures to prevent robbery, loss, and the like of those devices, electronic media, documents, and the like.

  • Technical safety management measures: The Company controls access in order to limit the number of persons in charge and the scope of databases for processing personal data. The Company also installs systems to protect information systems that processes personal data from externally originating unauthorized access and unauthorized software.

  • Ascertainment of the external environment: If you wish to be provided with information regarding the foreign countries in which the Company stores personal data, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “8.” (Inquiry desk) below.

7. Your rights

The Company respects the rights you hold regarding personal information protection regulations applicable to you. You may be granted rights under applicable personal information protection regulations of the country in question. If you wish to exercise your rights, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “8.” (Inquiry desk) below.

If you wish to request the notification of purpose of use, disclosure, correction, etc., or suspension of use, etc. of retained personal data, or the disclosure of the records of provision to third parties under the Personal Information Protection Act of Japan, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “8.” (Inquiry desk) below for relevant procedures.

8. Inquiry desk

If the Company receives an inquiry related to the processing of personal data (including personal information provided for in the Personal Information Protection Act of Japan) from you, the Company will take appropriate measures in response to that inquiry under laws and regulations. For inquiries related to personal data (or personal information provided for in the Personal Information Protection Act of Japan) or this Privacy Policy, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form below.

Citizen Systems Japan Co., Ltd., Personal information inquiry desk Inquiry form

For the address of the Company and the name of its representative, please refer to the corporate profile webpage on the Company website.

Corporate Profile | Citizen Systems Japan Co., Ltd.

9. Pseudonymously Processed Information

  • When producing pseudonymously processed information provided for in the Personal Information Protection Act of Japan (“Pseudonymously Processed Information”), the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan) in accordance with standards prescribed by the rules of the Personal Information Protection Commission of Japan (the “Rules of the Personal Information Protection Commission”) as those necessary to make it impossible to identify a specific individual unless collated with other information.

  • When the Company produces Pseudonymously Processed Information or obtains Pseudonymously Processed Information, deleted information concerning the Pseudonymously Processed Information, or the like, the Company takes measures for the safe management of the deleted information, etc. in accordance with standards prescribed by the Rules of the Personal Information Protection Commission as those necessary to prevent the divulgence of the deleted information, etc.

  • If the Company handles Pseudonymously Processed Information that is personal information provided for in the Personal Information Protection Act of Japan, the Company will use it to the extent necessary for the purposes for processing set out in “2.” (Purposes for processing personal data) above and will handle it appropriately under the Personal Information Protection Act of Japan, including disclosing to the public the changed purposes for processing when the Company changes the purposes for processing and uses that Pseudonymously Processed Information for other purposes.

  • If the Company handles Pseudonymously Processed Information that is not personal information provided for in the Personal Information Protection Act of Japan, the Company will handle it appropriately under the Personal Information Protection Act of Japan, including forgoing any sharing or disclosure of that Pseudonymously Processed Information with or to a third party, except in the case where permitted by the Personal Information Protection Act of Japan.

10. Anonymously processed information

  • When producing anonymously processed information provided for in the Personal Information Protection Act of Japan (“Anonymously Processed Information”), the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “10.” (Anonymously processed information)) in accordance with standards prescribed by the Rules of the Personal Information Protection Commission of Japan as those necessary to make it impossible to identify a specific individual and restore the personal data used for the production of the Anonymously Processed Information.

  • When the Company produces Anonymously Processed Information, the Company takes measures for the safe management of that information in accordance with standards prescribed by the Rules of the Personal Information Protection Commission.

  • When the Company produces Anonymously Processed Information, the Company discloses to the public, pursuant to the Rules of the Personal Information Protection Commission, the categories of information relating to the individual contained in the Anonymously Processed Information.

  • If the Company shares or discloses Anonymously Processed Information with or to a third party, the Company will, in advance and pursuant to the Rules of the Personal Information Commission, disclose to the public the categories of personal data contained in the Anonymously Processed Information to be shared or disclosed with or to a third party and its method of provision and will state to the third party explicitly to the effect that the information being shared or disclosed is Anonymously Processed Information.

  • In handling Anonymously Processed Information, the Company does not conduct any act with the purpose of identifying a principal concerned with the personal data used to produce Anonymously Processed Information, such as collating the Anonymously Processed Information with other information in order to identify a principal concerned with the personal data used to produce the Anonymously Processed Information.

11. Website management

  • The Company has taken appropriate system-based and operational security measures, such as measures related to server management systems and access restrictions, to safely manage personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “11.” (Website management)) in the operation of the Company website.

  • When you provide personal data via the Company website, the Company protects your personal data by using technology on the website to encrypt communications, such as SSL (Secure Sockets Layer).

  • The Company uses Google Analytics on its website. Please refer to the web page provided by Google LLC for details on the mechanism for collection and processing of data by Google Analytics.
    Link:How Google uses information from sites or apps that use our services

12. Regarding cookies, etc.

  • Cookies and other such similar technology (“Cookies, Etc.”) may be used on the Company website.

  • The Company may use information obtained through Cookies, Etc. for the following purposes:

    (i)

    to make it possible for a customer to browse the Company website as a continuation of the previous visit without repeatedly entering the same information when the customer visits the Company website subsequently;

    (ii)

    to statistically analyze the use status and the like of the Company website without including information that identifies any customer individually and to improve the service of the Company website; and

    (iii)

    to distribute the Company’s advertisements to customers who have used the Company website and third persons who have characteristics similar to those customers.

  • Information that the Company obtains through Cookies, Etc. may or may not fall under personal data (or personal information provided for in the Personal Information Protection Act of Japan) pursuant to applicable personal information protection regulations of the country in question. If the information constitutes personal data (or personal information provided for in the Personal Information Protection Act of Japan) under applicable personal information protection regulations of the country in question, the Company will manage the information under this Privacy Policy.

  • A customer may refuse acceptance of Cookies, Etc. or cause warnings to appear when he or she has accepted Cookies, Etc. by changing the settings of the web browser he or she is using. However, customers are requested to acknowledge in advance that the Company may become unable to provide some services in those cases.

13. Regarding access logs

  • The Company obtains and records each customer’s IP address, access information, and the like on the Company website, so the Company may obtain use information regarding web pages and the like that the customer has visited (“Access Logs”).

  • The Company may use Access Logs for the following purposes:

    (i)

    to statistically analyze the use status and the like of the Company website without including information that identifies any customer individually and to improve the service of the Company website;

    (ii)

    to determine causes of, and solve, problems in the Company’s web server; and

    (iii)

    if a customer has registered personal data (including personal information provided for in the Personal Information Protection Act of Japan) for membership services and the like of the Company, the Company may associate the information with information that the Company holds and that identifies the customer as an individual.

  • Access Logs that the Company obtains may or may not fall under personal data (or personal information provided for in the Personal Information Protection Act of Japan) pursuant to applicable personal information protection regulations of the country in question. If the Access Log constitutes personal data (or personal information provided for in the Personal Information Protection Act of Japan) under applicable personal information protection regulations of the country in question, the Company will manage the Access Log under this Privacy Policy.

14. Personal data of minors

The Company takes necessary measures with respect to the personal data of persons who are minors (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “15.” (Personal data of minors)) in accordance with applicable laws and regulations. Please note that the Company may, when necessary, request a guardian’s consent in relation to the personal data of a person who is a minor.

15. Regarding other matters

The Company may change this Privacy Policy without notice in order to seek more appropriate management or to act in response to amendments of related laws and regulations and the like.
In this case, the Company conducts notification by publishing the changed version of this Privacy Policy without delay (if there is a notification method necessary pursuant to applicable laws and regulations, the Company will act in accordance with that method) and processes personal data (including personal information provided for in the Personal Information Protection Act of Japan) in accordance with the changed version of this Privacy Policy from the time of that notification. However, if it is a change in detail that requires your consent pursuant to applicable laws and regulations, the Company will obtain your consent by a method designated by the Company.

Last revised: April 1, 2022