It’s likely that we’ll need to update this Policy from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
1. Who are we?
The SHISEIDO brand belongs to the Shiseido Group. The Sites are operated by the Shiseido Group with Beauté Prestige International SA doing business as Shiseido Group EMEA. Shiseido Group EMEA is in charge of leading our customer relations and marketing efforts for Europe.
2. Legal basis for processing your data
Data protection law in the European Union contains a number of "lawful bases" for processing personal data. These are really legal justifications which mean organisations like us are allowed to have your personal information in the first place. We have been careful to ensure we have a lawful basis for all processing of data we undertake. Our lawful bases include:
Performing the contract we have with you – In certain circumstances, we need your personal data in order to take steps at your request prior to entering into a contract. In this case, provision of your personal data will be necessary to provide you with information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested services.
Legal compliance – Sometimes the law says we need to collect and use your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement and tax laws require us to retain records of payments for our products. In this case, provision of your personal data will be necessary to provide you with the information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested services.
Legitimate interests – this is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which does not hurt your interests and rights. We sometimes use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will send you promotional communications about our service, subject to your legal rights to control whether we do so. We do analyse how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows to improve and develop the quality of the online experience we offer all our users.
Consent – in certain cases we may ask for your consent before using your information.
3. When do we collect data from you
here are a number of occasion on which we will collect information from you:
4. What data do we collect and why do we use it?
Depending on how you interact with us (online, in-store, on the phone, etc.), we may collect from you various types of information, which are described in more detail below. In some instances, we may combine one type of information with another type of information, and store them together in our records. In all cases, however, we strive to limit the amount of information we collect and store to that which is necessary for the lawful reason we have your information in the first place. We inform you wherever possible whether we need information requested or whether you have the choice not to provide it, but can still make an order, subscribe for our updates and offers etc. We may not be able to provide a service if you do not disclose the information requested.
When you interact with us through the Site or our application, we use various technologies (including cookies, as further described below) to collect certain information (described below) about your visits to and use of the Site and application. We use this information to understand your needs and preferences better so we can offer you a better experience online and instore, to monitor and maintain our online infrastructure improve our Site and applications generally.
In accordance to the information provided in the banner or notice emerging in our Site when you first visit our Site, browsing and remaining on our Site will be understood as you are consenting to the use of the abovementioned cookies as set out in this Policy and the Cookies Policy.
A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser/or exit the app. Others are used to remember you when you return to the Site and will last for longer.
We may obtain information, including personal data, from third parties and sources other than our Site, such as our partners, advertisers. If we combine or associate information from other sources with personal data that we collect through the Service, we will treat the combined information as personal data in accordance with this Policy.
We work with social media platforms and digital advertising platforms to:
We want to bring you offers and promotions that are most relevant to your interests at particular times, in emails (where we have your consent) and on the Site when you visit. To help us form a better, overall understanding of you as a customer, we may combine your information gathered across various channels, for example your offline shopping history. For this purpose we also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data onto us. In doing this, we may put you into one or more categories of customer which we use to help build our promotional and marketing strategies, and that category will in part dictate the promotional communications and recommendations you receive from us.
5. We are not responsible for third party sites/features
Our Site may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. If you click on such links or use such features, you do so at your own risk. We are not responsible for the content or practices of any third party site, application, or feature.
6. Safety of our cosmetic products
In the event you would experience allergies or intolerance when using our cosmetic products, your requests or claims regarding safety of our cosmetic products should be submitted by contacting:
Shiseido Group EMEA
Regulatory Department – Cosmétovigilance
56 A, rue du Faubourg St Honoré
Phone : + 33 1 86 76 00 00
The data you provide for safety reasons is your name, contact details and health data relating to allergy or intolerance. The processing of this data is for safety of our cosmetic products only, and based on your consent. This data is used only for this purpose, and in separate digital environments and channels from the general commercial and marketing purposes. We will process it to adapt our marketing messages to you only upon your prior consent.
We may also have to transmit information on the safety of our cosmetic products to the competent health authorities, on an anonymous basis.
Although most Web browsers automatically accept cookies, the decision of whether to accept or not is yours. You have the choice to accept or decline cookies by way of consent. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you.
8. Do we share your Personal Information?
Shiseido is a leading beauty care and perfume company with products sold in over 120 countries. As a global business, we may share your personal information with Shiseido Group companies and trusted third parties based outside the country in which you live so that they may process that data on our behalf. We will never rent, trade or sell your personal information to third party companies for their own marketing use.
Affiliates and Shiseido group entities
We may share (or receive) information about you, including personal information, with our regional headquarters for Europe-Middle East-Africa (EMEA), Beauté Prestige International S.A., the trading name of which is Shiseido Group EMEA, RCS B 379 445 984, which headquarter is 56A rue du Faubourg Saint Honoré 75008 Paris, France ("Shiseido Group EMEA"), and Shiseido Americas Corporation which headquarter is 900 Third Avenue, New York NY 10022, in the US ("SAC").
Shiseido Group EMEA is in charge of leading our customer relations and marketing efforts for the Europe, Middle East and Africa region and this means they are also a joint controller of your personal data under European data protection law.
SAC is in charge of administering the IT aspects of our Sites, and providing technology infrastructure, including through their third party suppliers, which helps us for instance host the Site and your information, provide customer relationship management or "CRM" services. As such, SAC acts as a data processor on our behalf.
Third party vendors and providers
We sometimes share your personal data with trusted third parties. For example, delivery couriers, for fraud management, to handle complaints, to help us personalise our offers, website, application development, hosting, maintenance, customer relationship management and promotional services to you and so on. You can see the main companies we work with who collect information relating to you directly through the Site here.
Where we use any of these providers:
For some suppliers, we and our group companies need to transfer your information to locations outside the European Union, such as to the United States.
Legal disclosures (when necessary)
This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary and will make sure that any transfers outside the European Union is made on the appropriate legal basis.
Business transfers (e.g., sale or acquisition of company)
To the extent allowed by the law, we may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves Shiseido Group EMEA or its parent or affiliated companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this Policy, unless it is not practicable or permissible to do so and will make sure that any transfers outside the European Union is made on the appropriate legal basis.
Shiseido is headquartered in Japan, and we have operations, affiliates, entities, and service providers in Europe and throughout the world, including in the United States. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.
Whenever we transfer your personal data out of the EEA or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring that these transfers are based on standard contractual clauses, in compliance with the model clauses validated by the European Commission or, for some transfers to the United States, under the Privacy Shield program, details of which you can find here: https://www.privacyshield.gov/welcome. When such sharing of information involves transfers outside Europe to SAC, these transfers are based on its Privacy Shield certification. SAC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your information transferred from the Europe to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
9. How do we protect your Personal Information?
Shiseido knows how much data security matters to all our customers. So we take great care to treat your data and take all appropriate steps to protect it, and require the same of our suppliers who we share your data with.
Secure operating environments
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Encryption for payment info
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
Other security measures
In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centers, etc.).
Measures you can take
Despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. It is also important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never to reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.
Please note, however, that these protections do not apply to any information you choose to share in public areas such as our website community features or other social areas. We pay particular attention to sensitive data, in particular payment card data, allergy or intolerance data, etc.
10. How long do we retain your Personal Information?
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy. The criteria used to determine such retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal or business obligation to which we are subject; or (iii) whether a longer retention period is required or permitted by law.
11. Your rights and choices
You have the legal right to request:
You have the right to request a copy of any personal data we hold that relates to you. To ask for your information, please contact our Data Protection Officer in the Contact section. To ask for your information to be amended, please update your online account, or contact our Customer Services team.
If we choose not to action your request we will explain to you the reasons for our refusal.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
12. Data about Children
Our Sites are not directed to anyone under 16 years of age. We do not solicit or collect any type of information from a person known to be under the age of 16. If we become aware that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible (or obtain the necessary parental permission to retain it).
13. International Privacy Laws
This Policy represents our accepted privacy principles but does not supplement or replace existing national law. It complements the respective national data protection law. The respective national law supersedes in case where it requires deviations from this Policy or sets more stringent requirements. Likewise, the contents of this Policy shall apply if no corresponding national data protection law exists.
14. Dispute Resolution / Contacting the Regulator
If you have any complaints regarding our compliance with this Policy, please first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Policy.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the French Privacy Commission (CNIL), who is our ‘lead supervisory authority’ under data protection law. That means they are the data protection regulator with primary responsibility for overseeing our compliance with data protection law. You can contact them by calling: +33 (0)1 53 73 22 22 or go online to www.cnil.fr (opens in a new window; please note we can’t be responsible for the content of external websites).
Additionally, Spanish users may contact directly with the Spanish Data Protection Authority by writing to C/ Jorge Juan, 6. 28001, Madrid or go online to www.agpd.es.
If you are based outside of France or Spain, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).
15. Any questions? How to contact us
We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have further questions related to this Policy or have any concerns regarding your personal data, please contact our Data Protection Officer who will be pleased to help you:
Data Protection Officer
Shiseido Group EMEA
56 A, rue du Faubourg St Honoré
Please contact the above company for all processing described in this Policy, except for the safety of cosmetic products. For safety of cosmetic product please refer to Section 6 of this Policy.