Shiseido is a leading beauty care and perfume company with products sold in over 120 countries. As a global business, we may share your personal information with Shiseido Group companies and trusted third parties based outside the country in which you live so that they may process that data on our behalf. We will never rent, trade or sell your personal information to third party companies for their own marketing use.
Affiliates and Shiseido group entities
We may share (or receive) information about you, including personal information, with our regional headquarters for Europe-Middle East-Africa (EMEA), Beauté Prestige International S.A., the trading name of which is Shiseido Group EMEA, RCS B 379 445 984, which headquarter is 56A rue du Faubourg Saint Honoré 75008 Paris, France ("Shiseido Group EMEA"), and Shiseido Americas Corporation which headquarter is 900 Third Avenue, New York NY 10022, in the US ("SAC").
Shiseido Group EMEA is in charge of leading our customer relations and marketing efforts for the Europe, Middle East and Africa region and this means they are also a joint controller of your personal data under European data protection law.
SAC is in charge of administering the IT aspects of our Sites, and providing technology infrastructure, including through their third party suppliers, which helps us for instance host the Site and your information, provide customer relationship management or "CRM" services. As such, SAC acts as a data processor on our behalf.
Third party vendors and providers
We sometimes share your personal data with trusted third parties. For example, delivery couriers, for fraud management, to handle complaints, to help us personalise our offers, website, application development, hosting, maintenance, customer relationship management and promotional services to you and so on. You can see the main companies we work with who collect information relating to you directly through the Site here.
Where we use any of these providers:
- We provide only the information they need to perform their specific services.
- They may only use your data for the purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
For some suppliers, we and our group companies need to transfer your information to locations outside the European Union, such as to the United States.
Legal disclosures (when necessary)
This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary and will make sure that any transfers outside the European Union is made on the appropriate legal basis.
Business transfers (e.g., sale or acquisition of company)
To the extent allowed by the law, we may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves Shiseido Group EMEA or its parent or affiliated companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this Policy, unless it is not practicable or permissible to do so and will make sure that any transfers outside the European Union is made on the appropriate legal basis.
Shiseido is headquartered in Japan, and we have operations, affiliates, entities, and service providers in Europe and throughout the world, including in the United States. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.
Whenever we transfer your personal data out of the EEA or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring that these transfers are based on standard contractual clauses, in compliance with the model clauses validated by the European Commission or, for some transfers to the United States, under the Privacy Shield program, details of which you can find here:https://www.privacyshield.gov/welcome. When such sharing of information involves transfers outside Europe to SAC, these transfers are based on its Privacy Shield certification. SAC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your information transferred from the Europe to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.