Global Privacy Policy for Customers
- Global Privacy Policy for Customers
- Indonesian Local Annex
- Each Local Annex (other than Indonesian)
Ezaki Glico Co., Ltd. and its subsidiaries (collectively referred to as “Glico Group” or “the Group”, and each company is referred to as a “Glico group company”) are committed to protecting personal data, in accordance with applicable data protection laws and regulations. This Global Privacy Policy for Customers applies to Glico Group when it handles personal data of consumers and business partners (collectively, “you”, “your” or “Customers”) in any jurisdiction all over the world.
Information that the Group handles as personal data will be limited to information that meets the definition of “personal data” under the applicable laws and regulations in the relevant jurisdiction.
In addition to this Global Privacy Policy, the Group establishes the Annex for a specific region supplementary to or amending this Global Privacy Policy to comply with the data protection laws and regulations in such a specific jurisdiction (the “Local Annex”). Each Local Annex is attached hereto and the scope of application of each Local Annex is set forth in that Annex. Typically, in relation to the processing of your personal data, the Local Annex for your residence or location and that for the location of the Glico group company that provides goods or services to you will apply. Thus, more than one Local Annex may be applicable if you and the relevant Glico group company are residing or located in different jurisdictions.
Please read carefully this Global Privacy Policy in its entirety and the Local Annex applicable to you because personal data which the Group collects from you will be treated in accordance with (i) if any Local Annex is applied, this Global Privacy Policy supplemented or amended by such applicable Local Annex and (ii) if not, this Global Privacy Policy itself ((i) or (ii) as the case may be is referred to as the “Applied Privacy Policy”).
The Group or a Glico group company may offer separate privacy policies, notices or terms and conditions with regard to personal data for providing you with specific goods or services (collectively, the “Specific Policy”) and when you take or use such specific goods or services, the Specific Policy is applied in addition to the Applied Privacy Policy.
If there is any inconsistency among any provision of this Global Privacy Policy, the Local Annex and the Specific Policy, the provision that imposes stricter (or the strictest) obligations shall prevail.1. Categories of Personal Data the Group Collects
Categories of information that the Group collects in relation to Customers are as set forth below, provided, however, that as noted above, the Group treats such information as personal data only if such information meets the definition of “personal data” under applicable laws and regulations of each jurisdiction:
- (a) name - surname;
- (b) gender;
- (c) age;
- (d) date of birth;
- (e) company which he/she is working for and his/her position or title;
- (f) telephone and facsimile numbers;
- (g) e-mail address;
- (h) resident address and office address;
- (i) shipping address and billing address;
- (j) geolocation information;
- (k) order and billing history;
- (l) how you use the Group’s websites, and browsing history;
- (m) credit card information (such as full number, last 4-digits, and type);
- (n) bank account information;
- (o) unique customer identifier (such as user ID number);
- (p) ID information of social media account or the like;
- (q) your login ID and password;
- (r) consent status of newsletter or direct mail etc.,;
- (s) information regarding your device (such as your IP address, device identifiers, networks, browser and operating system);
- (t) reviews, opinions, comments, enquiries, and indications about the Group’s goods and services; and
- (u) other categories of personal data necessary for the purposes described in Section 2. “Purposes of the Group’s Use of Your Personal Data” below (if required under applicable law, the Group will notify you of the categories of such personal data separately).
The means that the Group uses to collect personal data directly from you includes, without limitation, through the Group’s websites or social networking sites (such as when you access or browse the Group’s websites or social networking sites; when you place online orders; or when you upload and submit your reviews, opinions, comments, enquiries, or indications), by e-mail, by postal mail or fax, through a meeting, or by use of cookies and other similar technologies (for cookies and other similar technologies, please refer to Section 8. “Cookies and Similar Technologies” below).
As described in Section 3. “How the Group Shares Your Personal Data” below, Glico group companies may collect personal data from another Glico group company.
The Group may also collect personal data from publicly available sources such as third party websites, blogs, social media sites and professional networking sites.2. Purposes of the Group’s Use of Your Personal Data
The Group uses your personal data for the purposes described below. However, legal grounds to process your personal data may change subject to the applicable relevant laws and regulations of the respective jurisdictions, so please also refer to the applicable Local Annex.
Personal data collected by the Group will be used for:- (a) fulfilling the Group’s contractual obligations in relation to transactions between you and the Group, including, without limitation, processing your orders and payments;
- (b) communicating with you about the goods, services, campaigns, and events offered by the Group, including, without limitation, responding to your enquiries and opinions, providing news and information which the Group thinks will be of beneficial to you and shipping out prizes related to campaigns and events;
- (c) permitting you to participate in surveys, campaigns, and events;
- (d) monitoring and analyzing trends, usage and the status of activities in connection with the Group’s goods and services, with an aim to improve or develop the Group’s goods and services;
- (e) detecting, investigating and preventing fraudulent transactions and other illegal activities; and protecting the rights and property of the Group, you and others;
- (f) distributing targeting advertisement to you on websites or the like of the Group and those of third parties, according to your tastes and preferences coming out from analyzing information such as browsing history obtained from you;
- (g) reporting internally within the Group;
- (h) carrying out any other purpose described to you at the time personal data was collected;
- (i) conducting internal audits by on Glico group companies;
- (j) complying with applicable laws, regulations and other requirements (such as cooperating with law enforcement agencies, regulatory authorities, and other governmental agencies);
- (k) responding to any request from you; and
- (l) such other purposes as mentioned in Section 3. “How the Group Shares Your Personal Data” below.
3. How the Group Shares Your Personal Data
The Group may share your personal data as described below or as otherwise described in the Local Annex or the Specific Policy:
- (a) sharing with other Glico group companies, where such sharing is necessary for the purposes described in Section 2. “Purposes of the Group’s Use of Your Personal Data” above;
- (b) sharing with other Glico group companies, where such sharing is necessary for administrating the Group’s business;
- (c) sharing with the Group’s distributors and retailers for providing Customers with goods and services of the Group, provided that they are required to use the personal data which the Group shares only for the purpose of providing Customers with goods and services of the Group and to process such personal data in compliance with all applicable data protection laws and regulations;
- (d) sharing with digital marketing and web development agencies for digital marketing and website related activities, provided that they are required to use the personal data which the Group shares only for the purpose of digital marketing and/or developing and updating websites for the Group and to process such personal data in compliance with all applicable data protection laws and regulations;
- (e) sharing with external analysis agencies for evaluation of product defects, provided that they are required to use the personal data which the Group shares only for the purpose of the Group’s evaluation of product defects and to process your personal data in compliance with all applicable data protection laws and regulations;
- (f) sharing with companies or individuals (including, without limitation, service providers, agents, sub-contractors and contractors), where such sharing is necessary for providing the Group’s goods, campaigns and services, including, without limitation, sending the Group’s consumer prizes to you, provided that they are required to use the personal data which the Group shares only for the purpose of providing the Group’s goods, campaigns and services and to process your personal data in compliance with all applicable data protection laws and regulations;
- (g) sharing with the Group’s professional advisors (such as lawyers, accountants and financial advisors), to the extent necessary and only if they are bound to keep your personal data confidential;
- (h) disclosing as part of the Group’s proposed sale, merger, acquisition, joint venture or transfer of assets, subject to ensuring that the recipient is under suitable confidentiality obligations in respect of your personal data and uses it only to the extent that the purpose of such use is as provided in the Applied Privacy Policy or the Specific Policy;
- (i) disclosing where required by law, where requested by a government entity or where necessary to prevent crime or to ensure the rights, property or personal safety of the Group, the Group’s Customers or any other person; and
- (j) sharing personal data as otherwise permitted by applicable law.
The Group may also share statistical or anonymized information in a form that cannot reasonably identify you.4. Data Transfer Outside of Country
The Group may transfer any personal data the Group collects from you to other countries (including, without limitation, those where Glico group companies are located other than your country of residence) and handle the personal data in such other countries. Those other countries may not have the same data protection laws and regulations as the country of your residence, and your personal data will be subject to laws and regulations of each of those countries. When the Group transfers your personal data to such other countries, the Group will implement safeguards to protect your personal data required under applicable laws and regulations.
5. Security
The Group will take reasonable physical, technical and procedural measures to safeguard personal data within the Group’s organization against loss, theft and unauthorized use, disclosure or modification. Where personal data is held by third parties on behalf of the Group, the Group has also imposed contractual obligations on such third parties to ensure the confidentiality and security of such data.
While the Group will take all reasonable measures (as required by applicable law) to protect the integrity of such data, it is your duty to keep (including, to take reasonable steps to keep) confidential any user names and passwords issued by or relating to the Group’s websites, and to inform the Group promptly of any possible security breaches (including unauthorized access to your personal data through the Group’s websites). The Group cannot be responsible for any loss, unauthorized access or alteration, or misuse which occurs due to your failure to comply your duty.6. Retaining and Deleting Personal Data
The Group will periodically review the personal data held by the Group to ensure that such data is accurate and up to date. The Group will also retain your personal data only for so long as it is necessary (subject to the Group’s internal policies on data retention if applicable ones exist or subject to applicable laws and regulations if such policies applicable do not exist) and will use reasonable efforts to delete it without delay after it becomes not necessary.
7. Customers’ Rights
To the extent required by applicable law, you have the right to withdraw your consent for handling of your personal data. If you want to withdraw your consent, please contact the Group by using the contact details set forth in Section 11. “Contact Details” below.
To the extent required by applicable law, you also have other rights regarding your personal data including, without limitation, rights of access, deletion, cease of use, or correction. If you want to assert your rights, please contact the Group by using the contact details set forth in Section 11. “Contact Details” below.
If you make a request as set out above, you will be required to provide the Group with sufficient information to identify you. Upon receipt of your request, the Group may ask you to provide additional information (including proof of identity) in order to deal with your request. Please note that it may also take some time to deal with the application, although the Group aims to deal with all requests as soon as possible.
The Group will deal with your requests above made in accordance with the applicable law; however, where permitted by law, the Group may also charge an appropriate fee to cover the cost of dealing with requests.8. Cookies and Similar Technologies
Cookies and other similar technologies are used on certain pages of the Group’s website and other third party websites. Cookies are a technology for communicating between the website’s server and the browser. With cookies, your viewing history of a certain website such as the Group’s website is recorded, which makes your use of the internet more beneficial. Cookies are widespread as a standard technology of the internet, and are used by many sites for the purpose of improving customer convenience, displaying advertising to customers and collecting statistics.
By changing the cookie settings, you can block cookies. However, by blocking cookies, you may become unable to use some of the services on the site. Furthermore, depending on your usage environment (such as browser settings and internet connection), it may not be possible to block cookies.9. Direct Marketing Communications
If you no longer want to receive direct marketing communications from the Group (including, without limitation, direct mail), you may stop receiving those communications by following the instructions therein contained or by contacting the Group by using the contact details set forth in Section 11. “Contact Details” below. Please note that if you stop receiving direct marketing communications, the Group may still send you messages that are necessary for administrative purpose.
10. Third Party Services / Websites
The Group’s websites may ask you to provide personal data, such as when you log into the website by using a login ID, password and the like. Some functionality may allow you to share feeds or post content to social media and professional networking sites by using third party authentication tools. Any information that is captured through the use of such functionality is governed by the relevant third party privacy policy and terms, not by the Applied Privacy Policy.
The Group’s websites contain links to websites other than those of the Group. The Group bears no responsibility for anything related to such other websites linked from those of the Group, including, without limitation, for the privacy on such other websites. In addition, the Group bears no responsibility for any handling of personal data or other information submitted by you through those websites, or otherwise collected from you by those website operators.11. Contact Details
If you have any questions about this Global Privacy Policy or a Local Annex, or the Group’s handling of your personal data, please contact the Group by using the contact details below.
Contact Details12. Policy Changes
The Group may update this Global Privacy Policy or the Local Annex from time to time, in accordance with the Group’s internal policies, technological developments, industry practices or applicable laws and regulations. If the Group makes any changes to this Global Privacy Policy or any Local Annex, the Group will post the revised version here, so please do review this page frequently. In addition, the Group will conduct the necessary procedures (such as notifying you and obtaining your consent) required under each applicable laws and regulations.
13. Children
The Group follows applicable laws and regulations in each relevant jurisdiction when collecting personal data from children.
Effective Date: 5 October, 2022
Global Privacy Policy for Customers – Indonesian Annex
Last Updated: 5 October, 2022
Effective Date: 5 October, 2022
This Indonesian Annex will be applied if the following Glico group companies process your personal data.
● PT Glico Indonesia
● PT Glico Manufacturing Indonesia
● Glico companies located outside Indonesia which directly collect personal data from the Customers residing or locating in Indonesia
You agree that your personal data may be collected, processed, shared and transferred to third parties as described in Sections 1 through 4 of the Global Privacy Policy.
The provisions of each Section described below are supplementary to the provisions of the respective Sections with the same numbers and same titles of the Global Privacy Policy unless otherwise specifically stipulated in such Section below.
5. Security
You hereby acknowledge and agree that we may send data breach notification relating to the breach of your personal data (if any) to you in an electronic form.
7. Customers’ Rights
You have rights regarding your personal data including, without limitation, rights of access, right to the confidentiality of your personal data, deletion, cease of use, or correction. To assert your rights, please contact us by using the contact details set forth in Section 11 “Contact Details” of the Global Privacy Policy.
9. Direct Marketing Communications
By agreeing to our Global Privacy Policy and this Annex, you also agreed to receive direct marketing communication from us, as we mentioned in Section 2 “Purposes of the Group’s Use of Your Personal Data” of the Global Privacy Policy. You may withdraw your consent at any time by using the contact details set forth in Section 11 “Contact Details” of the Global Privacy Policy. Please note that if you unsubscribe from receiving direct marketing communications, we may still send you administrative messages, from which you cannot withdraw your consent.
①California Annex
②Canadian Annex
③GDPR Annex
➃PRC Annex
⑤Indonesian Annex
⑥Singapore Annex
⑦Philippines Annex
⑧Vietnamese Annex
⑨Malaysia Annex
⑩Korea Annex
⑪Taiwan Annex
⑫Thailand Annex
⑬Japan Annex