1. HOME
2. GDPR Privacy Policy

GDPR Privacy Policy

Last updated: April 2021

THIS PRIVACY POLICY ONLY APPLIES TO PROCESSING OF PERSONAL DATA SUBJECT TO GDPR (as defined below).

1. INTRODUCTION

This website is owned and operated by Mizkan Holdings Co., Ltd. ("Mizkan"), a stock company incorporated under the laws of Japan.

This Privacy Policy is to inform consumers (i.e. “you”) of how we at Mizkan and our group companies (excluding in the UK¹ ) (“we” or “us”) process your personal data and explains the measures and processes we have put in place to protect your information and the privacy rights you have by law.

We provide you with this information as required by the EU General Data Protection Regulation 2016/679 (“EU GDPR”) and pursuant to amendments made by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (“DP Brexit Regulations”) (the “UK GDPR”) (collectively, "GDPR"). It is important that you read this privacy policy together with any other privacy notice we may provide you when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

2. LAWFUL PROCESSING

We will only process your personal data:

1. where you have given your consent;
2. where the processing is necessary to provide our products or services to you;
3. where the processing is necessary to respond to a request from you;
4. where the processing is necessary to maintain our relationship with you;
5. where the processing is necessary for compliance with our legal and regulatory obligations; or
6. where the processing is necessary in order to protect the vital interest of the data subject.

In case of a. above, you may withdraw your consent at any time, by making a request as set out in section 12 below.

3. WHAT PERSONAL DATA WE COLLECT ABOUT YOU

3.1 We may process the following types of personal data about you:

1. Your name, email address, twitter and/or Instagram (or other social media) handle and other contact details;
2. Details of your preferences for types of marketing events or materials;
3. Your messages, feedback or contributions to customer surveys and questionnaires;
4. Digital still images and videos that you provide (for which consent will be sought at the time of provision);
5. Other communications you send to us; and
6. Details of your access to our websites (including IP address).

3.2 It may be mandatory for you to provide us with your personal data, to enable us to manage our business and operations, to maintain our relationship with you, to provide our products or services to you or to comply with our legal and regulatory obligations. If you fail to provide your personal data, we might be unable to maintain our relationship with you or to provide our products or services to you.

3.3 We make every effort to maintain the accuracy and completeness of your personal data which we store and to ensure all your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you (see section 9 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

4. HOW WE COLLECT PERSONAL DATA

We usually collect your personal data from the information you submit during the course of your relationship with us. This will typically be through;

- You sending us emails and other correspondence;
- The forms and documents used when you sign up to our marketing or market data newsletters;
- The sign-up information you use to access any of our products or services;
- The information you as a customer provide to us as supplier so we can ship to you and bill you and can contact you on orders and/or issues; and/or
- Through online platforms such as social media.

5. HOW WE USE PERSONAL DATA

We will process your personal data in connection with the management of our relationship with you and the provision of our products and services to you for the following purposes:

1. to provide you with requested products or services;
2. to respond to your messages or posts to us;
3. to provide you with promotional and marketing materials about our products and services that we think you may be interested in;
4. to manage, develop and improve our product range, services, stores, information technology systems and websites;
5. for monitoring and assessing compliance with various laws and our policies and standards;
6. to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
7. to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
8. for administrative purposes in relation to the security and access of our websites and applications;
9. to comply with court orders and exercise and/or defend our legal rights;
10. to deal with your complaint or any concerns about your health and/or wellbeing;
11. for any other legitimate business purpose; and/or
12. as otherwise permitted or required by any applicable law or regulation

In some cases, such as for instance a competition or prize draw, you may provide us with specific information, such as a photo or video, which could contain personal data. In those specific cases, we will always inform you for what objective we gather the information and for how long we intend to keep such data.

Where you wish to share personal data on specific matters like health with us, to enable us to handle a question and/or complaint we may ask you for your consent before we process such data. If you submit your request online we may ask for your consent online before you can submit your question. If you submit your correspondence by postal mail we may first have to contact you and ask you for your written consent. If you call us we may ask you for your consent in the telephone call and will record you answer before we can process your personal data. In all three incidences, we would maintain a record of your consent for us to process such specific data.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

This website is controlled and operated from Japan and the files containing your personal data will be maintained on our servers or those of our IT service providers located in Japan. As the European Commission and the UK Secretary of State has confirmed that the laws in Japan offer an adequate level of protection of personal data as are enjoyed within the European Economic Area (“EEA”) and/or the UK, we will process your personal data with the same level of protection as in the EEA and/or the UK and recognise your rights on your personal data you would hold under the GDPR.

Where we share your personal data with our group companies in Japan, we will rely on the decision by the European Commission and the UK Secretary of State in accordance with Article 45 of GDPR that the laws in Japan offer an adequate level of data protection as are enjoyed within the EEA and/or the UK.

We may also share your personal data with other group companies and other third parties (set out in section 7 below) located in countries in which laws do not offer the same level of protection of personal data as are enjoyed in countries inside the EEA and/or the UK. In such cases, we will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR. You can obtain copies of the relevant safeguard documents by making a request as set out in section 12 below.

7. WHEN WE MAY DISCLOSE YOUR PERSONAL DATA

We do not and will not sell, rent out or trade your personal data. We will only disclose your personal data to the following recipients:

1. to our group companies;
2. to third parties who process your personal data on our behalf such as;

   (i) Providers of consumer and customer communications in areas such as;	(A) Digital and social media communications (B) Customer care (C) Advertising (D) Market Research
   (ii) Providers of logistical services	-
   (iii) Providers of legal services	-
   (iv) Providers of IT support services in areas such as;	(A) Website development and website management (B) Web site hosting (C) Providers of generic IT services (D) Application development
   (v) Providers of assurance in areas such as;	(A) External- and Internal Audits (B) Health, safety, hygiene and technical matters

3. to any third party to whom we assign or novate any of our rights or obligations;
4. to any prospective buyer in the event we sell any part of our business or assets; and/or
5. to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.

8. HOW WE PROTECT YOUR PERSONAL DATA

We are committed to safeguarding and protecting your personal data and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect your personal data from accidental or unauthorised destruction, loss, alteration, disclosure or access.

9. YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT

9.1 If you would like us to stop sending you emails, please make use of the option at the end of our email to you where you can request that we remove you from our mailing list.

9.2 If you wish to:

1. update, modify, delete your personal data or obtain a copy of your personal data that we hold; or
2. restrict or stop us from using any of your personal data which we hold;

you can request this by contacting us as set out in section 12 below.

9.3 In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.

10. HOW LONG WE WILL HOLD YOUR PERSONAL DATA FOR

We will only retain your personal data as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

11. HOW WE UPDATE OR CHANGE THIS PRIVACY POLICY

This Policy does not form any contractual relationship between you and us, and we may change or update parts of this Policy to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this Policy on this website from time to time.

You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this Policy so you are fully aware of any changes or updates.

12. HOW YOU CAN CONTACT US

If you have any queries about the contents of this Policy or your personal data, or wish to make a request in relation to your personal data, please contact us through the form "Contact Us".

When you make your request please indicate the following;

• Your name
• Your email address (or postal address if you previously submitted your postal address to us)
• The date of your request
• The date at which you submitted your personal data to us or a description of the specific situation² when you provided us with your personal data
• The nature of your request (i.e. do you want us to correct your data, for us to delete your data, to provide you with a copy etc.)

• Contact Us

13. HOW TO LODGE A COMPLAINT TO THE DATA PROTECTION AUTHORITY

The protection of your personal data and of our relationship with you is important to us. If you have any questions or you think we have breached your data protection rights please contact our inquiry desk above through the form "Contact Us".

However, if you are unable to come to a solution with our inquiry desk, you may lodge a complaint with a supervisory authority, in particular in the EEA member state of your habitual residence, place of work or place of the alleged infringement of the GDPR.