In order to ensure that our customers and partners can use our services safely, H2O RETAILING Group companies (the “Group”) will lawfully and properly manage and use personal data in compliance with internal regulations and relevant laws, regulations, guidelines, etc., and endeavor to protect the privacy of our customers and partners.
The following Privacy Policy sets out the Group’s basic principles for using and otherwise handling personal data, and will be adhered to by the Group.

(Lawful Processing of Personal Data)

1. When processing any personal data, the Group will endeavor to ensure that the customers will be able to purchase our products and services with a sense of security by complying with applicable domestic and overseas laws, regulations, guidelines, etc., and continually improving this Privacy Policy.
In addition, the Group will pay constant attention to the use of personal data that a customer entrusts to the Group and will not use it in any way that encourages or induces illegal or unjust acts.

(Collecting Personal Data)

2. If the Group collects any personal data, the Group will do so in a lawful manner and specify its purpose of use.
The Group only collects the personal data necessary for accomplishing the purpose of use and will not collect any personal data beyond what is necessary for such purpose.
Personal data includes information of the customer himself/herself, as well as any personal data indirectly collected through the customer, such as personal data of family members or recipients of shipped products.

(Purposes of Use of Personal Data)

3. If the Group processes any personal data of a customer, the Group will specify its purpose of use in advance.
The Group will not use personal data for any purpose other than the specified purposes of use.
Unless otherwise specified, the Group processes customers’ personal data for the following purposes of use.

1)Business related to retail and services

Information processed Purpose of use
Information regarding the customer’s attributes, such as name, address, phone number, and e-mail address
  • Provision of sales services and other services, such as processing of sale, delivery or shipping of products, member registration, and after-sales service
  • Sending a notice of goods left behind, etc., and responding to customer inquiries and feedback on sales processing, products, and services
  • Printing the information of the sender and the recipient on a gift shipping slip
  • Shipping notices, prizes, etc., to the winners of prize competitions, etc., and shipping rewards, etc., for answering questionnaires
  • Responding to other customer inquiries, requests for material, etc.
  • Securing the safety of customers


2)Business to perform services outsourced by corporations, etc.

Information processed Purpose of use
Information regarding the attributes of our partners’ officers and employees, etc., such as name, department, phone number, and e-mail address
  • Providing services under a service agreement with a partner, such as salary calculation, bookkeeping, individual number management, and hiring
  • Providing services under a service agreement with a partner, such as system development, operation, and maintenance
  • Responding to other inquiries, requests for material, etc., from our partners

 

3)Common to the Group

Information processed Purpose of use
Customer attribute information, such as name, address, phone number, and e-mail address, information regarding purchase history, browsing history for websites, social media, etc., and activity history, etc., and attribute information, such as department, phone number, and e-mail address
  • Analyzing the collected information in order to provide various types of information according to a customer’s hobbies and preferences, such as information on the Group’s products, services, and events, and information on lifestyle and culture
  • Analyzing the collected information in order to conduct marketing activities for the purpose of market research and product development, renewal, etc.

 

(Joint Use and Disclosure to Third Party of Personal Data)

4. Personal data will be used jointly among the Group companies in order to respond to inquiries or to improve the quality of services, or for other similar purposes.
The details of the Group’s joint use are as follows:

  1. Personal data items to be jointly used
    Equivalent to the personal data specified in Section 3
  2. Scope of joint users
    The Group and Ningbo Hankyu Department Stores Co.,Ltd.
  3. Purposes of joint use
    Equivalent to the purposes of use specified in Section 3
  4. Name, etc., of the company responsible for managing jointly used personal data
    Naoya Araki, President and Representative Director, H2O RETAILING CORPORATION
    8-7 Kakuda-cho, Kita-ku, Osaka-shi, Osaka

 

No personal data will be disclosed to or accessed by a third party except when such personal data is jointly used, or under any of the following circumstances:

  1. The customer has given consent;
  2. Based on laws and regulations;
  3. Disclosure or access is necessary for protecting the life, limb, or property of someone, and it is difficult to obtain the consent of the applicable customer;
  4. Disclosure or access is necessary for enhancing public health or for the sound development of children, and it is difficult to obtain the consent of the applicable customer;
  5. There is a need to cooperate with a national agency, local government, or person delegated by such national agency or local government in conducting affairs stipulated by laws and regulations, and it is difficult to obtain the consent of the applicable customer;
  6. Outsourcing the processing of personal data to a service provider within the purposes of use (such as delivery companies, address-label printing companies, and credit card companies);
  7. Personal data is disclosed in connection with business transfer due to a merger or other events; or
  8. The third party is an academic research institute, etc., and needs to process personal data for academic research purposes.

(Security Management of Personal Data)

5. The Group will take necessary and appropriate security measures against any risks to personal data that the Group holds, such as unauthorized access, loss, destruction, alteration, and leakage of personal data.


Establishing regulations for processing personal data
Protect individual rights and interests (such as preventing violations of privacy) by establishing Group-wide personal data management regulations and setting out necessary matters for processing personal data.
Organizational security measures
Appoint a personal data officer and establish a reporting system for any potential breach of laws, regulations, or internal regulations related to personal data or any potential leakage, etc., of personal data.
Human resources security measures
Provide officers and employees with education and awareness-raising programs to familiarize them with the need to protect personal data on an ongoing basis.
Physical security measures
Limit the areas in which personal data is processed and take measures to prevent the theft or loss of information equipment, electronic media, documents, etc., through which personal data is processed.
Technical security measures
Introduce a mechanism to prevent external unauthorized access to the system through which personal data is processed and have access controls in place to limit the scope of personal data processed by the people who are in charge.
Understanding external environment
Gather information on any establishment or revision of overseas laws and regulations on personal data and promote the establishment of a system that corresponds to such establishment or revision of laws and regulations.

(Outsourcing the Processing of Personal Data)

6. If the Group outsources the work relating to the processing of personal data to a third party, the Group will provide such third-party service provider with necessary and appropriate supervision to ensure that the third-party service provider will also manage personal data securely.

(Customer’s Management of Personal Data)

7. If a customer requests to access, correct, or restrict the processing, etc., of their personal data, etc., the Group’s inquiry desk will handle the customer’s request swiftly to the extent necessary and reasonable in accordance with the method requested by the customer, whenever possible.
The Group will also endeavor to ensure that the personal data it holds is accurate and updated.
If a customer makes any of the following requests, the Group will handle the request as follows:

  1. If a customer does not wish to receive direct mails, e-mails, etc., from the Group, the Group will promptly stop sending them upon receiving the request from the customer.
  2. If a customer wishes to make a request to access, correct, or erase personal data, or to restrict processing, the customer is requested to contact our inquiry desk and file a request in the form designated by the Group. The Group will promptly handle the request to the extent necessary and reasonable. (In some cases, certain restrictions or fees may apply.)
     

(Disclosing Other Information Regarding the Processing of Personal Data)

8. The Group’s websites may use data that identifies a customer’s computer called “cookies” that are sent to and stored in the customer’s hard disk in order to gather browsing information for the purpose of improving website performance and to deliver services and advertisements that are most suited to the customer’s interest.
Although the cookies themselves do not include data that identifies individuals, a customer may refuse to accept the cookies sent by the Group’s websites by changing the cookie settings on the customer’s software for browsing the Internet (web browser).
For details about cookies, please see the Cookie Policy on respective Group websites.

(Desk for Inquiries Regarding the Processing of Personal Data)

9. If a customer has any inquiry about the processing of personal data that the Group holds, please send it using the following form:
Group inquiry form