GDPR Privacy Policy PRIVACY POLICY

Privacy Policy for the EEA and the UK GDPR
(AEON CORPORATION)

AEON CORPORATION of Japan (“AEON”) may have occasion to collect and process Personal Data (as defined below). This Privacy Policy (this “Policy”) applies to the processing of Personal Data concerning data subjects in the European Economic Area (“EEA”) in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation, the “GDPR”) and data subjects in the United Kingdom (the “UK”) in accordance with the UK GDPR as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”).

1. Personal Data

In this Policy, Personal Data means any data relating to an identified or identifiable natural person (“Personal Data”). AEON may acquire and process Personal Data, including the name, address, telephone number, gender, nationality, occupation, and email address of a natural person in the EEA and the UK.

2. Use of Personal Data

AEON acquires and processes Personal Data for the following purposes:
  • Providing services to relevant clients;
  • Legitimate business interests, such as undertaking business research and analysis or managing the operation of the business;
  • Public relations, such as responding to inquiries;
  • Engaging in marketing and business development activities in relation to the services. This may include sending client newsletters, marketing communications and other information that may be of interest to them;
  • Defense of certain rights or interests;
  • Compliance with legal and regulatory obligations that AEON has to discharge; and
  • Managing customer relationships
AEON relies on the following legal grounds to process Personal Data:
  • The data subject’s consent expressly given to process his/her Personal Data in such manner. The data subject may withdraw his/her consent to this processing at any time; however, this will not affect the lawfulness of any processing carried out before withdrawal of the consent;
  • Entering into a contract with a data subject or performing obligations under a contract with a data subject;
  • Legitimate interests, some examples of which are given above; and
  • Compliance with applicable laws or regulations.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.

3. Disclosure to Third Parties

AEON may supply or disclose Personal Data, without the data subjects’ prior consent, to AEON’s group companies and other third parties that are AEON’s service assignees. AEON may also supply or disclose Personal Data to third parties when it is necessary for some other justifiable reason permitted by the laws and regulations.

4. Cross-Border Transfer

Personal Data may be transferred to entities in countries or jurisdictions outside the EEA and the UK, such as Japan, if required for the purposes as described above. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and the UK and will not afford many of the rights conferred upon data subjects in the EEA and the UK. AEON will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by the GDPR, the UK GDPR or other relevant laws. When doing so, AEON will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of Personal Data.

5. Retention of Personal Data

AEON will retain Personal Data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

6. Rights of Data Subjects

Data subjects have the right to access, request correction of, request deletion of, request the limitation of processing of, object to the processing of, and request the data portability of their Personal Data retained by AEON . When AEON receives a request based on a right specified above, AEON shall conduct any necessary investigation without delay and provide data subjects or nominated third parties with Personal Data or respond to such rights without delay.

7. Right to Lodge Complaint with Data Protection Authority

Data subjects have the right to lodge a complaint with the local data protection authority if they have a complaint with regard to AEON’s processing of their Personal Data.

8. Contact

For any questions about this Policy, AEON’s privacy practices or your rights described in “Section 6. Rights of Data Subjects”, please contact us at the following:

For all data subjects Department:Corporate Division privacy-ae@corp.aeonet.co.jp
EU Representative for PLANIT // LEGAL Data subjects in the EEA:Bischof Freund Schmidt Partnerschaft von Rechtsanwälten mbB Neuer Wall 54, 20354 Hamburg, Germany mail@planit.legal
UK Representative for TMI Associates London LLP Data subjects in the UK:Citypoint One Ropemaker Street London EC2Y 9SS, UK london@tmi.gr.jp
Enacted as of 2019/Feb/1 Revised as of 2021/Jan/1