1. Personal Data
In this Policy, Personal Data means any data relating to an identified or identifiable natural person (“Personal Data”). AEON may acquire and process Personal Data, including the name, address, telephone number, gender, nationality, occupation, and email address of a natural person in the EEA.
2. Use of Personal Data
AEON acquires and processes Personal Data for the following purposes:
・Providing services to relevant clients;
・Legitimate business interests, such as undertaking business research and analysis or managing the operation of the business;
・Public relations, such as responding to inquiries;
・Engaging in marketing and business development activities in relation to the services. This may include sending client newsletters, marketing communications and other information that may be of interest to them;
・Defense of certain rights or interests;
・Compliance with legal and regulatory obligations that AEON has to discharge; and
・Managing customer relationships
AEON relies on the following legal grounds to process Personal Data:
・The data subject’s consent expressly given to process his/her Personal Data in such manner. The data subject may withdraw his/her consent to this processing at any time; however, this will not affect the lawfulness of any processing carried out before withdrawal of the consent;
・Entering into a contract with a data subject or performing obligations under a contract with a data subject;
・Legitimate interests, some examples of which are given above; and
・Compliance with applicable laws or regulations.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.
3. Disclosure to Third Parties
AEON may supply or disclose Personal Data, without the data subjects’ prior consent, to AEON’s group companies and other third parties that are AEON’s service assignees. AEON may also supply or disclose Personal Data to third parties when it is necessary for some other justifiable reason permitted by the laws and regulations.
4. Cross-Border Transfer
Personal Data may be transferred to entities in countries or jurisdictions outside the EEA, such as Japan, if required for the purposes as described above. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and will not afford many of the rights conferred upon data subjects in the EEA. AEON will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by the GDPR or other relevant laws. When doing so, AEON will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of Personal Data.
5. Retention of Personal Data
AEON will retain Personal Data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.
6. Rights of Data Subjects
Data subjects have the right to access, request correction of, request deletion of, request the limitation of processing of, object to the processing of, and request the data portability of their Personal Data retained by AEON. When AEON receives a request based on the right specified above, AEON shall conduct any necessary investigation without delay and provide data subjects or nominated third parties with Personal Data or respond to such rights without delay.
7. Right to Lodge Complaint with Data Protection Authority
Data subjects have the right to lodge a complaint with the local data protection authority if they have a complaint with regard to AEON’s processing of their Personal Data.
For any questions about this Policy, AEON’s privacy practices or your rights described in “Section 6. Rights of Data Subjects”, please contact us at the following:
[Department] Group Strategy Div
[E-mail address] email@example.com
[Phone number] 03-6316-1500
Enacted as of 2018/11/30