Isetan Mitsukoshi Holdings Ltd. and its group companies (hereinafter collectively referred to as the “Group”.) strongly recognizes that personal information (excluding personal numbers. Hereinafter referred to as “personal information”) entrusted to us by our customers is an important asset of our customers, and we believe that the protection of personal information is an important social responsibility in our business activities.
The Group is committed to earning the trust and meeting the expectations of our customers by appropriately managing personal information and using it correctly in accordance with the purpose of use.
In addition, in accordance with the above basic policy, the Group will take the following measures to protect personal information.
Efforts to Protect Personal Information
１．Compliance with Laws and Regulations
◇In handling the personal information of customers, the Group will comply with the Personal Information Protection Law and other related laws and regulations, as well as industry guidelines and guidelines established by the Personal Information Protection Committee or government ministries and agencies.
２．Acquisition of Personal Information
◇When the Group receives personal information from customers, it will clearly state the purpose of use to the customer and obtain the customer's consent. In addition, the personal information we receive will be limited to what is necessary to achieve the purpose of use and will be kept to a minimum.
◇The Group will acquire personal information from customers through appropriate means, such as membership application forms for cardholders and MI Point members, customer cards at stores, questionnaires, the Internet, and postcards, and will not acquire personal information through improper means.
３．Use of Personal Information
◇Our Group will use personal information only within the scope of the purpose of use for which we have obtained customer's consent, or within the scope of the purpose of use that is clear from the circumstances through which the information was obtained, and we will not use the information beyond the scope of the purpose of use for which we have obtained customer's consent in advance, unless otherwise permitted by law.
◇In order to provide comprehensive services to our customers, the Group may share personal information among Group companies within the scope of the purpose of use.
４．Safety Management Measures for Personal Information
◇In order to establish voluntary standards for the appropriate acquisition and use of personal information, strictly enforce these standards, and strictly manage personal information, the Group has formulated rules for the handling of personal information (hereinafter referred to as “handling rules”), and has established codes of conduct and specific rules to prevent unauthorized access to, loss, destruction, falsification, and leakage of personal information.
◇Based on the handling rules, the Group has established an organizational structure for the safe management of personal information such as by appointing a person in charge of personal information management in each department. In addition, we have established a reporting and communication system for the occurrence or potential occurrence of personal information leaks, etc., and for the occurrence or potential occurrence of violations of related laws and regulations or handling rules, such as the use for other purposes.
◇The Group is continually upgrading its information systems for the handling of personal information. In addition, we have implemented preventive and safety measures to prevent unauthorized access to, loss, destruction, falsification, and leakage of personal information, including access control to the system, limiting the number of persons in charge of handling the information, and implementing a system to protect against unauthorized access from outside and unauthorized software.
◇The Group educates and trains all employees, temporary staff, part-time workers, etc. on the protection of personal information based on the handling rules to ensure that they are fully aware of the rules, and supervises them in a necessary and appropriate manner to ensure the safe management of personal information.
◇The Group takes necessary measures to prevent theft or loss of equipment, electronic media, documents, etc. that handle personal data, such as storing them in a lockable place, obtaining permission from the person in charge of personal information management when taking them out, limiting the methods used to move them, and disposing of them in an unrecoverable manner.
◇When the Group entrusts the handling of customers' personal information to a third party, the Group conducts necessary and appropriate supervision of the entrusted party, such as conducting security checks of the system used by the entrusted party and specifying safety management measures in the contract with the entrusted party, in order to ensure the safe management of personal information.
５．Provision of Personal Information to Third Parties
◇The Group will not disclose or provide customers' personal information to any third party, except in the following cases or when permitted by law:
(1)When consent is given by the customer;
(2)When disclosure or provision of information is requested by a public institution, etc. in accordance with the provisions of various related laws and regulations;
(3)When it is necessary for the protection of the life, body, or property of an individual, and it is difficult to obtain the consent of the customer;
(4)When it is necessary to cooperate with the national or local government in conducting public affairs, and there is a risk that obtaining the customer's consent will interfere with the execution of those affairs;
(5)When personal information is disclosed or provided to a third party after it has been processed so that the individual cannot be identified;
(6)When the information is provided to the other party to the transaction and its related parties in conjunction with the succession of the business due to a merger, corporate split, business transfer or other reason.
◇In the event that the Group discloses or provides a customer's personal information to a third party in accordance with (1) through (6) above, the Group will make arrangements with the third party regarding the handling of personal information and take all possible measures to protect that personal information.
６．Notification of Purpose of Use, Disclosure, Correction, Suspension of Use, etc. of Personal Information
◇If a customer wishes to be notified of the purpose of use of personal information, or to request disclosure, correction, suspension of use, suspension of provision to a third party, or disclosure of records of provision to a third party, etc. of personal information, the Group will promptly respond to such requests within the scope prescribed by law at the contact point below. (In some cases, certain restrictions may apply, or the customer may be required to bear some costs.）
７．Name, Address, and Name of Representative of each Company in the Group
８．Contact for Complaints Regarding the Handling of Personal Information
◇Inquiries will be handled at the contact point.
Purpose of Use of Personal Information
◇The Group uses personal information received from customers for the following purposes.
(1)For the purpose of sales promotion, such as providing information on the products and services of the Group and its business partners, lifestyle information, and various special offers (including through e-mail).
(2)To perform operations related to sales services, such as receiving orders, layaway, processing sales, processing repairs, delivering products at a later date, delivery, and after-sales service. (Please note that this includes cases where we deem it necessary to contact you in connection with the above operations, such as when you have forgotten something or when we are unable to deliver on the scheduled date.)
(3)To be used for market research, data analysis, and planning and development of products and services.
(4) To provide services for MI Point members.
◇Personal information includes not only the personal information of the customer, but also personal information obtained indirectly through the customer, such as the personal information of family members and the personal information of recipients.
Joint Use of Personal Information
◇The Group will share personal information among the Group companies.
◇Even in the case of joint use of personal information, the Group will use the information within the scope of the purposes of use described above.
◇The items of personal information to be shared by the Group are as follows:
(1)Information regarding attributes such as name, gender, date of birth, address, telephone number, e-mail address, and place of work.
(2)Information related to contract details and product purchase history, such as date of enrollment, product name used, amount used, and number of payments.
(3)Information on point assignment, usage, balance, and other point-related information for MI Point members.
(4)Other information for which the customer has given consent to be shared.
◇Isetan Mitsukoshi Holdings Ltd. will be responsible for the management of personal information in the shared use within the Group.
Notification of the Purpose of Use of Personal Information, Procedures for Disclosure, Correction, Suspension of Use, etc. of Personal Information, and Inquiries
◇To request notification of the purpose of use of personal information, disclosure, correction, suspension of use, suspension of provision to a third party, or disclosure of records of provision to a third party, etc. of personal information, please apply using the Group's prescribed request form. For more information, please contact us. A fee of 500 yen will be charged for each request for notification of the purpose of use of personal information or disclosure of personal information. Please note that if you wish to be notified by mail, etc., the actual cost will be charged separately.