© Citizen Systems Japan Co., Ltd.
v1.8
Last updated: 03/31/2026
Download Original PDFCitizen Systems Japan Co., Ltd. (the “Company”) hereby prescribes as follows the processing of personal data (meaning information prescribed as personal data in light of the applicable personal information protection laws of each country; the same applies hereinafter)of the following data subjects:
our customers and business partners, (including officers, employees, and the like of customers and business partners, if the customer and business partner, is a legal entity; and including potential customers and potential business partners as well as persons who access our websites; the same applies hereinafter); and
job applicants as well as former employees.
The Company complies with the applicable personal information protection laws of each country, such as the Personal Information Protection Act of Japan, in accordance with this Privacy Policy.
The Company employs lawful and fair means to obtain and use the following personal data (including personal information provided for in the Personal Information Protection Act of Japan) for business activities. Some of it may be collected automatically.
Personal data of customers (including individuals and corporations)
Identification information, such as name, date of birth, gender, address, telephone number, email address, credit card information (card number, security code, and expiration date), company or association name, department, place of work, title, account number, photograph and information stated on business card
Information related to product purchases or product repairs, such as product number, date of purchase, store of purchase, and delivery information for the product
Information related to product preferences, such as questionnaires related to products and services and video recording data for online customer services
Information related to communications from customers, such as details entered in inquiry forms and telephone record data
Cookie-based information of customers who visit the Company’s website, such as user activities, user environment (IP address, etc.), and user attributes
Information of each customer who applies for or participates in campaigns or events related to products and services handled by the Company or any of the Company’s group companies or business partners
Information related to sales promotion and sales negotiations for the products of the Company
Personal data of business partners
Information necessary for transactions, such as name, company or association name, department, place of work, title, address, telephone number, email address, account number photograph, and information stated on business card
Information related to sales negotiations
Information related to membership sites for business partners, such as ID and password, registration date, registered person, area, date and time of final login, details of sales negotiations, status of communication tool use (including contents of communication), and status of use of content pertaining to communication and information transmission (including contents of responses to surveys)
Information related to communications received from business partners, etc., including details stated in inquiry forms
Personal data of regular employment or internship applicants and of former employees
Information such as the following: name; date of birth; address; telephone number; email address; name of scholastic institution, faculty, and school; work experience; and information on CVs
Information related to paperwork for retiring officers, such as term of office, remuneration, and account number
Information related to paperwork for the shareholder association for former employees, such as the following: company name; employee code; and monthly contribution, securities account information, and number of shares held pertaining to the shareholder association
Other personal data
Information used as material for in-house magazines in the Company’s group companies, such as images and text
Information related to systems for provision of awards, such as name, address, telephone number, email address, account number, and portrait of award recipient
Information related to the security of offices, such as images from security videos
Cookie-based information of customers who visit the Company’s website, such as user activities, user environment (IP address, etc.), and user attributes, may or may not qualify as personal data (or personal information provided for in the Personal Information Protection Act of Japan) depending on the applicable personal information protection laws of each country. This information is handled as personal data (or personal information provided for in the Personal Information Protection Act of Japan) in this Privacy Policy only to the extent that such information qualifies as personal data (or personal information provided for in the Personal Information Protection Act of Japan) under the applicable personal information protection laws of the country in question.
When the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies throughout “2.” (Purposes for processing personal data)) for business activities, the Company will process that personal data within the scope necessary for achieving the purposes for processing by specifying those purposes for processing in advance and will not conduct processing for any other purpose, except in cases where your consent has been obtained or where such processing is authorized under the personal information protection laws of the country in question.
The purposes for processing personal data that the Company processes for business activities are as follows. The Company will provide separate notification to persons involved or make a public announcement in relation to the purposes for processing of personal data of officers and employees, etc. of the Company.
Personal data of customers
For handling of orders, etc.
To confirm the contents of products or services ordered, etc.
To invoice for products and services ordered, etc. and confirm payment or payment status
To sell and provide products and services
To deliver the following: products; products to winners or participants in relation to campaigns or events; or rewards or trial goods for questionnaires or monitor-based research
To provide information
To provide product information (including catalogs) and information on campaigns, events, questionnaires, monitor-based research, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer interests and preferences based on analysis of product purchasing history and other similar information)
To provide support and maintenance information, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer interests and preferences based on analysis of product purchasing history and other similar information)
To customize information provided in the services handled by the Company or the Company’s group companies or business partners and advertisement distribution in line with customer age, occupation, gender, interests and preferences, etc.
For operational management of campaigns and events
For sales negotiations, sales promotion, etc.
For communications, sales negotiations, or arrangements necessary for business, and procedures related to those communications, negotiations and arrangements
To send notices of releases of new products and events, etc., and greeting cards, etc.
To provide digital content for the purpose of ordering promotional goods, distribution of news regarding new products, etc., distribution of information related to advertising, management of sales, etc.
To provide information for sales promotion related to products and services handled by the Company
For product development, marketing activities, etc.
To conduct, tabulate, and analyze questionnaires and monitor-based research, prepare and analyze statistical materials, and collect and analyze data to plan, develop, and improve products and services handled by the Company and use for business, sales, and marketing activities (including analyzing individual customer’s interests and preferences, etc.)
To use for improvement of websites, campaigns, and events of the Company by analyzing information on customers who access the Company’s website (including analyzing individual customer’s interests and preferences)
To deal with inquiries and after-sales services, etc.
To deal with, confirm, and record inquiries and consultations related to products and services handled by the Company
To issue warranties related to products and to deal with, confirm, and record customer services and after-sales services, etc., such as repair, support, and maintenance
Personal data of business partners
For communications, sales negotiations, or arrangements necessary for business, and procedures related to those communications, negotiations and arrangements
To send notices of releases of new products and events, etc., and greeting cards, etc.
To conduct monetary payments and other actions related to performance of agreements
To deal with, confirm, and record inquiries and consultations
Personal data of regular employment or internship applicants and of former employees
To execute and manage duties related to recruiting activities and internships
For provision of information on recruitment and the like to, or communication with, regular employment or internship applicants
To deal with labor-related laws concerning former employees, perform duties related to the shareholder association, conduct monetary payments and other actions related to performance of agreements, and for other necessary communications
Other personal data
To issue and distribute in-house magazines for the Company’s group companies
To provide awards, etc. to award recipients based on systems for provision of awards
For management of entry and exiting and security management for facilities of the Company
For security management of offices
Please note that the Company may omit notice, etc. of the purposes for processing if those purposes for processing are clear in consideration of the circumstances of acquisition of that data.
We may collect personal data directly from you or indirectly from the following third parties:
Customers and business partners
Other companies within the same corporate group
In cases where a customer or another party involved in a transaction is a corporation, and group companies obtain from that corporation the personal data of that corporation’s officers and employees
Website use analytics service providers, including Google LLC (cookies, IP addresses, provider information, information on devices used, web browser information, and user behaviour and attributes are provided)
In other cases where personal data is lawfully obtained from third parties (including publicly disclosed information stated in Kampo (official gazettes), on websites, in commercially available literature, etc.)
Regular employment or internship applicants and former employees
Cases where personal data is obtained from employment-related agents, recruiting websites, etc.
Cases where personal data is lawfully obtained from third parties during one’s employment with the Company
Other cases where personal data is lawfully obtained from third parties
Please note that the Company may process information that it obtains through its products and services (including its websites and apps) by linkage with personal data that the Company already holds. In such cases, the Company will manage such linked information according to this Privacy Policy.
The Company processes your personal data in accordance with applicable personal information protection regulations.
If you do not provide your personal data even when the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, the Company might not be able to provide you with products and services of the Company (including websites and apps of the Company).
The Company maintains the accuracy and recency of personal data within the extent necessary for the achievement of the purposes for processing. Furthermore, to decide on an appropriate retention period for personal data, the Company considers the volume, nature, and confidentiality of the personal data, the potential risk of damage caused by unauthorized use or disclosure of the personal data, the purposes for which the Company processes the personal data and whether the Company can achieve those purposes by other means, and applicable legal requirements. If your personal data that the Company has collected is no longer necessary, the Company will delete or anonymize your personal data, and if such measures are impracticable (for example, if your personal data has been stored in back-up archives), the Company will store your personal data safely until deletion becomes practicable and ensure that new processing will not be conducted with respect to your personal data.
The Company provides to third parties the personal data set forth in “1.” (Categories of personal data processed by the Company) above in order to fulfill the purposes set forth in “2.” (Purposes for processing personal data) in the following cases.
If the Company delegates processing of personal data to any processors (service providers), the Company will conduct necessary and adequate supervision over those processors (service providers) for the security of personal data.
Provision to processors (service providers)
Personal data related to customers
Providers of store management services
Providers of EC site operation and management system services
Providers of online customer system services
Providers of customer services and after-sales services
Providers of customer management system services
Providers of data storage services
Providers of product delivery services
Providers of rewards point services
Providers of fraud detection services
Providers of payment services
Financial institutions
Providers of data analysis services
Providers of advertising services
Providers of data collection services
Providers of public relations services
The Company’s group companies
Providers of client management services
Any other contractors that provide services necessary for the business activities of the Company
Personal data of business partners.
Financial institutions
The Company’s group companies
Providers of client management services
Providers of data storage services
Providers of data collection services
Any other contractors that provide services necessary for the business activities of the Company
Personal data on applicants for regular employment or internship applicants and of former employees
Providers of data storage services
Providers of business services related to the employee shareholding association
Any other contractors that provide services necessary for the business activities of the Company
Other cases In addition, the Company may, in the following cases, also provide to third parties the personal data set forth in “1.” (Categories of personal data processed by the Company).
Cases where you have consented in advance
Cases where the provision of personal data is conducted in accordance with laws or regulations
Cases where the provision of personal data is necessary for the protection of the life, body, or property of an individual and when it is difficult to obtain your consent
Cases where the provision of personal data is especially necessary for improving public health or promoting the sound growth of children and when it is difficult to obtain your consent
Cases where the provision of personal data is necessary for cooperation with a state organ, a local government, or any party delegated by either a state organ or local government to execute affairs prescribed by laws and regulations and when obtaining your consent is likely to impede the execution of those affairs
Cases where the third party in question is an academic research institute, etc. and the third party needs to process the personal data for the purpose of academic studies (including cases where a part of the purpose for processing the personal data is for academic studies, and excluding cases where that purpose entails the risk of unjust infringement of the rights and interests of individuals)
Cases where the business of the Company that incorporates provision of personal data is succeeded to due to a merger, a company split, a transfer of business, or any other similar reason
Other cases permitted under applicable laws and regulations (For example, the Company may jointly use personal data with a specified person on the grounds of joint use under the Personal Information Protection Act of Japan. In this case, the Company will, in advance, inform you of the following or make the following readily ascertainable by you: that joint use will be conducted; the categories of the jointly used personal data; the scope of persons with whom joint use will be conducted; the purpose of use for the person using the personal data; and the name or appellation of the person responsible for controlling the personal data.)
The Company may, without limitation, provide information that has been de-identified or aggregated.
The Company takes the following safety management measures for the safe management of personal data.
Formulation of basic policies: To ensure proper processing of personal data, the Company formulates basic security policies, including those related to “compliance with related laws, regulations, guidelines, and the like,” and “reception desk for processing questions and complaints.”
Preparation of rules related to processing of personal data: The Company formulates procedures for processing personal data in relation to processing methods, persons responsible, persons in charge, their duties, and the like for acquisition, use, storage, provision, deletion, disposal, and all other steps.
Organizational safety management measures: In addition to appointing persons responsible for the processing of personal data, the Company clarifies which employees will process personal data and the scope of personal data processed by those employees, and maintains a system to report to and communicate with persons responsible for cases where any instance or indication of a violation of any laws or handling procedures is discovered.
Human safety management measures: The Company conducts regular training for employees in relation to important matters regarding the processing of personal data.
Physical safety management measures: In areas where personal data is processed, the Company takes measures to prevent access to personal data by persons without authority, in addition to managing employees’ access of rooms and limiting devices and the like brought into those rooms. The Company takes measures so that personal data is not readily identified when carrying devices, electronic media, and the like for processing personal data (including when relocating inside the office), in addition to taking measures to prevent robbery, loss, and the like of those devices, electronic media, documents, and the like.
Technical safety management measures: The Company controls access in order to limit the number of persons in charge and the scope of databases for processing personal data. The Company also installs systems to protect information systems that processes personal data from externally originating unauthorized access and unauthorized software.
Ascertainment of the external environment: If you wish to be provided with information regarding the foreign countries in which the Company stores personal data, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “9.” (Inquiry desk) below.
The Company respects the rights you hold regarding personal information protection regulations applicable to you. You may be granted rights under applicable personal information protection regulations of the country in question. If you wish to exercise your rights, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “9.” (Inquiry desk) below.
If you wish to request the notification of purpose of use, disclosure, correction, etc., or suspension of use, etc. of retained personal data, or the disclosure of the records of provision to third parties under the Personal Information Protection Act of Japan, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form in “9.” (Inquiry desk) below for relevant procedures.
If the Company receives an inquiry related to the processing of personal data (including personal information provided for in the Personal Information Protection Act of Japan) from you, the Company will take appropriate measures in response to that inquiry under laws and regulations. For inquiries related to personal data (or personal information provided for in the Personal Information Protection Act of Japan) or this Privacy Policy, please contact the Citizen Systems Japan Co., Ltd. personal information inquiry desk using the inquiry form below.
Citizen Systems Japan Co., Ltd., Personal information inquiry desk Inquiry form
For the address of the Company and the name of its representative, please refer to the corporate profile webpage on the Company website.
Corporate Profile | Citizen Systems Japan Co., Ltd.
When producing pseudonymously processed information provided for in the Personal Information Protection Act of Japan (“Pseudonymously Processed Information”), the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan) in accordance with standards prescribed by the rules of the Personal Information Protection Commission of Japan (the “Rules of the Personal Information Protection Commission”) as those necessary to make it impossible to identify a specific individual unless collated with other information.
When the Company produces Pseudonymously Processed Information or obtains Pseudonymously Processed Information, deleted information concerning the Pseudonymously Processed Information, or the like, the Company takes measures for the safe management of the deleted information, etc. in accordance with standards prescribed by the Rules of the Personal Information Protection Commission as those necessary to prevent the divulgence of the deleted information, etc.
If the Company handles Pseudonymously Processed Information that is personal information provided for in the Personal Information Protection Act of Japan, the Company will use it to the extent necessary for the purposes for processing set out in “2.” (Purposes for processing personal data) above and will handle it appropriately under the Personal Information Protection Act of Japan, including disclosing to the public the changed purposes for processing when the Company changes the purposes for processing and uses that Pseudonymously Processed Information for other purposes.
If the Company handles Pseudonymously Processed Information that is not personal information provided for in the Personal Information Protection Act of Japan, the Company will handle it appropriately under the Personal Information Protection Act of Japan, including forgoing any sharing or disclosure of that Pseudonymously Processed Information with or to a third party, except in the case where permitted by the Personal Information Protection Act of Japan.
When producing anonymously processed information provided for in the Personal Information Protection Act of Japan (“Anonymously Processed Information”), the Company processes personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “11.” (Anonymously processed information)) in accordance with standards prescribed by the Rules of the Personal Information Protection Commission of Japan as those necessary to make it impossible to identify a specific individual and restore the personal data used for the production of the Anonymously Processed Information.
When the Company produces Anonymously Processed Information, the Company takes measures for the safe management of that information in accordance with standards prescribed by the Rules of the Personal Information Protection Commission.
When the Company produces Anonymously Processed Information, the Company discloses to the public, pursuant to the Rules of the Personal Information Protection Commission, the categories of information relating to the individual contained in the Anonymously Processed Information.
If the Company shares or discloses Anonymously Processed Information with or to a third party, the Company will, in advance and pursuant to the Rules of the Personal Information Commission, disclose to the public the categories of personal data contained in the Anonymously Processed Information to be shared or disclosed with or to a third party and its method of provision and will state to the third party explicitly to the effect that the information being shared or disclosed is Anonymously Processed Information.
In handling Anonymously Processed Information, the Company does not conduct any act with the purpose of identifying a principal concerned with the personal data used to produce Anonymously Processed Information, such as collating the Anonymously Processed Information with other information in order to identify a principal concerned with the personal data used to produce the Anonymously Processed Information.
The Company has taken appropriate system-based and operational security measures, such as measures related to server management systems and access restrictions, to safely manage personal data (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “12.” (Website management)) in the operation of the Company website.
When you provide personal data via the Company website, the Company protects your personal data by using technology on the website to encrypt communications, such as SSL (Secure Sockets Layer).
Cookies and other such similar technology (“Cookies, Etc.”) may be used on the Company website.
The Company may use information obtained through Cookies, Etc. for the following purposes:
to make it possible for a customer to browse the Company website as a continuation of the previous visit without repeatedly entering the same information when the customer visits the Company website subsequently;
to statistically analyze the use status and the like of the Company website without including information that identifies any customer individually and to improve the service of the Company website; and
to distribute the Company’s advertisements to customers who have used the Company website and third persons who have characteristics similar to those customers.
Information that the Company obtains through Cookies, Etc. may or may not fall under personal data (or personal information provided for in the Personal Information Protection Act of Japan) pursuant to applicable personal information protection regulations of the country in question. If the information constitutes personal data (or personal information provided for in the Personal Information Protection Act of Japan) under applicable personal information protection regulations of the country in question, the Company will manage the information under this Privacy Policy.
A customer may refuse acceptance of Cookies, Etc. or cause warnings to appear when he or she has accepted Cookies, Etc. by changing the settings of the web browser he or she is using. However, customers are requested to acknowledge in advance that the Company may become unable to provide some services in those cases.
The Company obtains and records each customer’s IP address, access information, and the like on the Company website, so the Company may obtain use information regarding web pages and the like that the customer has visited (“Access Logs”).
The Company may use Access Logs for the following purposes:
to statistically analyze the use status and the like of the Company website without including information that identifies any customer individually and to improve the service of the Company website;
to determine causes of, and solve, problems in the Company’s web server; and
if a customer has registered personal data (including personal information provided for in the Personal Information Protection Act of Japan) for membership services and the like of the Company, the Company may associate the information with information that the Company holds and that identifies the customer as an individual.
Access Logs that the Company obtains may or may not fall under personal data (or personal information provided for in the Personal Information Protection Act of Japan) pursuant to applicable personal information protection regulations of the country in question. If the Access Log constitutes personal data (or personal information provided for in the Personal Information Protection Act of Japan) under applicable personal information protection regulations of the country in question, the Company will manage the Access Log under this Privacy Policy.
The Company takes necessary measures with respect to the personal data of persons who are minors (including personal information provided for in the Personal Information Protection Act of Japan; the same applies hereafter in “15.” (Personal data of minors)) in accordance with applicable laws and regulations. Please note that the Company may, when necessary, request a guardian’s consent in relation to the personal data of a person who is a minor.
The Company uses services provided by an external business operator (“External Services”) on the Company website for ascertaining the status of use of the Company’s services and for improving the Company’s services, and the Company transmits information concerning visitors of the website that is necessary for the use of External Services while affording respect to privacy protection concerns. Transmitted information is managed and used in accordance with the privacy policy and the like of the business operator that provides External Services and to whom the information is transmitted. The details of External Services that the Company uses for the Company website are set out below.
Google Analytics
Provider of External Services: Google LLC and its affiliates
Contents of transmitted information:
Information related to systems, devices, networks, and communications commonly used for Internet communications
Location information
Data related to actions on websites Data related to pages browsed
User identifiers (cookies, device identifiers, etc.)
Purposes of use by the Company's services: To analyze user browsing trends and history
Purposes of use by External Services: To analyze user browsing trends and history Disclosure matters, etc. based on Article 27-12 of the Telecommunications Business Act
Opt-out measures: If you do not wish to participate in the use of External Service, please take the necessary measures through the link below: Google Analytics Opt-out Browser Add-on
Please refer to the following link for information on how data is collected and processed by Google Analytics. How Google uses information from sites or apps that use our services
The Company may change this Privacy Policy without notice in order to seek more appropriate management or to act in response to amendments of related laws and regulations and the like. In this case, the Company conducts notification by publishing the changed version of this Privacy Policy without delay (if there is a notification method necessary pursuant to applicable laws and regulations, the Company will act in accordance with that method) and processes personal data (including personal information provided for in the Personal Information Protection Act of Japan) in accordance with the changed version of this Privacy Policy from the time of that notification. However, if it is a change in detail that requires your consent pursuant to applicable laws and regulations, the Company will obtain your consent by a method designated by the Company.
Established: January 14, 2020 Last revised: April 1, 2026
This Exhibit applies to the processing of your personal data by Citizen Systems Japan Co., Ltd. (the “Company”) if you are located or residing in the EEA (European Economic Area) or the UK and refers to the GDPR and the UK GDPR (collectively, the “GDPR”). This exhibit is an addition to the Privacy Policy above and specifies as well as amends the Privacy Policy above. To the extent the processing of personal data of individuals located in the EEA or the UK is concerned in case of conflicting contents this Exhibit prevails over the Privacy Policy above. This Exhibit contains information related to rights concerning protection of your personal data, including the right to object to certain means of processing conducted by the Company. Details regarding your rights and the method of exercising those rights are stated in “3. Your rights”. This Exhibit contains the following sections:
Legal bases for processing for personal data of customers
Transfer of personal data to a third country
Your rights
Contact details
The Company processes your personal data as stated in “1”. (Categories of personal data processed by the Company) pursuant to the following legal bases for the purposes stated below.
Personal data of individual customers
When processing is necessary for the performance of a contract (GDPR Article 6, Paragraph 1, Item (b))
To deal with inquiries and after-sales services, etc.
To deal with, confirm, and record inquiries and consultations related to products and services handled by the Company
To issue warranties related to products and to deal with, confirm, and make records regarding, customer services and after-sales services, etc., such as repairs, support, and maintenance
When processing is necessary for the purposes of legitimate interests (GDPR Article 6, Paragraph 1, Item (f))
For operational management of campaigns and events
Use of Cookies, Etc. The Company may use information obtained through Cookies, Etc. for the following purpose:
When the data subject has given consent to the processing of personal data (GDPR Article 6, Paragraph 1, Item (a))
Use of Cookies, Etc. The Company may use information obtained through Cookies, Etc. for the following purposes:
To improve the service of the Company website by statistically analyzing the status of use, etc. of the website without including information that identifies any customer individually
To distribute the Company’s advertisements to customers who have used the Company website and third persons who have characteristics similar to those customers
If you wish to find more information about the Cookies, Etc. the Company uses or if you wish to change the consent setting, please click “Cookies Settings” in the footer of the Company website in question.
Personal data of employees of corporate customers
When processing is necessary for the purposes of legitimate interests (GDPR Article 6, Paragraph 1, Item (f))
For handling of orders, etc.
To confirm the contents of products or services that you ordered, etc.
To invoice for products and services that you ordered, etc. and confirm payment or payment status
To sell and provide products and services
To deliver the following: products; prizes to winners of or participants in campaigns or events; or rewards or trial goods for questionnaires or monitor-based research
See also items 1 and 2 listed under “1. Personal data of individual customers” above.
When the data subject has given consent to the processing of personal data (GDPR Article 6, Paragraph 1, Item (a))
To provide information
To provide product information (including catalogues) and information on campaigns, events, questionnaires, monitor-based research, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer interests and preferences based on analysis of product purchasing history and other similar information)
To provide support and maintenance information, etc. related to products and services handled by the Company or the Company’s group companies or business partners through the delivery or display of advertising, such as email magazines or direct mail (including provision of information corresponding to customer interests and preferences based on analysis of product purchasing history and other similar information)
To customize information provided in the services handled by the Company or the Company’s group companies or business partners and advertisement distribution in line with customer age, occupation, gender, interests and preferences, etc.
For product development, marketing activities, etc.
To conduct, tabulate, and analyze questionnaires and monitor-based research, prepare and analyze statistical materials, and collect and analyze data to plan, develop, and improve products and services handled by the Company and use for business, sales, and marketing activities (including analyzing individual customer’s interests and preferences, etc.)
To use for improvement of websites, campaigns, and events of the Company by analyzing information on customers who access the Company website (including analyzing individual customer’s interests and preferences)
See also item 3 listed under “1. Personal data of individual customers” above.
The Company may transfer personal data to the countries listed below or other countries or areas to which it is necessary to transfer personal data to achieve the purposes specified in “1. Legal bases for processing for personal data of customers” above.
If the Company transfers personal data to areas other than the EEA (European Economic Area) , the Company will (i) take appropriate protection measures based on an adequacy decision (GDPR Article 45) in the countries where the adequacy decision is adopted or (ii) take appropriate protection measures by executing the standard data protection clauses approved by the European Commission (GDPR Article 46, Paragraph 2, Item (c) and Paragraph 5) with the party receiving personal data in the countries where an adequacy decision is not adopted. You can find the standard data protection clauses approved by the European Commission here. Please contact the contact address stated in “4. Contact details ” below if you wish to receive a copy of the standard data protection clauses.
The third countries to which the Company transfers personal data based on adequacy decisions by the European Commission are as follows:
UK (For details of adequacy decisions, please see here.)
Japan (For details of adequacy decision, please see here.)
The countries to which the Company transfers personal data based on the SCC are as follows:
United States of America
China
You have the following rights.
Access to personal data: You have the right to obtain confirmation from the Company as to whether personal data concerning you is being processed, and, where that is the case, to access the personal data and certain relevant information (GDPR Article 15).
Rectification and erasure of personal data: You have the right to have the Company rectify inaccurate personal data concerning you without undue delay and have incomplete personal data completed by the Company (GDPR Article 16). You also have the right to have the Company erase personal data concerning you without undue delay when certain conditions are met (GDPR Article 17).
Restricting processing of personal data: You have the right to restrict processing of personal data concerning you by the Company when certain conditions are met (GDPR Article 18).
Objection to processing of personal data: You have the right to object to processing of personal data concerning you by the Company when certain conditions are met (GDPR Article 21, Paragraph 1).
Objection to direct marketing: You have the right to object at any time to processing of personal data by the Company for direct marketing (GDPR Article 21, Paragraph 2).
Personal data portability: You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from the Company, when certain conditions are met (GDPR Article 20).
Right to withdraw your consent: You have the right to withdraw your consent at any time by the means separately specified at the time the Company obtains your consent. However, your withdrawal of consent does not affect the lawfulness of processing conducted based on your consent before the withdrawal.
Freedom from automated decision-making: When certain conditions are met, you have the right not to be subject to automated (meaning without human involvement) decision-making that produces legal effects or significant effects on you (GDPR Article 22).
Regarding processing of your personal data by the Company, you may lodge a complaint with the relevant data protection supervisory authority of the member state where your habitual residence, your place of work, or the place of the alleged infringement, is located (GDPR Article 77). Please find a list of all EEA supervisory authorities and their contact details here.
The contact details of the Company are as follows: Citizen Systems Japan Co., Ltd., Personal information inquiry desk Inquiry form
Established: April 1, 2026