Shiseido Malaysia Sdn Bhd (Registration No. 200501007983 (685030-U)) (“Shiseido”; collectively, "us", “we” or "our") is committed to protecting your privacy and ensuring that your Personal Data is protected. For the purposes of this Privacy Notice, "Personal Data" means any personally identifiable data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access (or any materially similar or analogous concept or definition under applicable law). This may include biometric data such as photos, facial images and video / voice recordings.
This Privacy Notice explains the types of Personal Data we collect and how we use, disclose, transfer, process and protect that information.
We collect Personal Data through, but not limited to, the following means:
Subject to the set-up of your internet browser, the following categories of Personal Data may be collected automatically when you navigate through our Platforms, due to various tracking technologies such as browser cookies. Such information may include (but are not limited to):
iii) Data we receive and collect from other sources
If you provide Personal Data of a third party to us, you must obtain the necessary consent from that third party to transfer their Personal Data to us, and for us to collect, use, disclose, transfer or process that Personal Data in accordance with this Privacy Notice and all applicable law.
We may update this Privacy Notice from time to time by posting updated versions on our Platforms, and/or by sending an e-mail to you. Your continued membership, access to and/or use of the Platforms will be taken to be your agreement to, and acceptance of, all changes made in each updated version.
Please check back regularly for updated information on how we handle your Personal Data.
We do not collect, use, process or disclose your Personal Data without your consent (except where permitted and authorised by law). Provision of your Personal Data is voluntary. However, without your Personal Data, we may not be able to provide you with our products and services and to fulfil other purposes set out in Section 3 of this Privacy Policy. By providing your Personal Data to us, you hereby consent to us collecting, using, disclosing, transferring, and processing your Personal Data from the sources set out in Section 1 of this Privacy Notice and for the purposes set out in Section 3 of this Privacy Notice.
The types of Personal Data we collect include, but are not limited to, your: (a) first name and family name; (b) home address; (c) age and date of birth; (d) email address; (e) mobile number; (f) gender and, only if appropriate, your (g) user name and password; (h) billing and delivery address; (i) personal identification number; (j) skin and/or health information (such as your physical characteristics, skincare concerns and/or skincare regimes, skin type, skin conditions and medications for the same); (k) racial or ethnic origin; (l) biometric data; (m) billing and financial information (e.g. credit and debit card information); (n) purchase history; (o) product preferences and communication channel preferences; (p) communications data (such as your correspondence or feedback history with us); (q) technical information about your interaction with our Platforms (such as the type and configuration of your device or browser, your IP address, time zone, language settings, date and time of your visit, the URL of the website from which you have been referred and your browsing history); and (r) other information as may be reasonably required for us to fulfil the purposes set out in Section 3 below, in accordance with all applicable law.
We collect, use, disclose, transfer and process your Personal Data for the following purposes:
If you wish to withdraw your consent to receive information on new products and campaigns, or any other services, you may do so by:
You may also withdraw your consent and request us to stop collecting, using, disclosing and/or processing your Personal Data for any or all of the purposes listed above in Section 3 by: (a) contacting our Data Protection Officer at the email address below; or (b) writing to us at the address below. Please note that if you choose to withdraw your consent to our use, disclosure, transfer and/or processing of your Personal Data, we may not be able to provide you with some or all of our services or you may not be able to use our Platforms. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws.
We will ensure that the Personal Data in our possession is accurate and complete to the best of our knowledge. You agree to only submit Personal Data which is accurate and not misleading and to keep it up to date. We may verify the Personal Data provided by you as part of our user verification processes or as required under applicable law.
You have a right to request for access and correction of your Personal Data. If you would like assistance in accessing and/or correcting your Personal Data, please contact our Data Protection Officer at the email address below.
Please note that we may in accordance with applicable law, charge you a reasonable fee to process your access request. If so, we will inform you of the fee before processing your request. We will get back to you within the period stipulated under applicable law.
Our Platforms are directed toward and designed for use by persons aged 18 or older. We do not intend to collect Personal Data from children under 18 years of age. We are not able to verify whether a Platform user is under 18 years of age and therefore, we recommend parents or guardians to be involved in the online activities of their children in order to consent to or prevent their children's Personal Data from being collected, used, disclosed and/or processed by us. In the event where we become aware that we have accidentally collected Personal Data from a child under the age of 18, we will remove that Personal Data from our records as soon as feasibly possible.
We do not disclose or transfer your Personal Data to third parties unless we have clearly asked for and obtained your consent to do so (except where permitted and authorised by law).
The Personal Data which you provide to us may be stored, processed, transferred between, and accessed from servers located in the United States (“USA”) and other countries. Some of these countries have laws and regulations which may not guarantee the same level of protection of Personal Data as Malaysia. However, we will take reasonable steps to ensure that your Personal Data is provided a standard of protection as required under applicable data privacy law and handled in accordance with this Privacy Notice, regardless where your Personal Data is stored or accessed from.
6.1 Disclosure to affiliated companies in the Shiseido Group
The Shiseido Group comprises a number of affiliated companies and legal entities located both within and outside Malaysia. For additional information regarding our affiliated companies and legal entities, please see https://corp.shiseido.com/en/company/structure. We may disclose, where appropriate and to the extent necessary, your Personal Data to such affiliated companies and legal entities (including those in Japan and USA) for the purposes of corporate reporting, market research and analysis, supporting any actual or contemplated merger, reorganisation, restructuring, acquisition or similar corporate transaction or proceeding involving all or a portion of our business, customer relationship management and other related purposes, or for other purposes stated in Section 3 above. Please note that we provide our affiliated companies and legal entities with only the Personal Data they need for such purposes, and we require that they protect such Personal Data in accordance with the applicable laws and regulations and this Privacy Notice, and not use it for any other purpose.
6.2 Disclosure to third party business partners
We rely on third party business partners located both within and outside Malaysia, to perform a variety of services on our behalf. In so doing, Shiseido may let them, where you have consented, to use your Personal Data for the marketing and promotion of our products, services or events that may be of interest to you, for market research and analysis, for customer relationship management, for the fulfilment of your orders for products and services purchased via the Platforms, or for other purposes stated in Section 3 above. Please note that we provide our third party business partners with only the Personal Data they need to perform their services and we require that they protect such Personal Data in accordance with the applicable laws and regulations and this Privacy Notice, and not use it for any other purpose.
Some of our third party business partners may act as a data user in the course of delivering specific services to you. Your use of their services may be subject to conditions as may be agreed between you and them. Upon your acceptance of their services, the collection, use, disclosure, transfer and processing of your Personal Data in respect of their services will be subject to their applicable privacy notices. You must direct to them any queries or complaints relating to your use of their services.
Our Platforms may also contain links to third party websites, applications or services that are outside our control (even though they may display our logo or our trademarks). To the fullest extent permitted under applicable laws, we are not responsible for these websites’, applications’ or services’: (a) privacy practices and data policies; (b) use of cookies; (c) content or security; or (d) other acts and omissions. We would encourage you to review the privacy notices applicable to the third party websites, applications and services you use to determine how they will handle any Personal Data they collect from you.
6.3 Disclosure to third party data processors
We may use third party service providers, located both within and outside Malaysia, to help us maintain and operate the Platforms, to act on our behalf for the purposes stated in Section 3 above, as we may deem necessary to facilitate your dealings with us, and/or for other reasons related to the operation of the Platforms and Shiseido’s business (e.g. to manage the cloud servers), and they may receive your Personal Data for these purposes. We only provide them the Personal Data they need to provide these services on our behalf. We require these companies to protect the Personal Data in accordance with the applicable laws and regulations and this Privacy Notice, and to not use the information for any other purpose.
6.4 Other disclosure
We may use and disclose your Personal Data to perform your instructions and, as relevant, (a) comply with legislative and regulatory requirements; (b) protect, enforce and/or defend the rights and/or properties of Shiseido, and its customers and employees; and/or (c) take emergency measures for the purpose of securing the safety of customers, Shiseido, or the general public. This may result in us needing to share your Personal Data with any persons, government agencies, statutory authorities and/or industry regulators for the purpose of complying with applicable laws or regulations, and to anyone to whom Shiseido has transferred or may transfer its rights and duties (e.g. to prospective and actual investors and other relevant third parties in the event of a potential or completed sale or other corporate transaction related to Shiseido and/or any of its affiliates).
6.5 Digital and social media partners
In order to share content on or through social media, our Platforms may use functionalities, links or icons owned by our digital and social media partners. It may consist, for example, of the like or sharing buttons on social networks such as Facebook or Instagram. Such functionalities allow you to view content or share content, preferences and opinion on or in relation with our products and services. We are also using online tools such as Google, Facebook or Instagram (Google Analytics, Facebook Custom Audience or Conversion API) in order for us to optimize our ad targeting campaigns and ensure the delivery of advertising content that suits you best. The providers of these tools, functionalities, links or icons can directly identify you when you use it, or even if you do not use it but (i) you have an account to such social network or platform, or (ii) you are already known and identified by such providers. As soon as you view content or share content, preferences and opinion, our partners may connect your activities on our Platforms to other information they already own on you in their capacity as data users.
We may also use the lookalike functionalities (for example from Facebook) to build audiences similar to your profile in order to allow us or other brands of the Shiseido Group to target prospects that match your profile.
The above data processing is governed by our partners’ own privacy notices in their capacity as data user. We strongly suggest that you visit and check the privacy notices of such online tools and to change your advertising or cookies preferences on those websites or platforms should you wish to opt out of advertising content.
We maintain strict procedures, standards, and security arrangements to protect Personal Data in our possession or under our control. Upon receipt of your Personal Data, whether through physical or electronic means of collection, we will make the necessary security arrangements to protect such Personal Data as are reasonable and appropriate in the circumstances. Such arrangements may comprise administrative measures, physical measures, technical measures, or a combination of such measures.
When disclosing or transferring your Personal Data over the internet, we take all reasonable care to prevent unauthorised access to your Personal Data. However, no data transmission over the internet can be guaranteed as fully secure and you acknowledge that you submit information over the internet at your own risk.
Please note that any information you choose to share in public areas such as our Platforms' community features, or other social areas, is by definition considered as public and can be seen by anyone accessing the related platform.
We may retain your Personal Data for as long as is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law. After this period of time, we will destroy or anonymise any documents containing your Personal Data in a safe and secure manner.
This Privacy Notice is governed by Malaysian law.
If you would like to access or correct any Personal Data which you have provided to us, submit a complaint in relation to your Personal Data, or have any queries about your Personal Data, please contact our Data Protection Officer by contacting us at pdpa.de@shiseido.com.my or +603-77191888. Alternatively, you may write to us at:
Attention: Data Protection Officer
SHISEIDO MALAYSIA SDN BHD (Registration No. 200501007983 (685030-U))
Unit 7-03, Level 7, Menara UAC,
No. 12, Jalan PJU 7/5, Mutiara Damansara
47800 Petaling Jaya, Selangor Darul Ehsan, Malaysia
For General Enquiries: shiseido@customercare.com.my / 03-77191888
Please note that to process your request, we may ask you for proof of identity.
Effective and last revision date: 21 June 2023