Last Updated December 23, 2019
Q: How do we collect information from you?
Shiseido websites and applications
We may collect information from you through one of our U.S. or international websites or applications. This could include (a) any site that we own and control under our own domain (such as Shiseido.com, or some other domain name that redirects you to one of these sites), or (b) any site or web application that we may develop and run on a third party social network such as Facebook. This could also include any site or application that we specifically design for use on a cell phone or other mobile device, such as a mobile-enabled site (i.e., WAP site) or mobile application (e.g., iPad/iPhone app). This Policy will only apply if it is posted or linked to on the website or application which you are using.
Shiseido text messaging programs
We may collect information from you through one of our inbound text messaging programs. For example, periodically we may allow customers to send us inbound text messages using a short code that we create and advertise in connection with a special offer or promotion. These programs might be advertised in one of our store boutiques or on one of our websites or applications. If you choose to participate in one of these programs, information about your physical geo-location may be collected and used for marketing purposes.
Call center orders
We may collect information from you through our call centers, for example if you place an order over the phone or via fax or postal mail to our customer service department. These methods of ordering are available in the U.S. and in some locations outside the U.S. Our call centers may also collect information from you to respond to your question or comment or other follow-up request.
We may collect information from you if you correspond with us via email. For example, if you send an email to our customer service department, we may obtain certain information about you (such as your contact email address) and use it to follow up.
Data collected from other sources
Occasionally, we may obtain information about you from other sources. For example, we may hire a third party data aggregator or vendor to provide us additional information about our existing customers (this is known as “data appending”), including information from your profile or postings on a third party social network. We may also receive information from third party co-sponsors who we may partner with occasionally to run special promotions or giveaways. We may also receive information about customers in the event we acquire other companies. We may also receive information from other methods that are not inconsistent with this Policy.
Q: What information do we collect from you?
Depending on how you interact with Shiseido (online, in-store, on the phone, etc.), we may collect from you various types of information, which are described in more detail below. In some instances (and unless we say otherwise below), we may combine one type of information with another type of information, and store them together in our records. In all cases, however, we strive to limit the amount of information we collect and store to that which is necessary to provide you the relevant services.
Personal contact information
This includes any information that would allow us to personally contact you, such as your name, home or mailing address, phone number, or email address. In some cases, this could include information that you give us about someone else (for example, if you ask us to ship a Shiseido product to a friend). We typically collect personal contact information in connection with a variety of activities, including account registration, product orders, customer service, contests and promotions, and customer feedback. If you create an account with us, some of your personal contact information may be stored under your account profile. To review or edit this information, go to the relevant “My Account” section of our site or contact Customer Service.
This includes any information that you use to make a purchase, such as your credit card details (cardholder name, card number, expiration date, etc.), gift card information, check or other forms of payment (if such are made available). This also includes the billing name and address associated with your form of payment. We only collect payment information for purchases (whether your purchase is made in-store, online, or by phone). If you create an account with us, your payment information (along with your purchase history and other related preferences) may be stored under your account profile. To review or edit this information, go to the relevant “My Account” section of our site or contact Customer Service.
Account login information
This refers to any information that is required for you to establish a unique account with us or for us to give you access to your specific account information. Examples include customer number, login ID, screen name, password, and/or security question and answer. Certain login information, such as your customer number, may be generated by us and then sent to you. We only collect (or create for you) unique login information for those activities that require an account. Your unique login information, especially your password, should always be kept confidential and should never be shared with anyone else. To change your account password, go to the relevant “My Account” section of our site or contact Customer Service.
This includes any information that describes demographic or psychographic characteristics. Examples may include your date of birth, age or age range, gender, facial attributes (e.g., hair color, eye color, skin type, skin tone, etc.), general geographic location (e.g., zip code or city and state), favorite products, hobbies and interests, or lifestyle information. We typically collect demographic information in connection with a variety of activities, including account registration, contests and promotions, and customer surveys. If you create an account with us, you may be allowed to modify certain demographic information stored under your account profile. To do so, go to the relevant “My Account” of our site or contact Customer Service. For demographic information associated with your profile on a third party social network (e.g., Facebook), see separate paragraph on “Social network information” below.
Technical computer information
Website usage information
This includes information that you voluntarily share with us about your experience in using our products or services, including our beauty products, websites and applications. Examples may include comments and suggestions, testimonials, or other feedback you send us about what you may have liked (or disliked) about your experience in using our products or services. We typically collect this information in the form of customer surveys, feedback forms, and email correspondence
This refers to any content that you create and then share with us (and perhaps others) by uploading it to one of our websites or applications, such as our Facebook fan pages or applications. Examples may include photos, videos, personal stories, or other similar media or content. We mostly collect customer-generated content in connection with contests and promotions, website community features, customer engagement, and third party social networking.
Social network information
This refers to any information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with us or that you post publicly. Examples may include your basic account information (e.g., name, email address, profile picture, gender, birthday, current city, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share with application developers or that you post publicly on a Shiseido social networking page. For example, we may receive your social network information (or parts of it) when you download or interact with a Shiseido application on a social networking site (such as Facebook) or use a third party social networking feature that is integrated within a Shiseido site (such as Facebook Connect). To learn more about how your social network information may be obtained by Shiseido (or other application developers), please visit the website of the relevant third party social network.
Other information (depending on context)
This refers to any other information that we might need to collect for a specific Shiseido form, feature, or other service that you use or request. What this information might include will vary depending on the method of collection and the specific purpose(s) for which the information is being collected. Please see the section “How do we use your information?” below for more specific examples.
Q: How do we use your information?
The following paragraphs describe the various purposes and features for which we might collect and use your information, and the different types of information that might be collected for each. Please note that not all of the uses listed below will be relevant to every customer.
We may collect and use your information to process and ship your orders, to inform you about the status of your orders, and to follow up with you about your satisfaction with the ordered products. Depending on how you make a purchase (e.g., online, in-store, call center, etc.), this could involve the collection and use of certain personal contact information, payment information, account login information, and/or information related to your purchase (such as products ordered). This could also involve the ongoing storage of your payment information to allow for easier checkout on future purchases.
Please note that there are many independent e-commerce sites that sell Shiseido products but that are not controlled or operated by Shiseido. Because these sites may have different privacy and security practices than we do, we recommend that you read their privacy policies before making any purchases on those sites.
We may use your information to maintain your accounts with us, including administering any customer loyalty or rewards programs associated with such accounts. This typically involves the use of the information that was originally collected to set up your account (e.g., personal contact information, payment information, account login information, demographic information, etc.).
We may collect and use your information to provide you customer service, including responses to your inquiries. This typically requires the collection and use of certain personal contact information (such as your name, email address) and information regarding the reason for your inquiry (e.g., order status, technical issue, product question, general question, etc.). Customer service may be provided through various forms of communication, such as email correspondence and call center support.
Product improvement and customization
We may collect and use your information so we can constantly improve our products, tailor them to your needs, and come up with new product ideas. This mostly involves the collection and use of demographic information and customer feedback.
Personalized product recommendations
We may use your information to provide you with Shiseido product recommendations, offers, and rewards that are tailored to your interests and profile . This mostly involves the use of your previous order history (including online or call center purchases), as well as certain demographic information (such as your favorite look, unique facial attributes, birth date, etc.).
Contests and Promotions
We may collect and use your information to administer a contest, sweepstakes, giveaway, competition, or other similar marketing campaign or promotion. These events typically require the collection and use of personal contact information (for prize fulfillment), limited demographic information (for eligibility), and, in some cases, customer-generated content. Some promotions with customer-generated content or a social networking component will be run on third party social networks such as Facebook (e.g., on Shiseido’ Facebook fan page or application). To comply with sweepstakes laws, we may publish or share limited information about promotion winners (such as name and city of residence). For more information about our contests and other promotions, please see the official rules or details posted with each promotion.
We may collect and use your information to send you marketing communications, such as email communications, mobile messages (including text and/or push notifications), and postal mailings. These communications may inform you about new products, store events, special discounts and coupons, beauty tips, and other news and special offers. On occasion, these communications may also contain information or offers about third party products.
Sending you marketing communications mostly requires the collection and use of certain personal contact information and/or demographic information. In some instances (such as for mobile messages), this may involve the use of technical information or precise geo-location information obtained from your mobile device. This allows us to send you messages directly to your mobile device, including offers and coupons based on your location.
Website personalization and convenience
We may collect and use your information to personalize your experience and save you time when you visit our websites and applications. This is typically done through the use of automated technologies (such as cookies) that collect and remember certain account login information, technical information, and/or previous website usage information. For example, we might remember your login ID or username so you can quickly login the next time you visit our site or so you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, we might also show you specific Shiseido content or offers that are more relevant to your interests.
Website community features
We may collect and use your information to give you access to our website community features, such as features that may allow you to upload and share ratings, reviews, questions/answers, stories, pictures, videos, or other content. This typically involves the collection, use, and (in some instances) public display of certain personal contact information, account login information, demographic information, and/or customer-generated content. Because these types of features are “communal” in nature, information you post in these areas may be visible to others. Please use caution when using these features or uploading content to a Shiseido site or application. For some community features, you may have the ability to control whether some parts of your profile can be seen by others and whether we send you notifications about certain community activities (like the fact that one of your questions has been answered). To access these settings, go to the “My Account” section of our site and login to the relevant community account. For community features that are integrated with third party social networks such as Facebook, see separate section on “Third party social networking” below.
Website viral features (e.g., tell-a-friend)
Where permissible under applicable law, we may request and use your information so you can use our website viral features, such as tell-a-friend. These features allow you to easily share certain Shiseido’s news, product information, promotions, wish list items, or other content with family members and friends. These features typically require the collection and use of certain personal contact information (such as email addresses and names) so that the selected message or content can be delivered to the proper recipients. In some instances, this information may be stored in our records so we can track and reward our customers for their referrals. For tell-a-friend or other viral features offered by third party social networks (such as Facebook “Share” and “Like” features), see separate paragraph on “Third party social networking” below.
Third party social networking
We may collect and use your information when you interact with third party social networking features, such as Facebook Connect, Facebook Like, Pinterest, and Instagram. These tools may be embedded into our sites or applications for the purpose of running contests, allowing you to share content (such as beauty tips, articles, stories, etc.), allowing you to sign up for certain Shiseido accounts, or for other stated purposes. If you use these tools, we may have the ability to obtain certain information about you from your social networking profile (see the section “Social network information” above). You can learn more about how these features work, and the profile data we may obtain about you, by visiting the website of the relevant third party social network.
Third party online advertising
We may allow third party ad networks, such as Facebook and Google, to collect and use your information to show you ads that are targeted to reach people (or people similar to people) who have visited our website or are identified in one or more of our databases ("Matched Ads"), including Shiseido’ ads on our sites or on other sites. This is done by Shiseido uploading a customer list to the third party ad network or incorporating a pixel from the third party ad network on our website, and the third party ad network matching common factors between our data and their data. Some of these ads may entice you to come back and revisit our site for new offers and promotions. This type of advertising typically involves an ad network collecting and tracking certain technical information (such as your IP address) and website usage information (such as your browsing history) on our sites and across many other sites on the Internet. To opt-out of receiving Matched Ads, please contact the applicable third party ad network, or you can opt-out from this type of third party tracking at any time by going to: https://www.networkadvertising.org/managing/opt_out.asp. If we use Facebook Custom Audiences to serve Matched Ads on Facebook services, you should be able to hover over the box in the right corner of such Facebook ads and find out how to opt-out. We are not responsible for such third party ad network’s failure to comply with your opt-out instructions.
Other general purposes (e.g., website security, internal research)
We may collect and use your information for other general business purposes, such as to maintain the day-to-day operation and security of our websites and applications and to conduct internal marketing and demographic studies. These activities mostly require the collection and use of certain personal information, demographic information, technical computer information, website usage information, and customer feedback.
You can learn more about cookies and how they work at www.allaboutcookies.org or www.youronlinechoices.eu. You can always disable cookies through your browser settings. Doing so, however, may disable certain features on our websites, such as online ordering.
To opt-out from third party cookies that are used for advertising purposes, you can do so on the NAI website at https://www.networkadvertising.org/managing/opt_out.asp.
We may use third party web analytics services on our websites or applications, such as Google Analytics. The service providers that administer those services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use the site. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to analyze use of our websites and applications. You may deactivate the ability of these analytics services to analyze your browsing activities on our websites and applications. To learn more about web analytics services, and exercise your choice with respect to their collection of information on our websites or applications:
- To disable Google Analytics, please download the browser add-on for the deactivation of Google Analytics provided by Google at https://tools.google.com/dlpage/gaoptout?hl=en, To learn more about privacy and Google Analytics, please consult the Google Analytics overview provided by Google.
Q: With whom do we share your information?
We may share your information with the types of companies or in the situations described below. We do not sell, rent, or otherwise share your data to any third-party for a business or commercial purpose under any circumstances unless you specifically consent to such disclosure.
Third party vendors
These are outside vendors, agencies, or contractors we hire to help us run our business (e.g., fulfill orders, operate our websites, run promotions and marketing campaigns, operate our call center, etc.). The information shared with our vendors could include personal contact information, payment information, demographic information, or other types of information depending on the service being provided by the vendor. For some vendors, we may need to transfer your information to locations outside your home country, such as to the United States. Our vendors are only allowed to use your information for the specific tasks we’ve hired them to do, and for no other purpose. They’re also required to keep your information confidential and secure.
Legal disclosures (when necessary)
This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary.
Business transfers (e.g., sale or acquisition of company)
Affiliated Brands and Companies
We may share (or receive) information about you, including personal information, with our corporate affiliates, including our parent company, Shiseido Americas Corporation, or other brands in the Shiseido portfolio. For additional information regarding our corporate affiliates or other brands, please see https://www.shiseidogroup.com.
Q: How do we protect your information?
We use a variety of standard methods (described below) to keep customer information confidential and secure. Please note, however, that these protections do not apply to any information you choose to share in public areas such as our website community features or other social areas.
Secure operating environments
We store your information in secure operating environments that are protected from the public and that we only allow authorized Shiseido employees and agents/contractors to access on a need-to-know basis.
Encryption for payment information
We use industry-standard encryption to provide greater protection for sensitive financial information, such as your credit card information or other payment information, when such information is sent to us over the web. For example, encryption is used when you make payments through our online store, as well as if you choose to have your payment information stored with us for future online purchases.
Other security measures
In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centers, etc.).
Measures you can take
Despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. It is also important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never to reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.
Other important policy information?
This section provides additional information that is important for you to know about this Policy or our practices.
Your information may be transferred outside your home country
Shiseido complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your information transferred from the European Union to the United States. To read our Privacy Shield Policy click here. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list and search for Shiseido Americas Corporation.
We do not collect information from children
We do not solicit or collect any type of information from a person known to be under the age of 13. If we discover that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible (or obtain the necessary parental permission to retain it).
We are not responsible for third party sites/features
Our websites and applications may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. If you click on such links or use such features, you do so at your own risk. We are not responsible for the content or practices of any third party site, application, or feature.
Q: How can you contact us with questions?
390 Madison Avenue
New York, NY 10017
California Privacy Rights
California Consumer Privacy Act
If you are a resident of California, the following sections are intended to provide certain information to you as required by the California Consumer Privacy Act of 2018 (“CCPA”). These sections apply to personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household such as your real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers (collectively, “personal information”). Personal information does not include publicly-available information and certain other information that is regulated by other applicable laws.
Right to Know
You have the right to request that we disclose certain information to you about our collection of your personal information. Such information shall cover the 12-month period preceding our receipt of your request. Upon our receipt of your verified request, we will provide you with the following:
- The categories of personal information we have collected about you
- The categories of sources from which we have collected your personal information
- Our business or commercial purpose(s) for collecting or selling your personal information
- The categories of third parties with whom we have shared your personal information; and
- The specific pieces of personal information we have collected about you
Shiseido has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months.
Right to Delete
You have the right at any time to request that we delete your personal information. However, in some cases we cannot delete all or some of your personal information as required or permitted by applicable laws. Or we may need to delay a deletion, for instance, to process transactions you authorize such as a purchase of our products.
Right to Opt-Out of Sale of Personal Information
We do not sell, rent, or otherwise share your data to any third-party for a business or commercial purpose under any circumstances. However, we are required to let you know that you have the right to opt-out of the sale of your personal information if we ever notify you that we engage in such activity.
Right to Non-Discrimination
We will not discriminate against you for exercising your rights under the CCPA, such as denying you products and services, charging you different rates or prices including use of discounts or penalties, or suggesting or providing a different level of service or quality of products to you. However, we may charge a different price or provide a different level or quality of products and services only if the price or difference is directly related to the value provided to you by your personal information.
We may offer you financial incentives, including payments to you as compensation, for collecting, selling, or deleting your personal information. We also may offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to you by your personal information.
How to Submit Your Request
To submit a request to exercise any of your rights provided in this notice, please email either email@example.com or firstname.lastname@example.org, or submit your request by phone by calling us at (866) 758-5966. We will evaluate the request and take action where required to do so.
Depending on the nature of your request, we may have to verify your identity when you contact us. We do this by asking you to provide us with certain pieces of personal information which we will match with information we have in our possession to verify your identity. We endeavor to respond to your request as soon as we can. If we are not able to respond to your request within 45 days, we will let you know that we may require additional time (up to 90 total days).
You may also use an authorized agent to exercise your rights on your behalf. If you wish to use an authorized agent, we require that your authorized agent provides written proof to us that he or she is authorized to act on your behalf, and we may also require your authorized agent to verify his or her own identity. To appoint an authorized agent, please contact us at email@example.com or firstname.lastname@example.org, or submit your request by phone by calling us at (866) 758-5966.
We are not able to respond to more than one “Right to Know” request from a consumer in any 12-month period.
Information We Collect, Sources of Information, Business Purposes for the Collection, & Sharing of Information
California Shine the Light Law
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. However, we do not sell, rent, or otherwise share your data to any third-party for a business or commercial purpose under any circumstances. If you are a California resident and want a copy of this notice, please submit an email request to email@example.com or firstname.lastname@example.org. In your request, please specify that you want a “Your Shiseido California Privacy Rights Notice.” Please allow 30 days for a response.
If you are a minor under 18 and have a profile on Shiseido.com you may ask us to remove reviews or other content that you posted on the site by writing to email@example.com or firstname.lastname@example.org. We will begin to process your request within 30 days. Please note that processing your request does not ensure complete or comprehensive removal of content that you posted.
California “Do Not Track” Notice
Nevada Privacy Rights
We do not sell, rent, or otherwise share your data to any third-party for a business or commercial purpose under any circumstances unless you specifically consent to such disclosure. Pursuant to Section 603A of the Nevada Revised Statutes, residents of Nevada may, at any time, submit a request to an operator of a website in Nevada directing the operator not to make any sale of any personal information the operator has collected or will collect about the consumer. If you are a Nevada resident and want to opt-out of the sale of any personal information, please submit an email request to email@example.com or firstname.lastname@example.org. In your request, please specify that you want to “Opt-Out of Sale of Personal Information in Nevada.” Please allow 60 days for a response.